13116754G
Guo Feng
www.leafonsword.org
Three Steps:
Hardware
CPU:1 core,2.3GHz
Memory:512M
DISK:4K random IOPS--5000 r/w
Bandwith:80Mbps(Download),25Mbps(Upload)
How:
Just change NS record to cloudflare(or nexqcloud)'s nameservers
Launch (D)DOS attack
By default dns resolver
Specified dns resolver
By Whatweb
By nmap
Consider attack purpose
Consuming something:
CPU
Mem
Disk
Bandwith
Consider 7 layer attack methods
Types of Layer 7 DDOS web attacks
HTTP GET Flood
time-delayed HTTP headers to hold on to HTTP connections and exhaust web server threads or resources
Loic(loiq)
Hoic
OWASP HTTP Post Tool
SlowHTTPTest
Slowloris
Goloris
R.U.DY (R U Dead Yet?)
Tcpdump's output
Detect (D)DOS attacks
Monitor resource consuming
CPU、Mem、Disk、Network......
For Apache like web servers, waiting for the HTTP headers to complete sending is a basic and inherent behavior of web servers
So choose other web servers with timeout limits for HTTP headers,such as Nginx,IIS,lighttpd................
Apache could also use module(mod_antiloris)
The ngx_http_limit_conn_module
module is used to
limit the number of connections per the defined key, in
particular, the number of connections from a single IP address
http { limit_conn_zone $binary_remote_addr zone=addr:10m; ... server { ... location /download/ { limit_conn addr 1; }
(D)DOS Deflate
When triggering definded connection limit: