Introduction to DDOS defense and what are the ways to defend against DDOS attacks

DDoS traffic attacks are attacks on a single machine by using controlled machines, so that the attacked host has no time to react, so this kind of attack will be more destructive. In the past, in order to fight against DDoS, network administrators would use the method of filtering IP ridges with addresses, but he could not do anything about forged addresses. Therefore, preventing DDoS attacks is not as simple as before, so how should we deal with it?

In the following, I will briefly introduce some small methods to defend against DDoS attacks.

1. Scan regularly.

Regularly scan the primary nodes of the network to find out vulnerabilities and deal with them in a timely manner. Backbone nodes all have high bandwidth and are also the best places for hackers to exploit, so the security of hosts on these nodes needs to be taken seriously.

2. Set up the attack-oriented target.

The firewall itself is used to protect the host, so it can defend against some attacks. Configure the corresponding sacrifice machine in the defense of attacks, and once it is found that it is attacked, it can directly direct the attack to those sacrifice hosts, so as to protect the real host from being attacked.

3. Adopt cluster defense.

By using cluster defense, the defense value of multiple hosts can be added together to jointly resist the attacks faced by a certain machine, which is also a better way to resist attacks, and can fully deploy the limited defense force and concentrate on defense.

4. Use network equipment for defense.

Network defense devices mostly refer to load balancing devices such as routers and firewalls, which can play a role in protecting the network. Along the attack path, when the network is attacked, the router is the first to be killed, but other devices will not be affected. When the attack is carried out on the next device, the previous device may continue to be resurrected and can be used normally.

It's also possible to defend against attacks through network devices. wxalm168888

DDoS attack is a distributed denial-of-service attack, which refers to the use of client server technology to unite multiple computers as an attack platform to launch a DDoS attack on one or more targets, which can paralyze the target server.

To put it simply, your stall sells salted duck eggs, and I find a bunch of second-rate people to ask questions around your salted duck egg stall, but they don't buy anything, or they buy something, and they say that salted duck eggs are not good to return. Make it impossible for people who really want to buy salted duck eggs to buy them, so that your family's normal business cannot be carried out.

Defense: 1. Load the latest patches on the system as much as possible, and take effective compliance configurations to reduce the risk of vulnerability exploitation;

2. Adopt appropriate security domain division, configure firewalls, intrusion detection and prevention systems, and mitigate attacks.

3. Adopt reliability measures such as distributed networking, load balancing, and improving system capacity to enhance overall service capabilities. In layman's terms, I asked the security guard to help me maintain the order of the duck egg stall, I didn't look like a good person, behaved weirdly and didn't let me get close at all, and drew a line in front of the duck egg stall to line up, everyone could only have half a minute to buy duck eggs, and open a few more windows to sell duck eggs.

The principle is to exploit the vulnerabilities of the Internet Protocol to cause distributed denial of service, and effective preventive measures include firewall function peak processing and network bandwidth configuration improvement.

Not only against DDoS, but also for all network attacks, it is necessary to take as thorough defensive measures as possible, and at the same time strengthen the detection of the system and establish a rapid and effective response strategy. Defensive measures that should be taken are:

1.Design the security system of the network in a comprehensive and comprehensive manner, and pay attention to the security products and network equipment used.

2.Improve the quality of network management personnel, pay attention to security information, comply with relevant security measures, upgrade the system in a timely manner, and strengthen the system's ability to resist attacks.

3.Install a firewall system in the system, use the firewall system to filter all incoming and outgoing packets, check the border security rules, and ensure that the output packets are correctly restricted.

4.Optimize the route and network structure, and configure the router reasonably to reduce the possibility of attacks.

5.Optimize the hosts that provide services to the outside world, and restrict all hosts that provide public services on the Internet.

6.Install intrusion detection tools, scan your system frequently, address vulnerabilities in your system, encrypt system files and applications, and check these files regularly for changes.

Principles of defense. In terms of response, while there is no good way to deal with the attack, there are still steps that can be taken to minimize the impact of the attack. For host systems that provide information services, the fundamental principles of the response are:

Maintain service as much as possible and restore service quickly. Since distributed attacks intrude into a large number of machines and network devices on the network, it is ultimately necessary to solve the overall security problem of the network. To truly solve the security problem, we must cooperate with multiple departments, from edge devices to backbone networks, we must be carefully prepared to prevent attacks, and once an attack is discovered, we must cut off the path of the latest attack in time to limit the infinite enhancement of the attack intensity.

Network users, administrators, and ISPs should communicate frequently to develop plans to improve the security of the entire network.

What are the types of DDoS attacks?

DDoS attacks use a large number of legitimate requests to consume a large amount of network resources to achieve the purpose of paralyzing the network. The specific attack methods can be divided into the following types:

2. Overload the server by submitting a large number of requests to the server;

3. Block a user from accessing the server;

4. Block the communication between a service and a specific system or individual.

How Do I Defend Against DDoS Attacks?

Anti-DDoS Pro server.

Anti-DDoS Pro servers mainly refer to servers that can independently defend against more than 50Gbps, which can help with denial-of-service attacks, regularly scan network master nodes, etc. It's equivalent to hiring a few tall and tall big men to stand at the door of the dumpling shop, and as soon as those little hooligans come over, they will beat them away.

The blacklist adheres to the strategy of "I'd rather kill a thousand by mistake than let go of one", and rejects the hooligans who have come to the store to harass them, and even people who look alike, forming a blacklist of past attacks to minimize the possibility of repeated attacks.

DDoS cleaning.

Weike Cloud DDoS cleaningIt is to monitor the user's request data, find abnormal traffic, and clean this part of the traffic without affecting the business. It's like I observe the customers in the store, and if you sit for a long time and don't order dumplings, you kick him out.

CDN acceleration.

Weike Cloud CDN accelerationThe content of ** is cached at the edge of the network (the place closest to the user's access network), and then when the user accesses the ** content, the user's request is routed or directed to the cache server that is closest to the user's access network or has the best access effect through the scheduling system, and the cache server provides the content service for the user; Compared with direct access to the origin server, this method shortens the network distance between users and content, thus achieving the effect of acceleration. That is, the CDN service distributes the access traffic to each node, so that on the one hand, the real IP of ** is hidden, and on the other hand, even if it encounters a DDoS attack, the traffic can be distributed to each node to prevent the origin server from crashing. It's like if I made the dumpling shop online, only delivering takeout and home delivery, even if the little hooligans came to the store, they were helpless.

DDoS is a bandwidth traffic attack. The other party uses network traffic to clog up your server network. Situations that result in inaccessible users.

The most obvious feature of this kind of attack is that it can't be opened at all. The most important defense against DDoS is hard defense. The greater the hard defense.

The more defenses you have, the stronger. At present, the domestic hard defense is relatively good, such as Hangzhou Super Shield. The effect is still good.

But to understand the truth. Defending just reduces the impact of an attack. It's not that attacks are fundamentally eliminated.

Therefore, the best solution is to find the attacker and negotiate between the two parties to solve the problem.