"Tus txiv leej tub uas ua peb lub vev xaib twb teeb tsa DDoS kev tiv thaiv."
"Peb muaj kev tiv thaiv DDoS, vim li cas lub vev xaib poob?"
"Puas muaj pes tsawg txhiab tus Qrator xav tau?"
Txhawm rau teb cov lus nug zoo li no los ntawm cov neeg siv khoom / tus thawj coj, nws yuav zoo kom paub tias dab tsi tau muab zais tom qab lub npe "DDoS kev tiv thaiv". Xaiv cov kev pabcuam kev ruaj ntseg zoo li xaiv cov tshuaj los ntawm kws kho mob dua li xaiv lub rooj ntawm IKEA.
Kuv tau txhawb cov vev xaib rau 11 xyoo, tau dim ntau pua kev tawm tsam ntawm cov kev pabcuam uas kuv txhawb nqa, thiab tam sim no kuv yuav qhia koj me ntsis txog kev ua haujlwm sab hauv ntawm kev tiv thaiv.
Kev tawm tsam tsis tu ncua. 350k req tag nrho, 52k req raug cai
Thawj qhov kev tawm tsam tshwm sim yuav luag ib txhij nrog Is Taws Nem. DDoS raws li qhov tshwm sim tau nthuav dav txij li xyoo 2000s lig (saib tawm ).
Txij li thaum txog 2015-2016, yuav luag tag nrho cov chaw muab kev pabcuam hosting tau raug tiv thaiv los ntawm DDoS tawm tsam, raws li muaj cov chaw tseem ceeb hauv cov chaw sib tw (ua whois los ntawm IP ntawm cov chaw eldorado.ru, leroymerlin.ru, tilda.ws, koj yuav pom cov tes hauj lwm. ntawm cov neeg ua haujlwm tiv thaiv).
Yog tias 10-20 xyoo dhau los kev tawm tsam feem ntau tuaj yeem raug tshem tawm ntawm lub server nws tus kheej (saib cov lus pom zoo ntawm Lenta.ru tus thawj tswj hwm Maxim Moshkov los ntawm 90s: ), tab sis tam sim no cov haujlwm tiv thaiv tau dhau los ua nyuaj dua.
Hom DDoS tawm tsam los ntawm qhov pom ntawm kev xaiv tus neeg saib xyuas kev tiv thaiv
Kev tawm tsam ntawm qib L3 / L4 (raws li OSI qauv)
- UDP dej nyab los ntawm botnet (ntau qhov kev thov raug xa ncaj qha los ntawm cov khoom siv kis mus rau qhov kev pabcuam raug tawm tsam, cov servers raug thaiv nrog cov channel);
- DNS / NTP / thiab lwm yam kev nthuav dav (ntau qhov kev thov raug xa los ntawm cov cuab yeej muaj kab mob mus rau qhov tsis zoo DNS / NTP / thiab lwm yam, tus xa qhov chaw nyob yog forged, huab ntawm pob ntawv teb rau kev thov dej nyab channel ntawm tus neeg raug tawm tsam; qhov no yog qhov feem ntau Kev tawm tsam loj yog ua tiav hauv Is Taws Nem niaj hnub);
- SYN / ACK dej nyab (ntau qhov kev thov los tsim kev sib txuas yog xa mus rau cov servers tawm tsam, cov kab sib txuas dhau los);
- tawm tsam nrog pob ntawv tawg, ping ntawm kev tuag, ping dej nyab (Google nws thov);
- thiab lwm yam.
Cov kev tawm tsam no tsom mus rau "clog" tus neeg rau zaub mov channel lossis "tua" nws lub peev xwm los lees txais cov tsheb tshiab.
Txawm hais tias SYN / ACK dej nyab thiab kev nthuav dav sib txawv heev, ntau lub tuam txhab tawm tsam lawv sib npaug. Teeb meem tshwm sim nrog kev tawm tsam los ntawm pab pawg tom ntej.
Tawm tsam ntawm L7 (daim ntawv thov txheej)
- http dej nyab (yog tias lub vev xaib lossis qee qhov http api raug tawm tsam);
- kev tawm tsam ntawm qhov chaw tsis zoo ntawm qhov chaw (cov uas tsis muaj cache, uas thauj lub xaib hnyav heev, thiab lwm yam).
Lub hom phiaj yog ua kom cov neeg rau zaub mov "ua haujlwm nyuaj", ua haujlwm ntau "zoo li qhov kev thov tiag tiag" thiab sab laug yam tsis muaj peev txheej rau kev thov tiag.
Txawm hais tias muaj lwm yam kev tawm tsam, cov no yog cov feem ntau.
Kev tawm tsam hnyav ntawm qib L7 yog tsim nyob rau hauv ib txoj kev tshwj xeeb rau txhua qhov haujlwm raug tawm tsam.
Vim li cas 2 pawg?
Vim tias muaj ntau tus neeg paub yuav ua li cas tiv thaiv kev tawm tsam zoo ntawm qib L3 / L4, tab sis txawm tias tsis tuaj yeem tiv thaiv ntawm daim ntawv thov qib (L7) txhua, lossis tseem tsis muaj zog dua li lwm txoj hauv kev cuam tshuam nrog lawv.
Leej twg yog leej twg hauv DDoS kev lag luam tiv thaiv
(kuv tus kheej xav)
Kev tiv thaiv ntawm qib L3 / L4
Txhawm rau tawm tsam kev tawm tsam nrog kev nthuav dav ("kev thaiv" ntawm cov neeg rau zaub mov channel), muaj ntau qhov dav txaus (ntau qhov kev pabcuam tiv thaiv txuas mus rau feem ntau ntawm cov chaw pabcuam pob txha loj hauv tebchaws Russia thiab muaj cov channel nrog lub peev xwm theoretical ntau dua 1 Tbit). Tsis txhob hnov qab tias qhov kev tawm tsam tsis tshua muaj tshwm sim ntev tshaj li ib teev. Yog tias koj yog Spamhaus thiab txhua tus tsis nyiam koj, yog, lawv yuav sim kaw koj cov channel rau ob peb hnub, txawm tias muaj kev pheej hmoo ntawm kev muaj sia nyob ntxiv ntawm lub ntiaj teb botnet siv. Yog tias koj nyuam qhuav muaj lub khw hauv online, txawm tias nws yog mvideo.ru, koj yuav tsis pom 1 Tbit hauv ob peb hnub sai sai (Kuv vam).
Txhawm rau tiv thaiv kev tawm tsam nrog SYN / ACK dej nyab, pob ntawv tawg, thiab lwm yam, koj xav tau cov cuab yeej lossis software tshuab txhawm rau txheeb xyuas thiab nres cov kev tawm tsam.
Ntau tus neeg tsim cov khoom siv zoo li no (Arbor, muaj cov kev daws teeb meem los ntawm Cisco, Huawei, kev siv software los ntawm Wanguard, thiab lwm yam), ntau tus neeg ua haujlwm qaum teb tau teeb tsa nws thiab muag DDoS cov kev pabcuam tiv thaiv (Kuv paub txog kev teeb tsa los ntawm Rostelecom, Megafon, TTK, MTS. , qhov tseeb, txhua tus neeg muab kev pabcuam loj ua ib yam nrog hosters nrog lawv tus kheej tiv thaiv a-la OVH.com, Hetzner.de, Kuv tus kheej tau ntsib kev tiv thaiv ntawm ihor.ru). Qee lub tuam txhab tab tom tsim lawv tus kheej cov kev daws teeb meem software (cov thev naus laus zis zoo li DPDK tso cai rau koj los ua cov tsheb khiav ntawm kaum gigabits ntawm ib lub cev x86 tshuab).
Ntawm cov neeg paub zoo, txhua tus tuaj yeem tawm tsam L3 / L4 DDoS ntau dua lossis tsawg dua. Tam sim no kuv yuav tsis hais tias leej twg muaj lub peev xwm loj tshaj plaws (qhov no yog cov ntaub ntawv sab hauv), tab sis feem ntau qhov no tsis tseem ceeb, thiab qhov sib txawv tsuas yog qhov kev tiv thaiv sai npaum li cas (tam sim ntawd lossis tom qab ob peb feeb ntawm qhov project downtime, zoo li hauv Hetzner).
Cov lus nug yog qhov ua tau zoo npaum li cas: qhov kev tawm tsam amplification tuaj yeem raug tshem tawm los ntawm kev thaiv cov tsheb los ntawm cov teb chaws uas muaj kev phom sij loj tshaj plaws, lossis tsuas yog cov tsheb tsis tsim nyog yuav raug muab pov tseg.
Tab sis tib lub sijhawm, raws li kuv qhov kev paub dhau los, txhua tus neeg ua lag luam loj tau daws qhov no yam tsis muaj teeb meem: Qrator, DDoS-Guard, Kaspersky, G-Core Labs (yav dhau los SkyParkCDN), ServicePipe, Stormwall, Voxility, thiab lwm yam.
Kuv tsis tau ntsib kev tiv thaiv los ntawm cov tswv lag luam xws li Rostelecom, Megafon, TTK, Beeline; raws li kev tshuaj xyuas los ntawm cov npoj yaig, lawv muab cov kev pabcuam no zoo heev, tab sis txog tam sim no tsis muaj kev paub dhau los cuam tshuam: qee zaum koj yuav tsum tweak qee yam los ntawm kev txhawb nqa. ntawm tus neeg ua haujlwm tiv thaiv.
Qee tus neeg ua haujlwm muaj kev pabcuam cais "tiv thaiv kev tawm tsam ntawm qib L3 / L4", lossis "kev tiv thaiv channel"; nws raug nqi ntau dua li kev tiv thaiv ntawm txhua qib.
Vim li cas nws tsis yog tus kws kho mob caj dab uas tawm tsam ntau pua Gbits, vim nws tsis muaj nws cov channel?Tus neeg saib xyuas kev tiv thaiv tuaj yeem txuas mus rau ib qho ntawm cov chaw muab kev pabcuam loj thiab tawm tsam "ntawm nws cov nuj nqis." Koj yuav tau them rau cov channel, tab sis tag nrho cov no ntau pua Gbits yuav tsis tas yuav siv; muaj cov kev xaiv los txo tus nqi ntawm cov channel hauv qhov no, yog li cov tswv yim tseem ua haujlwm tau.
Cov no yog cov ntawv ceeb toom kuv niaj hnub tau txais los ntawm qib siab dua L3 / L4 kev tiv thaiv thaum txhawb nqa cov neeg muab kev pabcuam hosting systems.
Kev tiv thaiv ntawm qib L7 (piv txwv li)
Kev tawm tsam ntawm qib L7 (theem daim ntawv thov) tuaj yeem tawm tsam cov chav nyob tsis tu ncua thiab ua haujlwm tau zoo.
Kuv muaj ntau qhov kev paub tiag tiag nrog
— Qrator.net;
- DDoS-Guard;
- G-Core Labs;
- Kaspersky.
Lawv them rau txhua megabit ntawm cov tsheb ntshiab, ib megabit raug nqi txog ob peb txhiab rubles. Yog tias koj muaj tsawg kawg yog 100 Mbps ntawm kev khiav tsheb ntshiab - oh. Kev tiv thaiv yuav kim heev. Kuv tuaj yeem qhia rau koj hauv cov lus hauv qab no yuav ua li cas tsim cov ntawv thov kom txuag tau ntau ntawm cov peev txheej ntawm kev ruaj ntseg.
Qhov tiag "tus huab tais ntawm toj" yog Qrator.net, tus so lag tom qab lawv. Qrator yog tam sim no tsuas yog ib qho ntawm kuv qhov kev paub dhau los uas muab feem pua ntawm cov txiaj ntsig tsis raug ze ze rau xoom, tab sis tib lub sijhawm lawv tseem kim dua li lwm tus neeg ua lag luam.
Lwm tus neeg ua haujlwm kuj muab kev tiv thaiv zoo thiab ruaj khov. Ntau qhov kev pabcuam txhawb nqa los ntawm peb (nrog rau cov neeg paub zoo hauv lub tebchaws!) tau tiv thaiv los ntawm DDoS-Guard, G-Core Labs, thiab txaus siab heev rau cov txiaj ntsig tau txais.
Attacks repelled los ntawm Qrator
Kuv kuj muaj kev paub txog kev ruaj ntseg me me xws li huab-shield.ru, ddosa.net, ntau txhiab tus ntawm lawv. Kuv yeej yuav tsis pom zoo, vim ... Kuv tsis muaj kev paub ntau, tab sis kuv yuav qhia koj txog cov hauv paus ntsiab lus ntawm lawv txoj haujlwm. Lawv cov nqi tiv thaiv feem ntau yog 1-2 qhov kev txiav txim siab qis dua li cov players loj. Raws li txoj cai, lawv yuav cov kev pabcuam tiv thaiv ib nrab (L3 / L4) los ntawm ib tus neeg ua si loj + ua lawv tus kheej tiv thaiv kev tawm tsam ntawm qib siab dua. Qhov no tuaj yeem ua tau zoo + koj tuaj yeem tau txais kev pabcuam zoo rau nyiaj tsawg, tab sis cov no tseem yog cov tuam txhab me me nrog cov neeg ua haujlwm me, thov nco ntsoov qhov ntawd.
Dab tsi yog qhov nyuaj ntawm kev tawm tsam ntawm qib L7?
Txhua daim ntawv thov yog tshwj xeeb, thiab koj yuav tsum tso cai rau kev khiav tsheb uas muaj txiaj ntsig zoo rau lawv thiab thaiv cov teeb meem. Nws tsis yog ib txwm ua tau kom unequivocally tshem tawm bots, yog li koj yuav tsum tau siv ntau, tiag tiag ntau ntau qib ntawm kev ua kom huv si.
Ib zaug dhau los, nginx-testcookie module tau txaus (), thiab nws tseem txaus los tawm tsam ntau qhov kev tawm tsam. Thaum kuv ua haujlwm hauv kev lag luam hosting, L7 kev tiv thaiv yog raws li nginx-testcookie.
Hmoov tsis zoo, kev tawm tsam tau dhau los ua nyuaj dua. testcookie siv JS-based bot checks, thiab ntau cov bots niaj hnub tuaj yeem ua tiav lawv.
Attack botnets kuj yog qhov tshwj xeeb, thiab cov yam ntxwv ntawm txhua tus botnet loj yuav tsum raug coj mus rau hauv tus account.
Amplification, ncaj qha dej nyab los ntawm botnet, lim tsheb los ntawm ntau lub teb chaws (kev lim dej sib txawv rau ntau lub teb chaws), SYN / ACK dej nyab, pob ntawv tawg, ICMP, http dej nyab, thaum nyob rau hauv daim ntawv thov / http qib koj tuaj yeem tuaj nrog tus lej tsis txwv. txawv tawm tsam.
Nyob rau hauv tag nrho, nyob rau theem ntawm kev tiv thaiv channel, cov cuab yeej tshwj xeeb rau kev tshem tawm kev khiav tsheb, software tshwj xeeb, kev lim dej ntxiv rau txhua tus neeg siv khoom tuaj yeem muaj kaum thiab ntau pua qib lim.
Txhawm rau tswj hwm qhov no kom raug thiab raug kho qhov chaw lim dej rau cov neeg siv sib txawv, koj xav tau ntau yam kev paub thiab cov neeg ua haujlwm tsim nyog. Txawm tias tus neeg ua haujlwm loj uas tau txiav txim siab muab cov kev pabcuam tiv thaiv tsis tuaj yeem "muab pov nyiaj ntawm qhov teeb meem": kev paub yuav tsum tau txais los ntawm qhov chaw dag thiab qhov tsis tseeb ntawm kev khiav tsheb raug cai.
Tsis muaj "repel DDoS" khawm rau tus neeg saib xyuas kev ruaj ntseg; muaj ntau cov cuab yeej, thiab koj yuav tsum paub siv lawv li cas.
Thiab ib qho piv txwv ntxiv lawm.
Ib tus neeg rau zaub mov tsis muaj kev tiv thaiv tau thaiv los ntawm tus tswv tsev thaum muaj kev tawm tsam nrog lub peev xwm ntawm 600 Mbit
("Kev poob" ntawm kev khiav tsheb tsis pom zoo, vim tias tsuas yog 1 lub vev xaib raug tawm tsam, nws raug tshem tawm ib ntus ntawm lub server thiab qhov thaiv tau raug tshem tawm hauv ib teev).
Tib lub server tiv thaiv. Cov neeg tawm tsam "surrendered" tom qab ib hnub ntawm kev tawm tsam tawm tsam. Qhov kev tawm tsam nws tus kheej tsis yog qhov muaj zog tshaj plaws.
Kev tawm tsam thiab kev tiv thaiv ntawm L3 / L4 yog qhov tsis tseem ceeb; lawv feem ntau yog nyob ntawm qhov tuab ntawm cov channel, nrhiav kom pom thiab lim algorithms rau kev tawm tsam.
L7 kev tawm tsam yog qhov nyuaj dua thiab qub; lawv nyob ntawm daim ntawv thov raug tawm tsam, lub peev xwm thiab kev xav ntawm cov neeg tawm tsam. Kev tiv thaiv lawv yuav tsum muaj kev paub ntau thiab kev paub dhau los, thiab qhov tshwm sim yuav tsis yog tam sim ntawd thiab tsis yog ib puas feem pua. Txog thaum Google tuaj nrog lwm lub neural network rau kev tiv thaiv.
Tau qhov twg los: www.hab.com