DDOS攻击及其防范措施
尽人皆知,DoS(DenialofService,拒绝服务攻击)是ddos的基础,它利用了TCP三次握手过程的空子。攻击者首先向服务器发送带有虚伪地址的Syn连接恳求,服务器接~lJSyn恳求信息以后就发送Syn+ACK或RST回复信息,然后等候回传信息。由于地址是虚伪的,所以服务器一向等不到回传的消息,分配给这次恳求的服务器资源就始终无法被开释。当服务器等候必定的时刻后,连接会因超时而被中止。攻击者会再度传送一批新的恳求,在这种重复不断地、无休止地发送伪地址恳求的状况下,服务器资源在绵长的回答等候中终究被耗尽。(As we all know, DoS (DenialofService, denial of service attack) is the basis of ddos, which takes advantage of the loopholes in the TCP three-way handshake process. The attacker first sends a Syn connection request with a fake address to the server. After the server receives the ~lJSyn request message, it sends a Syn ACK or RST reply message, and then waits for the return message. Because the address is fake, the server has never been able to wait for the returned message, and the server resources allocated to this request can never be released. When the server waits for a certain amount of time, the connection is terminated due to a timeout. The attacker will send a new batch of requests again, and in this situation of repeatedly and endlessly sending fake address requests, the server resources will eventually be exhausted in the long wait for answers.)
页:
[1]