Detective and prevention of refusal service
Jacky
The continuous development of the network economy, the e-commerce concept has also been recognized by most people, and hackers who have always been engaged in the Internet and the mess are also extremely active. Hackers' network damage behavior may result in heavy loss of enterprise e-commerce systems, and have become more consensitive in recent years, and the eyesight of the world's main well-known websites, leading to their platforms. Including Yahoo's well-known websites have repeatedly being deliberately attacked by hackers, leading to their platforms to provide sustained services to customers. The hacker is the most commonly used by the business website is: "Denial of Service, DOS). 1. What is "Refusal Service" and Attack? Unlike the traditional hacker's invasion attack mode, the attack of "Deny" is "innocently hidden" type, and hackers will be submerged by choosing a system for attacks. The system and causes the attacked system. "Denial" attack mode is mostly in the form of "ping" instructions, send a small packet to another system to check if it can be accessed, when the computer is checked, it is The entire attack can be expanded at any time when it is in a service state. Another "refusal service" attack method is called "ping flood", which can give the system to attack by sending a large number of ping instructions, and use the camouflaged IP address on the PING instruction, because the system tries to respond to these counterfeit addresses Service requirements, and finally giving up, but thus consuming a large number of system resources, then this large network fake demand will be the target of the selected attack. In addition, when the hacker wants to attack a considerable system to paralyzed its system, it is necessary to use a considerable computer to synchronize the system to initiate synchronization, this distributed denial service attack will be from the Internet Multiple locations on a plurality of locations, making the entire attack actions more huge and more difficult to track. In this way, the attack action is mostly working with a group of hackers or by a single hacker to borrow multiple other websites of computer equipment for attack. At present, there is a common way to attack international large-scale e-commerce websites to use the latter technology, and many unknowing machines are used as an attack platform. These machines are mostly individuals or company companies, but they are invaded by hackers. And implanted an attack program or some agents that can be controlled from the distance, therefore become these hacking tools to trigger a network attack war. Hackers can use the Internet Scanning Software (Port Scanning), which is easy to find a large number of technologies to determine the more invasion of the system. Once the target to be invaded, the hacker will use a variety of ways. To achieve the right to use these systems, implant these malicious software in the system, to make them a "distributed refusal service" on various different attacks at any time, anywhere, can be used to initiate the site of the attack. "Distributed The attack of DOS). In some cases, some hackers will use a phased control mechanism to start the entire attack, and the hacker will send an instruction for its minority machine, and then these machines will re-sequentially send an instruction for its large number of downstream machines to attack. Once these instructions are successful and these machines are initiated simultaneously, they will use false IP (FAKED IP) or using IP (Spoofed IP) to attack the selected system. Therefore, there are quite a few systems that are involved in the journal in the molt, and may continue to be criminally by hackers afterwards. The most fearful thing is that software like this attack can be downloaded for free downloads on the Internet on the Internet, such as TFN2K and StacheLDraht are the most common of them.
TFN2K is running on Linux, Solaris and Windows job platform and uses UDP, SYN, ICMP response and ICMP broadcasts when attacks, and these tools the biggest threat to enterprise websites is the ability to distributed attack architecture. . 2, how to defend the attack of "distributed refusal service"? The most effective way is to allow only network traffic related to the entire web platform to prevent similar hacker attacks, especially all ICMP packets, including ping instructions, etc., should be blocked, because ICMP services are most It is used to launch an attack of "reject service". Enterprise uses firewalls to block all ICMP network packages, 3, intrusion monitoring and response to measures can have loopholes even if it is strict protection measures, although it is useful to use enclosure protection, it is still possible for Web websites. Simply appears to be similar in large numbers of other legitimate needs. For example, in order to be able to operate normally, the general website must allow the HTTP communication protocol to use, so hackers can also send an ultra-large number of HTTP demand to the enterprise website to achieve the "denial of service" attack. In order to solve this problem, we must install a mechanism for automatic monitoring and response (Detection and response mechanism), the main purpose is to perform early hacker attack monitoring, and can respond quickly to avoid appropriate action Enterprise systems have a major harm that allows the platform to sustainable service to all users. For example, companies can use Etrust Intrusion Detection and other similar software to achieve a large number of network traffic from some particular networks, and take appropriate response requirements. Etrust Intrusion Detection can monitor hacker attacks in a few seconds, and by sending its dynamic rules (Dynamic Rules) to the following various commonly used firewall products, the packet is filtered response action. 4, how to protect your own machine will not be used by hackers you need to verify the ISP you use. Software and hardware devices such as the latest security device and the device, etc., and the package of the peripheral router The passage function is opened for inspection; if a personal user is using a special line, it is also possible to consider installing a similar software such as a personal firewall to ensure that its system is not deliberately destroyed with non-authorized use, and It is best to install the virus code used in each computer to prevent the use of the latest computer virus prevention software and the update to prevent malicious program invading, which is not intentionally turned into a network scorpion, because some computer virus prevention software and virus codes have been monitored The invasion computer has a Trojan Horse virus to avoid the outpost of the hacker to start attack. In addition, website maintainers must regularly query online forums, safety protection organizations (FAQ) and recommendations for relevant safety manufacturers, etc., to ensure that the Linux, Windows or UNIX machines used will not have external illegal authorization. Has a security vulnerability for system management account uses permission; and applications used on computer systems may also have some bugs, which leads to organic organics that make hackers can be multiplied, and these problems are all details that users often ignore, because of the general enterprise Maximum hope not to make any changes to the system, and manufacturers are not as good as a less than a few things, but will not take the initiative to system repair (PATCH), so that each The security vulnerability published by the Security Protection Organization can be invaded in the system that is used by each company.
