Answer the question
In order to leave comments, you need to log in
S
S
Sergey2015-03-08 05:35:43
Sergey, 2015-03-08 05:35:43
What methods of counteracting Ddos attacks exist, what is generally useful on the topic?
I am sitting in thought and FELASAF inside me cannot understand the essence of being.
Here is an ordinary student. And he takes and ddosit the site. Of course, you don’t need to download any program from hakir.ru and press the button, but where do they get a botnet? For me it's a mystery. This is the first point that I can't understand. Collect yourself? It's not fast, it's not safe, it's not easy. If a vulnerability is exploited in the public domain, then it quickly rubs off and this botnet becomes negligible pretty quickly. Buying private grids? But where does the student get the money for them? Not only is the criminal code being violated, but the mother will also put her in a corner, what if it’s cold, scary and dark there?
The second philosophical riddle lies in the fact that it seems like there is protection, you can filter requests, redirect and generally distribute loads to different servers, but at the same time the channel is not rubber anyway and if you want, you can put anything in large volumes of traffic, even Facebook, and where after that to post pictures of the cat? Those. under large volumes, everyone is vulnerable.
It turns out that there is no protection, and DDoS is simple even for children. Pichalka.
Or is DDoS not so simple?
Is there still protection?
Then what, besides qrator and cloudfares?
Well, and more questions for general development:
1. How to understand that you are being DDoSed if your server is down and not responding? you never know what there can be so lulling for him. How to understand what exactly ddos is going on?
2. What can you do yourself on the server in order to be as prepared for ddos as possible? Are there any other features besides iptables rules?
3. Is it legal to redirect attack traffic back? On the one hand, he himself ran into the same. On the other hand, infected botnet servers can be useful, what if there is some kind of porn site, and I will put it in response traffic ... Are there instructions or reading material somewhere on the topic of repelling attacks?
4. If I bought a lot of proxy servers and conduct DDoS attacks on my own in order to check the load and fault tolerance, have I also violated the law? Botnet, attacks in all fields....
5. Is the activity of such attacks monitored in general somehow over the network? It's not for nothing that the Chinese zaherachili themselves, probably tracked? Why, then, were the schoolchildren not yet transplanted, probably being tracked poorly?
6. How do providers behave? it's easier for them to disable the client, as I understand it, right? But if the DNS is registered on the server of the hosting provider, no matter how you throw it away, the attacks will go there. You still have to filter somehow ... How do hosting and providers deal with attacks? Are they sitting on their hands?
Well, any advice, books, articles in this area are welcome.
Particularly interesting are the methods of protection. And then I sleep badly.
2 answer(s)
@butteff
Well, most servers still have a monitoring system, which shows an anomalous increase in a certain server indicator, if the system is not installed and you can still get to the server, then it looks like handles, if you can’t get there remotely, then look through IP-KVM, that’s all perfectly visible on the counters.
It depends on the amount of free money, here, as usual, the opposition of weapons and armor, whoever invested the most wins, your firewall rules for DDoS to the ass will only help from a simple DoS, with normal DDoS, it’s easiest to take you down with an attack on the lane and not bother with it at all what you have configured there is cheap and effective.
DDosyat not from one address, well, redirect, raise the load on your server 2 times, lie down twice as fast. Imagine that there are 1000 people around you and everyone spits at you, can you spit on everyone?
Attacks are not carried out from proxy servers, you can just as well attack from your own toaster. There are special tools to check the behavior of the server under load, for example hping, ab, yandex tank .... they are enough to understand how the server will behave under a certain attack, it’s easy to look at the shoulder of the attack, the larger the shoulder, the easier it is to lay down your server , for many servers, an attack from one machine is enough to lie down completely.
Who needs it, they track, most don't give a damn. To track, you need to invest heavily in traffic collectors, buy an analysis system, hire specialists to work with it, only rich companies do this, look at the prices for equipment of the same Arbor - you will understand, starting from what level of the company it makes sense to bother with this, and not go under someone else's protection.
If we are talking about hosters, then small ones go under protection, large ones have their own equipment to fight in automatic mode, if the client is constantly attacked, but he does not want to pay for protection, then it is cheaper to turn it off. If we are talking about ISPs, then in most cases they don’t give a shit and it’s cheaper to let through all traffic than to analyze it, ISPs have very fat channels and they start to itch if DDoS is very serious, today it’s over 100 gigabits of bandwidth, then attacked addresses start blocking to BGP, wrapped in null.
From books and advice - the best Google, look for a list of possible attacks, then for each attack you read separately the methods of counteraction, protection against a serious attack, not the hping level of a schoolboy - this is very expensive.
@inkvizitor68sl
S
Sergey Petrikov, 2015-03-08 @butteff
1. How to understand that you are being DDoSed if your server is down and not responding? you never know what there can be so lulling for him. How to understand what exactly ddos is going on?
Well, most servers still have a monitoring system, which shows an anomalous increase in a certain server indicator, if the system is not installed and you can still get to the server, then it looks like handles, if you can’t get there remotely, then look through IP-KVM, that’s all perfectly visible on the counters.
It depends on the amount of free money, here, as usual, the opposition of weapons and armor, whoever invested the most wins, your firewall rules for DDoS to the ass will only help from a simple DoS, with normal DDoS, it’s easiest to take you down with an attack on the lane and not bother with it at all what you have configured there is cheap and effective.
DDosyat not from one address, well, redirect, raise the load on your server 2 times, lie down twice as fast. Imagine that there are 1000 people around you and everyone spits at you, can you spit on everyone?
Attacks are not carried out from proxy servers, you can just as well attack from your own toaster. There are special tools to check the behavior of the server under load, for example hping, ab, yandex tank .... they are enough to understand how the server will behave under a certain attack, it’s easy to look at the shoulder of the attack, the larger the shoulder, the easier it is to lay down your server , for many servers, an attack from one machine is enough to lie down completely.
Who needs it, they track, most don't give a damn. To track, you need to invest heavily in traffic collectors, buy an analysis system, hire specialists to work with it, only rich companies do this, look at the prices for equipment of the same Arbor - you will understand, starting from what level of the company it makes sense to bother with this, and not go under someone else's protection.
If we are talking about hosters, then small ones go under protection, large ones have their own equipment to fight in automatic mode, if the client is constantly attacked, but he does not want to pay for protection, then it is cheaper to turn it off. If we are talking about ISPs, then in most cases they don’t give a shit and it’s cheaper to let through all traffic than to analyze it, ISPs have very fat channels and they start to itch if DDoS is very serious, today it’s over 100 gigabits of bandwidth, then attacked addresses start blocking to BGP, wrapped in null.
From books and advice - the best Google, look for a list of possible attacks, then for each attack you read separately the methods of counteraction, protection against a serious attack, not the hping level of a schoolboy - this is very expensive.
�
Влад Животнев, 2015-03-08 @inkvizitor68sl
Записал в тудушку себе написать статью, недели через 2 на debian.pro появится. Может раньше.
Similar questions
A
A
V
M
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question