DDos Attack Protection

Go online without any protection is the same to go into battle without any weapon. Did you know that 90% of computer users in the U.S. are infected with malware?

Malware are programs that have malicious intent and can do many things. It can steal your user name, password, take control of your PC, slowing down your computer and more.

Even large companies are also using malicious software to their product. For example, Sony put a rootkit in your CDs to prevent piracy. Although they are a big company, using malicious software into your product is unacceptable.

There are few types of malware and below is the list of 7 types of malicious software and a brief description of each:

1. Spyware

As the name implies, spyware is software that spies on everything you do, which websites you are visiting, the habit of navigation, installing additional software and change your homepage. You can remove it by installing spyware.

2. Adware

Few books have different opinions about the adware, some classified as spyware, but advertising shows, others put adware on your own category. Whatever the category, adware is software that displays advertisements and may be legally installed in your PC. The amount of mass of pop-ups you are experiencing while surfing the Internet can be caused by adware.

3. Rootkit

Rootkit is software that can hide the presence inside your PC. Even though your antivirus will not be able to detect it. However, if your antivirus program to examine before the start of Windows, then you might be able to have the opportunity to remove it. Another way you can try is using the Rootkit Revealer by Sysinternal.

4. Trojan Horse

Trojan Horse is a program named after the famous Trojan horse in Greek mythology. As its name suggests, this malware, it will only work if you run and usually dress up as a folder to trick you.

5. Worm

A worm is software that can infect your PC and turn your PC into a zombie computer. A zombie computer is a computer that can be controlled by hackers and often is used to execute DDoS attacks and, for example, the worm Conficker.

6. Virus

I think this is one of the most popular malware. A computer virus is software that can replicate in your system and infect certain types of files and what is useless. There are viruses that infect files. Doc o. SWF files.

The term virus is also used to describe other types of malware such as trojan horse and worms. Technically, it is not the same.

7. Keylogger

Keylogger is a program that records everything you write, including your user name, password, credit card information and much more. Each time you use the keyboard, it will log everything and return it to its creator.

As you can see there are many online threats that can infect your PC and the only way to fight them is by obtaining knowledge. Knowledge is power and it is really true in terms of security.

Denial of Service (and its lesser known cousins, Distributed Denial of Service) attacks can be a worst nightmare for network administrators. Once under way are very difficult to resolve quickly, and could cost hours of productivity and frustration that people can not access their web services or remote access of their work. What is a DDoS attack? And more importantly, what are the best ways to prevent a DDoS attack?

A distributed denial of service is when malicious users target enterprise servers with fake requests for service or wrong, flooding the servers with traffic until it shuts down, or at least be so busy managing Internet traffic false actual data traffic can not get through. This can be paralyzing or stop completely web, email, and any other data transport services that your company needs to get its work done, resulting in many man-hours lost as problems are resolved. However, there are several ways to prevent attacks, and quality of managed hosting company will use all or some of them on their dedicated servers.

The first and most important line of defense is a traffic analyzer. These software products consists of a set of computer programs that constantly analyze the source and data traffic in search of the most common signs of bogus traffic requests and other markers that are commonly found as part of DDoS attacks. Once this type of traffic is the best software can filter out and preventing it from reaching the server in the first place. Then in the next line of defense, a dedicated server company will have a firewall that filters traffic further. The work firewall preventing access to the server ports and are rarely used resources according to the guidelines specified. By restricting these resources usually unprotected server software, firewalls to block and prevent some of the most common access points and weaknesses for Denial of Service attacks. Business hosting And finally, many managed to provide a backup set with a distinct and separate address and data connection, so that in the case of a DDoS attack, the service can be switched to backup not affected.

Well, say about managed dedicated hosting services, services management server differs from one provider to another and its terms. There is no set standard for defining the role of dedicated server providers. Some of the suppliers web site hosting offer fully managed dedicated server as the owner of a control panel web-based, while some say they have a complete professional system engineers available to provide all-day server support management.

What are the services to look for in a management server?

* Update Antivirus
* Firewall Services
* Operating system updates
Updates * Application / Program
* Software / Applications Installation and Configuration
* Regular Monitoring Server
* Implementation / Monitoring Program
* Load Balancing
* Security Audits
* DNS Services
* Restoration and Backup
* Database Administration
* DDoS Protection
* Intrusion Detection
* User Management

Before, choosing a dedicated hosting server must ensure that the service provider offers the services of the front of the server. Server side means that these services are only accessible to suppliers of dedicated servers. This does not mean that the owner will not receive access server, you have access to many other services such as root access or remote dedicated server.

Most web hosting companies keep administrative maintenance including upgrades and updates, configuration, adding / creating / managing user accounts, email accounts and domains.

Terminology defined in the management server:

Hosting providers few terminologies used depending on the level of service they offer. Let's see what they are.

Fully maintained

This is a high level of server management, including monitoring, software updates, reboots, security patches and operating system (OS) updates. Customers are entirely free of these headaches and are able to focus on their core business.

Managed

It is a medium level of management includes monitoring, updates and a limited amount of customer and technical support. The managed hosting customers are able to perform limited tasks.

Self-managed

In this type of service, only included regular monitoring and some maintenance. As you lease your own server may be necessary to have some expertise with web servers, to carry out its own management and administrative tasks. In case, If you have no expertise, hire a technical expert can manage your server management tasks.

A managed

With this service, dedicated server hosting provider offers only the network connection and resources according to the package. It is your responsibility to handle all the server maintenance, upgrades, patches and security.

Take your time to go through these services and decide which service provider hosting dedicated server is best for your business.

Recently, many anti-scam websites have been subject to denial of service (DDoS) attacks by fraudsters. Believe it or not, are not so protected by using computers to perform the DDoS attack. The innocent people unwittingly helping these people irresponsible to carry out the attack. This computer is called "zombies" and the team of zombies are computers infected with viruses or Trojan and used by fraudsters to carry out the DDoS attack.

The virus or trojan that opens a backdoor on the target computer to hackers so that he or she will have access to the destination computer. In some cases, hackers will sell access to another person and that person will use to access any purpose that you like. If a spammer has access to your computer, you will use to send spam messages.

The DDoS attack is performed by the scammers by sending useless data in a specific web server and when the server can not handle the data flow, it will crash. This is what is happening now in the fight against many scam websites.

This is only one thing that hackers can do when your computer is not protected. If I go to the list of what computers can do so not protected, it will be a long list. Therefore, we must protect our computer. However, some protection has a high price and some are free. In this article, I'll tell you where you can get a good optimum equipment protection without paying a penny.

1. Antivirus

Your computer needs an antivirus. A good antivirus will have real time protection, detection rate is good and easy to use. If you have no antivirus on your PC, get one. Antivirus can find and remove viruses and trojans from your PC. There are three that I personally recommend antivirus. Avast! Antivirus, AVG and Avira AntiVir Personal Edition.

2. Firewall

Firewall is important to block incoming or outgoing traffic. If you have malware on your computer, you will be able to send information from your computer and firewall will be able to block it. When you buy a new PC, I suggest you to activate the Windows firewall before going online. Although Windows Firewall can not protect certain malicious threats completely, but good enough to protect you before installing a new firewall. After that, you need to find a good firewall and install on your system. I personally recommend two free firewalls. Comodo Firewall Pro and ZoneAlarm.

3. Spybot Search and Destroy

Spybot Search and Destroy is good at finding spyware, malware and adware threats in your PC. It also has some real time protection and best of all, it's free. It has good detection rate and can detect keyloggers into your computer.

4. Ad-Aware 2007

Ad-Aware 2007 Free has been used by 250 million people, providing good protection. If you have some money to spend, consider upgrading to Ad-Aware 2007 Plus because it has real time protection. But the free edition is good enough if it is set in the budget. But it takes a little more work because you have to perform manual examination and has no real time protection.

Fantastico Deluxe new website facilitates the rapid creation and easy. With over 50 pre-installed scripts for webmasters choose are only limited by your imagination and creativity.

What is Fantastico

Netenberg Fantastico Deluxe invented before Cpanelthemes.com is a division of Kosmopolis Inc. Located in Wilmington, Delaware.

They have succeeded in creating one of the auto installers most widely used on the web with more than one million users worldwide.

Fantastico Deluxe is a web application included free for many web hosting providers. Contains a collection or library of scripts. Fantastico will auto install script of your choice on demand.

The task of managers of content, such as installation of Word Press, Joomla, Drupal, Mambo, Xoops and can be reduced to a few minutes. Furthermore, it is not necessary to raise 100 of files through an FTP client to take 20 minutes or more.

If you use a photo gallery, then quickly take advantage of a full Coppermine Photo Gallery feature written in PHP and comes with Fantastico.

Fantastico Dashboard is divided into sections with each section has its own category and the collection of scripts.

The main categories are:

1. Blogs

2. Content Management

3. Customer Relations (support services, chat and support services)

4. Electronic commerce (shopping carts)

5. Discussion Forums

6. FAQ

7. Billing

8. Image Galleries

9. Polls and Surveys

10. Project Management

11. Wiki

12. Other scripts

Several scripts can be installed in different directories. It is possible to arrange one or many sites simultaneously in a single account. You are limited only by the amount of web space and bandwidth purchased.

Selecting a web hosting service providing free Fantastico can save time and money, especially if you plan to host multiple sites on one account. It is not uncommon for some providers charge an annual fee of $ 9 or more for access to only one of these pre-installed scripts. Install these free Fantastico scripts can run more than $ 360 annually in addition to housing fees.

But a word of caution, some web hosting is not properly updated script with the current versions, which can be a security risk. With programs like Wordpress can not be a problem if you add the add automatic update when installing the sortware.So before buying make sure the scripts are updated frequently.

Fantastico Deluxe offers endless opportunities for website feedback through live chat, polls and surveys.Develop website content free through discussion forums to help improve the ranking and search engine traffic increase.

Hosts that offer free Fantastico De Luxe

• Hostmonster
• BlueHost
• LunarPages
• Hostgator
• FastDomain

Features

Hostmonster

• $ 4.95-$ 6.95 per month
• Quad Processor Performance Servers
• Linux Operating System
• Apache
• UPS Power Backup / Back-generator p
• OC-48 Backbone Connection
• Courtesy Site Backups
• Free Domain
• Unlimited Domain Hosting
• Multimedia Support
• Cronjobs
• Ruby On Rails
• Founded in 1996
• Location Utah

BlueHost

• $ 6.95 per month
• Quad Processor Performance Servers
• Linux Operating System
• Apache
• UPS Power Backup
• Diesel Power Generator Backup
• OC-48 Backbone Connection
• Courtesy Site Backups
• Multimedia Functions
• Host Unlimited Domains
• Location Utah

LunarPages

• $ 4.95 per month
• 2000 Mbit Connectivity
• DDoS Protection
• Tape Backup
• Power Generator
• Multimedia Functions
• Ruby On Rails
• Dreamweaver Compatible
• Unlimited MySQL Databases
• Unlimited Email Accounts
• Unlimited Email Auto Responders
• 4 Centers Data
• Location California
• 100 + Staff Members

HostGator

• $ 4.95 per month
• Unlimited Disk Space
• Unlimited bandwidth
• Free Choice
• Cronjobs
• Ruby On Rails
• Unlimited Disk Space
• Unlimited bandwidth
• Host 1 domain
• Status of Texas and Brazil

FastDomain

• $ 5.95 per month
• Quad Processor Performance Servers
• Linux Operating System
• Apache
• UPS Power Backup / Back-generator p
• OC-48 Backbone Connection
• Courtesy Site Backups
• Cronjobs
• Multimedia Functions
• Free Domain
• Founded in 2005
• Unlimited hosting space
• Unlimited file transfer
• Unlimited Domains

Glossary

Linux – such as Windows XP, 95 is an operating system. Created by Linus Torvalds at the University of Helsinki in Finland 1991. Unlike Windows Linux is free open source software developed under the GNU (General Public License).

Apache – web server is used to display web pages on the World Wide Web.

UPS – called an uninterruptible power supply best known as a battery backup.

Cronjobs – is an automated program that allows the user to repeatedly run a scheduled task on a specific date and time.

OC-48 – A fiber optic backbone used in large networks means Optical Carrier OC. The speed of an OC-48 is equivalent to 1344 T1 lines or 43 T3.

Attack DDoS – distributed denial of service means.

DDoS-attacks can be initiated by the Trojans who seek and are installed on computers with virus protection and patches obsolete. These teams collectively form a network of systems that can run to an attack on a website by sending large amounts of bandwidth traffic overload the rendering unusable site visitors seeking access to the site or service.

DDoS attacks can also be exploited by software errors.

Hosts with DDoS Protection

1. Pages of the Moon

2. HostICan

3. Host Department

In summary

This feature list is by no means exhaustive.We recommend you visit each web hosting for a full list of products included in each hosting account and any reduction in prices associated with special offers.

Hackers have an arsenal of methods to move from denial of service (DoS). The following seven sections focus on the extent of the dilemma faced by organizations trying to battle the DoS threat. TippingPoint provides solutions to combat these common methods of DDoS attacks:

• Vulnerabilities

• Staffing Zombie

• Tools attack

• Attacks bandwidth

• SYN Floods

• Floods Connection established

• Connections per second Floods

Method 1 – Vulnerabilities

Attackers can attempt to crash a service or basic operating system in a straight line through a network. These attacks immobilize the services by exploiting buffer out and the realization that there are other servers on the Dodge helpless. Vulnerability attacks do not want general resources or bandwidth to commit, attackers only need to know about the survival of the susceptibility to be able to develop and cause widespread damage. Once the attacker has control of a vulnerable service, request, or operating system, that abuse of the opening for restraining systems in the accident and stop an entire network from the inside.

Method 2 – Zombie Conscription

The same vulnerabilities used to crash a server allow hackers to change on vulnerable PCs DDoS zombies. Once the hacker develop increased susceptibility to manage the system, it plants a backdoor into the system for later use in the commission of DDoS attacks. The Trojan or similar illness, provides a clue to the system. Once the attacker has the map, which dimly control of the network, making the server a “zombie”, which is expected to attack the authority given. The use of these zombies, attackers can send a large number of DoS and DDoS attacks with a secret. Viruses can also be used for recruitment Zombie. For example, the MyDoom bug was designed to convert PCs into zombies that attacked SCO and Microsoft in a predetermined time programmed into the virus. Other viruses adjustment backdoors that allow hackers to show coordinated attacks, increased participation in attacks across networks around the area. The following figures detail how the attackers and start making these attacks against the network.

Method 3 – Attack Tools

Through the recruitment of zombies, hackers use the secret communication channels to connect and manage their army of zombies. They can choose from hundreds of programs outside of the platform and tools backdoor tradition of websites. These tools and programs begin to penetrate into these attacks and control networks as zombie armies to be another attack from within. Once they have zombie systems, which can use other tools to send a command to all the solitary zombies at once. In some cases, the commands are performed on the ICMP or UDP packets that can turn your firewall. In other cases, the “zombie phones home”, making a TCP connection to the master. Once the connection is created, the teacher can handle the Zombie.

The tools used to attack and control systems include:

• Tribe Flood Network (TFN) – Spotlight on Smurf, UDP, SYN, ICMP and reverb applied to the floods.
• Tribe Flood Network 2000 (TFN2K) – The updated version of TFN.
• Trinoo – Focuses on the UDP flood. Send UDP packets to ports in use opportunity.
The size is configurable.
• Stacheldraht – software tool that focuses on TCP ACK, TCP NULL, raging floods, DNS, and floods with random TCP packet headers.

DDoS tools are growing both in terms of conducting covert channels and DDoS flooding methods. New tools exploit a random port number or work through IRC. In addition, packages of smarter tools skillfully mask flooding and requests for legal services and / or put in a high degree of chance.These improvements become more and more difficult for a port-filtering device to divide the attack packets legitimate traffic.

Method 4 – Bandwidth attacks

When you open a DDoS attack, can often be detected as a change in the arithmetic work of art of network transfer. For example, a typical system might consist of a 80 per cent of TCP and a mixture of 20 percent of the UDP and ICMP. A change in the mix of arithmetic may be a sign of a new attack. For example, the Slammer worm led to a burst of UDP packets, while the Welchia worm as a flood of ICMP packets. These tides can be DDoS attacks or so-called zero-day attacks – attacks on vulnerabilities that are developed in secret.

Method 5 – SYN Flood

One of the most common types of DoS attack is the SYN flood. This assault can be launched from one or more computers attacker put out of action for access to a target server. The attack uses the device used to find a TCP connection. Each TCP connection requires the holding of a handshake three way before it can pass data:

• Connection request – the first packet (SYN) sent from the supplicant to the server, preliminary three-way handshake
• Application Acknowledgment – second packet (SYN + ACK) sent from server to applicant
• Full Connection – Third packet (ACK) sent from the supplicant to the server again, handshake the execution of three ways

The attack is a flood of SYN packets with IP addresses unacceptable false origin. The false source address causes the target server to respond to the SYN with a SYN-ACK to a machine origin of the unwary or absent. The target then waits for an ACK packet from source to complete the connection. The ACK never arrives and the table of links of connection with a pending connection request by no means complete. The bank will fill quickly and devour the whole capital can be obtained with invalid requests. Although the number of link entries may vary from one server to another, the tables can be filled with only hundreds or thousands of requests. The result is a denial of service, since, once a table is full, the target server is unable to meet legal requests. The difficulty with SYN attacks is that each application in the separation looks benign. An unacceptable request is very difficult to differentiate from a legal one.

The complexity with SYN assault is that each application is the separation of care. A valid application is very difficult to distinguish from a legal one.

Method 6 – Creating connection flood

A connection is a recognized flood development of SYN flooding attack that uses a number of zombies to commit a DDoS attack on a target. Zombies apparently legitimate connections found on the server end. Using a large number of zombies, each creating a large number of connections to the target, an attacker can make as many connections that the goal is no longer able to believe to requests for legal link. For example, if a thousand zombies make a thousand connections to an application server, the server must run one million open connections. The result is similar to a SYN flood attack in which funds devour server, but is even more difficult to detect.

Method 7 – Flooding connections per second

Connections per second (cps) flood attacks flood servers with a high rate of connections from a source apparently valid. In these attacks, the attacker or the army of zombies attempt to drain server resources for the rapid establishment and tear down TCP connections, perhaps from an application on each link. For example, an attacker use military force zombie often obtaining the home page of a target Web server. The resulting burden makes the server extremely lethargic.

Everyone wants to know best HYIP. In all, a search of the best HYIP. But what best hyip say? Does it mean that the daily profit enormously? Maybe HYIPs that offer 2-3% daily HYIPs we better call? Maybe HYIPs with SSL certificate, DDos protection, dedicated server are best? Perhaps with automatically or immediately withdraw hyip are best? Now where there is an answer. For some people it is best hyip hyip with great interest every day, for some people is best hyip hyip to withdraw immediately and these people are right.

In this article I will try to explain how to find the best HYIP. I think everyone will agree with me that is better than hyip hyip that are online for a long time, weeks not only new or a few months. I also hope you'll agree with me that best HYIPs MUST have a quick support. Some HYIPs answer your questions within 1-2 days, so it's too long! I am a potential investor, I need to get the answer ASAP! Of course you can find many answers in the FAQ section, but sometimes they need the information that you can not find there. If hyip supported phone, so it is very good, you can always phone them and get answers to your questions.

Another very important thing for the best hyip is fast or immediately withdrawn. Nobody wants to wait 1 or 2 days until we receive payment, everyone wants to get money immediately or within a few hours. Best HYIPs have to pay quickly. What about security HYIP? Of course, best hyip dedicated server must have, DDoS protection to ensure that member accounts are safe and secure. Dedicated server is not a problem for real hyip best. They spend lots of money for hosting, advertising, DDoS protection and security. If hyip has Prolexic Ddos protection so it is really very good and probably the best HYIP because DDoS protection Prolexic cost a lot (more than $ 2,000 per month).

Now let's talk design. Best HYIPs always have a nice design, and design should be custom made by designers, not just talk internet.Now template daily interest. Well, there can be no answer because some people like the 10-20% daily and 1-2% daily. But I think you agree that better to invest money HYIP Forex Trading, Nasdaq and other industries. So if you make money in forex hyip unable to offer 10-20%, it is impossible and we know it. Please trust me, try to open the forex trading demo account and try to earn some money and you will find it very difficult and need very good negotiation skills.

I think best Solidinvestment HYIPs, Vascoinvestment. It's sad it closed, but many people take advantage of these HYIPs. In my opinion, now one of the best Europe Trade Ltd. HYIP is, of course, this HYIP can close at any time, but now is one of the best HYIP (Please note that this article was written August 21, 2006 ).

Here is a brief list of the best features of HYIP:
– Fast or withdrawn immediately

– The rapid support, telephone support

– Tailor-made

– Dedicated server, DDoS protection

– Not more than 3% daily

And do not forget the most important rule in HYIP industry: Do not spend what you can not afford to lose!

In networks, including Internet, all systems have their limits. One way to make a secure system and survival is to increase your limits or in other words, force. The more resources, the greater the chances of surviving systems in increased demand for their use. For a web service or server, the administrator can increase the number of connections that a web service can accept. This extends the increased burden on the computers and help to assume that computers do not work too close to its limit. The greatest extent of all potentially affected systems – the network and the computers on the network – the better the chances that the network is a DDoS attack.

Safe network of outside surrounded by – View the webcast

Although DOS is not an assault often result in information theft or loss of security of others, which can cost the target person or corporation to an agreement immense time and money. Characteristically, the loss of repair is the inability of a particular network service, such as electronic mail, or to obtain any temporary loss of network connectivity and services. A denial of service attack can also destroy files and programs in computer systems exaggerated. In some cases, DoS attacks have required websites visited by millions of people by the time the target procedure.

General forms of denial of service attacks are:

Distribute Buffer attacks

The most common type of DoS attack is to send more traffic to a network address of the programmers who intended their data buffers could send someone predictable. The offender may be aware that the target system has a defect that can be oppressed or the abuser may try an assault only if it could work. Some of the best known attacks based on the individuality of the shocks of a program or system include:

* Sending emails with attachments with file names 256 characters for Netscape mail program and Microsoft

* Sending extra-large Internet Control Message Protocol (ICMP) (this is also known as the Packet Internet or Inter-Red grouper (ping) of death)

* Distribution to a user’s e-mail program pine communication with a “From” address more than 256 characters

Our Technology

Solution BlockDos

BlockDoS.net offers no short term solution for disposal of DDOS attacks. To prevent DDoS attacks, our best practices take the manufacture of computers and networks more flexible in the face of assault. Many companies have implemented different solutions to survive DDoS attacks. But do we have different approach. Not going to immobilize your site or inactivated at the time of the assault.

Our experience is much easier even stronger. Consider a state of things in one place is exaggerated by the DDoS attack and we must provide the solution.

1. Consider a site attacked by DDoS attack.

2. Simply go to BlockDos.net, fill out the “Under Attack” form and press send.

3. BlockDos team will contact you within 30 minutes of receiving your inquiry.

4. You quickly get a BlockDos computer’s IP address which is what you have to send your domain name.

5. Now BlockDoS will be responsible for almost every attack DDoS Protection or act of hate and examine the petitions in general.

One is a kind of DDoS attack method that drench the mortality system with massive network traffic to the point of insensitivity to the genuine users. A DDoS attack system is a complex device and is a terrific alignment between the systems to make the most of their utility of attack. The attack took three systems component of the system: the drivers, agents and therefore inevitable.

DoS / DDoS flood Attack Methods

Many methods of DDoS attack against floods have been documented.

Smurf and Fraggle Attack

Smurf attacks are one of the most overwhelming of DoS attacks. In the Smurf (ICMP Packet exaggeration) of attack, the attacker sends an ICMP echo request (ping) to a broadcast address. The base address of the reverb we ask for is the IP address of the victim (using the IP address of the victim as the return address). After receiving the demand rebound, all equipment in the field of transmitting send echo replies (responses) to the IP address of the victim. Victim collide or become solid once more flood size of many computer packages.

Smurf attack uses the cost of bandwidth for network funds immobilize a victim’s system. It is the realization of the costs through increased bandwidth of assailants. If the network has 100 enhance the computer, the signal can be increased 100 times, so the attacker with a relatively low bandwidth (such as 56K modem) can be flooded and put out of action a victim with a bandwidth much higher (as the association T1). The Fraggle (UDP packet exaggeration) attack is the cousin of Smurf attack. The Fraggle attack uses UDP echo packets in the same style as the ICMP echo packets in the assault Smurf. Fraggle more often than not achieves a minor issue escalation of smurf, and UDP echo is a less important service in most network ICMP echo, so it is much less appreciated Fraggle Smurf.

TCP SYN Attack

A SYN flood is difficult to realize because each session unbolt it looks like a normal user on the Web or FTP server. The extent of flooding depends on how the spoils are false source addresses. Packet can be spoofed SYN flood moreover with source IP addresses inaccessible addresses are not in sight for the overall direction to find the tables or valid IP addresses. When hackers attack open source IP addresses created by a producer or a random number algorithm for source IP addresses to be contaminated mechanically, the source address is outside-the-way. When forged source addresses are hard to find, is exaggerated only the target system. The service center often targeted cash income, waiting for answers that never come. This continues until all host possessions are covered with weeds.
UDP Attack

A UDP Flood DDoS attack is likely when an attacker sends a UDP packet to a small port in the system neglected calamity. When the victim system to accept a UDP packet, decide what request is waiting in the port of purpose. When it is understood that no application is expected in the port will cause an ICMP unreachable in connection with false source address. If enough UDP packets are distributed to the ports of the victim, the structure will fall.

TCP attack

In TCP, all packets should feel entitled to any implementation. (We use the set of terms and packet interchangeably in this document) In addition to the demand of the first association, that is, packets, TCP SYN, all packets are sent in response to the previous packages.So there is no demand to accept a package that is not a SYN packet or a real answer.

ICMP Attack

An attacker sends a massive number of ICMP echo packets to the inevitability of demand and therefore can not counteract fatalism timely because the volume of packages of high demand and have a complexity in the processing of all requests and responds quickly. The attack was the reason for the dirt or filing system down.

In recent years, with the Trojans, the increasing spread of the virus, the Internet denial of service attack frequency and attack traffic also will be a rapid increase in attack, attack and attack resources, technology continues to mature at the same time, anti-denial of service related to hardware and software products also received considerable development. Today’s IDC market has basically to the lack of effective means of defense of denial of service attacks will not be able to conduct a stable IDC operations position.

However, denial of service a wide range of defense products, the price difference is very large, from several hundred dollars installed on the target server on a single server to tens of thousands of software firewall protection, and even more than a dozen million Fast, Gigabit hardware firewall, including the provision of new and emerging hardware firewall programs and DIY hardware firewall to help customers cost-effective alternative to programs, customers are often at a loss, especially for the DIY hardware firewall used by the relevant technical, defensive ability did not understand that it often at a loss in the choice.

The use of various denial of service attack prevention products and solutions, this paper I will present the mainstream of denial of service attack, the corresponding means of defense and the corresponding analysis of the current defense strategy to attack a variety of means of defense of the merits of the mainstream because of denial of service attack , IDC industry, the invisible barriers to entry been raised a lot. Understanding of the IDC market, investors in making investment in IDC room from time to time have to consider the corresponding denial of service attack defense strategy. The current choice of denial of service attack (DDoS) solutions, roughly divided into:

1, the software firewall solution

2, the hardware firewall solution

3, DIY hardware firewall solution

Section Cost Comparison

For the IDC operations in terms of cost and defensive characteristics of the sub-line, its advantages and disadvantages are as follows:

1, the software firewall solution because it is installed on the server being protected, their defense capabilities and defense area is limited, larger flow in the attack case, on the target server hardware resources to take up serious, and if the number of servers more room, the overall the cost is also high. But the software firewall easy installation, without moving the hardware device, the deployment of very flexible.

2, the hardware firewall is the extensive use of IDC and can play the actual effect of the defense program, the drawback is the cost of investment is too high, small and medium IDC difficult to accept the purchase cost is usually in the Fast products in the 2-4 million, Gigabit in the 6-8 million. If you need high-bandwidth defense, the cluster cost.

3, the emerging DIY hardware firewall program. And a different software firewall, DIY hardware firewall program is installed on the client by preparing their own hardware platform kernel software and hardware firewall in general the same defense capabilities and defense capabilities. As the hardware platform has user-ready, so it can use existing equipment, the total cost of ownership to a minimum. In general, Fast defense costs will be about 1,000 yuan per room per month, Gigabit defense as 1,500 yuan a month.

For the defense capability, the software firewall because of its mode of defects can not be right to establish protection of the entire cabinet or the room, filtering attack packets will also affect the system resources consumed by the normal application of the target system, so no rating here.

Hardware firewalls are all X86 architecture, popular for the hardware firewall is a computer, not specifically dedicated for the network processing chip, and DIY hardware firewall defense the same pattern all along the entire cabinet and the room for protection, and be able to cluster high-volume attack on defense, so we will be focusing our attention on the hardware firewall and DIY hardware firewall.

Defense capability and overall cost of ownership compared:

Cost of Ownership Form from the right point of view, the hardware firewall as a mainstream means of defense, its total cost of ownership is also high, as a compromise of the DIY hardware firewall, which provides a monthly charge for his services a good way to solve the IDC Daoshi facing financial pressures and investment risks and other issues.

II defense function contrast (attack articles)

On defense function, we can not fail to analyze the major domestic Internet denial of service attack tool, today the main use of the Internet means of attack are: SYN-FLOOD: Veteran DDOS attack, using TCP protocol weaknesses initiated three-way handshake attack, is characterized by attacks on the source address is a false address, is not easy to trace the attack source. Attacker in the unit time constructed TCP-SYN packet number of the more effective their attacks on the more remarkable.

A single site SYN attack: the use of three-tier defense against the current cluster switching equipment (such as the Cisco three-layer switch) for port aggregation and load balancing algorithms, when balancing the loopholes in the use of real or virtual into a single source address and the same source port attack. Such attacks in the majority of three-way switching device will be exchanged through a single line, thus weakening the effect of the cluster defense.

Real-situ SYN attack: for some of the software firewall and hardware firewall’s defense theory, specifically addressing the reverse firewall defense style of the attack was launched. The network the last two years the establishment of a puppet machine value chain, enabling real-SYN attack site on the Internet is now becoming more of a attack, an attacker by controlling the puppet of the many machines to send attack packets.

SYN big pack attacks: SYN attacks and general different, SYN packet attack is large by constructing a very large TCP data packets, causing network congestion have been targeted attacks on the way to achieve results, and general SYN is different from attacks initiated by the same flow rate, sending large data packet sender occupy less system resources.

UDP big pack attack: relative to the TCP protocol data packets, the attacking side less system resources need only be able to build a UDP packet, which also vigorously for an attacker to send a UDP packet to provide the conditions for the attack, UDP attacks generally through Large data packets clogging network bandwidth to achieve.

Agent CC attacks: the initial attack by the Chinese to attack the software off the Internet triggered a large number of agents CC attack. Appeared on the Internet through the collection of a large number of free and open proxy server, through the submission of a large number of targeted attacks on these servers destination address of the access request by the proxy server transit attacks. CC to launch attacks on their client agent requires only a common broadband lines, its attack is the real address of address (the proxy server address), once led a number of network operators suffer.

SYN-ACK, PSH-ACK, etc.: for TCP connections initiated by a variety of weaknesses in attack.

Legend DB Attack: Legend of the database-specific attack, but also by the Chinese to attack the first customer to write exploits, the attack is to simulate the legendary customer segment Create account movements, making the legendary server to its knees.

Legends Brush villain attacks: the last off the assembly line through the non-stop and simulated landing, making the legendary server crashes