Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to maximize the protection of the server from being attacked". The content of the explanation in the article is simple and clear, and it is easy to learn and understand. let's study and learn how to maximize the protection of the server from being attacked.

The first stage is target confirmation: the hacker will lock down the IP address of the company's network on the Internet. This locked IP address may represent the enterprise's network server, DNS server, Internet gateway, etc. The targets are also chosen for a variety of purposes, such as making money (some people pay for hackers to attack certain websites) or to break the fun.

The second stage is the preparation stage: in this stage, hackers will invade a large number of computers on the Internet without a good protection system (basically home computers on the network, NDSL broadband or cable is the main method), and hackers will plant the necessary tools in the future.

The third stage is the actual attack stage: the hacker sends attack commands to all the attacked computers (that is, zombie computers) and orders the computer to use pre-implanted attack tools to continuously send data packets to the attack target. so that the target can not handle a large amount of data or the bandwidth is full.

Smart hackers will also let these zombie computers spoof the IP address of the attack packet and insert the IP address of the target into the original address of the packet. This is called a reflection attack. After the server or router sees these packets, it forwards (that is, reflects) the response received to the original IP address, which further increases the data flow to the target host. So, we can't stop this kind of DDoS attack, but knowing how this attack works, we can minimize the impact of this attack.

Reduce the impact of attacks

Intrusion filtering is a simple security strategy, and all ISP should be implemented. At the edge of the network, such as each router directly connected to the external network, a route declaration should be established to discard all packets marked with the source IP of this network address. Although this method does not prevent DDoS attacks, it can prevent DDoS reflection attacks.

Mitigate the harm of DDoS attacks

But many large ISP seem to refuse to implement intrusion filtering for a variety of reasons, so we need other ways to reduce the impact of DDoS. At present, one of the most effective methods is backscattertraceback method.

To adopt this approach, you should first make sure that you are currently suffering from an external DDoS attack, not from an internal network or routing problem. The next step is to configure the external interfaces of all edge routers as soon as possible to reject all data flows destined for the DDoS attack target.

When the router is set to reject these packets, the router sends an Internet Control message Protocol (ICMP) packet each time it rejects the packet and packages the "destinationunreachable" message and the rejected packet to the source IP address. Next, open the router log and see which router received the most attack packets. Then determine which network segment has the largest amount of data according to the recorded packet source IP. Adjust the router to the "black hole" state of the network segment on this router, and separate the network segment by modifying the subnet mask. Then look for information about the owner of this segment, contact your ISP and the ISP of the data sending segment, report the attack to them, and ask for assistance. Whether they are willing to help or not, it is just a matter of phone calls. Next, in order to allow services and legitimate traffic to pass, you can restore some of the other less aggressive routers, keep only the router that bears the heaviest attack, and reject the network segment from which the attack comes from the largest source. If your ISP and the other ISP are responsible for helping block attack packets, your server and your network will soon return to normal.

Thank you for your reading. the above is the content of "how to maximize the protection of the server from being attacked". After the study of this article, I believe you have a deeper understanding of how to maximize the protection of the server from being attacked. the specific use of the situation also needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.