Are you afraid of DDoS like a tiger? Relax and Google's protection project is now online

Are you afraid of DDoS like a tiger? Relax and Google's protection project is now online

As early as 2013, Google launched a project called Project Shield, which allows website administrators to upgrade the technology and architecture of their websites and strengthen their ability to resist DDoS attacks. Now, this project has finally been officially launched and is open to the public as a free DDoS blocking service.

Project Shield, also part of Google Ideas (and recently renamed Jigsaw), redirects that traffic through the company’s infrastructure to prevent it from overwhelming sites, and its complex and complementary “digital attack map” offers a powerful visual experience.

It is said that a publishing website used the services of Google CDN and was able to withstand a 300G DDoS attack without any damage. Of course, Google does not guarantee that your website will operate normally in every DDOS attack.

DDoS is a very common attack method in the Internet underground, and can be called a basic hacker skill. Wherever it goes, websites lose connection and services are paralyzed, causing huge adverse effects. The reason is that it is simple and direct, and directly attacks the underlying connection.

​​

​​

So, what is DDoS? In fact, DDoS (distributed denial of service attack) uses client/server technology to combine multiple computers as attack platforms to launch DDoS attacks on one or more targets, thereby multiplying the power of denial of service attacks. By occupying a large number of network resources through a large number of legitimate requests, the purpose of paralyzing the network is achieved.

This attack method can be divided into the following categories:

1. Interfere with or even block normal network communications by overloading the network;

2. Overload the server by submitting a large number of requests to it;

3. Block a user from accessing the server;

4. Block a service from communicating with a specific system or individual.

Defense methods:

In fact, there is no systematic defense method for large-scale DDoS attacks. In other words, it is impossible to completely eliminate DDoS at present, but 90% of attacks can be resisted through appropriate methods. In addition to using the Project Shield service launched by Google , some targeted methods can also be adopted, such as:

Try to avoid using NAT , because NAT needs to convert addresses back and forth, and the checksum of the network packet needs to be calculated during the conversion process. Using this technology will greatly reduce network communication capabilities.

Regularly upgrade the hardware configuration . To effectively resist 100,000 SYN attack packets per second, the server configuration should be at least: P4 2.4G/DDR512M/SCSI-HD, in which the CPU and memory play a key role.

Apply system patches in a timely manner . The Computer Emergency Response Coordination Center found that almost every system attacked by DDos was not patched in a timely manner.

Perform security checks regularly and limit network file sharing outside the firewall. System administrators should check the logs of all network devices and host/server systems in a timely manner. If there are holes or date changes in the logs, it is almost certain that the host security has been compromised.

A case can be filed for attacks with a traffic volume of more than 100G. In the massive attacks, we can look for clues to reverse the attack, find out the IP or related domain names that may be the C&C server, and protect our rights and interests through legal means .

<<:  Steve Jobs was also very conflicted about whether to bring iTunes to PC

>>:  Fed up with the speed of updates, Google may take back control of Android

Recommend

How much does it cost to rent a server in Shangqiu Unicom per month?

How much does it cost to rent a server in Shangqi...

How are CarPlay and Android Auto different?

Currently, both Apple and Google have launched th...

Tesla will launch a mini car, Musk said it is building

Tesla has cooperated with RadioFlyer to launch th...

Core formula for live broadcasting

Today I’m going to talk to you about the design o...

A guide to ad retargeting strategies for 9 major industries

If you have the following questions about redirec...

How CPUs Work 6——Assembling CPUs

Now that we have introduced all the basic parts, ...

iQiyi's patch ads display format and charging standards

In the field of mobile online video, iQiyi, Tence...