防御网络中恶意流量需要用到专用设备Anti-DDoS,或一套由数据中心,引流中心,清洗中心等多台设备完成。
防御的原理也比较简单,不过就是引流、清洗、回注。但是实现却比较复杂,而且还不一定能防御得住。
引流中心静态或动态引流到清洗设备,清洗设备根据报文的特征判断是否攻击报文,丢弃攻击报文,将正常业务报文回注。
问题的关键是如何判断攻击报文。
1)异形包:如报文中相关字段填非法的,或者单个字段填写合法,但是从整个报文来看是非法的。
2)虚假源:
通过源认证可以识别。
识别虚假源有很多手段。
相同源地址的短时间内大量请求直接认定为非法,加入黑名单,丢弃报文。
但是源地址可以伪造呀!
也有办法:根据伪造地址的规律性,比如递增等差数列,
那我就打乱了发给你,地址分配都是有区域性的,可以通过源路由回溯或源认证判定。
一个属于中国广东的IP地址,竟然是从米国来的,那肯定是有问题啦!
对于TCP SYN Flooding,给回个RST先,如果你不来了,那就直接加黑名单了。
以上可以干掉一大部分攻击了,但是对于有大量肉鸡的的人来说还是防御不了。
3)真实源:
真实源的攻击成本比较高,不是谁都可以拥有僵尸网络的,也不是所有的僵尸网络主机都可用。
黑名单库,大数据学习,限流等,都是有效的防御手段,而且还可以与ISP的Anti-DDoS系统联动。
如果这些手段还是有一些防不住的流量?
能绕过以上防御手段的恶意流量攻击那就得上高防IP服务器,进行流量分散让多个高防服务器IP先抵挡住大部分的恶意流量,后在接入主机服务器防火墙过滤最后流量才进入到业务主机上,这样受到的影响就是最小的了!
高防服务器BGP线路IP段如下
103.88.32.1
103.88.32.2
103.88.32.3
103.88.32.4
103.88.32.5
103.88.32.6
103.88.32.7
103.88.32.8
103.88.32.9
103.88.32.10
103.88.32.11
103.88.32.12
103.88.32.13
103.88.32.14
103.88.32.15
103.88.32.16
103.88.32.17
103.88.32.18
103.88.32.19
103.88.32.20
103.88.32.21
103.88.32.22
103.88.32.23
103.88.32.24
103.88.32.25
103.88.32.26
103.88.32.27
103.88.32.28
103.88.32.29
103.88.32.30
103.88.32.31
103.88.32.32
103.88.32.33
103.88.32.34
103.88.32.35
103.88.32.36
103.88.32.37
103.88.32.38
103.88.32.39
103.88.32.40
103.88.32.41
103.88.32.42
103.88.32.43
103.88.32.44
103.88.32.45
103.88.32.46
103.88.32.47
103.88.32.48
103.88.32.49
103.88.32.50
103.88.32.51
103.88.32.52
103.88.32.53
103.88.32.54
103.88.32.55
103.88.32.56
103.88.32.57
103.88.32.58
103.88.32.59
103.88.32.60
103.88.32.61
103.88.32.62
103.88.32.63
103.88.32.64
103.88.32.65
103.88.32.66
103.88.32.67
103.88.32.68
103.88.32.69
103.88.32.70
103.88.32.71
103.88.32.72
103.88.32.73
103.88.32.74
103.88.32.75
103.88.32.76
103.88.32.77
103.88.32.78
103.88.32.79
103.88.32.80
103.88.32.81
103.88.32.82
103.88.32.83
103.88.32.84
103.88.32.85
103.88.32.86
103.88.32.87
103.88.32.88
103.88.32.89
103.88.32.90
103.88.32.91
103.88.32.92
103.88.32.93
103.88.32.94
103.88.32.95
103.88.32.96
103.88.32.97
103.88.32.98
103.88.32.99
103.88.32.100
103.88.32.101
103.88.32.102
103.88.32.103
103.88.32.104
103.88.32.105
103.88.32.106
103.88.32.107
103.88.32.108
103.88.32.109
103.88.32.110
103.88.32.111
103.88.32.112
103.88.32.113
103.88.32.114
103.88.32.115
103.88.32.116
103.88.32.117
103.88.32.118
103.88.32.119
103.88.32.120
103.88.32.121
103.88.32.122
103.88.32.123
103.88.32.124
103.88.32.125
103.88.32.126
103.88.32.127
103.88.32.128
103.88.32.129
103.88.32.130
103.88.32.131
103.88.32.132
103.88.32.133
103.88.32.134
103.88.32.135
103.88.32.136
103.88.32.137
103.88.32.138
103.88.32.139
103.88.32.140
103.88.32.141
103.88.32.142
103.88.32.143
103.88.32.144
103.88.32.145
103.88.32.146
103.88.32.147
103.88.32.148
103.88.32.149
103.88.32.150
103.88.32.151
103.88.32.152
103.88.32.153
103.88.32.154
103.88.32.155
103.88.32.156
103.88.32.157
103.88.32.158
103.88.32.159
103.88.32.160
103.88.32.161
103.88.32.162
103.88.32.163
103.88.32.164
103.88.32.165
103.88.32.166
103.88.32.167
103.88.32.168
103.88.32.169
103.88.32.170
103.88.32.171
103.88.32.172
103.88.32.173
103.88.32.174
103.88.32.175
103.88.32.176
103.88.32.177
103.88.32.178
103.88.32.179
103.88.32.180
103.88.32.181
103.88.32.182
103.88.32.183
103.88.32.184
103.88.32.185
103.88.32.186
103.88.32.187
103.88.32.188
103.88.32.189
103.88.32.190
103.88.32.191
103.88.32.192
103.88.32.193
103.88.32.194
103.88.32.195
103.88.32.196
103.88.32.197
103.88.32.198
103.88.32.199
103.88.32.200
103.88.32.201
103.88.32.202
103.88.32.203
103.88.32.204
103.88.32.205
103.88.32.206
103.88.32.207
103.88.32.208
103.88.32.209
103.88.32.210
103.88.32.211
103.88.32.212
103.88.32.213
103.88.32.214
103.88.32.215
103.88.32.216
103.88.32.217
103.88.32.218
103.88.32.219
103.88.32.220
103.88.32.221
103.88.32.222
103.88.32.223
103.88.32.224
103.88.32.225
103.88.32.226
103.88.32.227
103.88.32.228
103.88.32.229
103.88.32.230
103.88.32.231
103.88.32.232
103.88.32.233
103.88.32.234
103.88.32.235
103.88.32.236
103.88.32.237
103.88.32.238
103.88.32.239
103.88.32.240
103.88.32.241
103.88.32.242
103.88.32.243
103.88.32.244
103.88.32.245
103.88.32.246
103.88.32.247
103.88.32.248
103.88.32.249
103.88.32.250
103.88.32.251
103.88.32.252
103.88.32.253
103.88.32.254
103.88.32.255
原文链接:https://blog.csdn.net/V13807970340/article/details/125806614?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522166980148316782427417751%2522%252C%2522scm%2522%253A%252220140713.130102334.pc%255Fblog.%2522%257D&request_id=166980148316782427417751&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~blog~first_rank_ecpm_v1~times_rank-5-125806614-null-null.nonecase&utm_term=%E9%AB%98%E9%98%B2%E6%9C%8D%E5%8A%A1%E5%99%A8
- 海报