Related Concepts Introduction
Introduction to DDoS Attacks
Distributed Denial of Service (DDoS) attacks refer to attackers remotely controlling a large number of zombie hosts through the network to send a large amount of attack requests to one or multiple targets, blocking the target server's network bandwidth or depleting the target server's system resources, making it unable to respond to normal service requests.
Network Layer DDoS Attacks
Network layer DDoS attacks mainly refer to attackers using high traffic to congest the target server's network bandwidth and consume server system resources, causing the target server to be unable to respond normally to customer visits. Common types of attacks include SYN Flood, ACK Flood, UDP Flood, ICMP Flood, and DNS/NTP/SSDP/memcached reflection attacks.
Transport Layer DDoS Attacks
Mainly include Syn Flood, Ack Flood, UDP Flood, ICMP Flood. Taking Syn Flood attack as an example, it takes advantage of the TCP protocol's three-way handshake mechanism. When the server receives a Syn request, the server must save the connection in a listening queue for a certain period of time. Therefore, it continuously sends Syn requests to the server but does not respond to Syn+Ack packets, thereby consuming server resources. When the server's listening queue is full, the server will be unable to respond to normal user requests, achieving the purpose of a denial of service attack.
Application Layer DDoS Attacks
Mainly include DNS DDoS attacks and Web application DDoS attacks. DNS DDoS attacks mainly include DNS Request Flood, DNS Response Flood, and false source + Real source DNS Query Flood. Web application DDoS attacks mainly refer to HTTP Get Flood, HTTP Post Flood, etc. HTTP Get Flood usually refers to hackers finding some resource-consuming transactions and pages from Web services or interfaces and continuously sending HTTP Get requests to these transactions and pages, causing Web application server resources to be depleted, unable to provide normal services, or causing the entire data center's entrance network bandwidth to be occupied, making the whole data center unable to provide normal services to the outside.
CC Attack
CC attack mainly refers to the attack method of maliciously occupying the target server's application layer resources, consuming processing performance, and causing it to be unable to provide normal services. Common types of attacks include HTTP/HTTPS-based GET/POST Flood, L4 CC, and Connection Flood attacks.
Protection Capability
Protection capability refers to the ability to defend against DDoS attacks. DDoS protection is provided based on Tencent Cloud's maximum DDoS protection capability in the current region.
Cleaning
When the target IP's public network traffic exceeds the set protection threshold, Tencent Cloud's DDoS protection system will automatically clean the public inbound traffic of that IP. The traffic is redirected from the original network path to Tencent Cloud's DDoS cleaning equipment through the BGP routing protocol, and the traffic of that IP is identified by the cleaning equipment, discarding the attack traffic and forwarding the normal traffic to the target IP. In general, cleaning does not affect normal access, and only in special scenarios or when the cleaning strategy is misconfigured may it affect normal access. When the traffic has been normal for a certain period of time (determined dynamically based on the attack situation), the cleaning system will determine that the attack has ended and stop cleaning.