Traditional Culture Encyclopedia - Traditional stories - apt attack apt attack vs DDOS attack
apt attack apt attack vs DDOS attack
What are the typical characteristics of apt attacks?
Answer:The characteristics of apt attack are: 1, highly targeted; 2, tightly organized; 3, long duration; 4, high stealth; 5, indirect attack. apt attack has a clear target, most of which are targets with rich data and intellectual property.
APT attacks have five distinctive features that are different from traditional network attacks: strong targeting, tight organization, long duration, high stealth and indirect attacks.
What is a DDOS attack?
DoS attacks, DDoS attacks and DRDoS attacks believe that we have heard of it! DoS is Denial of Service is the abbreviation of Denial of Service, and DDoS is DistributedDenial of Service is the abbreviation of DistributedDenial of Service, DRDoS is the abbreviation of DistributedReflectionDenial of Service. DistributedReflectionDenialofService abbreviation, which is the meaning of distributed reflection denial of service
How to prevent fixed IP address by the extranet attack. The first time I saw this, I had to go back to the office to get the information I needed.
There is no way to prevent attacks.
There are many different kinds of attacks, and the defense means are also different. For traffic-type attacks, you can buy the operator's DDOS protection services. For WEB site attacks, you can deploy WAF, IPS and so on. Traditional attacks can use firewall defense. Defense against APT attacks, it is necessary to strengthen the operation audit, log audit and so on.
Who knows what a DDOS attack means?
DDDOS attack means that the attacker utilizes a "broiler" to launch a large number of requests to the target website in a relatively short period of time, massively consuming the host resources of the target website and making it unable to provide normal service.
Online gaming, Internet finance and other areas are high risk industries for DDOS attacks.
What is a DDOS attack? What is its principle? What is its purpose? The more detailed the better! Thanks?
The website's biggest headache is being attacked, and there are these common server attacks: port penetration, port penetration, password cracking, and DDOS attacks. Among them, DDOS is currently the most powerful and one of the most difficult to defend against attacks.
What is a DDOS attack?
The attacker forges a large number of legitimate requests to the server, taking up a large amount of network bandwidth and paralyzing the website, making it inaccessible. It is characterized by the fact that the cost of defense is much higher than the cost of attack. A hacker can easily launch a 10G or 100G attack, while the cost of defending against 10G or 100G is very high.
The DDOS attack was initially called the DOS (Denial of Service) attack, which is based on the principle that if you have a server and I have a PC, I will use my PC to send a lot of spam to your server to congest your network and increase your data processing burden, reducing the efficiency of the server's CPU and memory.
However, with the advancement of technology, one-to-one attacks like DOS are easy to defend against, and so DDOS-Distributed Denial of Service attacks were born. The principle is the same as DOS, but the difference is that DDOS attacks are many-to-one attacks, even up to tens of thousands of PCs attacking a server at the same time with a DOS attack, which ultimately paralyzes the attacked server.
Three common DDOS attacks
SYN/ACKFlood attack: the most classic and effective DDOS attack, which can kill all kinds of system network services. Mainly through the victim host to send a large number of forged source IP and source port SYN or ACK packets, resulting in the host's cache resources are exhausted or busy sending response packets to cause a denial of service, due to the source are forged so tracking is more difficult, the disadvantage is the implementation of a certain degree of difficulty, need to be supported by high-bandwidth zombie hosts.
TCP full-connection attack: this attack is designed to bypass the conventional firewall checks, in general, most conventional firewalls have the ability to filter TearDrop, Land and other DOS attacks, but for normal TCP connections are spared, do not know that many network service programs (eg: IIS, Apache and other Web servers) can accept a limited number of TCP connections. TCP connections are limited, once a large number of TCP connections, even if normal, will lead to very slow access to the site or even inaccessible, TCP full-connection attack is through a number of zombie hosts constantly with the victim server to establish a large number of TCP connections, until the server's memory and other resources are exhausted and dragged across, thus resulting in a denial of service, the characteristics of this attack is to bypass the general This kind of attack is characterized by bypassing the general firewall protection to achieve the purpose of the attack, the disadvantage is that you need to find a lot of zombie hosts, and because the zombie host's IP is exposed, so this kind of DDOS attack is easy to be traced.
Brush Script Attack: This attack is mainly designed for the existence of ASP, JSP, PHP, CGI and other script programs, and call MSSQLServer, MySQLServer, Oracle and other databases of the website system, characterized by the establishment of a normal TCP connection with the server, and constantly submit queries to the script program, lists, and other calls that consume a lot of database resources, a typical attack method that uses a small amount of resources to attack a large amount of resources.
How to defend against DDOS attacks?
Overall, you can start from three aspects: hardware, individual hosts, and the whole server system.
One of the hardware
1. Increase bandwidth
Bandwidth directly determines the ability to withstand the attack, increase the bandwidth hard protection is the theoretical optimal solution, as long as the bandwidth is greater than the attack on the traffic is not afraid of, but the cost is very high.
2, enhance the hardware configuration
In the network bandwidth guarantee under the premise, try to enhance the CPU, memory, hard disk, network card, routers, switches and other hardware facilities configuration, selection of high-profile, well-reputed products.
3. Hardware firewall
Place your server in a server room with a DDoS hardware firewall. Professional-grade firewalls usually have a cleaning and filtering function for abnormal traffic, which can fight against SYN/ACK attacks, TCP full-connection attacks, brush script attacks and other traffic-based DDoS attacks
Two, individual hosts
1, repair system vulnerabilities in a timely manner, and upgrade security patches.
2, close unnecessary services and ports, reduce unnecessary system add-ons and self-startup items, minimize the implementation of fewer processes in the server, change the mode of operation
3, iptables
4, strict control of account privileges, prohibit root logins, password logins, and change the default ports of commonly used services
three, The entire server system
1. Load balancing
Using load balancing to distribute requests evenly across servers reduces the burden on a single server.
2. CDN
CDN is a content distribution network built on top of the network, relying on edge servers deployed in various places, through the distribution of the central platform, scheduling and other functional modules, so that users can get the content they need in the vicinity of the center to reduce network congestion and improve the response speed of the user's access and hit rate, so CDN acceleration is also used in load balancing technology. Compared with the high defense hardware firewalls can not possibly carry down the limit of unlimited traffic, CDN is more sensible, multi-node sharing penetration traffic, most of the CDN nodes have 200G traffic protection, coupled with the protection of the hard defense, it can be said to be able to cope with the majority of DDoS attacks.
3. Distributed cluster defense
Distributed cluster defense is characterized by multiple IP addresses in each node server configuration, and each node can withstand not less than 10G DDoS attacks, such as a node attacked by the inability to provide services, the system will be based on the priority settings automatically switch to another node, and the attacker's packets are returned to all the send point, so that the attack source becomes paralyzed.
- Previous article:What do you mean, soaring?
- Next article:What are the characteristics of traditional houses in China?
- Related articles
- I'd like to ask for your help, is there any article about describing the national paintings of birds and flowers and so on? I'm in desperate need of a title and a beginning, something with a little mo
- Six types of kindergarten games
- Where are the tickets for Baomo Garden?
- Better traditional milk tea training school
- Enthusiastic teenagers inherit Chinese traditional virtues
- Speech on the Lantern Festival
- Good-looking traditional culture video clip
- What are the better online food promotion channels now?
- How to write the experience of traditional sports in China?
- New Year's Day theme handbill picture content