Shulou(Shulou.com)06/03 Report--

How does the high-speed imitation server resist DDOS? Many people do not understand, today Xiaobian in order to let you know more about the high-speed imitation server, so give you a summary of the following content, let's look down.

Whether it is a domestic high-speed imitation server or a foreign high-speed imitation server, it is inevitable to suffer DDOS attacks. At this time, there must be certain coping strategies to ensure the normal operation of the website. So, what should the domestic and foreign high-speed imitation servers do in the face of DDOS attacks? You can come and have a look with the editor.

High-speed imitation server

1. The use of high-performance network equipment should first ensure that network equipment can not become a bottleneck, so when choosing routers, switches, hardware firewalls and other devices, we should try to choose products with high popularity and good reputation. In addition, it is even better if you have a special relationship or agreement with the network provider. When a large number of attacks occur, it is very effective to ask them to do a traffic system at the network contact to counter some kinds of DDoS attacks.

2. Avoid the use of NAT as far as possible, whether it is routers or hardware protection wall devices, try to avoid the use of network address translation NAT, because the use of this technology will greatly reduce the network communication capacity, in fact, the reason is very simple, because NAT needs to translate addresses back and forth, and the checksum of network packets needs to be calculated in the translation process, so a lot of CPU time is wasted, but sometimes NAT must be used. Then there is no good way.

3. Sufficient network bandwidth ensures that the network bandwidth directly determines the ability to resist attacks. If there is only 10m bandwidth, it is difficult to resist the current SYNFlood attacks no matter what measures are taken. At present, it is necessary to choose at least 100m shared bandwidth, the best of course is to hang on the 1000m backbone. However, it should be noted that the network card on the host is 1000m does not mean that its network bandwidth is gigabit. If it is connected to a 100m switch, its actual bandwidth will not exceed 100m, and even if it is connected to 100m of bandwidth, it does not mean a 100m bandwidth, because network service providers are likely to limit the actual bandwidth to 10m on the switch, which must be made clear.

4. Upgrade host server hardware under the premise of guaranteed network bandwidth, please improve the hardware configuration as much as possible. In order to effectively combat 100000 SYN attack packets per second, the configuration of the server should be at least: P4 2.4G/DDR512M/SCSI-HD, the key role is mainly CPU and memory, if there is Zhiqiang double CPU, then use it, memory must choose DDR high-speed memory, hard disk should try to choose SCSI. Do not only be greedy for the low price of IDE, or you will pay a high performance price, and the network card must choose famous brands such as 3COM or Intel, if Realtek is still used on your own PC.

5. A large number of facts have proved that making the website into a static page as far as possible can not only greatly improve the ability to resist attacks, but also bring a lot of trouble to hackers, at least so far the overflow of HTML has not appeared, take a look! Sina, Sohu, NetEase and other portals are mainly static pages, if you do not need dynamic script calls, then get it to another separate host, so as not to involve the main server in the event of attack, of course, it is OK not to do some database call scripts appropriately, in addition, it is best to deny access to agents in scripts that need to call the database. Because experience has shown that 80% of using agents to visit your site is malicious.

6. Enhance the TCP/IP stack Win2000 and Win2003 of the operating system, as server operating systems, they have a certain ability to resist DDoS attacks, but they are not turned on by default. If enabled, they can resist about 10000 SYN attack packets, and if they are not enabled, they can only resist hundreds.

7. Install professional anti-DDoS firewall like Shadow Speed Technology has DDOS Firewall, in addition to providing domestic defense services, high-defense cloud nodes based on Hong Kong, Taiwan, Japan, South Korea and the United States can support overseas traffic cleaning services and have stable DDos,CC security defense capabilities. And the price is not high, even if the Hong Kong server itself does not have the defense capability, the use of DDOS protection is particularly convenient and secure.

The above are seven ways for high-speed imitation servers to resist DDOS traffic attacks. In fact, for DDOS traffic attacks, which are unpredictable and do not know the size of the attack, we still need to be careful to guard against them. Of course, high-speed imitation servers will not only encounter DDOS traffic attack accidents, but also encounter downtime problems, instability problems and so on.

As a senior professional cloud computing service provider and cloud security service provider in the industry, it is committed to providing cloud host rental services such as "cloud servers, bare metal servers, high defense servers, Hong Kong servers, American servers" and comprehensive solutions on cloud for the vast number of Internet enterprise users and enterprise users in traditional industries. It has the characteristics and advantages of "security and stability, easy to use, high service availability, high performance-to-price ratio". It is specially customized for enterprises on the cloud, and can meet the needs of rich and diversified application scenarios.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.