When it comes to DDoS attacks, many people are not strangers. Last week, December 29, local time, the dedicated virtual server provider, Linode, was subjected to a DDoS attack that directly impacted the access of its Web server, where API calls and management functions were severely impacted and some of the functionality was not available within the week of the attack, severely impacting its business and thousands of uses L The user of the Inode service.
What is a DDoS attack?
DDoS, or distributed denial of service (distributed denial of services) attack, refers to the use of client/server technology to unite multiple computers as an attack platform, attacking one or more targets, thereby multiplying the power of a denial of service attack.
There are many types of DDoS attacks, the most basic of which is the use of reasonable service requests to consume excessive service resources, so that legitimate users can not get the service response. A single DoS attack is usually one-to-many, when the target CPU speed is low, the memory is small or the network bandwidth is not high, the effect is obvious. With the development of computer and network technology, the computer's processing ability grows rapidly, the memory increases greatly, at the same time also has the Gigabit level network, this makes the DoS attack's difficulty degree to be increased, the target has strengthened many to the malicious attack packet digestion ability. This is when distributed denial of service (DDoS) attacks have emerged. DDoS is the use of more puppet machines to launch attacks, in order to attack victims on a larger scale than before.
According to statistics, the 2015 DDoS attacks against enterprises continued to grow, according to Akamai's survey report, the 2015 DDoS attacks increased by an unprecedented 180%! For the Linode of this event, Linode had been subjected to massive DDoS attacks as early as 2013. In the face of periodic provocations such as DDoS, we should find out the cause of the attack and establish an effective defense system to defend against the attack.
Ways to prevent DDoS attacks
1. Reduce public exposure
Previously exposed booter sites, or the notorious LizardSquad LizardStresser, offer services to pay for DDoS attacks on a target, and these sites will spoof attacks as legitimate load tests. The hacker group used DDoS attacks on Microsoft's Xbox Live and Sony's PSN network during the Christmas of 2014, making many players unable to entertain for a long time.
For enterprises, reducing public exposure is an effective way to defend against DDoS attacks, and it can effectively protect the network hacker from prying and invading the system by setting up security group and private network, shutting down unnecessary services in time. Specific measures include prohibiting access to the host's non-open services, limiting the number of simultaneous SYN connections that are open at the same time, restricting access to specific IP addresses, enabling anti-DDoS properties for firewalls, and so on.
(Image source: onerasp)
2. Leveraging extensions and redundancy
DDoS attacks have different ways of attacking different protocol tiers, so we have to take multiple precautions. The use of scaling and redundancy can be proactive, ensuring that the system is resilient and scalable, ensuring that it can be used on demand during a DDoS attack, especially if the system is running simultaneously in multiple geographic regions. Any virtual machine instances running in the cloud need to ensure that network resources are available.
Microsoft provides domain Name System (DNS) and Network Load Balancing for all Azure, and Rackspace provides exclusive cloud load balancing to control traffic flow. In combination with CDN system, we can disperse traffic through multiple nodes, avoid excessive concentration of traffic, and do on-demand caching, so that the system is not vulnerable to DDoS attack.
3. Sufficient network bandwidth Guarantee
Network bandwidth directly determines the ability to resist attack, if only 10M bandwidth, no matter what measures are difficult to fight against today's synflood attacks, at least to choose 100M of shared bandwidth, the best of course is hung on the 1000M trunk. However, it is important to note that the network card on the host is 1000M does not mean that its bandwidth is gigabit, if it is connected to the 100M switch, its actual bandwidth will not exceed 100M, and then the bandwidth on the 100M also does not mean that there is a hundred trillion bandwidth, Because network service providers are likely to limit the actual bandwidth to 10M on the switch, this must be clear.
4. Distributed services denial of DDoS attacks
The so-called distributed resource Sharing Server means that data and programs can be scattered across multiple servers instead of on one server. Distributed in favor of the task in the entire computer system allocation and optimization, overcome the traditional centralized system will lead to the central host resource tension and response bottlenecks, the larger the scale of the Distributed data center, the more likely to spread the traffic DDoS attacks, defense attacks are easier.
5. Real-time Monitoring system performance
In addition to these measures, real-time monitoring of system performance is also an important way to prevent DDoS attacks. Unreasonable DNS server configuration will also cause the system to be vulnerable to DDoS attacks, system monitoring can monitor the system availability, API, CDN and DNS performance of third-party service providers, monitor network nodes, inventory potential security risks, and timely clean up the new vulnerabilities. Because of the high bandwidth of the computer, the backbone node is the best place for hackers to take advantage of, so it is very important to strengthen the monitoring of these hosts.
In addition, by shortening the time out times of the SYN half-connection, the DDoS attack can be effectively prevented, and the system monitoring can send an alarm through the self-setting of the timing out threshold, which will control the whole system situation.
(Image source: Cloud Test)
Cloud Test is a real-time monitoring system based on clouds, which can help you monitor the performance of the website in real time, monitor the availability of third-party service providers such as CDN, DNS, API and so on, so that the application can be monitored timely and alerted. To read more technical articles, please visit the OneAPM Official technology blog.
Five "big strokes" to prevent DDoS attacks!