Overwhelmed by traffic-based DDOS attacks? These DDOS protection methods you need to know

Others 2021-01-24 06:36:45 views: null

We know that DDOS attacks consume network bandwidth and system CPU, memory, connections and other resources through various means, which directly cause network bandwidth exhaustion or exhaustion of system resources, making the target system unable to provide business services to normal users, resulting in rejection service. Conventional flow-based DDOS protection methods have different implementation differences due to the different drainage technologies they choose. They are mainly divided into the following methods to achieve the effect of layered cleaning.
1. Local DDOS protection equipment
Generally, when malicious organizations initiate DDOS attacks, they are the first to perceive and act on DDOS protection equipment in local data centers. Local protection equipment in financial institutions mostly adopts bypass mirroring deployment. Local DDOS protection equipment is generally divided into DDOS detection equipment, cleaning equipment and management center. First, DDOS detection equipment uses traffic baseline self-learning methods to perform statistics on various defense-related dimensions: such as syn message rate, http access rate, etc., to form a traffic model baseline, thereby generating defense thresholds.
After learning, continue to do traffic statistics based on the dimensions of the baseline learning, and compare the statistical results every second with the defense threshold. If it exceeds, it will be considered abnormal and notify the management center. The management center issues the drainage strategy to the cleaning equipment and starts drainage cleaning. Abnormal traffic cleaning identifies and cleans attack traffic through various methods such as characteristics, baselines, and reply confirmation.
After the abnormal flow is cleaned, in order to prevent the flow from being diverted to the DDOS cleaning device again, the re-injection traffic can be forced to go to the internal network of the data center by using policy routing on the re-injection interface of the egress device to access the target system.
2. Operator cleaning service
When the attack traffic of a traffic-based attack exceeds the bandwidth of the Internet link or the performance of the local DDOS cleaning device is insufficient to deal with DDOS traffic attacks, it is necessary to complete the attack traffic through the operator cleaning service or temporarily increase the bandwidth with the help of the operator Clean. Operators use DDOS protection equipment at all levels to help users solve bandwidth-consuming DDOS attacks by cleaning services. Practice has proved that operator cleaning services are more effective in dealing with traffic-based DDOS attacks.
3. Cloud cleaning service
When the operator's DDOS traffic cleaning cannot achieve the intended effect, it can be considered to urgently enable the operator's cloud cleaning service for the final battle. Relying on the abnormal traffic cleaning center deployed in the operator's backbone network, the distributed near-source cleaning technology is implemented to clean the traffic near the attack source on the operator's backbone network to improve the attack resistance capability. Those with applicable scenarios can consider using CNAME or domain name methods to resolve the origin site to the cloud domain name of the security vendor to achieve drainage, cleaning, and re-injection, and improve the ability to resist D. This type of cleaning requires large changes in the flow path and involves a large area, and is generally not recommended as a daily routine defense method.
The above three defense methods have common shortcomings. Since the local DDOS protection equipment and operators do not have the ability to decode HTTPS encrypted traffic, the protection against HTTPS traffic is limited; at the same time, the cleaning services of the operators are mostly based on Flow-based detection of DDOS. Attacks, and the granularity of the strategy is often coarse, so the detection effect of DDOS attack types for application layer features such as CC or HTTP slow speed is often not ideal. Comparing the different application scenarios of the three methods, it is found that a single solution cannot complete all DDOS attack cleaning, because most real DDOS attacks are "mixed" attacks (mixed with various attack types), so DDOS protection should also be adopted Comprehensive means to deal with this "mixed" attack.
This article is reproduced from: http://www.heikesz.com/ddos1/1828.html

Guess you like

Origin blog.csdn.net/weixin_51110871/article/details/111686249
Recommended
Ranking
vue project automated build tools 1.0, support for multi-page build
JDBC add, update, delete data
SpringCloud combat service in response to the decline tutorial series (Chapter IV)
A segmentation fault (core dumped) error occurs when C+11 compiles and calls the PCL library
Django achieve websocket
Go语言并发之道--笔记1
Three-tier structure and application
Zhejiang data structure after-school exercise practice two 7-2 Reversing Linked List (25 points)
Front-end interview brushing day9 (updated daily high-frequency inspection points for front-end interviews)
The difference between the shell of the single and double quote
Daily
More
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)

Code World

© 2018 codetd.com