How to defend advanced defense? Server, Lishui machine room ddos attack Today, I accidentally learned about the traffic cleaning system to prevent DDoS attacks. Its main principle is to pull the traffic to a safe place for cleaning when being attacked by DDoS, and then bring the normal messages back to the target host. What is the principle of DDoS traffic cleaning? Traffic cleaning service is a network security service for government and enterprise customers who rent IDC services, which is used to monitor, alarm and protect DOS/DDoS attacks. The service monitors the data flow entering IDC in real time to detect abnormal traffic including DoS attacks in a timely manner. Clear abnormal traffic without affecting normal business. Effectively meet customers' requirements for IDC operation continuity. At the same time, through time announcement, analysis report and other services, the visibility of customer network traffic and the clarity of security status are improved.
The attack detection system detects the illegal attack traffic hidden in the network traffic, and immediately notifies and starts the protection device to clean up the traffic after discovering the attack; The attack mitigation system redirects suspicious traffic from the original network path to the purification product through professional traffic, identifies and strips malicious traffic, injects the recovered legal traffic back into the original network and transmits it to the target system, and the forwarding path for other legal traffic is not affected; Detector: It includes one or more hardware collectors (agents) and a server center. The distributed processing method is used to complete network traffic data collection, traffic analysis, abnormal traffic traction and other processing. The detector can be used as an abnormal flow detection module in the abnormal flow management system, or it can be used alone. Use high-performance hardware platform to complete DDoS attack filtering, P2P identification and control, abnormal traffic speed limit and other processing. Guard can be used as the exception traffic cleaning module in the exception traffic management system, or it can be used alone. A complete set of management center can manage, monitor and audit all detection equipment and protection equipment in the network, so that users can manage emergencies and abnormal traffic in the network more timely, simply and comprehensively. The specific principle of DDoS flow cleaning system is as follows:
1. Detection of attack traffic: The detector of the abnormal traffic detection device detects abnormal traffic through traffic collection (such as NetFlow) to determine whether there is a suspicious DDoS attack. If yes, report to the abnormal cleaning equipment guard.
2. Traffic traction: the protection of the abnormal traffic cleaning device configured in series cleans all the passing traffic, and the protection of the abnormal traffic cleaning device configured in bypass releases the traffic to the target IP itself through dynamic routing for cleaning.
3. Flow cleaning: The abnormal flow cleaning guard confirms the flow identification and cleans the attack flow through the characteristic flow, baseline flow and reply.
4. Traffic reinjection: after cleaning the protection equipment with abnormal traffic, inject the normal access traffic into the original network and access the destination IP. From the perspective of protectionism
How to defend the server, advanced defense? The single line, double line, multi segment and hosting of the Lishui computer room ddos attack is a common method today. More and more companies and webmasters choose hosting, which can not only reduce the economic cost of company maintenance, but also enable the platform website or service platform to obtain a large number of technical professional service support.
Advantages and disadvantages of single line host room:
When it comes to the line problem in hosting, the first thing people report is to prevent single line [the difference between Hong Kong, servers and Chinese servers]. After all, the company's display base is now facing users all over the country. If there is only one line, users may not be able to browse the website normally. Naturally, the price of single line host room goods will be much cheaper. This is the specific requirements of users. Now the price of double line host is not much more expensive. It is recommended to choose double line host room. Advantages and disadvantages of dual line host room:
When it comes to single line, there is no doubt that people will be involved in double line network. Double line servers have certain advantages over single line servers. Because there is a problem in China that the north-south routes are not connected. If only one route is selected, many user websites will open slowly. The key to double line processing is to find out which line opens the website according to the user's browsing line, thus greatly improving the user's perception. However, for some small line users, the two-wire web server that handles two mainstream products is still unable to handle the speed of website opening. Advantages and disadvantages of multi line host room:
In terms of host, people often hear about BGP multi line, which is a popular line choice now. Intelligent route selection allows users to quickly browse the platform website at any time, and the user experience is very good. The difference between single line multi segment and double line multi segment servers in the United States is introduced in detail, which means that the most time-saving and labor-saving way to distinguish between single line multi segment and double line multi segment servers is to distinguish their advantages and disadvantages. The webmaster can have clear requirements when selecting, and if the assets are abundant, it is better to choose BGP multi line.
