There are many ways to attack the server. If the server is paralyzed and unable to log in, it is usually a DDoS attack. But this premise requires that the broadband of the attacker is larger than that of the attacker, or if the network login is blocked, that is, CC attack, but it requires a lot of IP.
The frequent network attacks on the Internet have endangered different industries, especially the financial and game industries. We need to know what methods hackers often use to attack cloud servers, and then we can better defend them. If you know yourself and your enemy, you will be invincible in all battles.
如果是要服务器瘫痪无法登录，那就用 DDOS 攻击，但是这个前提必须要攻击者的宽带大于被攻击者，或者用网络登录堵塞也就是 CC 攻击，但是前提是要很多 IP，也就是要很多不同地方的 IP 同时去检测登录这个服务器指定的端口，例如传奇登录 7000 端口，几千人同时指定去登录这个端口就会造成堵塞。
If you want the server to be paralyzed and unable to log in, you can use DDoS attack, but this premise must be that the attacker’s broadband is larger than the attacker’s, or you can use network login to block CC attack, but the premise is that you need a lot of IP, that is, you need to check the IP in many different places to log in to the specified port of the server at the same time, such as legendary login 7000 Port, thousands of people at the same time designated to log in to this port will cause congestion.
服务器的攻击方式有很多，如果没有这方面的知识建议先学习下网络这方面，前期准备工作，漏洞收集，扫描，路由及网关分析，然后有网络编程以达到渗透的作用以至被攻击的机器瘫换，这种是具备专业知识的，一般的就是用工具了攻击，比如用工具发大量数据包，造成拒绝服务器攻击，SYN 同步攻击，总的来说都要找到目标。友情提示：那就是 慎行！
There are many ways to attack the server. If you don’t have this knowledge, you should first learn about the network, preparatory work, vulnerability collection, scanning, routing and gateway analysis, and then have network programming to achieve penetration and even collapse of the attacked machine. This kind of attack has professional knowledge. Generally, you use tools to attack. For example, use tools to send a large amount of data Packet, causing denial of server attack, syn synchronization attack, in general to find the target. Friendship tip: that is caution!
重新发送攻击就是指黑客收集特定的 IP 数据包篡改其数据，然后再将这些 IP 数据包一一重新发送，从而欺骗接收数据的目标计算机，实现攻击，破坏云服务器安全。
Resend attack means that hackers collect specific IP packets to tamper with their data, and then resend these IP packets one by one, so as to cheat the target computer receiving the data, realize the attack and destroy the security of the cloud server.
Attack on protocol weakness
在局域网中，IP 地址的源路径选项允许 IP 数据包自己选择一条通往目标计算机的路径。当黑客试图连接位于防火墙后面的一台不可达到的计算机 X 时，他只需要在送出的请求报文中设置 IP 地址源路径选项，使得报文的某一个目的地址指向防火墙，但是最终地址却指向计算机 X。
In LAN, the source path option of IP address allows IP packets to choose a path to the target computer by themselves. When the hacker tries to connect an unreachable computer x behind the firewall, he only needs to set the IP address source path option in the sent request message, so that a certain destination address of the message points to the firewall, but the final address points to the computer X.
当报文到达防火墙时被允许通过，因为它指向的是防火墙而不是计算机 X。防火墙的 IP 层处理该报文的源路径被改变，并发送到内部网上，报文就这样到达了不可到达的计算机 X，从而实现了针对信息协议弱点攻击。
Packets are allowed to pass when they reach the firewall, because it points to the firewall instead of computer X. The IP layer of the firewall processes that the source path of the message is changed and sent to the intranet, so that the message reaches the unreachable computer x, thus realizing the vulnerability attack against the information protocol.
Data driven attack
Data-driven attack refers to the attack launched when a hacker sends or copies a seemingly harmless special program to the target computer and is executed. The attack can allow hackers to modify files related to network security on the target computer, so that hackers are more likely to invade the target virtual machine in the next time. Data driven attacks mainly include buffer overflow attack, format string attack, input verification attack, synchronization vulnerability attack, trust vulnerability attack, etc.
The attack of forgery information refers to that hackers construct a false report path between the source computer and the target computer by sending the forgery router information, so as to obtain the bank account password and other personal sensitive information in these packets.
In addition to the knowledge of hacker attacks, we also need to defend these means in advance, so as to protect our cloud servers and make them operate normally.
在拒绝服务攻击下，攻击者向 Web 资源注入的请求超出了服务器可以处理的数量，从而导致其性能下降或整个系统崩溃。下面我们来了解几种不同的攻击类型，以便更好地进行 ddos 防御。
Under the denial of service attack, the attacker injected more requests into the web resource than the server could handle, resulting in its performance degradation or the whole system crash. Let’s learn about several different types of attacks to better defend against DDoS.
当攻击者为每个打开的端口发送大量错误请求时，将其识别为体量攻击。体量攻击主要有两种，即 UDP 泛洪和 ICMP 泛洪。
When an attacker sends a large number of error requests for each open port, it is identified as a volume attack. There are two kinds of volume attacks: UDP flooding and ICMP flooding.
Application layer attack
针对用户交互应用程序的 Web 流量的攻击称为应用程序层攻击。它主要干扰 HTTP / HTTPS、DNS 或 SMTP 协议。黑客意识到，面向基础架构的方法比破坏应用程序上的网络流量的破坏力小。
An attack on the web traffic of a user interacting application is called an application layer attack. It mainly interferes with HTTP / HTTPS, DNS or SMTP protocol. Hackers realize that an infrastructure oriented approach is less disruptive than breaking network traffic on an application.
以网络的选定部分为目标时，它们被视为协议攻击。攻击者有意发送速度慢且格式错误的 ping，这会占用大量内存，同时尝试验证传入的 ping。
When targeting selected parts of the network, they are considered protocol attacks. The attacker intentionally sends a slow and malformed Ping, which takes up a lot of memory and attempts to verify the incoming Ping.
The burst attack causes interference for a few seconds and repeats at random intervals. Its frequency and duration are constantly changing, making it an unpredictable form of attack. In order to mitigate these attacks, enterprises need to wait until the next wave of shocks comes, and they must successfully implement the attacks to mitigate the attacks. Defenders need to gather the intelligence they need and set up filters in real time.