Distributed Denial of Service (DDoS: Distributed Denial of Service) attack refers to the use of client/server technology to unite multiple computers as an attack platform to launch DDoS attacks on one or more targets, thus doubling the number of denial-of-service attacks. The power of service attacks.
Usually, the attacker uses a stolen account to install the DDoS master program on a computer. At a set time, the master program will communicate with a large number of agent programs. The agent has been installed on many computers on the network. The agent launches the attack when instructed to do so. Using client/server technology, the master program can activate hundreds or thousands of agent runs in seconds.
Let’s use an analogy to deeply understand what DDOS is.
A group of bullies are trying to prevent the competing store opposite from operating normally. What methods will they use? (This is just an example, do not imitate.) Bullies pretend to be ordinary customers and crowd into their rivals' stores, refusing to leave, but real shoppers cannot enter; or they always chat with the salespersons. , so that the staff cannot serve customers normally; it can also provide false information to the store operators. After everyone in the store is busy, they find that everything is in vain, and finally loses the real big customers, resulting in heavy losses. In addition, it is sometimes difficult for bullies to accomplish these bad deeds on their own, requiring many people to work together. Well, DoS and DDoS attacks in the field of network security follow these ideas.
Among the three elements of information security - "confidentiality", "integrity" and "availability", DoS (Denial of Service), a denial of service attack, targets exactly "availability". This attack method exploits the network service function defects of the target system or directly consumes its system resources, making the target system unable to provide normal services.
There are many ways to attack DdoS. The most basic DoS attack is to use reasonable service requests to occupy too many service resources, so that legitimate users cannot get a response from the service. A single DoS attack is generally carried out in a one-to-one manner. When the attack target has low performance indicators such as low CPU speed, small memory or small network bandwidth, its effect is obvious. With the development of computer and network technology, computer processing power has increased rapidly, memory has greatly increased, and gigabit-level networks have also emerged, which makes DoS attacks more difficult - the target's ability to "digest malicious attack packets" "It has been strengthened a lot. At this time, distributed denial of service attacks (DDoS) came into being. DDoS uses more puppet machines (broilers) to launch attacks and attack victims on a larger scale than before.
The above is the detailed content of What is ddos?. For more information, please follow other related articles on the PHP Chinese website!