How powerful is the 200G DDoS attack on the music vision?

Editor's note

July 20, 2016, le video official micro-release notice said: July 19, le Video was subjected to high-intensity DDoS traffic attacks, traffic peaks up to 200gbps/s. After the attack, Le Vision Company launched the most advanced contingency plan, after emergency repair and return to normal access.

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/87/4A/wKioL1fbjWqBjozzAAEghaTaO1U711.png-wh_500x0-wm_3 -wmp_4-s_3362036291.png "title=" image source: Weibo "width=" height= "508" border= "0" hspace= "0" vspace= "0" style= "width:300px ; height:508px; "alt=" Wkiol1fbjwqbjozzaaeghatao1u711.png-wh_50 "/>

Image source: Weibo

After the incident, some netizens questioned, 200G DDoS traffic attack how much power? How can a large Internet company's website attack be paralyzed? How can we prevent it? These issues need to start with what is DDoS.

• What is a DDoS traffic attack?

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M02/87/4A/wKioL1fbjeLwLU1PAAAO6K3CUNc604.png-wh_500x0-wm_3 -wmp_4-s_2194309658.png "title=" 2.png "alt=" Wkiol1fbjelwlu1paaao6k3cunc604.png-wh_50 "/>

Image source: Network

According to public information, DdoS (Distributed denial of service) Full name distributed denial of service attack (also known as traffic flooding). The main attack mode is to use multiple computers to send flood-like attack packets to the specified target server, causing the system resources or bandwidth of the attacked server to be exhausted and unable to respond to the user's normal request.

In a popular analogy, it is as if an attacker hired a large number of heavy trucks to stop on the road, causing the normal traffic to fail and make it more paralyzed.

• What is the concept of 200Gbps traffic attacks?

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M02/87/4D/wKiom1fbjgmB9VCiAAAtmEPsxhw421.png-wh_500x0-wm_3 -wmp_4-s_2214716242.png "title=" 3.png "alt=" Wkiom1fbjgmb9vciaaatmepsxhw421.png-wh_50 "/>

Image source: Network

As we all know, due to the limitations of the server's own hardware conditions, can accommodate the maximum number of visits is limited, analogy with the road above, a fixed road can accommodate the number of vehicles is also limited. Users online access server needs to occupy a certain amount of bandwidth resources of the server, aside from memory, only 200Gbps of pure traffic attacks, the number of ordinary users to use the number of home computers, the amount may be between 150,000 million, or even higher, so many malicious access, while occupying server bandwidth, Memory resources, and the server is paralyzed by resource exhaustion.

• How to properly guard against DDoS traffic attacks?

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M01/87/4D/wKiom1fbjiXgaVXgAAFTcPX-Mnk588.jpg-wh_500x0-wm_3 -wmp_4-s_2806903448.jpg "title=" 4.jpg "alt=" Wkiom1fbjixgavxgaaftcpx-mnk588.jpg-wh_50 "/>

Image source: Network

TCP/IP protocol is the most widely used data transmission protocol in the Internet, DDoS traffic attack is almost the most difficult one in all network attack means, which is caused by the security flaw of TCP/IP protocol itself.

There is no fully effective method for DDoS traffic attacks, but it can be prevented in the following ways:

1. Set the appropriate kernel parameters to the system, which makes the system force the reset of the packet to the SYN request that timed out, while the system can quickly process the invalid SYN request packet by shortening the timeout constant and the long waiting queue.

2. Make some configuration adjustments to the routers on this network segment, which include limiting the flow and number of SYN half-open packets. In the front-end of the router, more necessary TCP interception, so that only the completion of the TCP three handshake process of the packet can enter the network segment, which can effectively protect the server in this network segment is not affected by such attacks.

3. Lease high anti-attack servers, such servers usually use a hardware firewall to protect the server, in place of the server to perform some functions, so that the IP routing more stable, to protect against DDoS traffic attack effect. Banling data (www.3389idc.cn) focuses on high-protection service system, providing high-protection server leasing/hosting business for small and medium-sized enterprises and personal Internet applications, currently serving hundreds of customers.

This article is from the "11788603" blog, please be sure to keep this source http://11798603.blog.51cto.com/11788603/1853101

How powerful is the 200G DDoS attack on the music vision?