On the most effective DDOS protection: cut off the source of DDOS attacks by managing botnets

The DDOS attack that everyone knows in the network security industry is also the most popular and widespread attack. At the same time, the DDoS protection technology has been improving. Everyone knows that DDOS attacks are built by botnet groups, so how to effectively manage botnets to avoid encountering DDOS?
By managing botnets, the source of DDOS attacks can be cut off. From a theoretical perspective, this is the most effective method of DDOS protection. However, in the actual operation process, there are also many difficulties and problems in the governance of botnets. Difficult point: firstly, only when network abnormalities can be detected, can we know whether the system is infected with bots. If a zombie host is used to launch a DDOS attack, it will generate a large amount of attack traffic per second per unit of time. There may be abnormal prompts for the detection equipment installed at the network exit, and abnormalities can also be found on some hosts on the memory occupation. However, for small traffic and well-encrypted, these may be hidden in normal requests and are not easy to be detected, so the infection is not detected. Generally, after the infection is detected, a sample will be taken, and then reverse-analyzed to find out the required information. However, this time is determined according to the difficulty of the sample. Finally, a DDOS protection plan is formulated according to the analysis results. One is to write a bot removal tool and distribute it to other infected hosts on the corporate LAN for removal processing. At the same time, the C&C server domain name or address and data packets are added to the rules to block it. However, this can only remove part of the botnet, and the remaining botnets can still be operated. Therefore, our network is still facing the risk of being attacked, such as DDOS attacks originating from botnets. The other is to take over or destroy the entire botnet. This approach is very difficult because botnets are widely distributed, not limited to a certain district, city, province, country, etc., and the corresponding control servers are also widely distributed. Therefore, this kind of cross-regional strike action requires coordination and cooperation between governments, but this is generally difficult to achieve, and only a powerful government or large company with a wide range of influence can do it.
Botnet is one of the tools used by hackers in the process of cybercrime. It can be used to evolve many different attacks, and the consequences can paralyze the entire basic information network, and leak the core data of the enterprise and personal account information. Nowadays, we should pay more attention to the problem of botnet governance. Just like laying the foundation of a house, the more solid the foundation, the stronger the house. This is also one of the most effective means of DDOS protection.
Nowadays, DDOS offense and DDOS protection are composed of various factors, and the essence of network security is the contest between technicians and technicians. This is a cyber war.
This article is reproduced from: http://www.heikesz.com/ddos1/1827.html