What is the concept of denial of service attacks? DoS and DDoS know how much

Everyone usually pays attention to their system is not good, how can we make the system faster, but some things that everyone does not pay attention to, in fact, some are Very important, talk about DoS and DDoS right from today.

I believe that everyone will not be unfamiliar with these two words, yes, Denial of Service, and distributed Denied Denial of Service.

The so-called denial of service means that after a specific attack occurs, the attacked object cannot provide the proper service in time. For example, the website service (HTTP Service) should be provided instead of providing the website service, and the email server ( SMTP, POP3) can not provide the function of sending and receiving mail, etc. Basically, blocking service attacks usually utilize a large number of network data packets to smash the network and host of the other party, so that normal users cannot obtain timely service from the host.

Distributed denial of service, in short, consumes available systems and network bandwidth with massive data packets that far exceed the target processing power, causing network services.

Perhaps it is related to the media's excessive attention. DoS attacks, especially DDoS attacks, seem to be popular overnight. The network administrators of large and small, as long as the server is faulty, are very excited. Shouting & ldquo; I was DDoS! & rdquo;, the face seems to write incomparable glory and pride.

In fact, there are not many DDoS in the real sense around us. After all, the resources required to launch a DDoS attack are very many, but the actual attacks continue to happen. Inside, the vast majority are ordinary denial of service attacks. Ordinary level of attacks, how to protect, has become the most headaches of many network administrators, so I have to ask around, the results are often the same, "buy our hardware firewall".

Hardware firewalls, including dedicated anti-denial-of-service attack products, are really good, but the basic price is very expensive, although the effect is good, from the perspective of investment and investment protection, it is too much.

In fact, from the perspective of the operating system, there are a lot of functions hidden in it, but many of them need us to slowly explore. Here I will give you a brief introduction on how to modify the registry in the Win2000 environment to enhance the system's anti-DoS capabilities.

Details:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters]

Close the check for invalid gateways. When the server is set up with multiple gateways, the system will try to connect to the second gateway when the network is not smooth, and the network can be optimized by turning it off.

"EnableDeadGWDetect"=dword:00000000

Disable response to ICMP redirect messages. Such packets may be used for attacks, so the system should refuse to accept ICMP redirect messages.

"EnableICMPRedirects"=dword:00000000

The NETBIOS name is not allowed to be released. When the attacker issues a request to query the server NETBIOS name, the server can be disabled.

Note that the system must be installed above SP2

"NoNameReleaseOnDemand"=dword:00000001

Send verification keep-alive packets. This option determines how long the TCP interval is to determine that the current connection is still connected. If the value is not set, the system checks whether the TCP has an idle connection every 2 hours. The setting time is 5 minutes.

"KeepAliveTime"=dword:000493e0