Uncovering how DDoS uses botnets to launch attacks, do you dare to despise DDoS protection after reading it?

DDoS is known as the most terrifying network attack, not only because the cost of DDoS protection is relatively high compared to the cost of DDoS attacks, but also because it is also highly offensive and destructive, so it is often used by network hackers. At present, the largest DDoS attack is the DDoS attack on the security blog of Brian Krebs, a well-known American security researcher, with a peak attack of 665G.
A DDoS attack requires an attacker to control an online computer network to attack. Computers connected to the Internet (or IoT devices such as cameras) are infected with malware and turned into broilers (zombies). The development of botnets usually follows established strategies. It starts with a bad actor, a person or a group of hackers who work together for a criminal group or a nation-state, and they create programs to infect devices. The malware can run on any type of device that can execute code. Malicious actors can use different strategies to spread malware to devices. Phishing scams are a common strategy. But malware can also be designed to look for unprotected network ports or other similar specific vulnerabilities on the device. Once the design is completed, hackers will use the code to infect as many devices as possible, thereby removing this series of hijacked The device becomes a botnet. Once the botnet is established, the attacker can control the machine by sending updated instructions to each botnet through remote control. Since every botnet is a legitimate Internet device, it can be difficult to separate attack traffic from normal traffic. To put it simply, it is a group behavior initiated at the same time with the help of hundreds or even thousands of hosts installed with the attack process after being invaded.
Without corresponding DDoS protection, DDoS attacks can cause many harms. It can directly cause website downtime, server paralysis, consume a lot of bandwidth or memory, cause authority damage, brand shame, loss of property and other huge losses, which are a serious threat The development of global Internet information security. For example, in October 2016, Dyn, a major US DNS service provider, suffered a DDos attack, which paralyzed half of the US network.
And there are some DDOS protection methods to deal with these DDoS attacks and protect the server or network security:
1. Make sure that the server software has no loopholes to prevent attackers from intruding. Make sure that the server adopts the latest system and is patched with security patches without security loopholes. Delete unused services on the server and close unused ports.
2. Hide the real IP address of the server. For example, add a CDN transfer at the front end of the server, or buy a high-defense shield machine to hide the real IP of the server, use the CDN IP for domain name resolution, and use the CDN IP address for all resolved subdomains. In addition, other domain names deployed on the server cannot be resolved using real IP, all of which are resolved using CDN.
3. Prevent the server from leaking the IP address of the information transmitted by the server. For example, the server should not use the sending mail function, because the mail header will leak the server's IP address, and you can send mail through a third-party agent.
4. Optimize routing and network structure. Make reasonable settings for the router to reduce the possibility of attacks. Optimize the hosts that provide external services, and impose restrictions on all hosts that provide public services on the Internet.
5. DDoS protection should start from the source. Do a good job in the protection of personal computers and Internet of Things devices, do not randomly download applications from unknown sources, update security patches regularly, and close unnecessary ports to prevent devices from being maliciously connected and becoming broilers.
In the face of increasingly terrifying DDoS attacks, we don’t have to talk about DDoS. As long as we do the corresponding DDoS protection measures, we can maximize the security of our servers or networks and safeguard our own legitimate interests.
This article is reproduced from: http://www.heikesz.com/ddos1/1802.html