Introduction to web security TCP stress testing and defense

TCP brief introduction ：

Transmission control protocol （TCP,Transmission Control Protocol） It's a connection oriented 、 reliable 、 Transport layer communication protocol based on byte stream

There are three handshakes and four waves .

Three handshakes

Four waves

TCP Pressure test

1、IP Deception technology

Suppose there's a legitimate user right now (1.1.1.1) A normal connection has been established with the server , Constructed by the tester TCP data , Disguise your own IP by 1.1.1.1, And send a message to the server with RSI Bit TCP Data segment . After the server receives such data , Think from 1.1.1.1 There is an error in the connection sent , Will clear the established connection in the buffer .

2、SYN Flooding

A Can be directed to B Send a lot of SYN Message but no response ACK news , Or fake it SYN In the news Source IP, send B Feedback SYN-ACK The news went down in the ocean , Lead to B Occupied by a large number of semi open connections destined to be impossible , Until the resources run out , Stop responding to normal connection requests .

3、TCP Reset test

stay TCP Resetting test , The tester sends forged messages to one or both sides of the communication , Tell them to disconnect immediately , So that the communication between the two sides is interrupted . Under normal circumstances , If the client receives an incoming message segment that is not correct for the associated connection ,TCP A reset segment will be sent , Which leads to TCP Quick disassembly of connections .

Defensive skills

1、 For each “ client ” Make a limit on the frequency of requests

2、 Advanced defense server

3、CDN Speed up

Caught analysis

Use kali In the system hping3 To test

Open the tools

structure ACK Data packets

open wireshark Grab the bag , Found sending a large number of TCP Data packets .