The editor saw the discussion of "black holes" in the group today. Unfortunately, a friend was DDosed into the black hole system of the server. Friends who heard about "black holes" for the first time would be embarrassed and at a loss. What is a "black hole"? The cloud server has been attacked by DDOS and has entered a "black hole", what should I do? Today I will tell you what a black hole is.
What is the so-called "black hole" in the server?
Black hole means that when the server's attack traffic (DDOS attack will not lead to entering the black hole system if it is a CC attack) exceeds the black hole threshold of the server, the cloud computing service provider blocks the server's external network access. When the server enters the black hole for a period of time, if the system monitors that the attack traffic stops, the black hole will be automatically unblocked.
What should I do if the server is entered into a black hole by DDOS?
If the server enters the black hole state, it generally cannot be unblocked manually. You need to wait patiently for the system to unblock automatically. Generally, the black hole block time, the machine has a prompt, just wait patiently.
What is the "black hole" strategy?
A DDoS attack not only affects the victim, but can also have a severe impact on the entire cloud network. For example, if you are not restricted, if you are attacked, other servers will also be affected accordingly. Therefore, the network cannot be affected because of one machine, and DDoS defense requires costs, and the biggest cost is bandwidth costs.
Bandwidth is purchased by cloud computing service providers from operators such as China Telecom, China Unicom, and China Mobile. When calculating bandwidth fees, operators will not clean up DDoS attack traffic, but directly charge cloud computing service providers for bandwidth. So the cost here is quite a lot.
Cloud computing service providers will try their best to defend against DDoS attacks for their users free of charge while controlling costs, but when the attack traffic exceeds the threshold, cloud computing service providers will block the traffic of the attacked IP to reduce the bandwidth cost of cloud computing service providers. Of course, the "black hole" strategy also tests the technical ability of the service provider. Generally speaking, if the technical ability is not good, there is no black hole system, and only the computer room can do it, so this can also reflect the professional strength of a service provider.
1: What is a "black hole"?
Black hole refers to that when the server's attack traffic exceeds the black hole threshold of the local computer room, the cloud computing service provider blocks the server's external network access. when the server
After entering the black hole for a period of time, if the system monitors that the attack traffic stops, the black hole will be automatically unblocked.
2: What should I do if I have entered a "black hole"?
Since the black hole is a service purchased by major cloud computing service providers from operators (China Unicom, China Telecom, China Mobile), and the operators have no control over the black hole release time.
There are strict restrictions on the frequency and frequency, so the black hole status cannot be manually released, and it is necessary to wait patiently for the system to automatically unblock.
3: Why is the "black hole" strategy needed?
DDoS attacks not only affect the victims, but also seriously affect the entire cloud network. Moreover, DDoS defense requires cost, the most
The biggest cost is the bandwidth fee.
Bandwidth is purchased by cloud computing service providers from operators such as China Telecom, China Unicom, and China Mobile. Operators will not take DDoS attacks into account when calculating bandwidth fees.
The traffic is washed away, but the bandwidth fee of the cloud computing service provider is directly charged.
Cloud computing service providers will try their best to defend their users against DDoS attacks for free while controlling costs, but when the attack traffic exceeds
When the threshold is reached, the cloud computing service provider will block the traffic of the attacked IP to reduce the bandwidth cost of the cloud computing service provider.
4: How long does it take for the black hole to automatically disarm
The service provider generally defaults to a black hole duration of 2.5 hours, and unblocking is not supported during the black hole period. The actual black hole duration depends on the attack situation, ranging from 30 minutes to 24 hours
wait. The duration of a black hole is mainly affected by the following factors:
Whether the attack continues. If the attack continues, the black hole time will be extended, and the black hole time will be recalculated from the extended moment. Whether the attacks are frequent, if a user
If it is the first time to be attacked, the black hole time will be automatically shortened; on the contrary, users who are frequently attacked are more likely to be attacked continuously, and the black hole time will be automatically extended.
5: What should I do if the cloud server is entered into a black hole by ddos
The website uses CDN to protect the website server from being attacked. The method of using CDN is also very simple and fast. Configure and bind the website domain in the CDN background
Name and website server ip will automatically generate a resolution record value, and then the website domain name can be resolved to this record value, because the website domain name is not resolved
Analyze the ip of the website server, so the ip of the website server will not be exposed to the public network, and hackers will not be able to know what the ip address of the website server is.
Can't attack the website server!