Nowadays, DDoS attacks are currently the most common network attack method. Many people are aware of the importance of protecting DDoS. Many corporate users’ website businesses or host servers suffer from it. DDoS attacks are also "more destructive". "It is difficult to prevent and cannot be completely eradicated", and has become a "public enemy" in many industries such as cloud computing services, IDC, games, and e-commerce.
The full name of DDoS in English is "Distributed Denial of Service", which is translated into Chinese as "distributed denial of service". DDoS attacks, or "distributed denial of service attacks", are essentially "resource-consuming" attacks. The attack target’s system resources or the network bandwidth of the attack target are blocked, and the attack target cannot respond to normal service requests. This attack method combines multiple computers as an attack platform with the help of "client/server" technology. , Launch an attack on one or more targets.
While we are doing a good job of protecting against DDoS, how can we distinguish whether the server has suffered a DDoS traffic attack or a resource exhaustion attack? It can be judged by the following phenomena:
The website or server access suddenly becomes very slow or inaccessible. There are a large number of waiting "TCP half-connection" states on the server; the network is full of useless data packets; use the Ping command to test, if you find that the Ping timeout or The packet loss is serious (usually under normal circumstances). If the network fault factor is eliminated, it is very likely that you have suffered a traffic attack; if you still find that the server connected to the same switch as your host cannot be accessed, Basically, it can be determined that it has suffered a traffic attack.
Currently, there are mainly the following effective methods to protect against DDoS:
1. Turn off unnecessary services and ports of the server. This is also the most common practice of server operation and maintenance personnel. In the server firewall, only open the used ports, such as: port 80 for website web services, port 3306 for database, and SSH service Port 22, etc., turning off and shielding unnecessary services and ports of the server, filtering fake IP addresses on the router, can also effectively protect against DDoS attacks to a certain extent.
2. Under the premise of ensuring sufficient network bandwidth, please try to upgrade and strengthen the hardware configuration of the server. To effectively combat DDoS attacks and improve DDoS protection capabilities, the key hardware is mainly CPU and memory.
3. The network bandwidth directly determines the ability to resist and withstand DDoS attacks. If the network bandwidth capacity is insufficient, it is easy to be unable to respond to the access requests of normal users because the bandwidth is full and blocked when the traffic is attacked by DDoS. It is necessary to ensure that the server has sufficient network bandwidth to deal with attacks of a certain scale and traffic.
4. Purchase a "CDN (Content Delivery Network)" from a cloud service provider or CDN service provider to speed up network services and hide the IP address of the source server of the website.
5. Select the DDoS protection server of the server provider and use the hardware firewall of the computer room to filter, clean and divert malicious traffic.
6. Through the "load balancing" technology, the access requests are evenly distributed to multiple servers, and multiple servers jointly complete external services to solve the problem of a large number of concurrent access to the website.
DDoS attack is a special form of denial of service attack based on DoS. It is a distributed and coordinated large-scale attack method, which mainly targets the websites of some enterprises or government departments. The danger of a DDoS attack is that it can initiate a large number of access requests to the target in a short period of time, trying to exhaust the target’s network bandwidth or server resources, causing the target’s network to be blocked, paralyzed, or the server cannot respond to normal access requests. , And ultimately result in the substantial inaccessibility of the targeted website.
By understanding these methods of judging whether a server is under DDoS attack and protecting against DDoS, we can often be more handy when fighting DDoS attacks.
This article is from: https://www.zhuanqq.com/News/Industry/306.html