How to set up a game server to resist DDOS attacks

Servers plus solutions that need to be defended.

Distributed denial of service (DoS) is a common network attack method, which is an attack method in which multiple DDoS zombie hosts (attack sources) send a large number of network packets to the attacked server, causing network congestion or server resource exhaustion and denial of service. Unfortunately, there is no network that is immune to DDoS attacks, and there are only a few measures that can be taken to prevent it.

1. Ensure the security of the server system.

1.Make sure that the server's system files are up to date and keep the system patches up to date.

2.Administrators need to check all hosts to know who is visiting.

3.Shut down unnecessary services: Delete unused services and close unused ports on the server.

4.Limit the number of SYN semi-connections that can be opened at the same time, shorten the time-out time of SYN semi-connections, and limit SYN ICMP traffic.

5.Set up the firewall correctly, run a port mapper or port scanner on the firewall.

6.Carefully check the logs of the network equipment and the host server system. Whenever there is a bug in the log or a time change, the machine may be attacked.

7.Restrict file sharing with the network outside the firewall. This gives hackers the opportunity to intercept system files, and if hackers replace it with a Trojan horse, the file transfer function will undoubtedly be paralyzed.

8.Leverage network devices to protect network resources.

2. Hide the real IP address of the server.

The most fundamental measure to defend a server against DDoS attacks is to hide the real IP address of the server. When the server transmits information to the outside world, it may leak the IP, for example, we commonly use the server to send emails The IP of the server will be leaked, therefore, when we send emails, we need to send them through a third party, so the IP displayed is **IP, so the real IP address will not be revealed. If you have sufficient funds, you can choose an Anti-DDoS Pro server, and add CDN to the front end of the server, and all domain names and subdomains are resolved using CDN.

The server was beaten to death by DDOS. The first problem is to add new IPs to the computer room and hide the new IPs. Add Anti-DDoS Pro or Stereo Defense to the front.

Defense option one: Then use YI Network Anti-DDoS Pro IP to hide the real IP of the game, DDOS CC attack protection, game acceleration protection, and players can play on our cloud protection intranet, so that your server can ignore any attack.

Defense option two: The three-dimensional defense system of the ANT network can hide the IP address of the customer's real server, each node will become the shield machine of the customer server, and the attack can only be a node, and because there are multiple nodes to do the shield machine, even if the attack is very strong, and it lasts for a very long time, even if there is a node server is alive, then the attack can not hit the customer's real server, and there are many standby nodes, once which node is down, the outage monitoring system will immediately start the standby node, This ensures that the game and ** will not hang up.

Defense option three: Antshield is a security protection engine that specializes in solving DDoS attacks and CC attacks. When your application is integrated with ANT, ANTSHIELD will immediately enter the running state, and we will assign a different IP to each user.

When a hacker launches an attack, only he is affected, and at the same time, Ant Shield can accurately identify hackers and directly pull them into the blacklist. As a result, hackers can't get a new IP and can only change their phones or computers. This principle eliminates hackers and ignores their attacks without affecting other users.

That's exactly what it is, once integrated, for life.

Once a server is attacked by DDoS, there is no way to resist prevention.

Solution: At present, the main solutions include deploying anti-D products, enabling CDN, and increasing load balancing.

First, determine whether the attack came from within the country or from abroad.

It's easy to do in China, change to a foreign IP, and then complain about your own ** illegal information wall will help you.

Seeing that the attack you are receiving is mainly cc, your ** is dynamic, first change to static and then directly block proxy, or find out who is attacking, and get him to go.

Choose a high-anti-DDoS server,Using a high-proof server, basically DDoS attacks can be defended,For specific information about how to choose a high-DDoS server,You can go to the host detective for consultation。

Server's methods of preventing DDoS attacks include, but are not limited to:

1. Design the network security system comprehensively and comprehensively, and pay attention to the security products and network equipment used.

2. Improve the quality of network management personnel, pay attention to security information, comply with relevant security measures, upgrade the system in a timely manner, and strengthen the system's ability to resist attacks.

3. Install a firewall system in the system, use the firewall system to filter all incoming and outgoing data packets, check the border security rules, and ensure that the output packets are correctly restricted.

4. Optimize routing and network structure. Set up your router properly to reduce the possibility of an attack.

5. Optimize the hosts that provide services to the outside world, and restrict all hosts that provide public services on the Internet.

6. Install intrusion detection tools (such as nipc, ngrep), scan and check the system frequently, solve the vulnerabilities of the system, encrypt system files and applications, and regularly check for changes in these files.

In terms of response, while there is no good way to deal with the attack, there are still steps that can be taken to minimize the impact of the attack. For host systems that provide information services, the fundamental principles of the response are:

Maintain service as much as possible and restore service quickly. Since distributed attacks intrude into a large number of machines and network devices on the network, it is ultimately necessary to solve the overall security problem of the network.

To truly solve the security problem, we must cooperate with multiple departments, from edge devices to backbone networks, we must be carefully prepared to prevent attacks, and once an attack is discovered, we must cut off the path of the latest attack in time to limit the infinite enhancement of the attack intensity.

Network users, administrators, and ISPs should communicate frequently to develop plans to improve the security of the entire network.

The above content refers to: Encyclopedia - Distributed Denial of Service Attack.

Network-layer DDoS attacks.

Network-layer DDoS attacks include syn floods, UDP floods, and ICMP floods.

DDoS defense at the network layer.

The network architecture is optimized and load balancing is used.

Add anti-DDoS devices and clean traffic.

Limit the frequency of requests for a single IP address.

Protection settings such as firewalls prohibit ICMP packets.

DDoS attacks at the network layer are essentially undefensible, and what we can do is to continuously optimize our network architecture and DDoS defense at the network layer.

The network architecture is optimized and load balancing is used.

Add anti-DDoS devices and clean traffic.

Limit the frequency of requests for a single IP address.

Protection settings such as firewalls prohibit ICMP packets.

DDoS attacks at the network layer are essentially undefensible, and what we can do is to continuously optimize our network architecture and improve network bandwidth.