There have been many articles that introduce DOS (Denial of Service, ie refusal service) attack, but most people still don't know what DOS is, how is it implemented? This article mainly introduces the mechanism and common implementation methods of DOS. The TCP / IP protocol and the RFC documentation are a bit experienced due to the previous period. At the same time, some contents in the article are referred to with the article of SHAFT. To understand the mechanism of DOS attacks, you must have a certain understanding of TCP. Therefore, this paper is divided into two parts. The first part introduces some protocols related to the DOS attack, and the second part introduces the common way of DOS. What is DOS attack DOS: Denial of Service, the abbreviation of the service, can not be considered Microsoft's DOS operating system. It seems to have such a joke when you are 5? 1. Refusing service, it is equivalent to Pizza Hut in the guests, it is no longer the same, huh, you want to eat pie, you must wait at the door. DOS attacks, an attacker wants to let the target machine stop providing services or resource access, including disk space, memory, process, and even network bandwidth, block normal users from accessing. For example: * Try to prevent legitimate network communication * Destroy the connection between the two machines and prevent access services Service or lead to the server crash Typically, the DOS attack will be part of an intrusion, such as bypassing the intrusion detection system, usually from a large number of attacks, causing the invasive detection system logs too much or slowly, so that invaders can be in the tide The attack is hybrid in the intrusion detection system. About the TCP protocol TCP (Transmission Control Protocol, Transmission Control Protocol) is used to provide reliable, end-to-end byte stream communication protocols on unreliable Internet, there is RFC793 Formal definitions, there are some resolution of something recorded in RFC 1122, and RFC 1323 has TCP's functional extension. In the TCP / IP protocol we often, the IP layer does not guarantee the correct transfer of the datagram to the destination. TCP accepts the user's data stream from the local machine, dividing it into data fragments that do not exceed 64k bytes. Each data segment is sent as a separate IP packet, and finally in the destination machine, the TCP protocol must ensure reliability. The TCP transmission of the transmitting and receiver is switched in the form of a data segment. A data segment includes a fixed 20-byte head, coupled with an optional portion, followed by the data, and the TCP protocol transmits one from the sender At the time of the data segment, the timer is also launched. When the data segment arrives at the destination, the receiver must also send back a data segment, which has a confirmation number, which is equal to the sequence number of the next data segment you want to receive, if The timer is timeout before confirming that the information arrives, and the sender will resend this data segment.
