The DDoS attack method is a type of attack generated on the basis of the traditional DoS attack. A single DoS attack is generally one-to-one. When the target CPU speed is low, the memory is small, or the network bandwidth is small, the performance indicators are not high. With the development of computer and network technology, the processing power of computers has increased rapidly, the memory has increased greatly, and there are also gigabit, 10 Gigabit, and 100-level networks. This makes the difficulty of DoS attacks more difficult - the target is malicious. The "digestibility" of the attack package has been enhanced. For example, your attack software can send 3,000 attack packets per second, but my host and network bandwidth can handle 10,000 attack packets per second, so that the attack will not What effect will it produce.
At this time, distributed denial of service (DDoS) attacks came into being. Understanding the DoS attack, its principle is very simple. If the processing power of the computer and the network is increased by 10 times, and an attacker can no longer function with an attacker, will the attacker use 10 attackers to attack at the same time? Use 100 sets? DDoS is using more downtime to launch an attack, attacking the victim on a larger scale than before.
Distributed Denial of Service (DDoS) attacks refer to the use of client/server technology to combine multiple computers as an attack platform to launch DoS attacks on one or more targets, thereby multiplying denial of service attacks. power. Typically, an attacker uses a theft account to install the DDoS host program on a computer. At a set time, the master program communicates with a large number of agents that have been installed on many computers on the Internet. The agent launches an attack when it receives an instruction. With client/server technology, the master program can activate hundreds or thousands of agents in seconds.
The phenomenon when attacked by DDoS:
· There are a large number of waiting TCP connections on the attacked host.
· The network is flooded with a lot of useless packets, and the source address is false.
· Create high-traffic useless data, causing network congestion and preventing the victim host from communicating with the outside world.
· Using the service provided by the victim host or a defect in the transport protocol, repeatedly issue a specific service request at a high speed, so that the victim host cannot process all normal requests in time.
· In severe cases, the system will crash.


