Shulou(Shulou.com)06/03 Report--

How can the game company tell if the server has been attacked? Many people don't know much about it. Today, in order to let you know more about how to judge whether the server is being attacked, I summarized the following contents. Let's look down together.

At present, the main attack methods of hackers are as follows:

1. DDoS it uses UDP messages and TCP messages to attack the bandwidth of the game server. This kind of attack is very powerful. The phenomenon is that the bandwidth of the server is abnormally high, and the attack traffic is far greater than the maximum bandwidth that the server can bear, resulting in a jam on the server and the request of normal players can not reach the server.

2. BotAttack (TCP protocol CC attack) this kind of attack is more difficult to defend than DDoS. Through the loopholes of TCP protocol, hackers use a large number of real broilers to initiate TCP requests to the server. The normal server can accept about 3000 requests per second. Hackers initiate TCP requests to the server at a speed of more than 100,000 per second, resulting in server TCP queues full, CPU rising, memory overloading, and server downtime. Will seriously affect the customer's business, the traffic of this kind of attack is very small, hidden in the real business traffic, difficult to find and difficult to defend.

3. Business simulation (deep business simulation CC attack) the communication protocol of chess and card games is relatively simple, and it is almost not difficult for hackers to crack the protocol. At present, we have found that hackers will carry out protocol simulation attacks on a variety of business interfaces such as login, registration, room creation, recharge and other business interfaces of chess and card customers. This traffic is equivalent to normal business traffic, which is higher than BotAttck simulation and more difficult to defend.

How do game companies judge that they are being attacked?

Assuming that it can be determined that it is not a line and hardware failure, it is suddenly difficult to connect to the server, and users are disconnected in the game, it is very likely that they have suffered a DDoS attack.

At present, there are two deployment modes of IT infrastructure in the game industry: one is cloud computing or managed IDC mode, and the other is self-pulling network dedicated line. Due to the consideration of cost, the vast majority of them use the former. Whether the former or the latter is connected, normal game users can freely enter the server for entertainment. If these phenomena suddenly appear, we can judge that they are in the state of being attacked.

The main results are as follows: (1) the IN/OUT traffic of the host is significantly higher than usual.

(2) the host's CPU or memory utilization skyrocketed unexpectedly.

(3) by checking the connection status of the current host, it is found that many semi-open connections, or many external IP addresses, have established more than dozens of ESTABLISHED connections with the service port of the machine, that is, they have been attacked by TCP multiple connections.

(4) the game client fails to connect to the game server or the login process is very slow.

(5) the user who is playing the game is suddenly unable to operate or is always disconnected.

As a senior professional cloud computing service provider and cloud security service provider in the industry, it is committed to providing cloud servers for Internet enterprise users and enterprise users in traditional industries. Its products have the characteristics and advantages of "security and stability, easy to use, high service availability, high performance-to-price ratio" and are designed to be customized for enterprises to meet the needs of rich and diversified application scenarios.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.