I. Symptom Analysis there are two main types of Internet access for website Server Operators: Host hosting and self-pulling network leased lines, most people use the former, but many Internet cafe owners use the latter. Whether connected by the former or the latter, users can normally access the website, browse the webpage, listen to music and watch movies online, or participate in Forum posts, assuming that line and hardware faults can be ruled out, and suddenly find that the webpage cannot be opened or the connection to the server is difficult, the game users are offline, and other phenomena, it is likely to be suffering from DDoS attacks, the specific determination method is as follows: 1. Server analysis method (1) synflood attack Determination A: Network Neighbor-> right-click and choose "attribute"-> double-click the network adapter, and the number of packets received per second exceeds 500. B: Start-> Program-> attachment-> command prompt-> C: \> netstat-na. A large number of syn_received connections are observed. C: After the network cable is plugged in, the server is immediately solidified and cannot be operated. After pulling out, the server can be recovered. Sometimes, you need to restart the server to recover the server. (2) TCP multi-connection attack determination start-> Program-> attachment-> command prompt-> C: \> netstat-na, if it is observed that multiple IP addresses are connected to the Service port of the Local Machine with dozens of established statuses. 2. Client symptom (1) the user cannot access the website page or the process of opening the page is very slow. (2) users accessing the service suddenly become very slow or even interrupted. 2. Years of statistics on solutions show that it is almost impossible to completely solve DDoS attacks, just like treating colds. We can treat or prevent them, but cannot cure them, however, if we adopt active and effective defense methods, we can greatly reduce or reduce the probability of illness, as well as prevent DDoS attacks, sufficient bandwidth and high enough host hardware are required. What is sufficient bandwidth? Generally, it should be at least m shared. So what is the host hardware with high enough configuration? Generally, it should be at least P4 2.4g CPU, M memory, Intel and other brands of network cards. The bandwidth with this configuration and the host can theoretically cope with more than 0.2 million SYN attacks per second, but this can be achieved through professional configuration and dedicated software. By default, most servers are hard to defend against more than 1000 SYN attacks per second. 1. The free DDoS solution optimizes the registry of Windows 2000 or 2003 to effectively defend against about 10 thousand SYN attacks per second by saving the following text content as antiddos. reg and then import the registry and restart, of course, you can also download the antiddos directly from the address http://www.bingdun.com/tools/antiddos.reg "target = _ blank> http://www.bingdun.com/tools/antiddos.reg. reg file. Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters] "SynAttackProtect" = DWORD: 00000002 "tcpmaxhalfopen" = DWORD: 000001f4 "placement" = DWORD: 00000190 the advantage of this solution is that it uses the system's own capabilities to solve the problem without any cost. The disadvantage is that it can only defend against SYN attacks of less than 10000 per second and cannot solve TCP multi-connection attacks.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.