Are you afraid of DDoS like a tiger? Relax and Google's protection project is now online

As early as 2013, Google launched a project called Project Shield, which allows website administrators to upgrade the technology and architecture of their websites and strengthen their ability to resist DDoS attacks. Now, this project has finally been officially launched and is open to the public as a free DDoS blocking service.

Project Shield, also part of Google Ideas (and recently renamed Jigsaw), redirects that traffic through the company’s infrastructure to prevent it from overwhelming sites, and its complex and complementary “digital attack map” offers a powerful visual experience.

It is said that a publishing website used the services of Google CDN and was able to withstand a 300G DDoS attack without any damage. Of course, Google does not guarantee that your website will operate normally in every DDOS attack.

DDoS is a very common attack method in the Internet underground, and can be called a basic hacker skill. Wherever it goes, websites lose connection and services are paralyzed, causing huge adverse effects. The reason is that it is simple and direct, and directly attacks the underlying connection.

​​

So, what is DDoS? In fact, DDoS (distributed denial of service attack) uses client/server technology to combine multiple computers as attack platforms to launch DDoS attacks on one or more targets, thereby multiplying the power of denial of service attacks. By occupying a large number of network resources through a large number of legitimate requests, the purpose of paralyzing the network is achieved.

This attack method can be divided into the following categories:

1. Interfere with or even block normal network communications by overloading the network;

2. Overload the server by submitting a large number of requests to it;

3. Block a user from accessing the server;

4. Block a service from communicating with a specific system or individual.

Defense methods:

In fact, there is no systematic defense method for large-scale DDoS attacks. In other words, it is impossible to completely eliminate DDoS at present, but 90% of attacks can be resisted through appropriate methods. In addition to using the Project Shield service launched by Google , some targeted methods can also be adopted, such as:

Try to avoid using NAT , because NAT needs to convert addresses back and forth, and the checksum of the network packet needs to be calculated during the conversion process. Using this technology will greatly reduce network communication capabilities.

Regularly upgrade the hardware configuration . To effectively resist 100,000 SYN attack packets per second, the server configuration should be at least: P4 2.4G/DDR512M/SCSI-HD, in which the CPU and memory play a key role.

Apply system patches in a timely manner . The Computer Emergency Response Coordination Center found that almost every system attacked by DDos was not patched in a timely manner.

Perform security checks regularly and limit network file sharing outside the firewall. System administrators should check the logs of all network devices and host/server systems in a timely manner. If there are holes or date changes in the logs, it is almost certain that the host security has been compromised.

A case can be filed for attacks with a traffic volume of more than 100G. In the massive attacks, we can look for clues to reverse the attack, find out the IP or related domain names that may be the C&C server, and protect our rights and interests through legal means .