Network Management teaches you how to prevent hacker DdoS attacks

Source: Internet
Author: User

Comments: A DDoS attack uses a group of controlled machines to initiate an attack on a single machine. Such a rapid attack is hard to guard against, so it is highly destructive.

If the network administrator can filter IP addresses Against Dos in the past, there is no way to face the current DDoS many spoofed addresses. Therefore, it is more difficult to prevent DDoS attacks. How can we take effective measures? Next we will introduce it from two aspects.
  I. looking for opportunities to respond to attacks
If a user is under attack, he or she will be able to defend against the attack. Because there was a catastrophic high-volume attack that rushed to the user without preparation, it is likely that the Network was paralyzed before the user returned. However, users can seize the opportunity to seek a glimmer of hope.
(1) Check the attack source. Generally, hackers initiate attacks through many fake IP addresses. At this time, if the user can tell which are real IP addresses and which are false IP addresses, then, find out the network segments from which these IP addresses come from, and ask the network administrator to disable these machines so as to immediately eliminate the attack. If you find that these IP addresses are from outside, rather than from inside the company, you can use a temporary filter to filter these IP addresses out on the server or vro.
(2) Find the route through which the attacker passes and block the attack. If hackers launch attacks from some ports, they can block these ports to prevent intrusion. However, this method has only one outlet for the company's network and is not very effective when it suffers from external DDoS attacks. After all, after the export port is closed, all computers cannot access the internet.
(3) The last method is to filter out icmp on the vro. Although the intrusion cannot be completely eliminated during the attack, the ICMP filter can effectively prevent the upgrade of the attack scale and reduce the attack level to a certain extent.
  2. prevention-based security assurance
DDoS attacks are the most common attack methods for hackers. Some common methods to deal with them are listed below.
(1) filter all RFC1918 IP addresses
RFC1918 IP addresses are Intranet IP addresses, such as 10.0.0.0, 192.168.0.0, and 172.16.0.0. They are not fixed IP addresses of a CIDR block, but regional IP addresses reserved within the Internet. They should be filtered out. This method does not filter access by internal employees, but filters out a large number of fake internal IP addresses during the attack, which can also reduce DDoS attacks.
(2) Use enough machines to withstand hacker attacks
This is an ideal response strategy. If a user has sufficient capacity and resources to attack hackers, his or her energy will gradually be lost when he or she constantly accesses users and captures user resources, maybe the hacker is no longer able to seek help when the user is attacked. However, this method requires a lot of investment, and most devices are idle at ordinary times, which is inconsistent with the actual network operation of small and medium-sized enterprises.
(3) fully utilize network devices to protect network resources
Network devices are Server Load balancer devices such as routers and firewalls that can effectively protect the network. When the network is attacked, the router is the first to die, but other machines are not dead. After the dead router is restarted, it will return to normal, and it is very fast to start up, there is no loss. If other servers die, data will be lost, and restarting the server is a long process. In particular, a company uses a Server Load balancer device, so that when a router is attacked and crashed, the other will immediately work. This minimizes DDoS attacks.
(4) configure the firewall on the Backbone Node
The firewall can defend against DDoS attacks and other attacks. When an attack is detected, the attack can be directed to some sacrifice hosts to protect the real host from being attacked. Of course, you can choose less important sacrifice hosts, or have fewer linux and unix vulnerabilities and guard against attacks on excellent systems.
(5) filter unnecessary services and ports
You can use tools such as Inexpress, Express, and Forwarding to filter out unnecessary services and ports, that is, filter fake IP addresses on the vro. For example, Cisco's CEF (Cisco Express Forwarding) can compare and filter packets between the Source IP address and the Routing Table. Opening only the service port has become a popular practice for many servers. For example, if the WWW server is only open to 80, all other ports are closed or the firewall is blocked.
(6) restrict SYN/ICMP traffic
The user should configure the maximum SYN/ICMP traffic on the router to limit the maximum bandwidth that the SYN/ICMP packets can possess. In this way, when a large amount of SYN/ICMP traffic exceeds the limit, it indicates that there is a hacker intrusion instead of a normal network access. Early Times, limiting SYN/ICMP traffic is the best way to prevent DOS attacks. Although the current method has little effect on DDoS attacks, it can still play a certain role.
(7) regular scanning
You need to regularly scan existing network Master nodes, check for possible security vulnerabilities, and promptly clean up new vulnerabilities. The computers on Backbone nodes have high bandwidth and are the best locations for hackers to exploit. Therefore, it is very important for these hosts to enhance host security. In addition, server-level computers connect to the network's master node, so regular vulnerability scanning becomes more important.
(8) Check the visitor's source
Use Unicast Reverse Path Forwarding and other methods to check whether the visitor's IP address is true through Reverse router query. If the visitor's IP address is false, it will block it. Many hacker attacks often confuse users with false IP addresses, making it difficult to find out where they come from. Therefore, the use of Unicast Reverse Path Forwarding can reduce the appearance of false IP addresses and improve network security.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.