Shulou(Shulou.com)06/03 Report--

The main purpose of this article is to share the protection against DDoS attacks. The article also introduces the reasons why hackers choose DDoS and the attack methods of DDoS. I hope you can get something through this article.

The full name Distributed Denial of Service, which means "distributed denial of service" in Chinese, is the use of a large number of legitimate distributed servers to send requests to the target, resulting in normal legitimate users unable to get services. Popular point is to use network node resources such as IDC servers, personal PC, mobile phones, smart devices, printers, cameras and so on to launch a large number of attack requests against the target, resulting in server congestion and can not provide normal services, can only announce game over.

2. Why hackers choose ddos

Unlike other malicious data tampering or hijacking attacks, DDoS is simple and rough and can directly destroy the target. In addition, compared with other attack methods, the technical requirements of DDoS and the cost of launching attacks are very low, only need to purchase part of the server permissions or control a batch of broilers, and the corresponding attack speed is very fast, and the attack effect is visual. On the other hand, DDoS is easy to attack and difficult to defend. In order to meet the needs of normal customers, service providers need to spend a lot of resources to fight against the attack initiators. These characteristics make DDoS a good sword and a thunderbolt in the hands of hackers.

On the other hand, DDoS can erode bandwidth or resources and force service disruptions, but this is far from the real purpose of hackers. The so-called no sale, no killing, DDoS is just a nuclear weapon in the hands of hackers, their purpose is either racketeering, commercial competition, or to express political positions. Driven by this black interest, more and more people participate in this industry and improve and upgrade the means of attack, which makes DDoS become more and more fierce in the Internet industry and become a stubborn disease that cannot be overcome all over the world.

3. Attack mode of DDoS

If a service needs to be public-oriented, it needs to provide user access interfaces, which precisely give hackers opportunities, such as: TCP/IP protocol handshake defects can be used to consume the link resources of the server, and UDP protocol stateless mechanism can be used to forge a large number of UDP packets to block the communication channel. It can be said that the world of the Internet has not been short of attack points used by DDoS since its birth, from TCP/IP protocol mechanism to CC, DNS, NTP reflection attacks, and even using a variety of application vulnerabilities to launch more advanced and more accurate attacks.

From the perspective of the harmfulness and aggressive behavior of DDoS, we can classify DDoS attacks into the following categories:

A) Resource consumption attacks

Resource consumption class is a typical DDoS attack, and the most representative ones include: Syn Flood, Ack Flood, UDP

Flood . The goal of this kind of attack is very simple, that is, through a large number of requests to consume normal bandwidth and the ability of the protocol stack to process resources, so as to achieve the purpose that the server can not work properly.

B) Service attrition attacks

Compared with resource consumption attacks, service consumption attacks do not need too much traffic, and they mainly focus on the characteristics of services, such as CC of web, retrieval of data services, download of file services and so on. Such attacks are often not to congestion traffic channels or protocol processing channels, they are to make the server always deal with the busy state of high-consumption business, so that it is unable to respond to normal business.

C) reflection attacks

Reflection attack is also called amplification attack. This kind of attack is mainly based on UDP protocol. Generally, the traffic of request response is much larger than that of the request itself. Through the characteristic that the traffic is magnified, the attacker can create a large-scale traffic source with less traffic bandwidth, thus launching an attack on the target. Strictly speaking, reflection attack is not a kind of attack, it only uses the business characteristics of some services to launch Flood attacks at a lower cost.

D) mixed attack

Hybrid attack is a combination of the above attack types, and in the process of attack detection to choose the best attack mode. Hybrid attacks are often accompanied by two types of attacks: resource consumption and service consumption.

4. Ddos protection is difficult.

On the one hand, in the past decade, the core components of the network infrastructure have not changed, which makes some vulnerabilities that have been discovered and exploited, as well as some mature attack tools have a long life cycle, even today is still effective. On the other hand, with the rapid development of the application of the seven-layer model of the Internet, the attack targets of DDoS are diversified, from web to DNS, from three-layer network to seven-layer applications, from protocol stack to application App. In addition, the protection of DDoS is a project with unequal technology and cost, and the construction cost of a business's ddos defense system is often larger than the cost or benefit of the business itself, which makes many startups or small Internet companies unwilling to make more investment.

5. DDoS protection measures

The protection system of DDoS is essentially an intelligent system based on resource competition and rule filtering. The main defense measures and strategies include:

A) Resource isolation

Resource isolation can be seen as a shield for user services. This protection system has extremely powerful data and traffic processing capabilities to filter abnormal traffic and requests for users. For example, for Syn Flood, the shield will respond to Syn Cookie or Syn Reset authentication to protect the server from malicious connections by authenticating the data source, filtering fake source packets or attack. The resource isolation system mainly protects against the third and fourth layers of the ISO model.

B) user rules

From the point of view of service, DDoS protection is essentially a war in which users rely on anti-D protection system to compete with hackers. In the whole process of data confrontation, service providers often have absolute initiative, and users can be based on specific rules of anti-D system, such as traffic type, request frequency, packet characteristics, delay interval between normal services and so on. Based on these rules, users can better resist the seven-tier DDoS on the premise of satisfying the normal service itself, and reduce the resource overhead of the server.

C) big data intelligent analysis

In order to construct a large number of data streams, hackers often need specific tools to construct request data, which do not have some behaviors and characteristics of normal users. In order to counter this attack, we can model legitimate users based on the analysis of massive data, and make use of these fingerprint features, such as Http model features, data sources, request sources, etc., to effectively filter the request source whitelist, so as to achieve accurate cleaning of DDoS traffic.

D) Resource confrontation

Resource confrontation is also called "dead shoulder", that is, it can deal with DDoS traffic calmly through the accumulation of a large number of servers and bandwidth resources.

Introduction to ddos protection, which can provide multiple access protection methods, https://www.yisu.com/cloud/

Ddos.asp

Ddos high defense is mainly aimed at CVMs and vps professional high defense services (which can also protect non-hosts) when the service is unavailable due to DDoS/CC attacks with large traffic. Users can clean and filter malicious attack traffic by configuring DDoS high defense, so as to ensure the stable and reliable protection business of the host.

Advantages:

Effectively resist all kinds of DDoS attacks based on network layer, transport layer and application layer.

Accurate protection against transactions, encryption, seven-tier applications, intelligent terminals and online business attacks, so that the threat has nowhere to escape.

Automatic detection and attack policy matching, real-time protection, cleaning service availability 99.99%

Easy to operate, one button to turn on high defense, users do not need to add any physical devices, effective in seconds.

Flexible purchase scheme, can be purchased on demand on a monthly or annual basis.

Ultra-high bandwidth three-dimensional protection

Support telecom, China Unicom, China Mobile and other defense, 100G + DDoS cleaning capability, when users are attacked by DDoS, through the DDoS high defense system to help users resist attack traffic and ensure the normal operation of business. Can perfectly defend against SYN Flood, ACK Flood, ICMP Flood, UDP Flood, NTP Flood, SSDP Flood, DNS Flood, HTTP Flood, CC attacks.

Real-time monitoring and protection for seconds

A clear and intuitive real-time traffic monitoring system, when an attack occurs, the cleaning center responds in seconds, pulls the attack traffic to the cleaning center for malicious traffic disposal, and then sends the normal business traffic to the target website through the isolated loopback channel.

Application layer protection

Provide real-time application layer anti-DDoS attacks, re-authentication, identity identification, CAPTCHA and other means to accurately identify malicious visitors and real visitors, against website-like CC and game-like CC attacks can be defended. It is suitable for security prevention scenarios in major activities such as e-commerce promotion, financial industry promotion, enterprise portals and so on.

Business support

Support TCP/UDP/HTTP/HTTPS, suitable for finance, e-commerce, games, portals, media and other business scenarios, support DDoS,CC defense.

So much for sharing about DDoS attacks. I hope the above content can be helpful to everyone and learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.