Websites, APPs, and servers are subject to DDOS traffic attacks every day. According to statistics, the current trend of Internet traffic attacks in the first half of 2019 has increased significantly, and the number of traffic attacks encountered every day has reached more than 2,000. Compared with last year's attack data slightly increased. Most of the websites and APPs in China use the servers of Alibaba Cloud, Tencent Cloud, and Baidu Cloud. According to some traffic attack reports released by the above three companies, there are traffic attack incidents, mining viruses, zombie bots, and website tampering attacks. middle.
1. Periodic scanning
Regularly scan existing network master nodes, check possible security vulnerabilities, and clean up new vulnerabilities in a timely manner. Due to the high bandwidth, the computers on the backbone nodes are the most suitable for hackers, so it is very important to strengthen the host security of these hosts themselves. Also, since the servers connected to the main nodes of the network are server-grade computers, it is even more important to scan for vulnerabilities on a regular basis.
2. Configure the firewall on the backbone node
The firewall itself protects against DDoS attacks and other attacks. If an attack is discovered, you can direct the attack to a victim host that can block attacks from real hosts. Of course, these sacrificial hosts can choose Linux or Unix and other systems with few vulnerabilities and natural defense attacks.
3. Sufficient capacity to resist attacks
Ideal coping strategy. If a user with enough capacity and enough resources to attack a hacker keeps visiting the user and occupying the user's resources, the energy is gradually lost. Maybe the user wasn't attacked and the hacker couldn't move. However, this approach requires significant investment, most of which are idle, which does not match the actual operation of current SME networks.
4. Use network design equipment to protect network resources
The so-called network design equipment refers to load balancing equipment, such as routers and firewalls, which can effectively protect the network. If the network is attacked, the router dies first, but the other computer doesn't. After restarting, the dead router returned to normal and started very quickly without any loss.
If another server dies, data is lost and the process of restarting the server takes a long time. Specifically, the company uses load-balancing backups, so if one router is compromised, the other will be up immediately. This minimizes DDoS attacks.
5. Filter unnecessary services and ports
Unnecessary services and ports, that is, perform false IP filtering on the router.
6. Check the source of your visitors
To check if the visitor's IP address is true in a reverse router lookup, use a unicast reverse route forward, which will block if false. Many hackers often use fake IP addresses to confuse users, making it difficult to find the source. Therefore, unicast reverse routing and forwarding will help reduce the incidence of false IP addresses and improve network security.
7. Filter all RFC1918 IP addresses
RFC1918 IP addresses are IP addresses from internal networks such as 10.0.0.0, 192.168.0.0, and 172.16.0.0, which must be filtered because they are local IP addresses reserved for the Internet, not static IP addresses for a specific network segment. Dropping this method will not filter internal employee access, but you can mitigate DDoS attacks by filtering out the large number of fake internal IPs generated during an attack.
8. SYN/ICMP flow limit
Users must configure the maximum flow of SYN/ICMP on the router to limit the maximum bandwidth occupied by SYN/ICMP packets, which means that a large amount of SYN/ICMP traffic exceeds the specified SYN/ICMP traffic, which is not normal network access. Indicates a hacker attack. Initial throttling of SYN/ICMP traffic is the best way to prevent DOS, but this method is less effective against DDoS, but can still help a little.
The above method can mitigate some small traffic attacks. If you are attacked by a large amount of traffic, Xiaoyi recommends using professional high-defense services to resist DDOS attacks. Ant Jun can automatically identify attack traffic and intelligently clean malicious attack traffic. Solve various abnormal server performance problems caused by traffic attacks, and ensure the stable operation of the server.