Network ddos*** seems to be a problem that every Internet company needs to pay special attention to, because this network*** has certain harm to enterprise servers and can also cause data loss. According to the "2019 DDoS*** Situation Analysis Report" released by Unicom Baidu, it is pointed out that in 2019, China Unicom monitored more than 360,000 DDoS*** times across the entire network, including 10935 times of large traffic above 100Gbps. , Accounting for 3% of all ***; super large traffic above 300Gbps, a total of 1040 pieces; the largest annual*** occurred in March, *** peak value reached 640Gbps. As DDoS*** presents a two-level differentiation in intensity, with an increase in super-large and small-traffic***, enterprises have increasingly higher requirements for server security protection performance. High-defense servers are born from time to time, and their built-in high-hard defense values meet the enterprise's requirements for server security protection performance. So what types of networks can be defended by the high defense service, and how are they defended?
1. Common *** types on the network
1. Send abnormal data packets***
2. *** Mail system
3. Botnet***
4. DDoS***
2. High defense server defense network***
1. Scan regularly
Regularly scan the existing network master nodes, check out possible security vulnerabilities, and clean up new vulnerabilities in a timely manner.
2. Configure the firewall on the backbone node of the high defense server
Installing a firewall can effectively resist DDoS*** and other attacks. When you find a VPN, you can direct the attack to some unimportant sacrificial hosts, which can protect the real host from being attacked.
3. Make full use of network equipment to protect network resources
When a company uses load balancing equipment such as routers and firewalls, the network can be effectively protected, so that when one router is crashed, the other will work immediately, thereby reducing DDoS to the greatest extent possible. *.
4. Filter unnecessary services and ports
Filter out the fake IP on the router, open only the service port, close all other ports or set a blocking strategy on the firewall.
5. Limit SYN/ICMP traffic
The user should configure the maximum SYN/ICMP traffic on the router to limit the maximum bandwidth that SYN/ICMP packets can occupy. In this way, when a large amount of SYN/ICMP traffic exceeds the limit, it means that it is not normal network access, but Have******.
6. Filter all RFC1918 IP addresses
RFC1918 IP addresses are the IP addresses of the internal network. They are not fixed IP addresses of a certain network segment, but regional IP addresses reserved inside the Internet. They should be filtered out. This method is not to filter the access of internal employees, but to filter a large number of false internal IPs forged at the time of security, which can also reduce the security of DDoS.