When it comes to DDoS attacks, many people are familiar with it. Last week, on December 29th, local time in the United States, Linode, a dedicated virtual server provider, was attacked by a DDoS attack, which directly affected the access of its Web server. API calls and management functions were severely affected, and there were still some within a week of being attacked. The function is unavailable, which seriously affects its business and thousands of users who use Linode services.
What is a DDoS attack?
DDoS, or Distributed Denial of Service (DDoS) attack, refers to the use of client/server technology to combine multiple computers as an attack platform to launch attacks on one or more targets, thereby Multiply the power of denial of service attacks.
There are many ways of DDoS attacks. The most basic DDoS attack is to use reasonable service requests to occupy too many service resources, so that legitimate users cannot get a response from the service. A single DoS attack generally uses a one-to-one approach. When the target's CPU speed is low, memory is small, or network bandwidth is low, its effect is obvious. With the development of computer and network technology, the processing power of computers has increased rapidly, and the memory has greatly increased. At the same time, gigabit networks have appeared, which makes DoS attacks more difficult-the target's ability to digest malicious attack packets Strengthened a lot. At this time, distributed denial of service attacks (DDoS) came into being. DDoS is the use of more puppet machines to launch attacks and attack victims on a larger scale than before.
According to statistics, DDoS attacks against enterprises continued to grow in 2015. According to Akamai's survey report, DDoS attacks in 2015 increased by an unprecedented 180%! For Linode in this incident, as early as 2013, Linode had been subjected to a large-scale DDoS attack. In the face of periodic provocations such as DDoS, we should find out the reason for the attack and establish an effective defense system to resist the attack.
Methods to prevent DDoS attacks
1. Reduce public exposure
The previously exposed Booter website or the infamous LizardSquad sub-station LizardStresser, both offer payment DDoS attacks the service of a certain target, and these websites will disguise the attack as a legitimate load test to carry out the attack. This hacker organization used DDoS to attack Microsoft’s Xbox Live and Sony’s PSN network during the Christmas period of 2014, making many players unable to entertain normally for a long time.
For enterprises, reducing public exposure is an effective way to defend against DDoS attacks. Setting up security groups and private networks for PSN networks and shutting down unnecessary services in a timely manner can effectively prevent network hackers from attacking the system. Prying and intrusion. Specific measures include prohibiting access to non-open services of the host, limiting the maximum number of simultaneous open SYN connections, restricting access to specific IP addresses, and enabling the anti-DDoS properties of the firewall.
2. Using expansion and redundancy
DDoS attacks have different attack methods for different protocol layers, so we must take multiple protective measures. Using expansion and redundancy can prevent problems before they happen, and ensure that the system has certain Resilience and scalability ensure that it can be used on demand during DDoS attacks, especially when the system is running in multiple geographic areas at the same time. Any virtual machine instance running in the cloud needs to ensure that network resources are available.
Microsoft provides domain name system (DNS) and network load balancing for all Azure, and Rackspace provides exclusive cloud load balancing to control traffic flow. Combining the CDN system to distribute traffic through multiple nodes, avoid excessive traffic concentration, and do To the on-demand cache, make the system less vulnerable to DDoSattacks.
3. Adequate network bandwidth guarantee
Network bandwidth directly determines the ability to resist attacks. If there is only 10M bandwidth, no matter what measures are taken, it is difficult to fight against today's SYNFlood attacks. At least 100M shared bandwidth should be selected, and the best is of course to hang It is on the 1000M backbone. But it should be noted that if the network card on the host is 1000M, it does not mean that its network bandwidth is gigabit. If it is connected to a 100M switch, its actual bandwidth will not exceed 100M, even if it is connected to a 100M bandwidth, it does not mean that there is a 100M bandwidth, because the network service provider is likely to limit the actual bandwidth to 10M on the switch. This must be clarified.
4. Distributed service denies DDoS attacks
The so-called distributed resource sharing server means that data and programs can not be located on one server, but distributed to multiple servers. Distributed is conducive to tasks in the entire computer The allocation and optimization on the system overcomes the shortcomings of the traditional centralized system that will lead to the shortage of central host resources and the response bottleneck. The larger the scale of the distributed data center, the more likely it is to disperse the traffic of DDoS attacks and it is easier to defend against attacks. p>
5. Real-time monitoring of system performance
In addition to the above measures, real-time monitoring of system performance is also an important way to prevent DDoS attacks. Unreasonable DNS server configuration can also make the system vulnerable to DDoS Attack, system monitoring can monitor system availability, API, CD in real time The performance of third-party service providers such as N and DNS, monitor network nodes, check out possible security risks, and clean up new vulnerabilities in a timely manner. The computer of the backbone node is the best location for hackers to use because of its high bandwidth, so it is very important to strengthen the monitoring of these hosts.
In addition, by shortening the time out of SYN semi-connections, DDoS attacks can also be effectively prevented. System monitoring can send alarms through the self-set Time out threshold to control the system as a whole.
(Image source: Cloud Test)
This article is published by www.internetweblist.com and does not represent the position of www.internetweblist.com/：http://www.internetweblist.com/Web_defense/28669.html