Introduction: Every 618 promote the rapid flow, for technical people are a severe test. If a malicious DDoS attack is launched during the event, it is worse. E-commerce services are not subject to DDoS attacks with heavy traffic and are sensitive to delay. Therefore, DDoS protection is only required during activities. In this article, a professional security team will share how to adjust defense policies in real time according to DDoS attacks and business health conditions, ensuring business stability and saving a lot of security defense and operating costs.

If your website or app suddenly gets a lot of suspicious traffic, and normal users can’t access or connect to the server, it’s probably a DDoS attack. DDoS is a mature and common means of attack in the black industry chain of the Internet. It is simple, crude and effective, difficult to trace the source and low cost of crime.

Let’s use an example to help you visualize it:

Xiao Wang has a small restaurant, which can only accommodate 50 guests at the same time. But as a result of the good taste of food enough, every day dining guests in an endless stream. The hot business aroused the envy of the street gangster, who sent more than 100 people to make trouble in Xiao Wang’s shop. These people looked no different from ordinary customers. Xiao Wang and the waiter could only provide normal service. However, these people just kept asking about the dishes and prices instead of ordering, occupying all the seats and the waiter, which made it impossible for other customers to eat normally and eventually led to the closure of the restaurant.

A typical DDoS attack sends a large number of requests within a short period of time, which exceeds the processing range of the system. As a result, the target network or system resources are exhausted and services are temporarily interrupted or stopped. Normal users cannot access services.

DDoS refers to Distributed denial-of-service. Denial-of-service means Denial of Service. Distributed means the attack is not coming from one source, but from thousands of devices.

With the development of the IoT industry, the number of devices connected to the Internet of Things (IoT), which are online for a long time and have a long vulnerability update cycle, has become a hotbed for attackers to exploit vulnerabilities. IoT devices have gradually become the main force of DDoS attacks. According to statistics, the number of DDoS attacks in China in 2019 increased by 30.2% compared with 2018, and the number of large-scale attacks over 100Gbps gradually increased, and the continuous growth of super-large-scale attacks has become a normal situation.

Generally speaking, there are two main forms of DDoS:

  • Flow attackA large number of attack packets block the network bandwidth. Legitimate network packets are swamped by fake attack packets and cannot reach hosts. The attacks include UDP flood attack, ICMP flood attack, Ping of death attack, and teardrop attack.
  • Resource depletion attackIs an attack targeting a server host, that is, the host memory is exhausted or the CPU is occupied by the kernel and application programs through a large number of attack packages. The attack modes include SYN flood, LAND attack, CC attack, botnet attack, and application-level flood attack.

According to industry authority, according to a report in 2019 as the currency market is active, a botnet is no longer confined to a single means of DDoS attack, but choose cooperation with blackmail software, dig the Trojan attack, part to distributed blasting, attack means rich and flexible switch enables the black ash production to further reduce the cost of DDoS attacks, Increases attack effectiveness.

Although we can not prevent malicious attackers to send a large number of false access data information to the server, but can be prepared in advance, improve the capacity of load processing. For example, you can expand the bandwidth, in a short period of time for the site to expand dramatically, to provide several times or dozens of times the bandwidth, withstand the request of large traffic. You can also purchase the IP high defense service. You only need to resolve the CNAME of the domain name to be protected from the DNS service provider to the secure domain name configured by Jd Zhilian cloud to complete access and effectively defend against SYN Flood, UDP Flood, ICMP Flood and other heavy traffic attacks. IP high total defense capability reaches TB level, easily defends against heavy traffic attacks.

However, some enterprise users do not suffer from heavy DDoS attacks and are sensitive to delay. Therefore, they do not want to use DDoS protection products and services. Only during important events such as enterprise promotion, exhibition, product launch, new business launch, and major events related to enterprise development such as corporate financing, mergers and acquisitions, and listing, the company is vulnerable to malicious DDoS attacks from competitors and black industry. Therefore, it is necessary to use DDoS protection products and services as needed during the activities. In addition, a professional security team provides 24/7 security reprotection to monitor DDoS attacks and service health status and adjust defense policies in real time, ensuring service stability and saving a lot of security defense and operation costs.

An e-commerce customer on Jd Zhaopin cloud received threat intelligence in the early stage of promotion, and there would be a large number of DDoS attacks from overseas during the activity. According to the observation of jd Zhilian cloud security team, nearly 40% of the attack traffic comes from overseas, and CC attacks are abundant. Since customers have access to IP high-security products, CC attacks are effectively protected. After discovering that CC attacks fail to cause denial of service at the customer’s source site, the attacker attempts layer 4 heavy traffic attacks. The attack peak exceeds the bandwidth of the customer’s IP high protection base. After elastic defense takes effect, the attacker starts to generate charges on a daily basis.

In order to reduce the overall investment of customers in DDoS protection, JD Zhilian launched anti-ddos Premium Service to provide professional DDoS attack protection solutions for users with reprotection requirements. The espace EMS provides customized services such as near-source cleaning, traffic suppression, and DNS refreshing based on application scenarios to ensure service continuity and stability.

In the above case, jingdong Zhilian cloud security team assisted the customer to enable the traffic suppression function, blocked overseas traffic, effectively reduced the attack traffic into IP high protection nodes, reduced the customer protection pressure, and successfully completed the customer promotion protection task.

Jd Zhilian cloud security team can provide 7*24 hours remote support, real-time monitoring of attack trend and business health status, to ensure the continuous and stable operation of business. Analyzes security threats faced by customers, and provides anti-ddos solutions for major service activities of customers. And customized service content according to customer scenarios, flexible billing, to help customers save costs.

DDoS customized defense services include near-source cleaning, traffic suppression, and DNS refresh. Customized services can be provided based on customer scenarios:

Proximal cleaning

Near source cleaning is DDoS attack cleaning that provides heavy traffic on the backbone network of the carrier side. Cleaning close to the attack source can effectively relieve the defense pressure of users’ IP high defense instances and the source site on jingdong Cloud, and reduce the probability of attacked services entering the black hole.

Flow down

Traffic suppression is implemented on the backbone network of the carrier side to block traffic. The carrier can select a region to block traffic based on the geographical distribution of attacked traffic. For example, if a user discovers that outbound traffic accounts for a large proportion of DDoS attacks and the service itself does not provide services for outbound traffic, the user can block outbound traffic and unblock outbound traffic at any time.

DNS refresh

Domain Name System (Domain Name System, referred to as DNS) is one of the basic systems of the entire Internet service. It is responsible for converting the Internet Domain names that people visit into IP addresses. This conversion process is called “Domain Name resolution”, so DNS is also called “Domain Name resolution System”.

Each node of the domain name system consists of several DNS servers. The authoritative DNS server is the server that has the permission to manage domain name resolution configuration. A cache DNS server that does not have domain name resolution configuration management rights but can synchronize authoritative DNS server data. Authoritative DNS servers have only partial domain name data and have no direct relationship with each other. To provide more comprehensive domain name resolution services, a recursive DNS server is created. The recursive DNS server in the Internet is usually managed by carriers.

DNS refresh is a synchronization process initiated by the carrier’s recursive DNS server with the authoritative DNS server. The synchronization takes effect in seconds, ensuring smooth service access and switchover.

1. Users submit work orders online or consult offline on the official website of JD Zhilian Cloud;

2. Make plans according to customer requirements and business scenarios:

Scenario 1: If the source site is not on Jd Zhaopin cloud, users can purchase IP security products to protect against normal DDoS attacks. In case of heavy traffic attacks, users can use the near-source cleaning service as required.

Scenario 2: Users deploy services on JD Zhilian cloud and use the public IP address of JD Zhilian Cloud. The basic DDoS defense function is enabled on the public IP address by default. Users can view details of DDoS attacks on the JD Zhilian cloud console and select the traffic suppression service as required when heavy traffic attacks occur.

3. Determine the service content according to the user plan, agree on the service cycle, and sign the contract offline;

4. The customer of JD Zhaopin cloud has enabled basic DDoS protection by default, and the security team will open and configure defense policies according to the customer’s plan. For non-jd Zhilian cloud customers, after purchasing IP high security products, the security team will open and configure protection policies according to customer plans;

5. During the service cycle, the security team monitors the attack situation and business health status 24/7, and adjusts defense policies at any time according to customer requirements and attack trends;

6. After the service, issue the report for the customer.

Click “Read” to learn about JD’S DDoS customized defense service