DDoS attacks are ridiculous, and there are many ways to prevent DDoS attacks. Denial of service was once a very simple attack. How to protect your network? The most stupid way to defend is to spend more on buying more bandwidth.
Some mainstream media news reports mention some DDoS attacks on well-known US banks. Such attacks are certainly not new, but they continue to occur on a certain basis. In this case, it is worthy of our attention, because these attacks are obviously from the same region, and their targets are extremely accurate.
Of course, a lot of news is purely hype, saying that hackers are hacking and cyberattacking on our financial system. In fact, we know that real DDoS is still very different from these attacks. To this end, let's take a look at the basics of DDoS and the configuration of dealing with large-scale attacks. These are all important.
Although large websites are often attacked and under heavy load, these companies and networks still have to do everything they can to transfer these attacks, and the most important thing is to keep their websites browsing properly. Even if you manage a small site, such as a small company or a small website, you still don't know when someone will be black. So cut it down, let's take a look at some of the details and attacks of DDoS "behind" so that we can make our network more secure.
Denial of service used to be a very simple way of attack. Some people start running PING commands on their computers, lock the target address, let it run at high speed, and try to send flood-like ICMP request commands or packets to the other end. Of course, because of the change in transmission speed here, the attacker needs a larger bandwidth than the other site. First, they move to a place with a mainframe, similar to a large bandwidth like a university server or an educational institute, and then launch an attack from there. But modern botnets can be used in almost any situation, and its operation is relatively simple, making the attack completely distributed and more concealed.
In fact, because of the malware makers, the operation of botnets has become a distinct industry chain. Actually they have started to rent those meat machines and charge them on an hourly basis. If someone wants to mess up a website, just pay enough for these attackers, and then there will be thousands of zombies to attack the site. An infected computer may not be able to mess up a site, but if more than 10,000 computers send requests at the same time, they will "stuff" the unprotected server.
Multiple attack typesThe ICMP request can be executed with the PING command, which is very likely to cause network congestion. DDoS attacks can be done in a variety of ways, and ICMP is just one of them.
In addition, there is a kind of Syn attack. When launching this kind of attack, it actually only opens a TCP link, and then usually connects to a website, but the key is that this operation does not complete the initial handshake and leaves the server. .
Another clever way is to use DNS. There are many network providers who have their own DNS servers and allow anyone to make inquiries, even some of whom are not their customers. And generally DNS uses UDP, which is a connectionless transport layer protocol. With the above two conditions as the basis, those attackers can easily launch a denial of service attack. All the attackers have to do is find an open DNS resolver, make a virtual UDP packet and fake an address, and send it to the DNS server against the target website. When the server receives a request from an attacker, it will be true and send a request response to the fake address. In fact, the target site received a request and reply from a group of open DNS resolvers on the Internet, replacing the botnet attack. In addition, this type of attack is very scalable, because you can send a UDP packet to the DNS server, requesting a side of the dump, resulting in a large traffic response.
How to protect your networkAs you can see, DDoS attacks are so numerous that you can't defend yourself. When you want to build a defense against DDoS, you need to master the variants of these attacks.
The most stupid way to defend is to spend more on buying more bandwidth. Denial of service is like a game. If you use 10,000 systems to send 1 Mbps of traffic, that means you send 10Gb of data per second to your server. This will cause congestion. In this case, the same rules apply to normal redundancy. At this point, you need more servers, data centers everywhere, and better load balancing services. Spread traffic across multiple servers to help you balance traffic, and larger bandwidth can help you deal with large traffic volumes. But modern DDoS attacks are getting more and more crazy, the bandwidth needs are getting bigger and bigger, and your financial situation simply does not allow you to invest more money. In addition, most of the time, your website is not the main target, and many administrators have forgotten this.
The most critical piece of the network is the DNS server. It is absolutely not advisable to leave the DNS resolver open, and you should lock it down to reduce the risk of some attacks. But after doing this, is our server safe? The answer of course is no, even if your website, no one can link to your DNS server to help you resolve the domain name, this is also very bad thing. Most domain names that require registration require two DNS servers, but this is not enough. You want to make sure your DNS server and your website and other resources are under load-protected protection. You can also use some of the redundant DNS provided by the company. For example, there are many people who use a content distribution network (distributed state) to send files to customers, which is a good way to defend against DDoS attacks. If you need it, there are many companies that offer this enhanced DNS protection.
If you manage your network and data yourself, then you need to focus on protecting your network layer, and you need to do a lot of configuration. First make sure that all your routers are able to block spam packets and eliminate some unused protocols, such as ICMP. Then set up the firewall. Obviously, your website will never be accessed by a random DNS server, so there is no need to allow UDP port 53 packets to pass through your server. In addition, you can ask your provider to help you set up some border networks, block some useless traffic, and ensure that you get the largest and most unobstructed bandwidth. Many network providers provide this service to enterprises. You can contact their network operations center to let them optimize traffic and help you monitor whether you are attacking.
Similar to Syn's attacks, there are many ways to stop it, such as by backing up the TCP, reducing the Syn-Receive timer, or using the Syn cache.
Finally, you have to think about how to intercept these attacks before they reach your site. For example, modern websites use many dynamic resources. In fact, when the attack is under attack, the bandwidth is relatively easy to control, but in the end it is often the database or the script you run. You can consider using a cache server to provide as much static content as possible, and quickly replace dynamic resources with static resources and ensure that the detection system is up and running.
The worst case scenario is that your network or site is completely paralyzed, and you should be prepared as soon as the attack begins. Once the attack begins, it is very difficult to block DDoS from the source. Finally, you should think about how to make your infrastructure more reasonable and safe, and pay attention to your network settings. These are all very important.
We are professional audio manufacturing company that makes a variety of speaker with bluetooth, including bluetooth portable speaker, bluetooth speakers outdoor, small speaker bluetooth, light bluetooth speakers, waterproof speakers etc.
With full turnkey service from product design to delivery, and every step in between.
From sophisticated custom audio systems to 'off-the-shelf' speaker drivers, iTopnoo has been saving our customers time, effort, and money.
To constantly offer clients more innovative products and better services is our consistent pursuit.
Best Portable Speakers,customizable bluetooth speaker, Custom jbl speakers, speaker wholesalers
TOPNOTCH INTERNATIONAL GROUP LIMITED , https://www.itopnoobluetoothes.com