分布式拒绝服务(Distributed Denial of Service)或DDoS历史悠久,当匿名(Anonymous)组织开始针对任何针对Wikileaks的网站开展行动时,它就完全成为主流。在此之前,该术语及其含义只有了解Internet 安全(Internet Security)的人才知道。
分布式拒绝服务
在讨论避免或防止DDoS攻击的方法之前,我打算在本文中介绍一些值得注意的DDoS方法。
什么是 DDOS 攻击?
相信大家都知道它的意思。对于那些不熟悉该术语的人来说,它是“分布式”拒绝服务(Denial of Service)(Denial of Service)——由于对服务器的请求过多而无法处理。
当由于大量受感染计算机有意发送的高流量而无法实时处理请求时,站点服务器将挂起并停止响应来自不同客户端的任何更多请求。受感染计算机的网络称为BOTNETS。基本上(Basically),网络中的所有计算机和智能设备都被黑客控制,拥有这些计算机的人并不知道他们已被黑客入侵。
由于请求多且来自不同的地方(被黑计算机的区域可能不同),因此称为“分布式拒绝(Distributed Denial)服务”或简称DDoS。要发生DDoS,连接尝试的数量和强度应该超过目标服务器(Server) 可以处理的数量。如果带宽很高,任何DDoS攻击者都需要更多的计算机和更频繁的请求来关闭服务器。
提示(TIP):Google Project Shield为您选择的网站提供免费的DDoS保护。
流行的 DDoS 方法和攻击工具
我们只是在上一节中讨论了众多DDoS方法中的一种。它被称为“分布式拒绝(distributed denial)”,因为通信线路不是由一两台而是由数百台受感染的计算机打开的。可以访问多台计算机的黑客可以随时开始向他想要关闭的服务器发送请求。由于它不是一台或两台而是许多计算机放置在地球上,因此它是“分布式”的。服务器不能再满足传入的请求和崩溃。
其他方法包括握手方法(Handshake method)。在正常情况下,您的计算机会打开与服务器的TCP线路。服务器响应并等待您完成握手。握手是在实际数据传输开始之前您的计算机和服务器之间的一组操作。在发生攻击的情况下,黑客打开TCP但从未完成握手 - 从而使服务器等待。又一个网站挂了?!
一种快速的 DDoS 方法是UDP 方法(UDP method)。它使用DNS(域名服务)(DNS (Domain Name Service))服务器来发起DDoS攻击。对于正常的URL解析,您的计算机使用用户数据报协议(User Datagram Protocol)( UDP ),因为它们比标准TCP数据包更快。简而言之, UDP(UDP)不太可靠,因为没有办法检查丢弃的数据包之类的东西。但它用于速度是主要问题的地方。甚至在线游戏网站也使用UDP。黑客(Hackers)利用UDP的弱点(UDP)数据包以向服务器创建大量消息。他们可以创建看似来自目标服务器的虚假数据包。查询将向目标服务器发送大量数据。因为有多个DNS解析器,黑客更容易瞄准导致站点瘫痪的服务器。在这种情况下,目标服务器接收的查询/响应也超出了它的处理能力。
阅读(Read):什么是赎金拒绝服务(What is Ransom Denial of Service)?
如果黑客没有很多计算机,则有许多第三方工具会充当僵尸网络。我记得有许多黑客组织要求Twitter 上(Twitter)的人们在一些网页表单中填写随机数据并点击发送(Send)。我没有这样做,但很好奇它是如何工作的。很可能,它也向服务器发送了重复的垃圾邮件,直到超过饱和并且服务器关闭。您可以在Internet(Internet)上搜索此类工具。但请记住,黑客行为是一种犯罪行为,我们不认可任何网络犯罪行为(Cyber Crimes)。这仅供您参考。
讲完了DDoS攻击的方法,让我们看看我们是否可以避免或阻止DDoS攻击。
阅读(Read):什么是黑帽、灰帽或白帽黑客?
DDoS 防护与预防
您无能为力,但仍然可以通过采取一些预防措施来减少DDoS的机会。(DDoS)此类攻击最常用的方法之一是使用来自僵尸网络的虚假请求阻塞您的服务器带宽。购买更多带宽将减少甚至阻止DDoS攻击,但它可能是一种昂贵的方法。更多的带宽意味着向您的托管服务提供商支付更多的钱。
使用分布式数据移动方法也很好。也就是说,您拥有不同的数据中心来部分响应请求,而不仅仅是一台服务器。在过去,当您不得不购买更多服务器时,成本会非常高昂。如今,数据中心可以应用到云中——从而减少您的负载并将其分布在多个服务器上,而不仅仅是一台服务器。
您甚至可以在受到攻击时使用镜像。镜像服务器包含主服务器上项目的最新(静态)副本。您可能希望使用镜像而不是使用原始服务器,以便可以转移进来的流量,从而可以阻止/阻止DDoS 。
为了关闭原始服务器并开始使用镜像,您需要了解有关网络上传入和传出流量的信息。使用一些监视器来保持向您显示流量的真实状态,如果它发出警报,则关闭主服务器并将流量转移到镜像。或者,如果您要密切关注流量,您可以使用其他方法来处理流量,而无需将其关闭。
您还可以考虑使用Sucuri Cloudproxy或Cloudflare等服务,因为它们提供针对DDoS攻击的保护。
这些是我能想到的一些方法,可以根据其性质来预防和减少 DDoS 攻击。如果您有任何使用 DDoS 的经验,请与我们分享。(These are some methods I could think of, to prevent and reduce DDoS attacks, based on their nature. If you have had any experiences with DDoS, please share it with us.)
另请阅读(Also read):如何准备和处理 DDoS 攻击。
DDoS Distributed Denial of Service Attacks: Protection, Prevention
Distributed Denial of Service or DDoS has a long history, and it became completely mainstream when the Anonymous group started its operations against any website against Wikileaks. Until then, the term and what it meant was known only to people with knowledge of Internet Security.
Distributed Denial of Service
I intend to cover some notable DDoS methods in this article before discussing methods to avoid or prevent DDoS attacks.
What are DDOS attacks?
I am sure all of you know its meaning. For those new to the term, it is “distributed” Denial of Service – caused by the way too many requests to the server than it can handle.
When unable to process requests in real-time due to high traffic that is intentionally being sent by a number of compromised computers, the site server hangs and stops responding to any more requests from different clients. The network of compromised computers is referred to as BOTNETS. Basically, all the computers and smart appliances in the network are controlled by hackers and the people owning those computers are not aware that they’ve been hacked.
Since the requests are many and come from different places (regions of hacked computers may vary), it is called a “Distributed Denial of Service” or DDoS for short. For a DDoS to happen, the number and intensity of connection attempts should be more than what the targeted Server can handle. If the bandwidth is high, any DDoS attacker will need more computers and more frequent requests to bring the server down.
TIP: Google Project Shield offers free DDoS protection yo select websites.
Popular DDoS Methods & Attack Tools
We just discussed one of the many DDoS methods in the above section. It is called “distributed denial” as the communication lines are opened by not one or two but hundreds of compromised computers. A hacker who has access to many computers can anytime start sending requests to the server he wants to bring down. Since it is not one or two but many computers placed across the planet, it is “distributed”. The server can no longer cater to incoming requests and crashes.
Among other methods is the Handshake method. In a normal scenario, your computer opens a TCP line with the server. The server responds and waits for you to complete the handshake. A handshake is a set of actions between your computer and server before actual data transfer begins. In the case of an attack, the hacker opens TCP but never completes the handshake – thus keeping the server waiting. Another website down?!
A quick DDoS method is the UDP method. It employs DNS (Domain Name Service) Servers for initiating a DDoS attack. For normal URL resolutions, your computers employ User Datagram Protocol (UDP) as they are faster than the standard TCP packets. UDP, in short, is not much reliable as there is no way to check dropped packets and things like that. But it is used wherever speed is a major concern. Even online gaming sites use UDP. Hackers use the weaknesses of UDP packets to create a flood of messages to a server. They can create fake packets that appear as coming from the targeted server. The query would be something that would send large amounts of data to the targeted server. Because there are multiple DNS resolvers, it becomes easier for the hacker to target a server that brings down the site. In this case, too, the targeted server receives more queries/responses than it can handle.
Read: What is Ransom Denial of Service?
There are many third-party tools that act like a botnet if the hacker does not have many computers. I remember one of the many hacking groups asking people on Twitter to fill in random data in some web page form and hit Send. I did not do it but was curious how it worked. Probably, it too sent repeated spam to servers until the saturation was crossed and the server went down. You can search for such tools on the Internet. But remember that hacking is a crime, and we do not endorse any Cyber Crimes. This is just for your information.
Having talked about methods of DDoS attacks, let us see if we can avoid or prevent DDoS attacks.
Read: What is Black Hat, Grey Hat or White Hat Hacker?
DDoS protection & prevention
There is not much you can do but still, you can reduce DDoS chances by taking some precautions. One of the most used methods by such attacks is to clog your server bandwidth with fake requests from botnets. Buying a little more bandwidth will reduce or even prevent DDoS attacks, but it can be a costly method. More bandwidth means paying up more money to your hosting provider.
It is also good to use a distributed data movement method. That is, instead of just one server, you have different datacenters that respond to requests in parts. It would have been very costly in the older days when you had to buy more servers. These days, data centers can be applied to the cloud – thus reducing your load and distributing it from across servers instead of just one server.
You may even use mirroring in case of an attack. A mirror server contains the most recent (static) copy of the items on the main server. Instead of using the original servers, you might want to use mirrors so that the traffic coming in can be diverted, and thus, a DDoS can be failed/prevented.
In order to close the original server and start using mirrors, you need to have information about incoming and outgoing traffic on the network. Use some monitor that keeps displays you the true state of traffic and if it alarms, closes the main server, and diverts traffic to mirrors. Alternatively, if you are keeping a tab on traffic, you may use other methods to deal with the traffic, without having to shut it down.
You can also consider using services like Sucuri Cloudproxy or Cloudflare as they offer protection against DDoS attacks.
These are some methods I could think of, to prevent and reduce DDoS attacks, based on their nature. If you have had any experiences with DDoS, please share it with us.
Also read: How to prepare for and deal with a DDoS attack.