determine if the site has a SYN attack: by right-clicking on the Network Neighborhood and selecting Properties double-click the NIC to see the data, the packets received more than 500 per second, you can be judged to have been synflood DDoS attack. Another way is to click Start, select Run, enter cmd, pop up the cmd window, type the command: C:\netstat-na, if received a large number of syn_received connection status can be determined to have Synflood attack, the third approach is to plug in the network cable, Server solidification can not be manipulated, or can be operated and compare cards, need to restart to be able to recover, which indicates that the Synflood DDoS attack. To determine a TCP multi-connection attack: Open cmd, enter the command prompt C:\netstat-na, if many external IP addresses are observed to establish more than dozens of establised status links to the local server, they are synflood DDoS attacks. The client will be slow, the card, the status of the drop line. Years of statistical data show that it is almost impossible to completely solve DDoS, like treating a cold, we can treat, but also can be prevented, but not cure, but if we take a positive and effective defense methods, can greatly reduce or slow down the chance of illness, to combat DDoS attacks, It is necessary to have sufficient bandwidth and high-level host hardware, so what is sufficient bandwidth? In general, it should be at least 100M shared, so what is the host hardware that is high enough to configure? In general, it should be at least P4 2.4G CPU, 512M memory, and Intel-branded NICs. The bandwidth and host with this configuration can theoretically handle more than 200,000 SYN attacks per second, but this needs to be achieved with specialized configuration and specialized software, and by default, the vast majority of servers are not able to withstand more than 1000 syn DDoS attacks per second. 1. Free DDoS Solution by optimizing the registry of Windows 2000 or 2003 systems, it is effective against about 10,000 or so SYN attacks per second by saving the following text to Antiddos.reg and then importing the registry and restarting it. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] " SynAttackProtect "=dword:00000002 "TcpMaxHalfOpen" =dword:000001f4 "tcpmaxhalfopenretried" =dword:00000190 The advantage of this scenario is that the system itself is able to solve the problem without any cost, with the disadvantage of being able to withstand a SYN attack of less than 10000 per second and unable to resolve the TCP multi-connection attack and Exchange qq:2881064159.
How can the system itself solve a DDoS attack on a website?