如果你是IT火狐体育手机的, 或者你需要考虑如何保护公司24/7全天候开展业务的能力, 你必须关注10月21日发生的事情,当时分布式拒绝服务(DDoS)攻击敲响了Dyn(域名服务提供商)的大门。.
您需要保持警惕,这可以通过使用网络中可用的工具来完成. 你需要了解上个月发生了什么,然后制定一个计划和行动方针,这样你就不会成为未来可能对你和你的业务产生更大影响的攻击的受害者. 现在是时候确保你的网络和设备免受这些类型的攻击了.
什么是DDoS?
A distributed denial of service attack can happen in several different ways. 在这种情况下, 网络流量泛滥,服务器不堪重负,导致合法网络用户无法获得网络服务.
据Dyn说, the domain name service provider hit with the massive DDoS attack that day, 有一个僵尸网络,这是一个由恶意软件创建的计算机网络,在这些计算机用户不知情的情况下远程控制. This botnet consisted of an estimated 100k internet-connected devices, 而不是最初估计的数千万个IP地址, that were responsible for the huge attack on critical systems.
相比较而言, Gartner estimates t在这里 are currently 6.40亿个物联网设备, 所以相对而言, t在这里 was a very tiny number of devices involved – this time. These 100k devices were hijacked to flood Dyns’ systems with unwanted requests, shutting down the internet for millions.
What virus was involved in the attack?
The compromised devices were infected with the Mirai恶意软件, an infamous virus that has the ability to take over cameras, DVRs, and routers. Mirai恶意软件搜索使用出厂设置密码的物联网设备,然后将其作为僵尸网络的一部分发起DDoS攻击.
Are t在这里 other viruses that could cause a DDoS?
绝对!
尽管有一些攻击利用了系统缺陷或漏洞(如泪滴攻击), 大多数其他类型的攻击涉及生成大量流量,从而拒绝向合法网络用户提供网络服务, 比如这次攻击. These types of attacks include:
• ARP Flood攻击 – Floods a network switch with a large number of ARP requests, 导致交换机使用大量CPU时间来响应这些请求. 如果ARP请求数超过设置的每秒500次,则认为存在攻击.
• 土地的攻击 —发送欺骗报文时,将SYN标志设置为任何正在侦听的开放端口上的主机. The machine can crash or reboot in an attempt to respond
• ICMP Ping死亡 —超过最大IP数据报大小(65535字节)的ping数据包被发送到主机并导致系统崩溃
• SYN攻击 – This attack floods the system with series of TCP SYN packets, resulting in the host issuing SYNACK responses. The half open TCP Connections can exhaust TCIP resources, such that no other TCP connections are accepted.
• 百事可乐的攻击 – The most common form of UDP flooding directed at harming networks. 百事可乐攻击是一种针对网络设备诊断端口的大量欺骗UDP报文的攻击. pepsi攻击会导致网络设备消耗大量CPU时间来响应这些数据包.
每天都有更多的攻击,包括无效IP攻击和多播IP和MAC地址不匹配.
What can you do to protect your network?
Your network switches and 物联网 devices can be protected against DDoS by filtering. 您可以将网络交换机设置为通过监视发送到打开或关闭端口的TCP或UDP数据包来检测各种类型的端口扫描.
• 数据包惩罚值设置. TCP和UDP数据包的目的是打开或关闭端口被分配一个惩罚值. 每次接收到这种类型的数据包时,将其指定的惩罚值添加到运行总数中. 这个总数是累积的,包括所有TCP和UDP数据包,目的是打开或关闭端口.
• Port scan penalty value threshold. The switch is given a port scan penalty value threshold. 这个数字是触发SNMP trap之前运行惩罚总数可以达到的最大值.
• 衰减值. 设置衰减值. The running penalty total is divided by the decay value every minute.
• 陷阱一代. If the total penalty value exceeds the set port scan penalty value threshold, 产生告警,提醒管理员正在进行端口扫描.
例如, 假设设置了一个开关,以便发送到关闭端口的TCP和UDP数据包被罚10分, TCP packets destined for open ports are given a penalty of 5, and UDP packets destined for open ports are given a penalty of 20.
当然, 如果你不监控由这些事件触发的通知,世界上最聪明的开关也不会帮到你. That’s w在这里 a good network management system is crucial. 一个好的资源 is your local ALE representative.
What about your smart "things"?
Besides taking care of the network, things that you can do to protect your smart devices, 在工作和家庭中:
1. 密码 -这是最容易修复和最容易被忽视的-改变出厂默认密码,随您的设备. In this DDoS case, the virus searched for default settings.
2. 更新软件 – As annoying as those reminders are to update your software, they often contain critical security updates. 花点时间更新一下!
3. 防止远程管理 – Disable the remote management protocol, 如, telnet or http that provides control from another location. The recommended remote management secure protocols are via SSH or http.
The next time DDoS comes knocking at your door, 确保你的网络已经设置好了,可以通知你这些活动,并知道如何管理它们. 在一个完美的世界, 您的交换机/路由器网络设备将在出厂默认情况下启用它们的过滤功能. 如果您对如何使用阿尔卡特朗讯企业解决方案使您的网络更安全有进一步的疑问, 或者对a感兴趣 deeper dive into the technology, please contact your nearest ALE representative.
最新的博客
Revitalise education with a modern campus network
一个现代, campus-wide network upgrade aligns capabilities with academic, research and business priorities today and tomorrow.
Solve education challenges with a modern campus network
一个现代 campus network helps streamline operations, 降低成本, and offers a safe and caring place to work and study.
