10 Contingency solutions for distributed denial of service attacks "turn"

10 Contingency solutions for distributed denial of service attacks
Source: Ncod Global Chinese information Security and Hacker technical Exchange Alliance Http://www.ncod.net
Guangzhou Cold Road, 8/28/2000
There are many security vulnerabilities in the network, they are often used by hackers to develop tools (denial of service attacks) to critical our host system, the constant response to these security problems is a very complex and time-consuming work. For a long time, there are few simple and easy ways to better prevent these attacks, and people have to reinforce the system by strengthening prior precautions and stricter security measures. This article is useful for webmasters who are often worried about their site and have no better solutions, and it introduces several measures to deny service attacks.
1. Avoid FUD
FUD represents fear, impermanence and paranoia (fear, uncertainty, and doubt). Because of the recent continuous events, some websites are too nervous and they are afraid of being targeted for the next attack. In fact, it should be clear that only a very small number of sites will be subjected to denial of service attacks, these DDoS attacks are most of the sites are some of the world's top stations, such as famous search engines, E-commerce sites and financial regime companies, IRC chat servers, news sites. If your site is not on the list, you will not have to worry too much about your site being attacked by this type of attack.
2. Collaborate with your network service provider.
It is also important to be able to work well with your network backbone service provider at the previous level. The use of bandwidth by DDoS attacks is very strict, and no matter what method you use, it is not possible for your own network to control its upper level. It is a good idea to negotiate with your network service provider and ask them to help you achieve routing access control to limit the total bandwidth and share the bandwidth at the same time for different access addresses. If it is possible, it is a good idea to ask your service provider to help you monitor your network traffic and allow you to access their routers in the event of an attack.
3. Optimize Routing and network structure.
If your site is not just a host, but a larger network, then your router should be properly set to minimize the possibility of a denial-of-service attack, for example, to prevent SYN flooding attacks, You can set up TCP listening on your router (the specific method can be obtained from your router manufacturer's Web site or phone support) and you should filter all UDP and ICMP packet information that you do not need. Note that if your router allows outgoing ICMP packets to be sent out, it will increase the likelihood of a Dos attack.
4. Optimize the external service delivery host
Not only for network devices, but also for potential hosts that are likely to be compromised. Prohibit all unnecessary services on the server, in addition, if the use of a multihomed host (more than one host) will also cause considerable trouble to the attackers. We also recommend that you distribute your site on a number of different physical hosts, so that each host contains only a portion of the site, preventing the site from being completely paralyzed when it is attacked.