With the development of technology, attacks through the Internet are also becoming more sophisticated and dangerous. If businesses are not aware of this problem early on, it will be sooner or later that important business information is compromised.
Usually, hackers will attack the server system by taking advantage of security holes to take over your system and cause serious consequences. Therefore, this article will provide you with DDoS knowledge and more details on how to fight DDoS for windows server.
What is DDoS Server?
Distributed Denial of Service (DDoS) attack is an attack that causes the server system (server) to be overloaded, unable to provide services or stop working.
A web server can only handle a number of requests at a time, if the hacker sends too many requests at the same time, the server will be overloaded and it will not be able to handle other requests, leading to the situation. “server down” status.
Types of DDoS attacks
Attack on network bandwidth
In this method, the attacker controls the Agent network and simultaneously sends ICMP or UDP packets to the victim, making the victim’s network bandwidth overloaded and unserviceable.For example, in the case of an ICMP Flood, the victim will have to return the corresponding ICMP REPLY packets.Due to the large number of agents sent to the victim, re-sending ICMP REPLY packets leads to network congestion.The same is true in the case of UDP Flood.
This attack method is especially dangerous because not only is the victim’s network bandwidth overloaded, but it also affects neighboring networks.Nowadays, with the sophistication of DDoS tools, spoofing IP addresses is relatively easy.
Attack on protocol
An example of this attack method is TCP SYN Flood.The attacker takes advantage of the 3-step process in the TCP protocol, that is, the hacker continuously initiates the TCP connection, and the victim will proceed to send a reply with SYN and ACK to wait for the ACK from the client-side.
Attack with anomalous packets
With this method, the hacker relies on the weaknesses of the network protocol to initiate the attack.For example, when attacking Ping of Death, the hacker will send some ICMP packets with a size larger than the limit size.The packet will be split when the reassembled victim perceives that the packet is too large to handle.
As a result, the system cannot handle this abnormal condition and will hang. In another case like Lan Attack attack, the attacker will send TCP SYN packets with the same source address, a destination address, and port number.The victim will continuously initiate and connect to itself.As a result, the system will hang or slow down.
Attacks via middleware
With this method, the hacker will use a piece of software on the victim’s machine to exploit some algorithms and proceed to put parameters in the worst case.Therefore, the victim machine will have to handle this process and may hang.This is a fairly simple attack method but very effective.But the most dangerous thing is that the attacker can break into the victim’s computer to be able to steal important information.
Forms of anti-attack for windows server
Due to the serious nature of DDoS attacks, many prevention solutions have been researched and proposed over the years.However, until now there is almost no solution capable of comprehensive and effective DDoS prevention due to the complex, large-scale, and highly distributed nature of DDoS attacks.
Many DDoS attack prevention measures for server windows have been studied in recent years.From there, it is possible to divide DDoS attack prevention measures into 3 types according to 3 main criteria:
Based on deployment location
DDoS attack prevention measures are deployed near the source of the attack.This method is intended to limit user networks participating in DDoS attacks.
Some specific measures include:
-
Perform packet filtering using spoofing addresses at routers at the network gateway;
-
Use firewalls that identify and reduce the frequency of unacknowledged packets or requests.
-
Deployed at the attack target: DDoS attack prevention measures are deployed near the target of the attack, i.e. at the router at the network gateway or the router of the target system. Specific measures may include.
-
IP Address Tracing: Includes address recognition and user spoofing techniques.
-
Filter and mark packets: Valid packets are marked so that the victim system can distinguish between legitimate packets and attack packets.Some suggested packet filtering and marking techniques include History-based IP filtering, path identification,…
Based on network protocol
DDoS attack prevention measures are broken down by network layer: IP, TCP, and application:
Preventing DDoS attacks at the IP layer includes several measures:
-
Pushback: An IP-layer DDoS prevention mechanism that allows a router to ask adjacent routers in front to reduce the frequency of packet transmission.
-
SIP Defender: An open security architecture that enables monitoring of the flow of packets between SIP servers and external users and proxies for the purpose of detecting and preventing attacks on SIP servers.
DDoS attack prevention at the TCP layer includes several measures:
-
Use packet filtering techniques based on IP addresses.
-
Reducing the TCP-SYN connection request confirmation timeout helps the server abort unacknowledged connection requests in a shorter amount of time, freeing up resources occupied by pending connections.
-
Using SYN cache helps maintain common Backlogs for the whole server instead of separate Backlogs for each application.This can increase the number of connections pending confirmation.
-
Using SYN Cookies allows resources to be allocated to the connection only when it has been confirmed.SYN requests will be dropped if not acknowledged before being forwarded to the destination server.This method can help prevent SYN Flood attacks effectively.
-
Use a firewall or proxy to filter packets or enforce predefined security policies.
Application layer DDoS attack prevention can include:
-
Use statistical methods to detect DDoS attacks at the HTTP level.
-
Monitor user behavior during sessions to detect attacks.
VNETWORK provides anti-DDoS service for windows server
VNETWORK always ensures the best performance of the server system at any time thanks to the Multi CDN system available in 32 countries, the total international bandwidth is up to 2,600 Tbps for Layer 3/4 DDoS resistance at level 3. tallest.
AI Load Balancing systemleverages data on CDN latency and availability in the global Multi CDN network through RUM (Real User Monitoring) and Synthetic Monitoring system, helping to route traffic intelligently. prove to be the best performing CDN.
In addition, the Cloud WAF andScrubbing Centers firewall system and the feature of hiding the origin server IP are also enabled, ready to deal with complex attacks on Layer 7 (application layer) and completely remove them. malicious code injection attacks (XSS, SQL, top 10 OWASP security holes,…).
Not only that, the SOC system in 4 countries and VNIS’s experienced technical team in the field of network security will operate and monitor the status of the website and the infrastructure system 24/7 to detect problems. try immediately.
If you are in need of advice from experts, please leave your information below or contact VNETWORK via hotline: (028) 7306 8789.