1. DDoS uses UDP message format and TCP message to attack the network bandwidth of mobile game server. This kind of attack is very violent. The situation is that the network bandwidth of the server rises abnormally, and the attack traffic far exceeds the large network bandwidth that the server can bear, resulting in the delay of the server, and the requirements of all normal game players can not reach the server. 2. Botattack (CC attack of TCP protocol) this kind of attack is more difficult to defend than DDoS. According to the system vulnerability of TCP protocol, network hackers use a large number of real meat eating chickens to make TCP requests to the server. The number of requests that can be accepted by all normal servers is about 3000 / S. network hackers make TCP requests to the server according to the rate of more than 100000 per second, The TCP sequence of the server will be full, the CPU will rise and the running memory load will lead to the downtime of the server, which will seriously affect the user's business process. The traffic of this kind of attack is small, hidden in the actual business process traffic, undetectable and very difficult to defend. 3. Business process simulation (deep business process simulation CC attack) the mobile game communication protocol of chess and card is very simple. There is almost no difficulty coefficient for network hackers to decode the agreement. At this stage, we have already seen that network hackers will log in, apply for registration, house establishment Online recharge and other business process sockets carry out protocol simulation attacks. This kind of traffic is equal to all normal business process traffic, which is higher than botattck simulation level and higher defense difficulty coefficient! 4. In addition to traditional Internet attacks, many chess and card game customers have also been targeted attacks, such as database query data leakage, mobile wechat malicious reporting, sealing website domain names and other very targeted attacks. Problems will immediately affect the development trend of the project. 4. How do online game companies judge that they have been attacked? Assuming that it is true that it is not a common fault in route and hardware configuration, the connection to the server suddenly becomes more and more difficult, and the customers in the game are disconnected, it is very likely that they have been attacked by DDoS. At this stage, there are two deployment methods for the IT infrastructure construction of the game industry: one is to select cloud computing technology or hosting IDC, and the other is to pull a network dedicated line. Because of the consideration of cost, most of them choose the former one. Whether it is the front or the back connection, everything is normal. Mobile game customers can enter the server game entertainment at will. If these kinds of situations suddenly appear, we can distinguish the "attacked" situation. (1) The in / out traffic of the server is significantly higher than usual. (2) The CPU or running memory utilization of the server has soared unpredictably. (3) According to the inspection of the connection of the current server, it is found that many semi closed connections or many external IP addresses create more than dozens of established connections with the service item port number of the remote server, which is the result of TCP multi connection attack. (4) The game program fails to connect to the mobile game server or the whole login process is very slow. (5) Customers who have played mobile games suddenly can't use or have been disconnected.