Web Site Server DDoS attack solution

1, server-side analysis method

(1) Synflood attack judgment

A: Network Neighborhood-> the "Properties"-> double click the NIC, the number of packets received per second is greater than 500.

B: Start-> program-> attachment-> command prompt->c:\>netstat–na and observe a large number of syn_received connection states.

C: After the network cable plugged in, the server immediately solidified cannot operate, unplug sometimes can restore, sometimes need to restart the machine to recover.

(2) TCP multiple connection attack decision

Start-> program-> attachment-> command Prompt->c:\>netstat–na, if you observe that multiple IP addresses establish more than dozens of established state connections to the local service port.

2, the client phenomenon

(1) Users cannot access the site page or open the process very slowly.

(2) The user being accessed suddenly becomes very slow or even interrupted.

Ii. Solutions

Years of statistical data show that to completely solve the DDoS is almost impossible, like the treatment of colds, we can treat, but also can be prevented, but not radical cure, but if we adopt a positive and effective defense methods, can greatly reduce or slow down the chance of illness, the prevention of DDoS attacks is also the case, It is necessary to have sufficient bandwidth and high enough host hardware to be configured, so what is sufficient bandwidth? In general, should be at least 100M sharing, then what is the configuration of high enough host hardware? In general, it should be at least P4 2.4G CPU, 512M memory and Intel and other brand network cards. The bandwidth and host that owns this configuration can theoretically respond to a SYN attack of more than 200,000 per second, but this requires professional configuration and proprietary software, and by default most servers are difficult to withstand over 1000 SYN attacks per second.

1. Free DDoS Solution

By optimizing the registry for Windows 2000 or 2003 systems, you can effectively counter about 10,000 SYN attacks per second by saving the following text content as Antiddos.reg and then importing the registry and restarting it, Antiddos.reg file

Windows Registry Editor Version 5.00

The code is as follows	Copy Code
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] "SynAttackProtect" =dword:00000002 "TcpMaxHalfOpen" =dword:000001f4 "TcpMaxHalfOpenRetried" =dword:00000190

The advantage of this scenario is that the ability of the system itself to solve the problem without any cost is a disadvantage that it can only withstand a SYN attack of less than 10000 per second and cannot resolve TCP multiple connection attacks.