What Is Flood Routing?
It is a kind of attack technology commonly used by hackers nowadays, which is characterized by simple implementation, great power, and mostly ignores defense. A common DDoS (denial of service attack) is to exhaust your server resources, fail to provide normal services, and indirectly refuse. Can be understood this way. DDOS is just one type of flood attack. There are actually other types of flood attacks.
flood
(Cyber Attack Technology)
- By definition, an attacker sends excessive network resources
- 1Smurf
- Smurf occurs at the third layer of OSI, which is impersonating ICMP broadcast ping. If the router does not turn off directed broadcast, the attacker can send directed broadcast ping to other networks in a certain network. The more hosts in that network, the more The result is more serious, because each host will respond to this ping by default, resulting in excessive link traffic and denial of service, so it is a flood flooding attack. Of course, it can also send a broadcast ping to this network.
- 2: DDos
- DDos occurs on the third and fourth layers of OSI. Attacks invade many systems on the Internet, install DDos control software, and then these systems infect other systems. Through these agents, attackers send attack instructions to DDos control software, and then This system will control the following proxy system to send a lot of fake network traffic to an IP address, and then the victim's network will be occupied by these fake traffic and will not be able to serve their normal users.
- TCP SYN flooding occurs at the fourth layer of OSI. This method uses the characteristics of the TCP protocol, which is a three-way handshake. The attacker sends a TCP SYN, which is the first packet in the TCP three-way handshake. After the server returns an ACK, the attacker does not reconfirm it. The TCP connection is in a suspended state, which is called In the semi-connected state, if the server cannot receive the reconfirmation, it will repeatedly send ACK to the attacker. This will waste server resources even more. The attacker sends a very large number of such TCP connections to the server. Since each of them cannot complete the three-way handshake, on the server, these TCP connections will consume CPU and memory because of the suspended state. In the end, the server may crash and cannot Provide services for normal users.
- Finally, application flooding occurs at the seventh layer of OSI. The purpose is to consume application or system resources. What is the more common application flooding? Yes, it's spam, but it usually doesn't produce serious results. Other types of application flooding may be running high CPU-consuming programs on the server or flooding the server with continuous authentication requests, which means that when the TCP connection is complete, the server stops responding when prompted for a password. .
- For most attacks, IDS can be used for defense or log analysis to determine.