DDoS attacks simply consume the CPU, memory, disk, network, and other resources of the host, so that the host cannot provide services to normal users.
First of all, let's take a look at the common types of attacks:
1.In syn flooding, an attacker sends a large number of SYN packets to the attack target without returning an ACK, causing a large number of half-open connections on the server, exhausting the target resources and failing to provide services to other normal users.
2.UDP flooding, in which an attacker sends a large amount of UDP data, exhausts the network bandwidth and causes the target host to fail to provide services to normal users.
3.Ping of Death, which uses the maximum size of ICMP packets specified by the operating system not to exceed 64 KB, causes the TCP IP stack to crash and the host to crash.
4.Teardrop attacks, segmentation attacks, forged data packets send overlapping data segments to the target host, and crash or suspend the target system by overlapping the segments.
5.LAND attack, using the defect of the three-way handshake to attack, set the source and destination addresses of the SYN packet to the address of the target host, and the target host returns the syn+ACK packet to itself, causing itself to return an ACK and establish a connection between itself and itself, when this invalid connection reaches a certain number, the target host will reject a new connection request.
Then the corresponding means of protecting DDoS generally include:
1.Purchase and deploy anti-DDoS devices.
2.Increase network bandwidth.
3.Deploy the CDN Content Delivery Network service.
4.Purchase the Cloud Cleaning service.
Anti-DDoS attacks