Anti-DOS, DDoS firewall products review

DDoS (Distributed denial of service) attack is a simple and fatal network attack using TCP/IP protocol vulnerability, because the TCP/IP protocol is unable to modify the session mechanism, so it lacks a direct and effective defense method. A large number of examples prove that the use of traditional equipment passive defense is basically futile, and the existing firewall equipment will be paralyzed due to limited processing capacity, become a network operation bottleneck, in addition, the target host in the course of the attack must be paralyzed.

Today, we will introduce the domestic software developers in response to such cyber attacks and the development of anti-DOS, DDoS hardware and software firewall products, because the hardware firewalls are generally installed on the Linux host their corresponding software firewall products, so the two do not make a distinction introduced.

At present, the domestic anti-DDoS firewall is more well-known, at the same time the credibility and the use of the effect is also better than the black hole, shield and proud of the product. Some other so-called "XX Shield DDoS Firewall" is most of these versions of plagiarism tampering or completely is no real effect is only used to cheat things, we can not carry out the actual application of the product research, so we can only recommend the purchase of regular and professional anti-DDoS firewall.

Black hole anti-DDoS firewall

Black hole anti-DDoS firewall is a widely used in the domestic IDC anti-DOS, DDoS attack products, its technology is more mature, and the protection effect is remarkable, has been recognized by the major IDC organizations. Black hole is currently divided into hundreds of megabytes, gigabit two products, respectively, in the corresponding network environment to achieve the effective protection of high-intensity attacks, performance far more than similar protective products. The gigabit black hole is mainly used to protect the network equipment such as firewall on the backbone line, routers, hundred trillion black holes are mainly used to protect subnets and servers, using a variety of algorithms to identify attacks and normal traffic, in high attack traffic environment to ensure that more than 95% of the connection retention rate and more than 95% of the new connection initiation success rate, the core algorithm from the assembly implementation , the instruction set is optimized for the Intel IA32 architecture. The standard TCP state is streamlined and optimized, and the efficiency is much higher than the current popular SYN cookie and random drop algorithms.

The protection brought by black holes:

Self-security: No IP address, network stealth.

The ability to protect various Dos attacks, such as Syn Flood, UDP Flood, ICMP Flood, and (M) Stream Flood.

It can effectively prevent the connection exhaustion, actively clear the residual connections on the server, improve the quality of network services, can inhibit the spread of network worms.

You can protect your DNS Query Flood by protecting your DNS servers from running correctly.

The various port scanning software can be used to feed the confusing information, so it can also protect against other types of attacks.

Shield Anti-DDoS firewall

Shield anti-DDoS firewall is developed by Hefei New Software Co., Ltd., which is a professional firewall which is specialized for ISP and IDC service provider development. For the Internet platform for all enterprises and individual users, especially for some large entertainment sites and important corporate sites network fluency plays an important role in security protection.