Shulou(Shulou.com)06/03 Report--

The purpose of this article is to share with you about whether hidden IP can defend against DDOS attacks. I think it is very practical, so I share it with you. I hope you can get something after reading this article.

1. Use high security IP services. The principle of high security IP service.

By using two high-security single-wire proxy servers as ports to map two IP to two-line servers, and mapping virtual IP to real IP hosts, we can first avoid the absolute target of direct threat, so that attackers can not correctly find the real IP of two-line servers, and single-line hard security is higher. To put it simply, it is to hide the real IP and map the virtual IP to the real IP, so as to absolutely defend against the threat of DDoS. There is no remote login permission to handle virtual IP mappings.

2. Use CDN technology. In short, the content distribution network (CDN) is a strategic deployment of the overall system.

It includes four important components: distributed storage, load balancing, network request redirection and content management. Among them, content management and global network traffic management are the core of CDN technology. By judging the user's proximity and server load, CDN can ensure that content provides services to users in a very efficient manner.

It is not enough to use CDN technology to hide the real IP. The content posted on the server cannot be updated in a timely manner. CDN has zone restrictions. For example, only do domestic CDN, not foreign CDN, let the attacker use the IP of the US server, use the domain name or other address of the ICMP tool, then the real IP of your server will appear in front of the attacker.

3. Use domain name orientation

This technology is relatively new, just like other methods. It has something in common with the hidden forwarding of URL (but the implicit forwarding of url has been banned by the state), and the similarity with CDN technology is to hide the IP of the server. In addition, in order to prevent the IP of the server from being leaked, you can also choose not to use the function of sending mail from the server. if you want to send mail, you can choose to use a third-party agent to send it, so that the IP displayed to the outside is the IP of the agent, and the IP of the server will not be compromised.

The above is whether hidden IP can defend against DDOS attacks. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.