My opinion on DDOS

At the beginning, I would like to talk about a phenomenon that I feel in our circle. Of course, if the statement can not be recognized by you, it should not be seen.
Personally, I feel that most netizens in the circle may enter a form of nationwide play attack, but a mixture of good and bad people will inevitably lead to many rising stars.
What do most of them think of attacks? Speaking of this, I remember what a little brother told me before
It means that the so-called attack is that you use the attack program to operate through the so-called broiler. At that time, I felt very "identified"
How can I say that the feeling I get now is nothing more than catching a chicken and attacking. How simple it is, but how many people can really know the so-called attack?
Of course, someone must directly say, "DDOS attack means distributed denial of service."
yes! Yes, I also know that if you search for DDOS attacks at www.baidu.com, you can't do it unless you can't read, right?
If I write these down, I will understand. Then I will attack directly with a little more effort, and you will master the technology at once.
But if it is so simple, why does DDOS become a targeted problem?
I have seen it many times, and some so-called video teaching to teach you how to attack and how to catch chickens.
I also summarized several points: 1. using tools 2. configuring tools 3. automatic or manual execution
Does it sound very simple, but the fact is that.
As for the so-called tools, most of them are years ago and outdated, but why are they still used now? It is nothing more than optimization. Isn't it typical to change the soup without changing the dressing?
Although I am an ordinary netizen just like others, this is my personal opinion
Now let's get to the main topic.
First of all, I personally don't like botnets, mainly because they are really unstable,
Of course, unless you have a large LINUX server to serve you alone, and it needs a lot of services.
If there is no such thing, the botnet is just a superficial effort. The current online broilers are either XP, Win7 or 2003.2008
The server is also limited by the computer room, so many broilers can only be used for CC attacks, and there is also a four layer network protocol attack.
However, if you want to use it to attack Layer 4 network protocols, you must modify the IP header. However, this environment seems simple, but it is difficult to do so.
Of course, there is also a technical DOS attack, which few people can implement and study.
So, see here, listen to me. Don't indulge in botnets and various so-called tools, as I said earlier.
You must first understand the characteristics of network protocols. Playing with these so-called outdated tools, you will never make progress. Of course, these are outdated tricks for me, and I can only cheat children
Because these operations are fools, and you often mention anonymity. I tell you that the real artifact of anonymity is not a tool, but a method
For fool like operations, you have to prepare your own zombie machine. In fact, there is no ready-made tool for this so-called attack. Those are very few codes.
Many of them are completed in the LINUX environment, so you can flexibly implement them on the Windows system.
The principle is simple: use the original socket, access the underlying network, modify the original socket, access the underlying network, modify, there is no direct code for you
Because of those, I didn't even zoom in. I played with these long ago, and the old man only provided a picture.
You can use the ready-made tools that can customize and forge source IP addresses on the network to achieve amplification. There is no specific tool for amplification attacks, because it is not a DOS attack.
You can find a ready-made SYN tool and turn the forged source into the victim you want to attack
You can scan some website servers. The larger ones and those with port 80 open can be used as reflection sources.
To determine whether the reflection source is effective, you should open the firewall and test your own IP.
If you receive an attack packet, it proves that the reflection source is effective, and you can directly use it to attack.
However, if your servers are in the computer room, the modification of the IP header is limited
Then the forged IP attack packet sent by you will be discarded directly
This means that if you take ten or hundreds of servers to attack a very small website, it may not have any effect.
It's embarrassing, isn't it.
If it is an HTTP application layer attack, it is OK, because this attack does not require you to forge an IP source.
That is to say, your server, ADSL at home, and Internet cafes can all be used to attack.
This is why, as I mentioned earlier, those network bots carry out CC attacks.
Because CC attacks are best used, there are no restrictions on the platform and network environment.
Unfortunately, CC attacks are only targeted at the HTTP application layer and are outdated.
Let me give you an example of traffic attack: if you have 300+broilers and you want to attack traffic, only a dozen or fewer broilers can use it.
Because of traffic attacks, there are too many requirements for the network environment; There are also requirements for the system. XP systems should be familiar, but they need SP1
SP1 should also appear on old machines in the present era.
Now no matter win7, win8, vista or win10 can forge IP source, except WinPcap interface, but most people do not know the benefits of WinPcap
I don't think of using WinPcap interface to make pressure test tools. Generally, people who can think of using WinPcap interface are basically old fogies in the circle.
Then someone may ask those who sell attackers in the circle, but I don't want to mention them,
If this circle is lagging behind, it is mainly because of these attackers. Some so-called attackers almost use the same API interface, and some even connect directly. That's not much to say.
That leaves win2003.win2000
However, Win2003 cannot be patched with R2, and those patched with R2 cannot use the original socket. And there are few win2003 home systems, most of which are server rooms
At present, no matter in domestic or foreign computer rooms, it is not allowed to modify the IP header, otherwise attacks will be rampant, so every computer room has enabled this restriction function.
This is why some people think that they can attack with a server, but they find it useless after the attack. They are still struggling about why.
But there are also special cases. For example, there are a few company servers that are not placed in a special computer room. In this environment, attacks can be carried out.
I have seen it many times, almost all of them are optical fiber access, but there are no security restrictions like other computer rooms
Some people will also think of the server of the Internet cafe
But the result is no good, because the routing of Internet cafes is equivalent to protective equipment.
The DDOS attack is different from the amplification attack. Many people think that these attacks belong to the same category.
In fact, there are differences. DDOS is malicious traffic, and amplification is legal traffic.
The firewall is easy to filter malicious traffic, except for the HTTP application layer, which requires a soft defense strategy to deal with!
If a certain amount of legitimate traffic is attacked, the equipment in the computer room can be temporarily paralyzed.
Because of the legal flow, the fire prevention equipment cannot be defended, and can only be cleaned.
By the way, you may encounter some stupid B boasting that his attack can penetrate the firewall.
Well, it can be seen here that this is a typical case of not understanding or pretending to understand,
The hardware firewall of the computer room is designed to prevent malicious traffic attacks on the entire computer room.
Because traffic attacks will affect the network of the entire computer room,
However, the hardware firewall does not defend against HTTP application layer attacks.
That is to say, application layer attacks need to be defended by the software and the system's own configuration.
Those stupid B usually don't understand why CC attacks are effective on websites? That's why.
The summary is as follows:
There are too many http, get, post and flood attack programs on the Internet
However, this attack will have no impact on other users in the computer room, only a single impact.
Maybe I have just so many opinions about attacks. Maybe I'm not quite right in some places. Of course, I hope to give some advice.