How to Stop Distributed Denial of Service ( ddos attacks)

 

DDOS is an acronym of Distributed Denial of Service .Defense Distributed Denial of Service ( ddos attack) is a systematic project, the DDOS attack is distributed, the concerto a wider range of large-scale offensive battle, of course, its ability to destroy before the less. It also makes the DDOS prevention work more difficult. Want to rely solely on the server of some kind of system or anti-anti-flow attack guard DDOS is unrealistic, be sure to completely eliminate DDOS is not possible, through appropriate measures against 99.9% of the DDOS attack can be done the sake of attack and defense has a cost overhead, through the appropriate way to enhance the ability to withstand DDOS, which means increased cost of attackers, then the vast majority of the attacker will not be able to continue to give up it is equivalent to the successful defense of a DDOS attack.
With the growing popularity in recent years, traffic attack wantonly spread on the Internet, the dangers of DDOS attacks escalated, the face of the potential variety of unpredictable attacks, more and more enterprises was overwhelmed and powerless. Single high anti-anti-traffic attack server as a powerful firewall, like the problem can be resolved is limited, while the cluster of high anti-anti-flow attacks, nor is the general business can grasp and use. How to ensure that the conditions of victims of DDOS attacks, the server system to normal operation or to reduce the dangers of DDOS attack?
For enterprises, this system works often have to invest a lot of network equipment, the purchase of a large network bandwidth and the need to site should be amended accordingly, but also with relevant personnel to maintain the project had completed, can not resist live external attack may still be unknown. Asian data defensive DDOS attack should take into account BGP traffic cleaning technology-based multi-faceted, multi-angle, multi-structure of the multi-stand system security system and active defense, security, emergency, security management, physical security, data capacity disaster a few system start, in order to integrate the high anti-server "and" anti-intelligent DNS "high anti-server cluster" "cluster firewall architecture" network monitoring system "and" anti-intelligent routing system "in order to achieve intelligent, perfect rapid response mechanism "first-line-style" security architecture.
DDOS defense methods outlined
Abnormal traffic, clean the filter:
The abnormal flow through DDOS hardware firewall cleaning filter rules through the packet filter, the data stream fingerprint detection and filtering, and packet content customized filter top technology can accurately determine whether the foreign traffic is normal, further abnormal traffic ban filter. Single load defensible 800-927 Million syn attack packets per second.

Distributed cluster defense:
This is the most effective way for large-scale DDOS attacks in defense of the network security community. Characteristics of the distributed cluster defense is the server to configure multiple IP addresses at each node, and each node is able to withstand not less than 10G of DDOS attacks, such as a node under attack can not provide the service, the system will automatically switch according to the priority setting another node, and packets of the attacker's full return to the sending point, the attack source to become paralyzed from the more depth security point of view to influence the security implementation of decision-making.
High anti-intelligent DNS resolution:
The perfect combination of intelligent DNS resolution and DDOS defense system, super-detection capabilities to provide enterprises against emerging security threats. It subverts the tradition of a domain name corresponds to the practice of a mirror, smart route based on the user's Internet DNS resolution requests resolve to the user belongs to the network server. Intelligent DNS analysis system downtime detection, at any time can paralyze the server IP intelligence replaced the normal server IP for the company's network to maintain a state of the service never goes down.



This address is http://www.computerites.com/computer-skills/2012/02/how-to-stop-distributed-denial-of-service-ddos-attacks-394.html