At the end of the 20th century.

For those of us who are engaged in network security operation and maintenance, we hear the topic of DDoS every day. All questions about existence are based on history. DDOS attack, namely distributed denial of service, originated in the last few years of the 20th century. After its birth, several DDOS times in the network made the network operation and maintenance security personnel of enterprises frightened, so it became the focus of world attention. At that time, even people who didn't understand information security had heard of it.

What does ddos mean?

There are three main ways to attack ddos.

High traffic attack

Large-traffic attacks saturate the bandwidth and infrastructure of the network through massive traffic and completely consume them, thus achieving the purpose of network flooding. Once the traffic exceeds the capacity of the network or the connection ability between the network and other parts of the Internet, the network will be inaccessible. Examples of high-traffic attacks include ICMP, fragmentation and UDP flooding.

TCP state exhaustion attack

TCP state exhaustion attacks attempt to consume connection state tables that exist in many infrastructure components, such as load balancers, firewalls and application servers themselves. For example, a firewall must analyze each packet to determine whether the packet is a discrete connection, the existence of an existing connection, or the end of an existing connection. Similarly, the intrusion prevention system must track the state to realize signature-based packet detection and state protocol analysis. These devices and other stateful devices, including those responsible for equalizers, are often harmed by session flooding or connection attacks. For example, the Sockstress attack can fill the connection table by opening a socket, thus quickly flooding the state table of the firewall.

Application layer attack

Application layer attacks use more complex mechanisms to achieve hackers' goals. Application layer attacks do not flood the network with traffic or sessions, but slowly exhaust the application layer resources of specific applications/services. Application layer attack is very effective at low traffic rate, and the traffic involved in the attack may be legal from the protocol point of view. This makes application layer attacks more difficult to detect than other types of DDoS attacks. HTTP flooding, DNS dictionary, Slowloris, etc. Are examples of application layer attacks.

What's the difference between script crawlers?

Scripts and crawlers are two different tools and technologies, and the differences are as follows:

1. Usage: Scripts are mainly used to automate tasks, perform operations in batches and process data; Crawler is a tool that automatically crawls, analyzes and stores network data.

2. Technology: Scripts can be written in many languages, such as Python, Bash, Perl, etc. Crawlers are usually written in Python.

3. Data source: Scripts can obtain data from various data sources, such as files and databases. Crawlers are mainly used to obtain data from network data sources (such as websites).

4. Processing mode: scripts can use any programming language technology to achieve higher processing efficiency; The data processing method of crawler often needs to use more complex data capture technology, such as network request, page parsing and so on.