For internal attacks in the computer room, how to deal with DDOS protection

In recent years, with the continuous increase of Internet bandwidth and the release of more and more DDOS hacking tools, the difficulty of DDOS protection has become higher and higher, and the difficulty of launching DDOS attacks has become lower and lower with the development of Internet technology. DDOS attacks Incidents are also on the rise, which poses a huge threat to Internet security.
But if your network or server does not have DDoS protection measures, when it is attacked by DDoS, the network or server will show these phenomena: there are a large number of waiting TCP connections on the attacked host. The network is flooded with a lot of useless data packets, the source address is false. There is high-traffic useless data, network congestion is serious, and the host cannot communicate with the outside world normally. Specific service requests are issued repeatedly at high speed, but the victim host cannot process all normal requests in time. In severe cases, the system will crash.
In order to deal with DDOS attacks, network service providers are now paying great attention to defending against DDOS traffic from outside, including purchasing firewalls and increasing network bandwidth, which have invested huge costs. This type of "passive security" means to prevent attacks from the outside by others. But in the process of DDOS protection, there is one place that has been ignored by most service providers, and that is the DDOS attack launched from inside the IDC computer room. How to actively suppress internal attacks is the concern of "active security".
Not long ago, an operator’s IDC computer room had just experienced a special DDOS attack. The difference is that this time the hackers captured a large number of virtual machines in their computer room as puppets and launched DDOS attacks on overseas sites. The operator was notified and criticized because of this attack. Afterwards, the operator carefully checked and found that the virtual hosts of the IDC computer room were deployed on two virtualization platforms, and the virtual machines that were captured as puppets and launched DDOS attacks were deployed from one of the vendors’ virtualization platforms. on. Although the virtual machine on the other platform was also captured, it did not launch a DDOS attack.
I found the clues from the logs in the virtual machine that did not launch a DDOS attack. The captured virtual machine also launched a DDOS attack, but the attack traffic was intercepted by the internal firewall, so the external attack was not successful. It is conceivable that if all the virtual hosts of the operator’s IDC computer room are deployed on this platform, the DDOS attack initiated from within IDC can be successfully intercepted, thereby avoiding greater problems. DDOS attacks initiated from inside the IDC computer room cannot be protected by conventional hardware firewalls and intrusion detection devices, because the traffic of these attacks is not carried out from the outside in the IDC computer room, but initiated within the firewall.
Nowadays, DDOS protection can only effectively identify the DDOS attack traffic entering and exiting the virtualization layer and intercept it, combining "passive security" and "active security" to effectively protect server or website security on the system.
　　This article is transferred from: https://www.zhuanqq.com/News/Industry/330.html