DoS, Denial of Service, attacks are one of the most significant problems faced on the Internet. There is a fairly simple way to understand this, for example, there is a restaurant called DoS, there are many ways that bad actors can prevent the normal operation of the restaurant, such as destroying the cashier preventing other customers from paying, blocking the door preventing other people from entering, kidnapping the chef. As a result, there are thousands of ways hackers can initiate a DoS attack. There are two main aspects to launch the attack: bandwidth attack and connection attack. bandwidth attack implies that the hacker will send huge packets of information to the network, making network resources unavailable, so that the service will deny the request of other customers. For the connection attack, the hacker will send a huge connection request to the server, consuming all the system resources, so that the server is unable to receive the request of other clients. In the past, the attacker had to use huge bandwidth to launch the DoS attack, however, it is almost impossible for a person to have it, to solve this problem, the hacker develops software to control multiple compromised systems that flood the system target with traffic, which is called DDoS (Distributed Denial of Service). As mentioned above, there are many ways to launch the attack, such as ping Flood (sending a huge number of ping packets to the server), ping of death (sending the server with invalid ping packet), SYN Flood, attacks on drop, smurf attack, P2P attacks, application-level flooding. However, with the development of society, the Internet must be able to provide reliable service, even if there is so much hostility. However, you need to remember...... middle of paper ......establish a new connection to the server. In the current Internet, NATs have made a great contribution to the robustness of the Internet, however, not everyone chooses to use NATs, so the attacker can choose the host to launch the attack. Therefore, by encouraging and accepting NATs, we will get much more benefits. Obviously, it will increase the risk if every host has both the client address and the server address, under ideal conditions, few hosts will own both sides of the address, the server should not initiate long distance connections while the client only receives the connection request that has been verified by local.STEP 2: the client address does not need to be meaningful on the global network, the address just needs to be meaningful in the path between server and client, letting the server know where it needs to be sent the package. Furthermore, it can prevent DDoS to files