What are the DDOS attacks?

TCP flood attack is one of the most popular methods of DoS (Denial of Service Attack) and DDoS (Distributed Denial of Service Attack), which makes use of the defects of TCP protocol.

Sending a large number of fake TCP connection requests, usually fake IP or IP number segments, sending a large number of first handshake packets (SYN packets) to request connections, and the attacked server responds to the second handshake packets (SYN+ACK packets). Because the other party is a fake IP, the other party will never receive the package and will not respond to the third handshake.

As a result, the attacked server maintains a large number of "semi-connections" in SYN_RECV state, and will retry the second handshake packet for 5 times by default, filling up the TCP waiting connection queue, exhausting resources (full CPU load or insufficient memory), resulting in normal business requests unable to connect.

2. Reflex attack

Reflective DDoS attack is a new variant, which is different from DoS and DDoS. This method relies on sending a large number of data packets with the victim's IP address to the attacking host, and then the attacking host makes a large number of responses to the IP address source, forming a denial of service attack.

Hackers often choose those services whose response packets are much larger than the request packets to use, so that they can exchange smaller traffic for larger traffic and get several times or even dozens of times the amplification effect, thus making great achievements. Generally speaking, the services that can be used to do amplification reflection attacks include DNS service, NTP service, SSDP service, Chargen service, Memcached and so on.

3.CC attack (HTTP Flood)

HTTP Flood, also known as CC attack, is an attack on the seventh layer protocol of Web services. Exhausting resources by sending a large number of HTTP requests to the Web server, thus imitating website visitors. Although some of these attacks have patterns that can be used to identify and stop them, they are not easily identified by HTTP flooding. Its harm is mainly manifested in three aspects: easy to start, difficult to filter and far-reaching influence.

4. Direct botnet attack

Botnet is what we commonly call "broiler". Nowadays, "broilers" are no longer limited to traditional PCs. More and more intelligent Internet of Things devices have entered the market, and their security is much lower than that of PCs. Attackers are more likely to obtain a large number of "broilers";

It is also easier to directly launch botnet attacks. According to different types of botnets, attackers can use it to carry out various attacks, not only websites, but also game servers and any other services.

5.DOS attacks exploit the defects of some server programs, security vulnerabilities and architecture defects.

Then the malformed request is constructed and sent to the server. The server is paralyzed because it cannot judge to handle the malicious request, resulting in denial of service. The above are the types of DDOS attacks that Mohist Security believes have occurred at this stage. Of course, it may not be so comprehensive. The types of DDOS attacks are complex and constantly evolving, and the current defense is also enhanced with the change of attack methods.