With the rampant DDOS attacks on the Internet, in the face of various potential unpredictable attack threats, maintaining network security has become the primary task of netizens. Compared with the original simple DOS attack, DDOS attack presents a more dispersed and coordinated large-scale attack, and its destructiveness is unprecedented. This also makes the prevention of DDOS more difficult. What measures should be taken to effectively deal with it? Prevention is the main way to combat DDOS attacks. The following is Yundun Netan, which takes network security as its responsibility, to introduce several major features of the newly launched Yundun DDOS security protection system:
Features 1: Multiple integration
With the emergence of vicious DDOS attacks, the security problems of Internet environment and websites are constantly exposed. At present, the security of the website is in a very fragile state. In the future, DDOS prevention work should deepen the defense at every key point of operation, and take corresponding measures to minimize the impact of DDOS attacks after understanding the number and laws of DDOS attacks.
The DDOS cloud defense system of Yundun Netan will bring security protection to the website from six aspects: high defense server, high defense intelligent DNS, high defense server cluster, clustered firewall architecture, network monitoring system and high defense intelligent routing system. The ultimate multi-level, multi-angle and multi-structure CC/DDOS protection architecture intelligently formed by six sub-product architectures provides services such as regular scanning and monitoring, firewall configuration at backbone points, rational configuration of network equipment, intrusion filtering and so on. , can fix every security vulnerability that may be exploited by hackers on the website, so that security is no longer one of the factors that the website is worried about, and provide real protection for users.
Feature 2: Intelligent defense
The DDOS cloud defense system of Yundun Netan realizes regular scanning of the main nodes of the network through network monitoring, and uses the intelligent DNS analysis system to set up monitoring ports to prevent possible security loopholes at all times. If one node is attacked, it will automatically switch to another node. When faced with the threat of attack, Yundun adopts an ideal coping strategy to bring down the hacker's attack with massive capacity and resources. The DDOS cloud defense system of Yundun Netan can thoroughly and effectively deal with DDOS attacks below 100G, such as SYNFlood, ACKFlood, ICMPFlood, UDPFlood and DNSFlood, and can effectively deal with connection exhaustion, HTTPGetFlood, DNSQueryFlood and CC attacks. In the face of DDOS attacks by hackers, Yundun builds distributed cluster defense, which can increase the number of nodes according to the demand and improve the defense strength. The downtime detection system will respond quickly and replace the paralyzed node server to ensure the normal state of the website. You can also return all the packets sent by the attacker to the sending point, so that the attack source becomes paralyzed, thus reducing the attack capability.
Feature 3: Free combination
For a long time, the demand of users has been the main driving force of the market. However, for different operating conditions and different scales, users also put forward different requirements for the security of the website. Faced with these detailed individual standards, DDOS defense service providers need to consider how to meet the individual needs of users. In view of this, Yundun Netan's DDOS cloud defense system Yundun Netan is not a huge system that is forcibly bound, and each sub-product echoes each other and is relatively independent. Enterprises can purchase a sub-product separately according to their own needs, or integrate a set of tailor-made solutions to realize the slimming process of enterprise systems from complex to simple. In addition, Yundun's DDOS protection products are divided into different grades, which is convenient for users to choose freely. The level range of defense system is 8G- 100G, which provides a solid backing for users' security defense.
How to prevent DDOS attacks;
Blocking service
Before discussing DDoS, we need to know something about DoS. DoS generally refers to hackers trying to prevent normal users from using services on the network, such as cutting off telephone lines in buildings, so that users can't talk. For the network, due to the limitation of bandwidth, network equipment and the processing capacity of the server host, when hackers generate too many network packets, the equipment can't process them, which leads to the normal users can't use the service normally. For example, if a hacker tries to attack dial-up or ADSL users with a large number of data packets, the victim will find that the website he wants to connect to cannot be connected or the response is very slow.
DoS attacks do not invade the host or steal data from the machine, but they can also cause damage to the target. If the target is an e-commerce website, customers will not be able to shop on the website.
Distributed denial of service
DDoS is a special case of DoS. Hackers use multiple machines to attack at the same time, preventing normal users from using services. After hackers invade a large number of hosts in advance, they install DDoS attacks on the victim hosts to attack the targets. Some DDoS tools adopt multi-level architecture, and can even control up to thousands of computers to attack at a time. This method can effectively generate huge network traffic to paralyze the target. As early as 2000, there were DDoS attacks against Yahoo, Yi Bei, Buy, CNN and other well-known websites, which blocked legitimate network traffic for several hours.
The classification of DDoS attack programs can be divided into several ways, and according to the degree of automation, it can be divided into manual, semi-automatic and automatic attacks. Most of the early DDoS attack programs were manual attacks. Hackers manually search for computer intrusion objects that can be invaded, implant attack programs, and then give orders to attack targets. Most semi-automatic attack programs have agents for the processor to control the attack. Hackers spread automated intrusion tools to agents, and then use handler to control all agents to launch DDoS attacks on targets. Automatic attack further automates the whole attack program, and the target, time and method of the attack are written in the attack program in advance. After the hacker spreads the attack program, it will automatically scan the invading host and implant a proxy to attack the designated target at a predetermined time. For example, W32/Blaster network worms fall into this category.
According to the weakness of the attack, it can be divided into two types: protocol attack and violent attack. Protocol attack means that hackers use the weaknesses in the design or bugs in the implementation of a network protocol to consume a lot of resources, such as TCP SYN attacks and attacks on authentication servers. Violent attack means that hackers use a large number of normal online connections to consume the resources of the victims. Because hackers will prepare multiple hosts to launch DDoS attacks on the target, as long as the network traffic sent by the attacker is higher than the processing speed of the target in a unit time, it can consume the processing capacity of the target and make normal users unable to use the service.
If it is distinguished by attack frequency, it can be divided into two types: continuous attack and variable frequency attack. Persistent attack means that after the attack command is issued, the attacking host will continue to attack with all its strength, so a large amount of traffic will be generated instantly to block the service of the target, so it is easy to be detected; Frequency conversion attacks are more cautious, and the frequency of attacks may gradually increase from slow to high or from high to low, so as to delay the detection of attacks.
Survive DDoS attacks
So how do you survive and continue to provide normal services when you are attacked by DDoS? From the previous introduction, we can know that if the scale of hacker attack is much higher than your network bandwidth and the ability of equipment or host, it is actually difficult to resist the attack, but there are still some ways to reduce the impact of the attack.
The first is to investigate the source of the attack. Because hackers attack through invading machines, you may not find the place where hackers attack. We must push back from the attacked target step by step, first find out which border routers of the managed network came in and which external routers came in, and contact the managers of these routers (maybe ISP or telecom company) to ask them to help stop or find out the source of the attack. What can we do before they deal with it?
If the target of the attack is only a single ip, then trying to change an ip and its DNS mapping may avoid the attack, which is the fastest and most effective method; But the purpose of the attack is to make normal users unable to use the service. Although the way of changing ip avoided the attack, the hacker achieved his goal from another angle. In addition, if the attack method is simple and rules can be found from the generated traffic, then the router's ACL (access control list) or firewall rules may be used to prevent it. If you can find that the traffic comes from the same source or core router, you can consider temporarily intercepting the traffic there. Of course, it is still possible to block both normal traffic and abnormal traffic, but at least other sources can get normal service, which is sometimes forced to sacrifice. If you have spare capacity, you can consider increasing the machine or bandwidth as a buffer for being attacked, but this is only a temporary solution. The most important thing is to investigate immediately and coordinate the relevant units to solve it.
Prevent DDoS attacks
DDoS must be solved through the cooperation of various groups and users on the network and the formulation of stricter network standards. Every network device or host needs to update its own system vulnerabilities at any time, shut down unnecessary services, install necessary antivirus and firewall software, pay attention to system security at any time, and avoid being implanted with attack programs and automated DDoS programs by hackers, so as not to become accomplices of hacker attacks.
Some DDoS will disguise the attack source and forge the source ip of the packet, which is difficult to trace. This part can be prevented by setting the filtering function of the router. As long as the source of a packet in a domain is an ip outside its domain, it should be discarded directly and should not be sent out again. If the network management equipment supports this function, the network management personnel can correctly set filters to filter out fake packets, which can also greatly reduce the time of investigation and tracking.
It is very important to keep in touch between domains, so as to effectively warn and prevent DDoS attacks. Some ISPs will put sensors on some network nodes to detect the sudden huge traffic, so as to warn and isolate the affected areas of DDoS and reduce the degree of victimization.
The most effective protection method:
It can be achieved by hiding the source IP, provided that you first find the high shield machine and then hide the IP.