DDoS Attacks Analysis and Prevention

How to Install Firewall on Ubuntu 16.04 for Your First Server on Alibaba Cloud

Alibaba Cloud Elastic Compute Service (ECS) provides a faster and more powerful way to run your cloud applications as compared with traditional physical servers. You can achieve great results on your cloud needs. With ECS, you can achieve more with the latest generation of CPUs as well as protect your instance from DDoS and Trojan attacks.

In this tutorial, we will talk about the best practices for provisioning your Ubuntu 16.04 server hosted on an Alibaba Cloud Elastic Compute Service (ECS) instance.

Ubuntu 16.04 comes with a default interface for interacting with IP tables known as UFW (Uncomplicated Firewall). UFW is a simplified tool which aims towards simplifying the process of setting up IP tables especially for beginners who are new to the Linux environment.

UFW is a right choice for adding another security to your Ubuntu 16.04 server running on Alibaba Cloud.

IoT Botnet and DDoS Attacks Analysis from CERT

In this article, you will get some information on the importance of IoT device security by looking at CERT’s interpretation of the infamous 2016 DDoS attack.

Dyn said that this DDoS attack involved tens of millions IP addresses, most of which were IoT and smart devices. Dyn believed that the attack came from a malicious code named “Mirai.” Hacker organizations NewWorldHackers and Anonymous claimed responsibility for the attack .

In DDoS attacks (including Mirai) targeted at IoT devices, attackers perform brute-force cracking on popular password files through the Telnet port, or log on using the default password. If attackers successfully log on through Telnet, they attempt to use the necessary embedded tools like BusyBox and wget to download the bot of the DDoS function, modify executable attributes, and run and control IoT devices. Due to the difference of the CPU command architectures, after determining the system architecture, some botnets can select samples of the MIPS, arm, or x86 architectures for downloading. After running these samples, botnets receive related attacks commands to initiate attacks.

Scanning and Intrusion Script Analysis for DockerKiller Threat

In this article, you will get some information on the analysis of scanning and intrusion script for DockerKiller Threat.

Once Docker is compromised and auto.sh is executed, earlier versions of malicious files, if any, are removed, and then updated files are downloaded from the server to the compromised server, including the webshell, mining program, backdoor program, task files, and mining configuration files, and proceeds to their execution.

The sequence of the attack is as follows:

  1. Clean-up: earlier versions of mining programs, DDoS Trojans, services, and their configuration files are removed.
  2. Fresh download: downloads the webshell backdoor, DDoS Trojan, and the mining application.
  3. Execution: mining script and DDoS Trojan services are executed.

Related Documentation

Anti-DDoS packages

Anti-DDoS Pro provides anti-DDoS packages as a value-added service to help you reduce the cost of defending against DDoS attacks.

In most scenarios, when the bandwidth during a DDoS attack exceeds the basic bandwidth provided by your Anti-DDoS Pro instance, the burstable bandwidth is consumed or the black hole is triggered if you set the burstable bandwidth and basic bandwidth to the same value.

Implement Anti-DDoS Pro for a non-web service

This tutorial explains a simple setup and verification process of Anti-DDoS Pro non-website protection through the Alibaba Cloud console. It does not cover all possible options.

Related Products

Anti-DDoS Pro

Anti-DDoS Pro is a value-added service used to protect servers, including external servers hosted in Mainland China, against volumetric DDoS attacks. You can redirect attack traffic to Anti-DDoS Pro to ensure the stability and availability of origin sites.

Anti-DDoS Premium

Alibaba Cloud Anti-DDoS Premium is a value-added DDoS protection service. This service is used to protect servers against volumetric DDoS attacks and ensure the availability of business. By modifiying DNS records to redirect malicious traffic through Anti-DDoS Premium’s dedicated IP address, Anti-DDoS Premium, protects your online presence.

Related Course

How to setup Anti-DDoS Premium service — Live Demo

Alibaba Cloud Anti-DDoS Premium is a value-added DDoS protection service. This service is used to protect servers against volumetric DDoS attacks and ensure the availability of business.

In this demo, you will learn the benefits of using Anti-DDoS premium and also you will see a step by step demo about how to setup Anti-DDoS premium service in just a few seconds.

Original Source


Follow me to keep abreast with the latest technology news, industry insights, and developer trends.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store