Ddos & Anti-Ddos (Athena)

Phn 1: 1.Khai nim va phn loai 1.1Khai nimTn cng bng t chi dich vu DoS (Denial of Service) co th m ta nh hanh ng ngn can nhng ngi dung hp phap kha nng truy cp va s dung vao mt dich vu nao o. No bao gm: lam tran ngp mang, mt kt ni vi dich vu ma muc ich cui cung la may chu (Server) khng th ap ng c cac yu cu s dung dich vu t cac may tram (Client).

1.2 Phn loaiCo 2 loai

Loai 1: Da theo c im cua h thng bi tn cng: gy qua tai khin h thng mt khanng phuc vu Tin tc gi rt nhiu yu cu dich vu, bt chc nh ngi dung thc s yu cu i vi h thng giai quyt yu cu, h thng phai tn tai nguyn (CPU, b nh, ng truyn,). Ma tai nguyn nay thi la hu han. Do o h thng se khng con tai nguyn phuc vu cac yu cu sau Hinh thc chu yu cua kiu nay tn cng t chi dich vu phn tan

Loai 2 : Lam cho h thng bi treo, t lit do tn cng vao c im cua h thng hoc li van toan thng tin Tin tc li dung ke h an toan thng tin cua h thng gi cac yu cu hoc cac goi tin khng hp l (khng ung theo tiu chun) mt cach c y, khin cho h thng bi tn cng khi nhn c yu cu hay goi tin nay, x ly khng ung hoc khng theo trinh t a c thit k, dn n s sup cua chinh h thng o in hinh la kiu tn cng Ping of Death hoc SYN Flood

2.Cac cach thc tn cng 2.1 Tn cng thng qua kt ni SYN Flood Attack-c xem la mt trong nhng kiu tn cng DoS kinh in nht. Li dung s h cua thu tuc TCP khi bt tay ba chiu, mi khi client (may khach) mun thc hin kt ni (connection) vi server (may chu) thi no thc hin vic bt tay ba ln (three ways handshake) thng qua cac goi tin (packet). Bc 1: Client (may khach) se gi cac goi tin (packet cha SYN=1) n may chu yu cu kt ni. Bc 2: Khi nhn c goi tin nay, server se gi lai goi tin SYN/ACK thng bao cho client bit la no a nhn c yu cu kt ni va chun bi tai nguyn cho vic yu cu nay. Server se gianh mt phn tai nguyn h thng nh b nh m (cache) nhn va truyn d liu. Ngoai ra, cac thng tin khac cua client nh ia chi IP va cng (port) cung c ghi nhn. Bc 3: Cui cung, client hoan tt vic bt tay ba ln bng cach hi m lai goi tin cha ACK cho server va tin hanh kt ni.

-Do TCP la thu tuc tin cy trong vic giao nhn (end-to-end) nn trong ln bt tay th hai,server gi cac goi tin SYN/ACK tra li lai client ma khng nhn lai c hi m cua client thc hin kt ni thi no vn bao lu ngun tai nguyn chun bi kt ni o va lp lai vic gi goi tin SYN/ACK cho client n khi nao nhn c hi ap cua may client. -im mu cht la y la lam cho client khng hi ap cho Server. Va co hang nhiu,

nhiu client nh th trong khi server vn ngy th lp lai vic gi packet o va gianh tai nguyn ch ngi v trong luc tai nguyn cua h thng la co gii han! Cac hacker tn cng se tim cach at n gii han o.

-Nu qua trinh o keo dai, server se nhanh chong tr nn qua tai, dn n tinh trang crash (treo) nn cac yu cu hp l se bi t chi khng th ap ng c. Co th hinh dung qua trinh nay cung ging h khi may tinh ca nhn (PC) hay bi treo khi m cung luc qua nhiu chng trinh cung luc vy . -Thng thng, gia ia chi IP goi tin, cac hacker co th dung Raw Sockets (khng phai goi tin TCP hay UDP) lam gia mao hay ghi e gia ln IP gc cua goi tin. Khi mt goi tin SYN vi IP gia mao c gi n server, no cung nh bao goi tin khac, vn hp l i vi server va server se cp vung tai nguyn cho ng truyn nay, ng thi ghi nhn toan b thng tin va gi goi SYN/ACK ngc lai cho Client. Vi ia chi IP cua client la gia mao nn se khng co client nao nhn c SYN/ACK packet nay hi ap cho may chu. Sau mt thi gian khng nhn c goi tin ACK t client, server nghi rng goi tin bi tht lac nn lai tip tuc gi tip SYN/ACK, c nh th, cac kt ni (connections) tip tuc m.

-Nu nh ke tn cng tip tuc gi nhiu goi tin SYN n server thi cui cung server a khng th tip nhn thm kt ni nao na, du o la cac yu cu kt ni hp l. Vic khng th phuc na cung ng nghia vi vic may chu khng tn tai. Vic nay cung ng nghia vi xay ra nhiu tn tht do ngng tr hoat ng, c bit la trong cac giao dich thng mai in t trc tuyn. -y khng phai la kiu tn cng bng ng truyn cao, bi vi chi cn mt may tinh ni internet qua nga dial-up n gian cung co th tn cng kiu nay (tt nhin se lu hn chut).

2.2 Li dung tai nguyn cua nan nhn tn cng Land AttackTng t nh SYN flood Nhng hacker s dung chinh IP cua muc tiu cn tn cng dung lam ia chi IP ngun trong goi tin y muc tiu vao mt vong lp v tn khi c gng thit lp kt ni vi chinh no

UDP floodHacker gi goi tin UDP echo vi ia chi IP ngun la cng loopback cua chinh muc tiu cn tn cng hoc cua mt may tinh trong cung mang Vi muc tiu s dung cng UDP echo (port 7) thit lp vic gi va nhn cac goi tin echo trn 2 may tinh (hoc gia muc tiu vi chinh no nu muc tiu co cu hinh cng loopback), khin cho 2 may tinh nay dn dn s dung ht bng thng cua chung, va can tr hoat ng chia se tai nguyn mang cua cac may tinh khac trong mang

2.3 S dung Bng ThngDDoS (Distributed Denial of Service) -Xut hin vao mua thu 1999, so vi tn cng DoS c in, sc manh cua DDoS cao hn gp nhiu ln. Hu ht cac cuc tn cng DDoS nhm vao vic chim dung bng thng (bandwidth) gy nghen mach h thng dn n h thng ngng hoat ng. thc hin thi ke tn cng tim cach chim dung va iu khin nhiu may tinh/mang may tinh trung gian (ong vai tro zombie)

t nhiu ni ng loat gi ao at cac goi tin (packet) vi s lng rt ln nhm chim dung tai nguyn va lam tran ngp ng truyn cua mt muc tiu xac inh nao o.

-Theo cach nay thi du bng thng co bao nhiu i chng na thi cung khng th chiu ng c s lng hang triu cac goi tin o nn h thng khng th hoat ng c na va nh th dn n vic cac yu cu hp l khac khng th nao c ap ng, server se bi a vng khoi internet.

- Noi nm na la no ging nh tinh trang ket xe vao gi cao im vy. Vi du ro nht la s cng hng trong ln truy cp im thi ai hoc va qua khi co qua nhiu may tinh yu cu truy cp cung luc lam dung lng ng truyn hin tai cua may chu khng tai nao ap ng ni. -Hin nay, a xut hin dang virus/worm co kha nng thc hin cac cuc tn cng DDoS.Khi bi

ly nhim vao cac may khac, chung se t ng gi cac yu cu phuc vu n mt muc tiu xac inh nao o vao thi im xac inh chim dung bng thng hoc tai nguyn h thng may chu. Trng hp cua MyDoom la vi du tiu biu cho kiu nay

2.4 S dung tai nguyn khac Smurf Attack

Kiu tn cng nay cn mt h thng rt quan trong la mang khuych ai Hacker dung ia chi cua may tinh cn tn cng gi goi tin ICMP echo cho toan b mang (broadcast) Cac may tinh trong mang se ng loat gi goi tin ICMP reply cho may tinh ma hacker mun tn cng Kt qua la may tinh nay se khng th x ly kip thi mt lng ln thng tin va dn ti bi treo may.

Tear DropTrong mang chuyn mach goi, d liu c chia thanh nhiu goi tin nho, mi goi tin co mt gia tri offset ring va co th truyn i theo nhiu con ng khac nhau ti ich. Tai ich, nh vao gia tri offset cua tng goi tin ma d liu lai c kt hp lai nh ban u Li dung iu nay, hacker co th tao ra nhiu goi tin co gia tri offset trung lp nhau gi n muc tiu mun tn cng Kt qua la may tinh ich khng th sp xp c nhng goi tin nay va dn ti bi treo may vi bi "vt kit" kha nng x ly

Pha hoai hoc chinh sa thng tin cu hinhLi dung vic cu hinh thiu an toan nh vic khng xac thc thng tin trong vic gi/nhn ban tin cp nht (update) cua router... ma ke tn cng se thay i trc tip hoc t xa cac thng tin quan trong nay khin cho nhng ngi dung hp phap khng th s dung dich vu.

Pha hoai hoc chinh sa phn cngLi dung quyn han cua chinh ban thn ke tn cng i vi cac thit bi trong h thng mang tip cn pha hoai cac thit bi phn cng nh router, switch

*Ngoai ra con co kiu tn cng t chi dich vu phan xa nhiu vung DRDoS (Distributed Reflection Denial of Service)-Xut hin vao u nm 2002, la kiu tn cng mi nht, manh nht trong ho DoS. Nu c thc hin bi ke tn cng co tay ngh thi no co th ha guc bt c h thng nao trn th gii trong phut chc. -Muc tiu chinh cua DDDoS la chim oat toan b bng thng cua may chu, tc la lam tc nghen hoan toan ng kt ni t may chu vao xng sng cua Internet va tiu hao tai nguyn may chu. Trong sut qua trinh may chu bi tn cng bng DrDoS, khng mt may khach nao co th kt ni c vao may chu o. Tt ca cac dich vu chay trn nn TCP/IP nh DNS, HTTP, FTP, POP3, ... u bi v hiu hoa. -V c ban, DRDoS la s phi hp gia hai kiu DoS va DDoS. No co kiu tn cng SYN vi mt may tinh n, va co s kt hp gia nhiu may tinh chim dung bng thng nh kiu DDoS. Ke tn cng thc hin bng cach gia mao ia chi cua server muc tiu ri gi yu cu SYN n cac server ln nh Yahoo, Micorosoft, chng han cac server nay gi cac goi tin SYN/ACK n server muc tiu. Cac server ln, ng truyn manh o a v tinh ong vai tro zoombies cho ke tn cng nh trong DDoS.

Qua trinh gi c lp lai lin tuc vi nhiu ia chi IP gia t ke tn cng, vi nhiu server ln tham gia nn server muc tiu nhanh chong bi qua tai, bandwidth bi chim dung bi server ln. Tinh ngh thut la ch chi cn vi mt may tinh vi modem 56kbps, mt hacker lanh ngh co th anh bai bt c may chu nao trong giy lat ma khng cn chim oat bt c may nao lam phng tin thc hin tn cng

3. Cach phong chng tng quatNhin chung, tn cng t chi dich vu khng qua kho thc hin, nhng rt kho phong chng do tinh bt ng va thng la phong chng trong th bi ng khi s vic a ri. Vic i pho bng cach tng cng phn cng cung la giai phap tt, nhng thng xuyn theo doi phat hin va ngn chn kip thi cai goi tin IP t cac ngun khng tin cy la hu hiu nht. M hinh h thng cn phai c xy dng hp ly, tranh phu thuc ln nhau qua mc. Bi khi mt b phn gp s c se lam anh hng ti toan b h thng Thit lp mt khu manh (strong password) bao v cac thit bi mang va cac ngun tai nguyn quan trong khac. Thit lp cac mc xac thc i vi ngi s dung cung nh cac ngun tin trn mang. c bit, nn thit lp ch xac thc khi cp nht cac thng tin inh tuyn gia cac router. Xy dng h thng loc thng tin trn router, firewall va h thng bao v chng lai SYN flood.

Chi kich hoat cac dich vu cn thit, tam thi v hiu hoa va dng cac dich vu cha co yu cu hoc khng s dung. Xy dng h thng inh mc, gii han cho ngi s dung, nhm muc ich ngn nga trng hp ngi s dung ac y mun li dung cac tai nguyn trn server tn cng chinh server hoc mang va server khac. Lin tuc cp nht, nghin cu, kim tra phat hin cac l hng bao mt va co bin phap khc phuc kip thi. S dung cac bin phap kim tra hoat ng cua h thng mt cach lin tuc phat hin ngay nhng hanh ng bt binh thng. Xy dng va trin khai h thng d phong. Khi ban phat hin may chu minh bi tn cng hay nhanh chong truy tim ia chi IP o va cm khng cho gi d liu n may chu. Dung tinh nng loc d liu cua router/firewall loai bo cac packet khng mong mun, giam lng lu thng trn mang va tai cua may chu. Nu bi tn cng do li cua phn mm hay thit bi thi nhanh chong cp nht cac ban sa li cho h thng o hoc thay th. Dung mt s c ch, cng cu, phn mm chng lai TCP SYN Flooding. Tt cac dich vu khac nu co trn may chu giam tai va co th ap ng tt hn. Nu c co th nng cp cac thit bi phn cng nng cao kha nng ap ng cua h thng hay s dung thm cac may chu cung tinh nng khac phn chia tai. Tam thi chuyn may chu sang mt ia chi khac.

4.Chi tit phong chng DDoS-Co rt nhiu giai phap va y tng c a ra nhm i pho vi cac cuc tn cng kiu DDoS. Tuy nhin khng co giai phap va y tng nao la giai quyt tron ven bai toan Anti-DDoS. Cac hinh thai khac nhau cua DDoS lin tuc xut hin theo thi gian song song vi cac giai phap i pho, tuy nhin cuc ua vn tun theo quy lut tt yu cua bao mt may tinh: Hacker lun i trc gii bao mt mt bc. -Co ba giai oan chinh trong qua trinh Anti-DDoS: Giai oan ngn nga: ti thiu hoa lng Agent, tim va v hiu hoa cac Handler Giai oan i u vi cuc tn cng: Phat hin va ngn chn cuc tn cng, lam suy giam va dng cuc tn cng, chuyn hng cuc tn cng.

Giai oan sau khi cuc tn cng xay ra: thu thp chng c va rut kinh nghim

Phn 2: 1.Ti thiu hoa s lng Agent- T phia User: mt phng phap rt tt nng nga tn cng DDoS la tng internet user se t phong khng bi li dung tn cng h thng khac. Mun at c iu nay thi y thc va ky thut phong chng phai c ph bin rng rai cho cac internet user. Attack-Network se khng bao gi hinh thanh nu khng co user nao bi li dung tr thanh Agent. Cac user phai lin tuc thc hin cac qua trinh bao mt trn may vi tinh cua minh. Ho phai t kim tra s hin din cua Agent trn may cua minh, iu nay la rt kho khn i vi user thng thng. - Mt s giai phap tich hp sn kha nng ngn nga vic cai t code nguy him vao hardware va software cua tng h thng. V phia user ho nn cai t va cp nht lin tuc cac software nh antivirus, anti_trojan va server patch cua h iu hanh. - T phia ISP: Thay i cach tinh tin dich vu truy cp theo dung lng se lam cho user lu y n nhng gi ho gi, nh vy v mt y thc se tng cng phat hin DDoS Agent se t nng cao mi User.

2.Tim va v hiu hoa cac Handler- Mt nhn t v cung quan trong trong attack-network la Handler, nu co th phat hin va v hiu hoa Handler thi kha nng Anti-DDoS thanh cng la rt cao. Bng cach theo doi cac giao tip gia Handler va Client hay Handler va Agent ta co th phat hin ra vi tri cua Handler. Do mt Handler quan ly nhiu, nn trit tiu c mt Handler cung co nghia la loai bo mt lng ang k cac Agent trong Attack Network.

3.Phat hin du hiu cua mt cuc tn cng Agress Filtering:Ky thut nay kim tra xem mt packet co u tiu chun ra khoi mt subnet hay khng da trn c s gateway cua mt subnet lun bit c ia chi IP cua cac may thuc subnet. Cac packet t bn trong subnet gi ra ngoai vi ia chi ngun khng hp l se bi gi lai iu tra nguyn nhn. Nu ky thut nay c ap dung trn tt ca cac subnet cua internet thi khai nhim gia mao ia chi IP se khng con tn tai.

MIB statistics:Trong Management Information Base (SNMP) cua route lun co thng tin thng k v s bin thin trang thai cua mang. Nu ta giam sat cht che cac thng k cua Protocol ICMP, UDP va TCP ta se co kha nng phat hin c thi im bt u cua cuc tn cng tao quy thi gian vang cho vic x ly tinh hung.

4.Lam suy giam hay dng cuc tn cng Load balancing:Thit lp kin truc cn bng tai cho cac server trong im se lam gia tng thi gian chng choi cua h thng vi cuc tn cng DDoS. Tuy nhin, iu nay khng co y nghia lm v mt thc tin vi quy m cua cuc tn cng la khng co gii han.

Throttling:Thit lp c ch iu tit trn router, quy inh mt khoang tai hp ly ma server bn trong co th x ly c. Phng phap nay cung co th c dung ngn chn kha nng DDoS traffic khng cho user truy cp dich vu. Han ch cua ky thut nay la khng phn bit c gia cac loai traffic, i khi lam dich vu bi gian oan vi user, DDoS traffic vn co th xm nhp vao mang dich vu nhng vi s lng hu han.

Drop request:Thit lp c ch drop request nu no vi pham mt s quy inh nh: thi gian delay keo dai, tn nhiu tai nguyn x ly, gy deadlock. Ky thut nay trit tiu kha nng lam can kit nng lc h thng, tuy nhin no cung gii han mt s hoat ng thng thng cua h thng, cn cn nhc khi s dung.

5.Chuyn hng cua cuc tn cng Honeyspots:-Mt ky thut ang c nghin cu la Honeyspots. Honeyspots la mt h thng c thit k nhm anh la attacker tn cng vao khi xm nhp h thng ma khng chu y n h thng quan trong thc s. -Honeyspots khng chi ong vai tro L Lai cu chua ma con rt hiu qua trong vic phat hin va x ly xm nhp, vi trn Honeyspots a thit lp sn cac c ch giam sat va bao ng. -Ngoai ra Honeyspots con co gia tri trong vic hoc hoi va rut kinh nghim t Attacker, do Honeyspots ghi nhn kha chi tit moi ng thai cua attacker trn h thng. Nu attacker bi anh la va cai t Agent hay Handler ln Honeyspots thi kha nng bi trit tiu toan b attack-network la rt cao.

6.Giai oan sau tn cng: Traffic Pattern Analysis:Nu d liu v thng k bin thin lng traffic theo thi gian a c lu lai thi se c a ra phn tich. Qua trinh phn tich nay rt co ich cho vic tinh chinh lai cac h thng Load Balancing va Throttling. Ngoai ra cac d liu nay con giup Quan tri mang iu chinh lai cac quy tc kim soat traffic ra vao mang cua minh.

Packet Traceback:Bng cach dung ky thut Traceback ta co th truy ngc lai vi tri cua Attacker (it nht la subnet cua attacker). T ky thut Traceback ta phat trin thm kha nng Block Traceback t attacker kha hu hiu, gn y a co mt ky thut Traceback kha hiu qua co th truy tim ngun gc cua cuc tn cng di 15 phut, o la ky thut XXX.

Bevent Logs:Bng cach phn tich file log sau cuc tn cng, quan tri mang co th tim ra nhiu manh mi va chng c quan trong.

7.S dung Load Balancing

a)Gii thiu chung:Mt s n vi, chng han nh cac cng ty hang khng hoc cac ngn hang ln, mang may tinh co th vi nh h thn kinh iu khin hoat ng cua toan doanh nghip. S ngng hoat ng cua mang may tinh trong nhng c quan nay co th lam t lit cac hoat ng chinh cua n vi, va thit hai kho co th lng trc c. Cac may chu la trai tim cua cua mang may tinh, nu may chu mang hong, hoat ng cua h thng se bi ngng tr. iu ang tic la du cac hang san xut a c gng lam moi cach nng cao cht lng cua thit bi, nhng nhng hong hoc i vi cac thit bi mang noi chung va cac may chu noi ring la iu khng th tranh khoi. Do vy, vn t ra la cn co mt giai phap am bao cho h thng vn hoat ng tt ngay ca khi co s c xay ra i vi may chu mang, va cng ngh clustering (bo) la cu tra li cho vn nay. Bai bao nay gii thiu nguyn ly va phn tich mt s giai phap clustering ang c ap dung cho cac h thng mang may tinh ln vi hi vong co th giup c gia hiu ro hn v cng ngh tng nh n gian nhng thc t kha phc tap nay.

b)Tng quan v cng ngh ClusteringClustering la mt kin truc nhm am bao nng cao kha nng sn sang cho cac h thng mang may tinh. Clustering cho phep s dung nhiu may chu kt hp vi nhau tao thanh mt cum

(cluster) co kha nng chiu ng hay chp nhn sai sot (fault-tolerant) nhm nng cao sn sang cua h thng mang. Cluster la mt h thng bao gm nhiu may chu c kt ni vi nhau theo dang song song hay phn tan va c s dung nh mt tai nguyn thng nht. Nu mt may chu ngng hoat ng do bi s c hoc nng cp, bao tri, thi toan b cng vic ma may chu nay am nhn se c t ng chuyn sang cho mt may chu khac (trong cung mt cluster) ma khng lam cho hoat ng cua h thng bi ngt hay gian oan. Qua trinh nay goi la fail-over; va vic phuc hi tai nguyn cua mt may chu trong h thng (cluster) c goi la fail-back.

Hinh 1. M hinh c ban cua 1 h thng Network Load balancing

c)Cac yu cu cua 1 h thng Cluster:Yu cu v tinh sn sang cao (availability). Cac tai nguyn mang phai lun sn sang trong kha nng cao nht cung cp va phuc vu cac ngi dung cui va giam thiu s ngng hoat ng h thng ngoai y mun. Yu cu v tin cy cao (reliability). tin cy cao cua cluster c hiu la kha nng giam thiu tn s xay ra cac s c, va nng cao kha nng chiu ng sai sot cua h thng. Yu cu v kha nng m rng c (scalability). H thng phai co kha nng d dang cho vic nng cp, m rng trong tng lai. Vic nng cp m rng bao ham ca vic thm cac thit bi, may tinh vao h thng nng cao cht lng dich vu, cung nh vic thm s lng ngi dung, thm ng dung, dich vu va thm cac tai nguyn mang khac. Ba yu cu trn c goi tt la RAS (Reliability-Availability-Scalability), nhng h thng ap ng c ba yu cu trn c goi la h thng RAS (cn phn bit vi Remote Access Service la dich vu truy cp t xa). Cung cn chu y rng hiu qua hoat ng cua h thng Clustering phu thuc vao s tng thich gia cac ng dung va dich vu, gia phn cng va phn mm. Ngoai ra, ky thut clustering khng th chng lai cac s c xay ra do virus, sai sot cua phn mm hay cac sai sot do ngi s dung. chng lai cac s c nay cn xy dng mt c s d liu c bao v chc chn cung nh co cac k hoach khi phuc, backup d liu.

d)Cluster nhiu ia im phn tanVi cac h thng mang ln co cac ngi dung phn b rai rac, hiu qua cua vic phong chng s c va nng cao tinh sn sang cua mang se c cai thin hn nhiu nu xy dng h thng cluster b tri tai nhiu ia im. Kin truc nhiu ia im co th c thit k theo rt nhiu cach khac nhau, trong o ph bin nht la co mt im gc va mt s im xa. Vi kiu thit k y u, toan b cu truc cua im gc c xy dng lai y u cac im xa. iu nay cho phep cac im xa hoat ng c lp va co th x ly toan b khi lng cng vic cua im gc nu cn. Trong trng hp nay, vic thit k phai am bao sao cho c s d liu va cac ng dung gia im gc va cac im xa phai ng b va c cp nht sao lp ch thi gian thc. Vi kiu thit k thc hin tng phn thi chi co cac thanh phn c ban la c cai t cac im xa nhm: X ly cac khi lng cng vic qua tai trong cac gi cao im; Duy tri hoat ng mc c ban trong trng hp im gc site bi s c; Cung cp mt s dich vu han ch nu cn. Ca kiu thit k y u hay tng phn u dung phng cach phn tan cac may chu rai rac v mt ia ly. Cluster phn tan v ia ly s dung mang LAN ao (Virtual LAN) kt ni cac mang khu vc lu tr SAN (storage area network) qua nhng khoang cach ln.

e)Mt vai thut toan s dung trong Load balancing phong chng DoS:

Hinh 2. S mt h thng mang Firewall Load Balancing

f)Cac m hinh Load Balancing hin nay:

i.Client-side load balancing

ii.Server-side load balancing

g)Ch hoat ng cua Network Load BalancingMi may chu trong cluster c goi la mt nut (cluster node), va co th c thit lp ch chu ng (active) hay thu ng (passive). Khi mt nut ch d chu ng, no se chu ng x ly cac yu cu. Khi mt nut la thu ng, no se nm ch d phong nong (stanby) ch sn sang thay th cho mt nut khac nu bi hong. Nguyn ly hoat ng cua Cluster co th biu din nh trong hinh 1.

Hinh 3. Nguyn ly hoat ng cua mt Cluster Trong mt cluster co nhiu nut co th kt hp ca nut chu ng va nut thu ng. Trong nhng m hinh loai nay vic quyt inh mt nut c cu hinh la chu ng hay thu ng rt quan trong. hiu ly do tai sao, hay xem xet cac tinh hung sau: - Nu mt nut chu ng bi s c va co mt nut thu ng ang sn sang, cac ng dung va dich vu ang chay trn nut hong co th lp tc c chuyn sang nut thu ng. Vi may chu ong vai tro nut thu ng hin tai cha chay ng dung hay dich vu gi ca nn no co th ganh toan b cng vic cua may chu hong ma khng anh hng gi n cac ng dung va dich vu cung cp cho ngi dung cui (Ngm inh rng cac cac may chu trong cluster co cu truc phn cng ging nhau). - Nu tt ca cac may chu trong cluster la chu ng va co mt nut bi s c, cac ng dung va dich vu ang chay trn may chu hong se phai chuyn sang mt may chu khac cung ong vai tro nut chu ng. Vi la nut chu ng nn binh thng may chu nay cung phai am nhn mt s ng dung hay dich vu gi o, khi co s c xay ra thi no se phai ganh thm cng vic cua may chu hong. Do vy am bao h thng hoat ng binh thng k ca khi co s c thi may chu trong cluster cn phai co cu hinh d ra u co th ganh thm khi lng cng vic cua may chu khac khi cn. Trong cu truc cluster ma mi nut chu ng c d phong bi mt nut thu ng, cac may chu cn co cu hinh sao cho vi khi lng cng vic trung binh chung s dung ht khoang 50% CPU va dung lng b nh. Trong cu truc cluster ma s nut chu ng nhiu hn s nut bi ng, cac may chu cn co cu hinh tai nguyn CPU va b nh manh hn na co th x ly c khi lng cng vic cn thit khi mt nut nao o bi hong. Cac nut trong mt cluster thng la mt b phn cua cung mt vung (domain) va co th c cu hinh la may iu khin vung (domain controllers) hay may chu thanh vin. Ly tng nht la mi cluster nhiu nut co it nht hai nut lam may iu khin vung va am nhim vic failover i vi nhng dich vu vung thit yu. Nu khng nh vy thi kha nng sn sang cua cac tai nguyn trn cluster se bi phu thuc vao kha nng sn sang cua cac may iu khin trong domain.

h)Network Load Balancing cua Goole va Yahoo! trong vic phong chng Denial of Service: i.C ch chungvKhi connect ti server, Round Robin DNS Load Balancing se phn giai domain thanh nhiu ia chi IP khac nhau va s dung cp th 1cua load balancing la gi ti cac cluster khac nhau, cac cluster nay thc cht la cac server cache cua nhau, d liu cua chung c ng b ln nhau thng qua giao thc HTTP. vMi server cluster co hang ngan server gi cac query ti web server vServer load balancer ly request cua user va chuyn tip no ti 1 trong cac web servers nh vao Squid proxy servers vSquid proxy server nhn request cua client load balancer va tra v kt qua nu co trong cache ngc lai thi chuyn tip ti web servers vWeb server inh vi toa thc thi cac queries cua user va inh dang kt qua thanh 1 trang HTML

ii.Giai phap thc t cua GooglevS dung cac NetScaler 9800 Secure Application Switches vNetScaler co th tai hang trm megabits trong 1 giycua tng 4 ntng 7 lu lng s dung vTai d liu trung tm, cac may chu s dung cac Apache Server va cac ng dung Web Server do chinh Google thit k vCach thc NetScaler phong chng DoS la no ong vai tro nh 1 firewall d phong cua h thng firewall cua cng ty vCac load balancer c thit k chi chp nhn cac lung thng tin qua cng 80, nu thng tin khng i qua mt cng c chi inh, hoc khng bt ngun t 1 IP, chung se bi huy lp tc vVi tinh nng "SYN cookies", NetScaler co th ap ng cac SYN messages - packets khi u cho 1 TCP/IP connection(c s dung trong "SYN flood" DoS attack) ma khng xung t vi tai nguyn cua chinh no vVi NetScaler, Google phong chng c DoS attack t tng 4, i vi tng 7 a co cng cu c cai trn cac Web server x ly vThit lp kin truc cn bng tai cho cac server trong im se lam gia tng thi gian chng choi cua h thng vi cuc tn cng DDoS

Mt s vu tn cng bng DoS va DDoS Th gii1998 Chng trinh Trinoo Distributed Denial of Service (DDoS) c vit bi Phifli. Thang 5 1999 Trang chu cua FBI a ngng hoat ng vi cuc tn cng bng (DDOS) Cui thang 9 nm 1999, Cng cu Stacheldraht a bt u xut hin trn nhng h thng cua Chu u va Hoa ky Luc 10h 30 ngay 7-2-2000 Yahoo bi tn cng t chi dich vu va ngng tr hoat ng trong vong 3 gi ng h. Web site Mail Yahoo va GeoCities a bi tn cng t 50 ia chi IP khac nhau vi nhng yu cu chuyn vn ln n 1 gigabit /s 8-2-2000 nhiu Web site ln nh Buy.com, Amazon.com, eBay, Datek, MSN, va CNN.com bi tn cng t chi dich vu. Luc 7 gi ti ngay 9-2-2000 Website Excite.com la cai ich cua mt vu tn cng t chi dich vu, d liu c lun chuyn ti tp trong vong 1 gi cho n khi kt thuc, va goi d liu o a h hong nng.

Vit NamNgay 01/12/2005 Website Hacker ln nht Vit Nam HVA bi tn cng bng chiu thc xFlash vi tc tn cng khoang 16.000 syn/s. y la vu tn cng T Chi Dich Vu u tin Vit Nam Nguyn Thanh Cng tc DantruongX (k Lk) tn cng vao website cua cng ty Vit C vao ngay 12/03/2006. Va bi bt vao ngay 28/04/2006. y la vu tn cng u tin Vit Nam bi phap lut x ly. DantruongX la tac gia cua mt loai code DDoS manh nht tai Vit Nam hin nay, va vi 10 PC co th anh sp mt website trong 10 phut.

M hinh tn cng vao Website cua Vit C

Ngay 31/7/2006, mt sinh vin nm th 2 a bi n vi phong chng ti pham cng ngh cao thuc C15 B Cng an bt gi vi tin hanh tn cng t chi dich vu. Ke "thu ac" quan tri mt s din an m nhac va li dung PC thanh vin anh pha website "nan nhn" trong thi gian dai. Hacker tre tui nay a dung phng phap xFlash tn cng nhng may chu cua cng ty phn mm Nhn Hoa trong mt thi gian dai .

S tn cng vao cng ty Nhn Hoa

Anh Ngoc (Ngun Athena)

VAI PHNG PHAP CHNG DDOS Giai phap chng DDoS hang u th gii(Nguoiduatin.vn) Bai vit cua Cng ty C phn Cng ngh n Quc gi n Nguoiduatin.vn chia se nhng cach thc phong chng DDoS hang u th gii cua Hang Arbor Networks - My.

Ni kinh hoang cua cac website Vit 15 vu tn cng DDoS ni ting nht lich s 10 vu hack ni ting nht moi thi ai

i mt vi cac cuc tn cng DDoS, cac nha quan tri mang cua cac doanh nghip lun bi lung tung trong vic x ly, giam thiu tn cng. M rng bng thng ng truyn, dng dich vu trong thi gian bi tn cng, tng cng Firewall, IDS/IPS.Kt qua la chi giam thiu tn cng trong mt thi gian ngn va u vn hoan y. Giai phap cua Hang Arbor Networks se giup ho giai quyt nhanh bai toan (khng thay i cu truc mang), ng thi phat hin ra chinh xac ngun tn cng.

Nhng thanh phn chinh cua Giai phap Peakflow SP la cac Collector Platform (CP 5500) va cac TMS platforms. CP 5500 thu thp thng tin Flow, SNMP va BGP cua cac phn t trn mang cho mt cai nhin rng v mang (network wide visibility), kt xut cac bao cao va nhng canh bao. Thit bi TMS (Threat Management System) la mt dong thit bi cung cp cai nhin mc ng dung (application level visibility) va giam thiu tn cng kiu DDoS (DDoS mitigation). Dong thit bi TMS co kha nng giam thiu tn cng t 1.5GBPS (phu hp cho nhng nha cung cp dich vu hosting va doanh nghip) n 40GBPS cho nhng nha cung cp dich vu ln. Thit bi TMS co th c trin khai n le hoc lin kt vi thit bi CP. Giai phap lin kt (c s dung a s) cho phep quan tri tp trung, cung cp mt cai nhin tng th v tich hp mang va ng dung, kt xut cac bao cao va phat hin nguy c tn cng cung nh giam thiu tn cng. Giai phap cung cung cp mt cng (Portal) cac thu bao co th truy nhp vao h thng giam sat va theo doi dich vu ng truyn sach (clean pipe) ma Nha cung cp dich vu cung cp cho ho.

Giai phap hoat ng thu ng (passive) song song vi hoat ng cua mang. Giai phap s dung cng ngh Diversion/Offramping, khng hoat ng theo ch in-line.

Khi co 01 tn cng t bn ngoai, qua phn tich Netflow c gi t cac phn t mang (P, PE Routers) thit bi Peakflow SP CP/PI se nhn din c (Bc 1). Sau o, Peakflow SP CP/BI se ra lnh cho thit bi TMS thc hin vic giam thiu tn cng bng Auto/Manual (Bc 2).

K tip, TMS se ra thng bao BGP cho phn t mang chuyn lung d liu cha tin hiu tn cng sang thit bi TMS thc hin vic git lung (Bc 3). TMS se inh nghia va thc hin vic loc cac Malicious trn lung (Bc 4).

Sau khi loai bo cac Malicious, TMS se chuyn tra lai lung sach cho mang chuyn n cho ich n cui cung (Bc 5). Trong khi TMS thc hin git lung thi cac lung d liu khng cha du hiu tn cng vn tip tuc chuyn binh thng n cac ich cui cung nh hinh bn di.

Ngoc Tra (tng hp)

Chng DDoS trn IIS 7Hin nay co nhiu cach chng va han ch DDoS cho webiste. Ban co th s dung Code, Module h tr, hoc Firewall phn cng,Tuy thi trng hp bi tn cng va iu kin cua trin khai ma chung ta chon giai phap cho phu hp. Trong bai vit nay, minh se gii thiu cac ban v cac chng DDoS trn IIS7 bng cach s dung Extension la Dynamic IP Restrictions vi muc ich han ch cac tac nhn DDoS va khai thac Brute force trn webiste cua ban. Dynamic IP Restrictions cung cp tinh nng t ng t chi Request t Client khi s lng kt ni vt ngng cho phep hay s lng request n qua nhanh trong mt thi gian xac inh. y co th coi la mt giai phap an toan va free khi ma chung ta ko co 1 con Firewall u manh cho h thng - Download: V Dynamic IP Restrictions chung ta co th down tai link di y: Ban 32 bit: http://go.microsoft.com/?linkid=9655674 Ban 64 bit: http://go.microsoft.com/?linkid=9655675 - Cai t: Qua trinh cai t n gian nh bao phn mm khac, minh bo qua bc nay nhe. - Cu hinh:

Khi cai t xong, vao IIS chung ta se thy co 1 thanh phn mi xut hin .Em no tn la Dynamic IP Restrictions nh a gii thiu trn .

Click i vao Dynamic IP Restrictions vao giao din cu hinh chinh

Trong Deny Criteria co 2 loai chinh o la:

Deny IP Address based on the number of concurrent request: Chn IP cua Client theo s lng kt ni. Deny IP Address based on the number of request over a period of time: Chn IP cua Client theo s lng Request trong khoan thi gian chi inh.

Vi du nh hinh trn, minh a cho phep ti a 5 kt ni n ng thi va ti a 20 Request trong khoan thi gian 200 mili giy n t 1 Client . Nhin xung di co thm cai Deny Action Type. y la loai thng bao li ma chung ta mun hin thi ln trinh duyt khi Client bi chn. Co 4 loai thng bao li:

Send 401 (Unauthorized) Send 403 (Forbidden) Send 404 (NotFound) Abort Request (Close Connection)

a co Deny thi cung se co Allow, bao gi cung th . Nhin qua bn ct phai se thy Show Allowed AddressBm vao no! Nhin bn khung Actions, chon Add Allow Entry

Ca s hin ra, ta cho bit ia chi IP hoc day ia chi IP nao khng bi anh hng bi nhng gii han ma ta a cu hinh trn

Bc cu hinh th la xong! Qua n gian phai ko? - Kim tra: kim tra thi ta co nhiu cach kim tra, n gian nh.DDoS th thi bit . Ly vi du: y minh se giam thng s Maximum number of cocurrent request xung con 1. Ri vao Client truy cp n Website, nhn F5 vai phat se hin ra thng bao li nh sau .

Chuc cac ban cu hinh thanh cng ! Duy Khanh (Kenhgiaiphap.vn)

Chng DDOS trong linux vi MOD_DOSEVASIVEKhi xy dng mt webserver vn nan DoS va DDoS lun lam cac webmaster in u .Hin nay cha co mt h thng nao dam tuyn chin vi tn cng t chi dich vu.Xem ra chung ta con phai chiu ng chung dai dai.Tuy nhin co nhiu phng phap c a ra han ch chung.Minh xin gii thiu mt phng phap s dung mod_dosevasive .y la mt mod trong apache no cho phep user apache co th s dung iptables chn IP DDoS no phan ng lai vi HTTP DoS va hinh thc tn cng Brute Force Mt kha nng b sung cua module nay la no co th thc thi cac lnh h thng khi cuc tn cng DoS c xac inh.iu nay cung cp kha nng gi ia chi IP tn cng vao cac ng dung bao mt khac nh tng la chn cac IP vi pham Tuy nhin nhc im cua mod_dosevasive la tn bng thng cung nh b vi x ly Cach thc lam vic cua Mod_Dosevasive : Mod_Dosevasive xac inh cac cuc tn cng bng cac tao va s dung mt bang bm ni b linh hoat cp IP va URI da trn cac yu cu nhn c.Khi mt yu cu mi n Mod_dos se thc hin cac nhim vu sau : ia chi IP cua khach hang c kim tra trong danh sach en tam thi cua bang bm. Nu ia chi IP co trong list thi se bi cm (403 forbidden) Nu khach hang khng trong danh sach en, sau o cac ia chi IP cua khach hang va cac

Universal Resource Identifier (URI) yu cu c bm vao mt phim. Mod_Dosevasive sau o se kim tra cua bang bm ngi nghe xac minh nu co cac bm cung tn tai . Nu co, no sau o se anh gia tng s bm ln xut hin va khung thi gian ma ho a c yu cu trong so vi ngng quy inh trong file httpd.conf cua cac chi thi Mod_Dosevasive. . Nu yu cu khng c t chi bi cacln kim tra trc, thi chi cn ia chi IP cua may khach c bm vao mt phim. Cac module sau o se kim tra bang bm trong thi trang nh trn. S khac bit duy nht vi kim tra nay la no khng phai la nhn t trong URI la kim tra. No se kim tra xem s lng khach hang a yu cu trn ngng t cho toan b trang web theo cac khoang thi gian quy inh. Noi Chung Cac module m rng mod_dosevasive c gng phat hin va t chi yu cu v nghia bng cach han ch s lng truy vn trong mt khoang thi gian nht inh t mt trong nhng khach hang yu cu. Cai t va cu hinh Download mod_dosevasive.1.9.tar.gz trn http://tools.l0t3k.net/Hardening/MD5SUM

tar zxvf mod_dosevasive_1.10.tar.gz cd mod_dosevasive /usr/local/apache/bin/apxs -i -a -c mod_dosevasive.c If you're using Apache 2, use this command instead of ^: /usr/local/apache/bin/apxs -i -a -c mod_dosevasive20.c Add the following to httpd.conf DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 10 DOSEmailNotify [email protected] DOSSystemCommand "su - user -c '/sbin/... %s ...'" Descriptions: - DOSHashTableSize: the size of the table of URL and IP combined - DOSPageCount: the number of same page requests from the same IP during an interval that will cause that IP to be added to the block lt. - DOSSiteCount: the number of pages requested of a site by the same IP during an interval

which will cause the IP to be added to the block lt. - DOSPageInterval: the interval that the hash table for IPs and URLs erased (in seconds) - DOSSiteInterval: the intervale that the hash table of IPs erased (in seconds) - DOSBlockingPeriod: the time the IP blacked (in seconds) - DOSEmailNotify: can be used to notify by sending an email everytime an IP blocked - DOSSystemCommand: the command used to execute a command when an IP blocked. It can be used to add a block the user from a firewall or router. - DOSWhiteLt: can be used to whitelt IPs such as 127.0.0.1

a Test .Chng DoSHTTP cc ky hiu qua D4ngh3t

Ba cach phong chng DDOS cho trang web cua banTn cng DDOS hay con c goi tn cng t chi dich vu n gian c hiu la tao ra 1 lt truy cp ao at vao mt ia chi website tai cung mt thi im nao o a inh sn nhm anh sp may chu lu tr khin no chay chm hoc khng th chay c na. Tht s thi khng co phng phap chng DDOS hiu qua nht nhng nu vi mc nho va mang tinh khng chuyn khi s dung cac phn mm c lp trinh sn quy m nho le thi ta hoan toan co th chu ng phong chng. Cach 1: Chng iframe. y la phng phap c xem la th s nht. Ke tn cng se mn 1 website co lt truy cp ln nao o chen cac iframe hng v website cn anh ri cho chay lnh refresh (tai lai) nhiu ln hoc ho vit sn 1 tp tin flash vi cng dung tng t ri t ln website va khi ngi dung truy cp vao website nay thi ho v tinh bt c di tr thanh ngi tn cng website kia. Vi hinh thc tn cng kiu nh th nay ban hoan toan co th chng lai bng cach chen 1 oan ma Javascript chng chen iframe t cac website khac n website cua ban. if (top.location != self.location) {top.location = self.location}

Ban co th tai oan ma trn tai y Cach 2: Chng tai lai trang web co ac y

Mt hinh thc tn cng khac na la dung phim F5 lin tuc co chu y, hoc dung mt phn mm c lp trinh sn vi cng dung tng t (tai lai trang web lin tuc sau nhng khoang thi gian inh sn) cua mt nhom ngi lam cho trang web cua ban tai lai (reload) lin tuc. Vic nay co th lam tn bng thng cua trang web hoc lam trang web chay chm vi nhng kt ni ao. Vi cach thc tn cng nay thi nu dung cach 1 chng coi nh la v ich. Nu ban bi tn cng nh th nay thi ban hay thit lp tp tin .htaccess vi ni dung: RewriteEngine on RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.com [NC] RewriteRule !antiddos.phtml http://www.domain.com/antiddos.phtml?%{REQUEST_URI} [QSA] Sau o tao thm mt mt tp tin antiddos.phtml co ni dung Sau o ban upload 2 tp tin nay ln th muc gc cua website. Nh vy la mi khi truy cp vao website, nu ln u tin thi se co thng bao yu cu nhn chut thi ban mi vao c website va cac ln sau se khng co va cac phn mm DDOS c lp trinh se bi chn lai bc click chut vao trang web ln truy cp u tin nn vic tai lai trang web chi n thun la 1 trang HTML nho khng anh hng nhiu n h thng. Ban co th oan ma trn tai: http://www.mediafire.com/?c41hmfeod3qxii8 Chu y la cach nay chi ap dung cho website ang s dung server chay trn nn Linux. Cach 3: Gii han s kt ni website tai mt thi im Khi mt khach truy cp vao website thi se tao ra mt truy vn kt ni vi c s d liu (CSDL) ly thng tin va tra v thng qua hin thi cua website. Mi may chu se co phep bao nhiu truy vn kt ni la han inh va khi vt qua han mc nay thi vic truy cp se kho khn hoc khng

th truy xut c. Cac tin tc li dung vao iu nay tao ra cac truy cp ao, kt ni ao thng qua proxy hay chuyn nghip hn la mang botnet nhm anh sp trang web va pha hong CSDL website. han ch iu nay ta co th chu ng gii han s kt ni truy vn tin (lt truy cp) cung mt thi im. Ban thm dong oan ma sau vao trang chu cua website. function server_busy($numer) { if (THIS_IS == 'WEBSITE' && PHP_OS == 'Linux' and @file_exists ( '/proc/loadavg' ) and $filestuff = @file_get_contents ( '/proc/loadavg' )) { $loadavg = explode ( ' ', $filestuff ); if (trim ( $loadavg [0] ) > $numer) { print ''; print 'Lg truy c ang quata, m ba quay la n p i i n i sau va phu.'; i t exit ( 0 ); } } } $srv = server_busy ( 1000 ); // 1000 lasng truy c ta 1 i p i th i i m oan ma trn co y nghia cho phep 1000 ngi online trn website tai mt thi im. Nu vt qua s 1000 thi khach truy cp se nhn c thng bao: Lng truy cp ang qua tai. Mi ban quay lai sau vai phut. Ban co th tai oan ma trn tai: http://www.mediafire.com/?exsl6hpd37eqnk3 Chu y oan ma nay chi ap dung cho ngn ng lp trinh PHP. y chi la ba cach chng mang tinh cht gian n ap dung cho nhng t tn cng nho le. website cua minh hoat ng tt va co sc chng choi lai nhng t tn cng quy m ln ban nn: - Ti u hoa website vi du ban co th xy dng b nh m (cache) cho website nhm giam s kt ni vao CSDL. - La chon nha cung cp hosting lu tr web tt co nhng i pho vi nhng t tn cng. Theo: XHTT

Phong chng DDOS bng script ...!!1. Gii thiu: Hin gi tinh trang ddos ngay cang din ra nhiu, nht la khi nhiu script ddos ang c ph bin. Trong o ddos bng flash la kiu hay gp nht. Script chng ddos nay se rt hiu qua trong vic han ch hu qua cua ddos, lam giam rt nhiu tac ng cua ddos. Ti a dung t lu ri - nhiu ln khng vao c website do bi ddos, nhng bt script nay ln vai phut la co th vao lai c! Mt trong nhng din an tin hoc ln nht Vit Nam - http://ddth.com, sau nhiu ln bi ddos cung phai bao v site ho bng bin phap tng t nh script nay thc hin. - Bt tin khi s dung script nay: Khach vao website ban khng th truy cp vao ngay trang chu ma phai click vao mt link mi vao c. - Tin li: Vic bt tt script rt n gian, ban chi vic chinh sa ung mt ky t la co th bt tt script. Do o thi gian nao website cua ban hay bi ddos thi hay bt script nay ln, luc nao gio yn bin lng thi lai tt i 2. Cach thit lp: Download file nen v & giai nen ra, trong o co file antidos.php. Ban m ra va sa cac thit lp cho file nay: $level = 1; Chon 1 trong hai gia tri cho $level: 1 hoc 2 - Nu chon 1: truy cp trc tip vao site ban, ngi dung phai click vao mt link trn mt website nao o, nu khng se c a vao mt trang trn o co mt link vao site ban - Nu chon 2: truy cp trc tip vao site ban, ngi dung phai click vao mt link trn chinh website cua ban, nu khng se c a vao mt trang trn o co mt link vao site ban. Nu ban chon 2 thi ban phai in tn min cua ban phn sau: $yoursite = "mysite.com"; * chng ddos thng thng chi cn $level = 1 la u, = 2 se bt tin hn mt chut cho ngi xem n vi website ban t cac website khac. $scheme = 1; Chon 1 trong hai gia tri cho $scheme: 1 hoc 2 - Chon 1: iu chinh bt/ tt chng ddos bng cach edit trc tip trn file nay. Nu ban chon 1 thi ban se phai thit lp phn sau:

$antidos = 1; Chon 1 bt chng ddos, 0 tt. Vi nhiu khi server mi bi ddos, mc du vao website chm hoc khng vao c nhng vn kt ni ftp c thi ban co th vao host ban va sa gia tri cua phn nay bt chng ddos. Tuy nhin, thng thi khi a bi ddos mt luc lu va site a down, ban khng th vao host chinh sa c na, do o ban nn chon $scheme = 2... - Nu chon 2: iu chinh bt/ tt chng ddos t mt file trn mt host khac! Khi website ban bi ddos va ban mun bt chng ddos, trong khi ban lai khng th vao host ban, thi ban chi vic sa mt file khac t trn mt host khac bt chng ddos. Do o nu chon $scheme = 2 thi ban se phai thit lp phn sau: $determiner = "http://anothersite.com/determiner.txt"; y la ng dn ti file ma se quyt inh bt hay tt chng ddos: bt chng ddos, ban chi cn m file determiner.txt trn host o va nhp vao o s "1". Con tt chng ddos thi ban chi cn xoa s 1 i! Rt n gian & nhanh gon phai ko. Ban co th kim mt host free t file text quy inh vic bt tt chng ddos nay. Nu host cha file nay die va khng th truy cp vao file text nay thi sao? Luc o script chng ddos se c bt theo mc inh, do o nu host cha file text nay khng n inh, luc tt luc die thi cung khng sao 3. Cach s dung: Upload file antidos.php ln host cua ban, ri tt ca cac file php trn website cua ban (hoc it ra la nhng file php ma nhiu ngi bit va truy cp vao) chen oan ma sau vao U file - trc tt ca cac ni dung khac: Ma: require("antidos.php"); ?>Tuy vao vi tri tng i cua file php ma ban chen oan ma trn vao so vi file antidos.php ma ban se phai chinh sa oan ma trn. Vd: nu ban upload file antidos.php vao th muc /public_html/ ( /public_html/antidos.php ) va ng dn ti file php ma ban mun bao v la /public_html/forums/index.php thi ban se phai thay oan code trn thanh:

Ma: require("../antidos.php"); ?>Trang web vi inh dang html hay htm khng th s dung oan code trn c, ban phai i

ui file thanh php mi co th s dung c (vic i inh dang file html sang php se khng anh hng gi ti ni dung trang web o)

File antidos.php chi la mt script n gian, va cach thc chng ddos bng cach kim tra referer cung khng co gi la mi ca, nhng s tht la rt it admin bit ti cung nh ap dung cach bao v nay (ti cung a hoi nhiu ngi), trong khi chung ta lai c tim kim nhng cach thc khac phc tap hn. It ra y cung la mt bin phap tam thi kha hiu qua trong vic han ch tac ng cua ddos (nu ddos cng manh thi tt nhin la khng cach gi chng ni nu khng co phn cng u manh cung nh server ko c bao mt cao) trong khi chung ta cha tim ra c bin phap nao tht s hiu qua hn. Download script: Code:http://rapidshare.com/files/147882137/antidos.zip.html

Ngun: UDS

Phong chng DDoSDDoS (Distributed Denial of Service), nm na theo ting Vit la Tn cng t chi dich vu, c hiu nh la hang loat nhng truy cp ao vao mt ia chi website cung mt thi im, tao ra hin tng nghen c chai khin trang may chu cua trang web chay chm, hoc khng th chay c na. Khng co mt phng phap phong chng DDos hu hiu, tuy nhin nu la cac t tn cng nho, le hoc khng chuyn thi ban vn co th bao v trang web cua minh Cach 1: Tuy chinh .htaccess Cach nay xac nhn la co ngi s dung trinh duyt lt web ch khng phai la bot, nh vy no co mt nhc im la se yu cu ban nhp chut thi mi vao c website, va thu thut nay chi co th s dung trn nn Linux Thm vao .htaccess oan code sauRewriteEngine on RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.com [NC] RewriteRule !antiddos.phtml http://www.domain.com/chongddos.phtml?% {REQUEST_URI} [QSA]

Thay domain.com bng tn min cua ban nhe

Tao mt tp tin chongddos.phtml va upload ln host cua ban vi ni dung sau

Thay domain.com bng tn min cua ban nhe Cach 2: Gii han kt ni y la cach ngn chn cac hacker li dung nhng botnet hay thng qua proxy tn cng vao database nhm lam nghen mang. Ban co th iu chinh kt ni n may chu thng qua s hiu bit cua chinh ban v website cua minh. Tuy nhin cn nhc tht cn thn khi mt ngay ban bng dng ni ting nhe. Thm oan code sau vao file function.phpfunction server_busy($numer) { if (THIS_IS == 'WEBSITE' && PHP_OS == 'Linux' and @file_exists ( '/proc/loadavg' ) and $filestuff = @file_get_contents ( '/proc/loadavg' )) { $loadavg = explode ( ' ', $filestuff ); if (trim ( $loadavg [0] ) > $numer) { print ''; print 'Trang web ang quata, m ba quay la sau va phu.'; i i n i i t exit ( 0 ); } } } $srv = server_busy ( 1000 ); // 1000 lasng truy c ta 1 th i i p i i m

oan ma trn co y nghia cho phep 1000 ngi online trn website tai mt thi im. Nu vt qua s 1000 thi khach truy cp se nhn c thng bao: Trang web ang qua tai, mi ban quay lai sau vai phut

1.(Ngun cuasotinhoc)Sau y la phng phap CuaSoTinHoc s dung han ch DDOS: Trc tin cn xac inh rng cac phng phap chng DDOS bng cac loai ngn ng trn server nh PHP, ASP, Java, C#... u mang lai hiu xut khng cao lm, bi vi hu ht cac ngn ng cai trn server nu trn u oi hoi lng tai nguyn (resource) server kha ln x ly cac cu lnh.

CuaSoTinHoc s dung phng phap han ch DDOS kha n gian khng s dung ngn ng PHP va khng cn yu cu cac website phai s hu server vi quyn root. Cach ma chung ta dung chi n thun la kt hp cach cu hinh file .htaccess trn hosting va mt oan javascipt nho. ------------------------- Cu hinh file .htaccess ------------------------Code: Options +FollowSymlinks RewriteEngine on RewriteCond %{HTTP_REFERER} !^http(s)?:// (www.)?cuasotinhoc.com [NC] RewriteRule ^(.*).(php|html|asp|htm) antiddos.htm [NC] ------------------------oan code trn giup h thng chi x ly nhng links c gii thiu (referer) t cuasotinhoc.com, co nghia la khi co mt link c go trc tip vao t browser hoc t mt chng trinh DDOS hoc t mt domain khac, thi h thng se khng x ly theo cach thng thng na ma se a v mt trang x ly chuyn bit, y o la trang antiddos.htm. Dong 1: co nghia la ni tip ng dn. Dong 2: bt ng c ghi lai phuc vu vic xac inh referer. Dong 3: qui inh referer t cuasotinhoc.com. Dong 4: lut a v file antiddos.htm. ---------------------------- Cu hinh file antiddos.htm ---------------------------Trong file antiddos.htm chung ta se dung mt oan Javascript nho xut dong: [Click vao day de xem noi dung] (Neu khong duoc thi nhan Shift + Click vao link) File antiddos.js c code nh sau: Code: var currUrl = this.document.URL; var newUrl = currUrl.replace('#','?'); var re=/CODE/ var chk=re.test(currUrl); if (chk==1) { this.document.write("[Click vao day de xem noi dung]"); } else { this.document.write("[Click vao day de xem noi dung]"); }

Trong luc th nghim phng phap chong DDOS nay BQT phat hin rng kha nng xac nhn

referer cua hosting cha c hiu qua lm (cha xac inh c nguyn nhn), nn nu ta cho xut dong link y chang link gc thi co khi server khng hiu la referer, dn n trng hp c "click vao y..." mai Do o BQT CuaSoTinHoc nay sinh mt sang kin nho la thm cac ky t v hai ng sau cac link nh '?', '&" anh du cho server bit co s i mi cac link trn. Va kt qua hoat ng cua cach nay kha tt. -------------------------------------Nh vy vi cach cu hinh .htaccess va javascript nh trn chung ta han ch c phn ln cac chng trinh Flash DDOS thng thng tn cng vao MySQL, va vi cach nay tai nguyn h thng c s dung rt it, bi ngn ng trong .htaccess la ngn ng trn server va oan javacript trn la khng ln. =============================================== Vn cn phai khng inh rng phng phap nay vn chi la tam thi, va con co li, bng chng la kha nng quick edit trn Firefox khng s dung c bi "tac dung" cua referer. CuaSoTinHoc share phng phap han ch DDOS nay cung cac ban trao i va phat trin no tt hn. Trc mt co 2 vn cn phat trin: 1. Lam sao cho server hoat ng thc s hiu qua chc nng referer. chung ta khoi phai thm cac ky t v b nh "?","&" lam mi link. 2. Cn phai nghin cu mt phng phap chng DDOS khac ma khng cn phai a ra mt trang antiddos.htm y phan cam. Mong cac ban ong gop y kin!

Share code chng DDos cua a2toiyeu.com Bac a co long share thi em cung share lun cai ni cho no tin. Phng phap s dung cua em cung kha ging vi bac co khac mt ti: File .htaccess: Code: RewriteEngine on RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)?domain.com [NC] RewriteRule .(php|htm|html|asp)$ http://domain.com/firewall.phtml?%{REQUEST_URI} [QSA] Tao th muc u tin file firewall.phtml: Code:

File firewall.phtml hoat ng ging nh firewal.htm cua cuasotinhoc nhng no co ve x ly chm hn mt chut, bu lai no khng bao gi bi "dinh" li lp i lp lai link. Co iu file phtml vn tn mt ti tai nguyn, chi co le la khng ln lm khng ang lo ngai. Chi co mt vn nho la khi truy cp vao file index.php?module=xxx thi file phtml xut ra index.php&module=xxx gy li, buc long phai xai preg_replace x ly.

2. Di y la mt s phng phap, phong chng va han ch nhng tac hai do DDoS t xFlash gy nn.- Nu ban dung Server Linux co s dung CPanel khi phat hin ra co DDoS nu ban co quyn root ngay lp tc ban hay Suppend Site ang bi tn cng va cai Password tam thi ln sau khi thao tac xong phn cai password cho folder hoc site bi tn cng thi ban co th Unsuppend tip tuc theo doi. Tao mt file .htaccess t vao th muc hoc site ang bi Flood nh sau: .htaccess| **************************** AuthUserFile /forum/.htpasswd AuthGroupFile /dev/null AuthName "Password Protected Area" AuthType Basic **************************** va tao mt file .htpasswd **************************** @domain::@dGdK8ZQg/FjU **************************** user va pass trn la : @domain: Trn y chi la vi du ban co th vao http://google.com va Search vi t khoa .htaccess Generator t tao password theo y mun. Ban nn password co ky t @ phia trc va du : phia sau vi WinXP a fix li cho nhp Password dang URL http://[email protected]/, nu co @ va : thi Attacker se khng th vt

qua bng cach nhp trc tip User va Pass bng URL. Sau o cng vic cua ban phai lam la ln mt cu hinh Firewall phu hp cho site cua ban. .htaccess ************************************************** ****** RewriteEngine on RewriteCond %{HTTP_REFERER} !^http(s)?://(www.)?tenmienbitancong.com [NC] RewriteRule .(php|html|asp)$ http://sitefirewall.com [NC,R,L] ************************************************** ****** Vi dong Mod Rewrite trn ban co th chng ti 95% tac hai cua DDoS gy nn t xFlash. No giup ban ngn can s nguy hai t vic truy cp t ng cua xFlash n site cua ban. Giai thich v c ch hoat ng: May chu cua ban chay ma lp trinh cua PHP, ASP, HTML khi mt Attacker tn cng vao site ban, cu th vi du nh tn cng vao http://tenmienbitancong.com/ no se oc file index.php luc nay Mod Rewrite se hoat ng va Foward v http://sitefirewall.com sau o t http://sitefirewall.com ban t mt oan ma nh sau: Vao Web Site Nu la khach truy cp tht thi ho se Click vao "Vao Web SIte" c truy cp vao site. Con nu vao "hiden xFlash" va no se khng vao c. Ban co th nghin cu 1 s kiu ModRewrite kt hp vi ma ngun trn site cua ban config site cua ban chng xFlash tt hn. Vi 2 cach trn ban co th yn tm la site cua ban se vt qua c xFlash. Con v phng phap phong thi duy nht chi co 1 phng phap : truy cp vao ia chi http://macromedia.com/shockwave/down...h&promoid=BIOW va nng cp ln phin ban "FLASH PLAYER" mi nht ban se hoan toan yn tm la ban se khng con bi la mt Client hidden cho DDoS cua xFlash. Va vic nng cp nay la hoan toan min phi. Nguyn Thanh Cng Nhn xet thm: DDOS vic chng thc t khng th ? Chung ta chi han ch no n mc thp nht co th thi, cac phng phap trn David iu a th iu khng hiu qua, nu ngi DDOS la mt tay cao thu (DDOS Pro va manh). .htaccess la cach t password cho Site phng phap nay kha hu hiu nu pass va user o khng n tay "ngi DDOS", DDOS hin nay kha thng minh khng nh ngay xa. Thng co

kem cac Script auto v.v... + Nu trong ch vao IIS hay APACHE s ly DDOS la iu khng tng. + Nu vi tri ngi s dung Host, Chung ta chi co th dung cac script han ch DDOS n mc thp nht co th, da trn Mod Rewrite cua APACHE. + Con v XFLASH theo thng tin thi cac ban Flash Player hin nay iu la 9.0 nn hu nh phng phap nay khng con na. ================================================== ======== Con v vic chng DDOS trn thc t chi cu mong vao cac nha quan ly Hosting. Nu server manh, Line ln thi ok ca. (nhng cung him MS con bi DDOS mem cht) Hin nay co nhiu d an chng DDOS trn IIS (WINODWS) va APACHE (LINUX), trn windows thi cha ro th nao nhng David co tham gia phn tich h thng cho mt d an trn Linux va hng phat trin la bin dich la KERNEL cua Linux cach thc s ly cac Request. "Cach thc n gian la: D vao cac Request gi n va s lng Request gii han t 1 IP, gii han Request trong mt thi gian v.v...nu nhiu qua s lng quy inh thi Drop ht va ong cac kt ni, sau o m lai kt ni v.v..." Noi chung la cung khng n gian nh ly thuyt, khi trin khai cung gp nhiu kho khn !

Documents

Ddos & Anti-Ddos (Athena)