Shulou(Shulou.com)06/03 Report--

Today, I will talk to you about whether the DDOS attack is a DOS attack. Many people may not know much about it. In order to make you understand better, the editor has summarized the following content for you. I hope you can get something according to this article.

DDOS attack is a kind of DOS attack. DDOS distributed denial of service attack refers to the combination of multiple computers as an attack platform with the help of client or server technology to launch DDoS attacks against one or more targets, thus increasing the power of denial of service attacks exponentially.

Common DOS attacks

1 、 SYN FLOOD

Make use of the connection buffer (Backlog Queue) of the server, use the special program, set the Header of TCP, and send the TCP connection request with only SYN flag to the server. When the server receives it, it is considered to be an unestablished connection request, so a session is established for these requests and placed in a buffer queue.

If your SYN requests exceed the server's capacity and the buffer queue is full, the server will no longer receive new requests. The connections of other legitimate users are denied. You can continue sending your SYN requests until there are all your SYN-marked requests in the buffer.

2. IP spoofing DOS attack

This attack is implemented using the RST bit. Suppose that there is now a legitimate user (1.1.1.1) who has established a normal connection with the server, and the attacker constructs the TCP data of the attack, disguises his IP as 1.1.1.1, and sends a TCP segment with the RST bit to the server. When the server receives such data and believes that there is an error in the connection sent from 1.1.1.1, it empties the established connection in the buffer. At this point, if the legitimate user 1.1.1.1 sends legitimate data again, the server will no longer have such a connection, and the user must establish the connection from scratch.

During the attack, a large number of IP addresses are forged and RST data is sent to the target, so that the server does not serve legitimate users.

3. Bandwidth DOS attack

If your connection bandwidth is large enough and the server is not very large, you can send requests to consume the server's buffer and consume the server's bandwidth. This kind of attack is that there are many people and great strength, and it is very powerful to cooperate with SYN to implement DOS. It's just an entry-level DOS attack.

4. Self-consumed DOS attacks

This is an old-fashioned attack. Say old-fashioned, because the old-fashioned system has its own BUG. Such as Win95 (winsock v1), Cisco IOS v.10.x, and other outdated systems.

This kind of DOS attack is to make the request client IP and the port the same IP port of the host and send it to the host. Causes the host to send TCP requests and connections to itself. Such mainframe vulnerabilities can quickly run out of resources. It directly caused the crash. This camouflage is still a great threat to some identity authentication systems.

The most important means to implement DOS attacks above is to construct the required TCP data and make full use of the TCP protocol. These attack methods are based on TCP. There are other DOS attacks.

5. The hard disk stuffed with the server

In general, if the server can perform write operations without restrictions, it can become a way to clog the hard disk and cause DOS attacks, such as:

spam. The average company's server may put both the mail server and the WEB server together. Saboteurs can send large amounts of spam, which may be stuck in a mail queue or a bad mail queue until the mailbox is broken or the hard drive is full.

Make the log full. Intruders can construct a large number of error messages to send out, and the server records these errors, which may cause the log files to be very large and even fill the hard disk. At the same time, it will make the administrator face a large number of logs painfully, and can't even find the real way of the intruder.

Cram junk files into anonymous FTP. This can also fill the hard disk space.

After reading the above, do you have any further understanding that the DDOS attack is a DOS attack? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.