{"id":463561,"date":"2023-12-26T21:50:26","date_gmt":"2023-12-26T20:50:26","guid":{"rendered":"https:\/\/blog.wedos.com\/?p=463561"},"modified":"2024-02-01T16:40:56","modified_gmt":"2024-02-01T15:40:56","slug":"waf-report-z-wedos-global-protection-za-listopad-2023","status":"publish","type":"post","link":"https:\/\/blog.wedos.com\/cs\/waf-report-z-wedos-global-protection-za-listopad-2023","title":{"rendered":"WAF report z WEDOS Global Protection za listopad 2023"},"content":{"rendered":"\n<p>V listopadu \u010delila na\u0161e ochrana nadpr\u016fm\u011brn\u00e9mu mno\u017estv\u00ed DDoS \u00fatok\u016f p\u0159es aplika\u010dn\u00ed vrstvu. Velk\u00e1 \u010d\u00e1st z nich sm\u011b\u0159ovala na e-shopy. V\u0161e pak vyvrcholilo v p\u00e1tek 24. listopadu, kter\u00fd je ozna\u010dov\u00e1n jako Black Friday. To n\u00e1s utvrdilo v p\u0159esv\u011bd\u010den\u00ed, \u017ee se nejednalo o nahodil\u00e9 \u00fatoky, ale s nejv\u011bt\u0161\u00ed pravd\u011bpodobnost\u00ed o konkuren\u010dn\u00ed boj. Zvl\u00e1\u0161t\u011b, kdy\u017e jsme zjistili, \u017ee dva e-shopy dvou r\u016fzn\u00fdch z\u00e1kazn\u00edk\u016f, kter\u00e9 jsou pod siln\u00fdmi \u00fatoky pravideln\u011b, prod\u00e1vaj\u00ed stejn\u00fd sortiment zbo\u017e\u00ed. <\/p>\n\n\n\n<!--more-->\n\n\n\n<h2 class=\"wp-block-heading\">WEDOS Global<\/h2>\n\n\n\n<p>WEDOS Global je n\u00e1zev na\u0161\u00ed rozs\u00e1hl\u00e9 s\u00edt\u011b rozprost\u00edraj\u00edc\u00ed se po cel\u00e9m sv\u011bt\u011b s v\u00edce ne\u017e dv\u011bma tis\u00edci na\u0161imi vlastn\u00edmi fyzick\u00fdmi servery. Tyto servery jsou strategicky um\u00edst\u011bny v des\u00edtk\u00e1ch kl\u00ed\u010dov\u00fdch lokalit, co\u017e zaji\u0161\u0165uje rychl\u00e9 a bezpe\u010dn\u00e9 p\u0159ipojen\u00ed va\u0161eho webu do cel\u00e9ho sv\u011bta. Celkov\u00e1 konektivita s\u00edt\u011b je p\u0159es 3 000 Gbps a s ka\u017edou p\u0159idanou lokalitou roste.<\/p>\n\n\n\n<p>S\u00ed\u0165 WEDOS Global je postavena na dvou kl\u00ed\u010dov\u00fdch technologi\u00edch. Prvn\u00ed je <strong>BGP AnyCast<\/strong>. Tato technika rozkl\u00e1d\u00e1 internetov\u00fd provoz po cel\u00e9 s\u00edti. Je to zvl\u00e1\u0161t\u011b \u00fa\u010dinn\u00e9 p\u0159i ochran\u011b proti DDoS \u00fatok\u016fm, kter\u00e9 cht\u011bj\u00ed s\u00ed\u0165 zpomalit nebo p\u0159et\u00ed\u017eit. D\u00edky BGP AnyCast jsou tyto \u00fatoky rozpt\u00fdleny do r\u016fzn\u00fdch lokalit a jejich dopad je minimalizov\u00e1n.<\/p>\n\n\n\n<p>Druhou je <strong>reverzn\u00ed proxy<\/strong>. Jedn\u00e1 se o server, kter\u00fd stoj\u00ed mezi n\u00e1v\u0161t\u011bvn\u00edkem a c\u00edlov\u00fdm serverem, kde m\u00e1te v\u00e1\u0161 web. Reverzn\u00ed proxy nejen p\u0159epos\u00edl\u00e1 po\u017eadavky, ale dok\u00e1\u017ee i velice efektivn\u011b zas\u00e1hnout v p\u0159\u00edpad\u011b, kdy\u017e zjist\u00ed, \u017ee po\u017eadavek je \u0161kodliv\u00fd. Tato funkce zvy\u0161uje bezpe\u010dnost a zlep\u0161uje i rychlost na\u010d\u00edt\u00e1n\u00ed webu, proto\u017ee WEDOS Global od \u0159\u00edjna poskytuje slu\u017ebu <strong>webovou CDN cache<\/strong> v r\u00e1mci WEDOS Global Protection. To znamen\u00e1, \u017ee ukl\u00e1d\u00e1 statick\u00e9 kopie obsahu web\u016f v r\u016fzn\u00fdch lokalit\u00e1ch, co\u017e umo\u017e\u0148uje rychlej\u0161\u00ed na\u010d\u00edt\u00e1n\u00ed str\u00e1nek pro u\u017eivatele z r\u016fzn\u00fdch \u010d\u00e1st\u00ed sv\u011bta a z\u00e1rove\u0148 sni\u017euje z\u00e1t\u011b\u017e na p\u016fvodn\u00ed server. To v\u0161e p\u0159isp\u00edv\u00e1 k lep\u0161\u00edmu u\u017eivatelsk\u00e9mu z\u00e1\u017eitku a efektivn\u011bj\u0161\u00edmu provozu web\u016f. <\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Nov\u00e9 lokality<\/h3>\n\n\n\n<p>WEDOS Global je ji\u017e nyn\u00ed robustn\u00ed a je jednou z nejv\u011bt\u0161\u00edch infrastruktur v Evrop\u011b, av\u0161ak na\u0161\u00edm c\u00edlem je dal\u0161\u00ed r\u016fst a zrychlen\u00ed, aby se stala nejlep\u0161\u00ed.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Spustili jsme dal\u0161\u00ed lokalitu WEDOS Global \u2013 N\u011bmecko \u2013 Frankfurt<\/h4>\n\n\n\n<p>\u00dasp\u011b\u0161n\u011b jsme zprovoznili dlouho pl\u00e1novanou lokalitu v kl\u00ed\u010dov\u00e9 evropsk\u00e9 internetov\u00e9 k\u0159i\u017eovatce \u2013 Frankfurtu nad Mohanem. V t\u00e9to lokalit\u011b, strategicky um\u00edst\u011bn\u00e9 v renomovan\u00e9m datacentru Equinix, m\u00e1me 45 fyzick\u00fdch server\u016f a 3 switche, v\u010detn\u011b Arista 7280TR-48C6, kter\u00fd pou\u017e\u00edv\u00e1me pro propojen\u00ed do internetov\u00fdch v\u00fdm\u011bnn\u00fdch uzl\u016f (IXP) a dal\u0161\u00edch s\u00edt\u00ed, s kter\u00fdmi chceme m\u00edt p\u0159\u00edm\u00fd propoj.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-blog-wedos wp-block-embed-blog-wedos\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"zDcjpMgYW9\"><a href=\"https:\/\/blog.wedos.com\/cs\/spustili-jsme-dalsi-lokalitu-wedos-global-nemecko-frankfurt\">Spustili jsme dal\u0161\u00ed lokalitu WEDOS Global &#8211; N\u011bmecko &#8211; Frankfurt.<\/a><\/blockquote><iframe class=\"wp-embedded-content lazyload\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8222;Spustili jsme dal\u0161\u00ed lokalitu WEDOS Global &#8211; N\u011bmecko &#8211; Frankfurt.&#8220; &#8212; Blog WEDOS\" data-src=\"https:\/\/blog.wedos.com\/cs\/spustili-jsme-dalsi-lokalitu-wedos-global-nemecko-frankfurt\/embed#?secret=KcME0Nye8A#?secret=zDcjpMgYW9\" data-secret=\"zDcjpMgYW9\" width=\"525\" height=\"296\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" data-load-mode=\"1\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Nov\u00e9 propoje (peeringy)<\/h3>\n\n\n\n<p>Propojen\u00ed s internetov\u00fdmi v\u00fdm\u011bnn\u00fdmi body (IXP) \u2013 m\u00edsta, kde se setk\u00e1vaj\u00ed r\u016fzn\u00e9 internetov\u00e9 s\u00edt\u011b pro v\u00fdm\u011bnu dat \u2013 a s velk\u00fdmi internetov\u00fdmi s\u00edt\u011bmi v\u00fdznamn\u011b urychluje p\u0159enos dat. D\u00edky ka\u017ed\u00e9mu nov\u00e9mu propoji se webov\u00e9 str\u00e1nky st\u00e1vaj\u00ed rychlej\u0161\u00ed pro miliony u\u017eivatel\u016f po cel\u00e9m sv\u011bt\u011b.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">WEDOS Global se p\u0159ipojuje k V\u00edde\u0148sk\u00e9mu Internetov\u00e9mu V\u00fdm\u011bnn\u00e9mu Bodu!<\/h4>\n\n\n\n<p>WEDOS Global byl ned\u00e1vno p\u0159ipojen k VIX (Vienna Internet Exchange \u2013 jednomu z nejd\u016fle\u017eit\u011bj\u0161\u00edch internetov\u00fdch v\u00fdm\u011bnn\u00fdch bod\u016f v Evrop\u011b), co\u017e je v\u00fdznamn\u00fd krok pro zlep\u0161en\u00ed slu\u017eeb. <\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-wp-embed is-provider-blog-wedos wp-block-embed-blog-wedos\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"jfi08wIDFf\"><a href=\"https:\/\/blog.wedos.com\/cs\/wedos-global-se-pripojuje-k-vix-ve-vidni-lepsi-konektivita-v-rakousku\">WEDOS Global se p\u0159ipojuje k VIX ve V\u00eddni: Lep\u0161\u00ed konektivita v Rakousku<\/a><\/blockquote><iframe class=\"wp-embedded-content lazyload\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8222;WEDOS Global se p\u0159ipojuje k VIX ve V\u00eddni: Lep\u0161\u00ed konektivita v Rakousku&#8220; &#8212; Blog WEDOS\" data-src=\"https:\/\/blog.wedos.com\/cs\/wedos-global-se-pripojuje-k-vix-ve-vidni-lepsi-konektivita-v-rakousku\/embed#?secret=aGy8qNf2Gc#?secret=jfi08wIDFf\" data-secret=\"jfi08wIDFf\" width=\"525\" height=\"296\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" data-load-mode=\"1\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"block-cf8be3ad-2224-472b-a4bd-d94ca3c9f21c\">Chcete se o WEDOS Global dozv\u011bd\u011bt v\u00edce?<\/h3>\n\n\n\n<p id=\"block-7a0e9de9-994a-4368-83c1-98199a50b21d\">Pokud v\u00e1s zaj\u00edm\u00e1 WEDOS Global a r\u00e1di byste se dozv\u011bd\u011bli v\u00edce o pokro\u010dil\u00fdch technologi\u00edch, kter\u00e9 pou\u017e\u00edv\u00e1me, tak pro hlub\u0161\u00ed a detailn\u00ed pohled do technologick\u00e9 architektury, na n\u00ed\u017e je postavena infrastruktura WEDOS Global, v\u00e1m doporu\u010dujeme poslechnout si na\u0161i p\u0159edn\u00e1\u0161ku z konference Kubernetes Community Days Czech &amp; Slovak 2023. Tuto odbornou prezentaci vedli dva kolegov\u00e9, kte\u0159\u00ed hraj\u00ed kl\u00ed\u010dovou roli ve v\u00fdvoji WEDOS Global.<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe title=\"Glob\u00e1ln\u00ed Kubernetes infrastruktura, jej\u00ed v\u00fdvoj a \u00fadr\u017eba-WEDOS Global - Jakub Sassmann a Martin Du\u0161ek\" width=\"525\" height=\"295\" data-src=\"https:\/\/www.youtube.com\/embed\/siA5YFE5N4E?start=25&#038;feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" data-load-mode=\"1\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">WEDOS Global Protection<\/h2>\n\n\n\n<p>WEDOS Global Protection je slu\u017eba navr\u017een\u00e1 k ochran\u011b a zrychlen\u00ed webov\u00fdch str\u00e1nek. Slu\u017eba vyu\u017e\u00edv\u00e1 infrastrukturu WEDOS Global a poskytuje ochranu proti r\u016fzn\u00fdm typ\u016fm kybernetick\u00fdch \u00fatok\u016f. Zvy\u0161uje rychlost webu prost\u0159ednictv\u00edm AnyCast DNS (= syst\u00e9m, kter\u00fd umo\u017e\u0148uje rychlej\u0161\u00ed a spolehliv\u011bj\u0161\u00ed vy\u0159izov\u00e1n\u00ed DNS po\u017eadavk\u016f t\u00edm, \u017ee distribuuje po\u017eadavky na nejbli\u017e\u0161\u00ed server) a CDN cache (tj. Content Delivery Network, s\u00ed\u0165 server\u016f optimalizovan\u00e1 pro rychl\u00e9 doru\u010den\u00ed obsahu jako jsou webov\u00e9 str\u00e1nky, obr\u00e1zky, JavaScripty, fonty atd.). D\u00e1le umo\u017e\u0148uje integraci nejnov\u011bj\u0161\u00edch internetov\u00fdch technologi\u00ed bez z\u00e1vislosti na podpo\u0159e ze strany poskytovatele hostingov\u00fdch slu\u017eeb (nap\u0159\u00edklad IPv6, HTTP\/3).<\/p>\n\n\n\n<p>Samoz\u0159ejm\u011b je velk\u00fd d\u016fraz kladen na ochranu web\u016f. Krom \u00fatok\u016f L3\/L4 a L7 je na reverzn\u00edm proxy i WAF, kter\u00fd um\u00ed p\u0159edch\u00e1zet zneu\u017eit\u00ed zranitelnost\u00ed.<\/p>\n\n\n\n<div class=\"wp-block-media-text alignwide is-stacked-on-mobile is-vertically-aligned-center has-white-color has-vivid-cyan-blue-background-color has-text-color has-background\" style=\"grid-template-columns:20% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"385\" height=\"400\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png\" alt=\"\" class=\"wp-image-123898 size-full lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png 385w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1-289x300.png 289w\" data-sizes=\"(max-width: 385px) 100vw, 385px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 385px; --smush-placeholder-aspect-ratio: 385\/400;\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><strong>Co je WAF (Web Application Firewall)?<\/strong><\/p>\n\n\n\n<p>WAF (Web Application Firewall) je ochrana na na\u0161ich reverzn\u00edch proxy serverech, kter\u00e1 je um\u00edst\u011bna mezi \u00fato\u010dn\u00edkem a va\u0161\u00edm webem. V re\u00e1ln\u00e9m \u010dase proch\u00e1z\u00ed ka\u017ed\u00fd po\u017eadavek a hled\u00e1 v n\u011bm specifick\u00e9 znaky \u00fatoku nebo zneu\u017eit\u00ed bezpe\u010dnostn\u00ed d\u00edry. Pokud naraz\u00ed na podez\u0159el\u00fd po\u017eadavek, m\u016f\u017ee jej p\u0159esm\u011brovat na test (p\u0159esm\u011brov\u00e1n\u00ed, captcha), anebo zablokovat.<\/p>\n<\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\">Statistiky WEDOS Global Protection<\/h2>\n\n\n\n<p>V listopadu narostl po\u010det u\u017eivatel\u016f WEDOS Global Protection na <strong>1&nbsp;348<\/strong> (+75) a celkov\u00fd po\u010det chr\u00e1n\u011bn\u00fdch dom\u00e9n na <strong>6&nbsp;517 <\/strong>(+720). V listopadu p\u0159ibyla v\u011bt\u0161ina u\u017eivatel\u016f kv\u016fli webov\u00e9 CDN cache. Jak se ukazuje, tak znateln\u00e9 zrychlen\u00ed webu je v\u011bt\u0161\u00edm l\u00e1kadlem ne\u017e kybernetick\u00e1 bezpe\u010dnost. Tu si kupuj\u00ed z\u00e1kazn\u00edci sp\u00ed\u0161e v p\u0159\u00edpad\u011b, \u017ee u\u017e jsou c\u00edlem \u00fatok\u016f. V\u00fdhoda WEDOS Global Protection je, \u017ee se d\u00e1 nasadit velice rychle. <\/p>\n\n\n\n<p>P\u0159ich\u00e1z\u00ed k n\u00e1m tak\u00e9 v\u00edce z\u00e1kazn\u00edk\u016f pou\u017e\u00edvaj\u00edc\u00edch redak\u010dn\u00ed syst\u00e9my hostovan\u00e9 t\u0159et\u00ed stranou. Zde se setk\u00e1v\u00e1me s t\u00edm, \u017ee z\u00e1kazn\u00edk nar\u00e1\u017e\u00ed na limit u poskytovatele, kter\u00fd jej po p\u0159ekro\u010den\u00ed t\u0159eba na hodinu vypne. WEDOS Global Protection jednak v\u00fdrazn\u011b sn\u00ed\u017e\u00ed ne\u017e\u00e1douc\u00ed provoz a z\u00e1rove\u0148 dok\u00e1\u017ee zajistit, \u017ee na c\u00edlov\u00fd server neprojde v\u00edce po\u017eadavk\u016f, co\u017e by zp\u016fsobilo vypnut\u00ed \u010di omezen\u00ed webu.  Do budoucna budeme pot\u0159ebovat pro r\u016fzn\u00e9 hostovan\u00e9 syst\u00e9my odli\u0161n\u00e9 \u0161ablony nastaven\u00ed, kter\u00e9 toto budou automaticky hl\u00eddat.  <\/p>\n\n\n\n<p>V listopadu bylo zaznamen\u00e1no <strong>4 166 723 667<\/strong> (+33,53 %) po\u017eadavk\u016f z <strong>11 276 125<\/strong> (+32,43 %) unik\u00e1tn\u00edch IP adres, kter\u00e9 sm\u011b\u0159ovaly na chr\u00e1n\u011bn\u00e9 dom\u00e9ny. V pr\u016fm\u011bru za den odbavily proxy servery <strong>138\u00a0890\u00a0789<\/strong> po\u017eadavk\u016f. N\u00e1r\u016fst je zp\u016fsoben jednak v\u011bt\u0161\u00edm provozem na chr\u00e1n\u011bn\u00fdch e-shopech a tak\u00e9 v\u011bt\u0161\u00edm mno\u017estv\u00edm \u00fatok\u016f, kter\u00e9 dorazily a\u017e k WAF (webov\u00e9mu firewallu). \u00dato\u010dn\u00edci opravdu cht\u011bli u\u0161kodit, a tak \u00fatoky byly del\u0161\u00ed, intenzivn\u011bj\u0161\u00ed a z v\u00edce IP adres. Des\u00edtky tis\u00edc IP adres, kter\u00e9 nikomu nebudou chyb\u011bt, roz\u0161\u00ed\u0159ily na\u0161e blacklisty. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231201-listopad-1.png\"><img decoding=\"async\" width=\"1024\" height=\"407\" data-src=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231201-listopad-1-1024x407.png\" alt=\"\" class=\"wp-image-466777 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231201-listopad-1-1024x407.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231201-listopad-1-300x119.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231201-listopad-1-768x305.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231201-listopad-1-1536x610.png 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231201-listopad-1.png 1862w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/407;\" \/><\/a><figcaption class=\"wp-element-caption\">Denn\u00ed provoz, kter\u00fd dorazil na reverzn\u00ed proxy o\u010di\u0161t\u011bn\u00fd o L3\/L4 \u00fatoky za listopad 2023. Na grafu je vid\u011bt, kdy se hodn\u011b \u00fato\u010dilo.<\/figcaption><\/figure>\n\n\n\n<p>Co se t\u00fdk\u00e1 druhu \u00fatok\u016f, tak L7 DDoS \u00fatok HTTP\/2 Rapid Reset byl u n\u011bkter\u00fdch \u00fatok\u016f dominantn\u00ed. Ov\u0161em na rozd\u00edl od \u0159\u00edjna byl tentokr\u00e1t sp\u00ed\u0161e kombinov\u00e1n s dal\u0161\u00edmi druhy obl\u00edben\u00fdch \u00fatok\u016f.<\/p>\n\n\n\n<div class=\"wp-block-media-text alignwide is-stacked-on-mobile is-vertically-aligned-center has-white-color has-vivid-cyan-blue-background-color has-text-color has-background\" style=\"grid-template-columns:20% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"385\" height=\"400\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png\" alt=\"\" class=\"wp-image-123898 size-full lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png 385w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1-289x300.png 289w\" data-sizes=\"(max-width: 385px) 100vw, 385px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 385px; --smush-placeholder-aspect-ratio: 385\/400;\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><strong>L7 DDoS \u00fatok HTTP\/2 Rapid Reset<\/strong><\/p>\n\n\n\n<p>\u00datok \u201eHTTP\/2 Rapid Reset\u201c je specifick\u00fd typ kybernetick\u00e9ho \u00fatoku, kter\u00fd zneu\u017e\u00edv\u00e1 charakteristiky protokolu HTTP\/2. Tento protokol byl navr\u017een pro efektivn\u011bj\u0161\u00ed a rychlej\u0161\u00ed p\u0159enos dat ve srovn\u00e1n\u00ed s jeho p\u0159edch\u016fdcem HTTP\/1.1, d\u00edky pou\u017eit\u00ed technik jako multiplexov\u00e1n\u00ed po\u017eadavk\u016f, komprese hlavi\u010dek a jin\u00fdch vylep\u0161en\u00ed.<\/p>\n\n\n\n<p>Kl\u00ed\u010dov\u00e9 aspekty \u00fatoku \u201eHTTP\/2 Rapid Reset\u201c jsou:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Zneu\u017eit\u00ed stream\u016f a multiplexov\u00e1n\u00ed<\/strong>: HTTP\/2 umo\u017e\u0148uje multiplexov\u00e1n\u00ed, co\u017e znamen\u00e1, \u017ee v\u00edce po\u017eadavk\u016f m\u016f\u017ee b\u00fdt pos\u00edl\u00e1no sou\u010dasn\u011b p\u0159es jedno TCP spojen\u00ed. \u00dato\u010dn\u00edk zneu\u017e\u00edv\u00e1 tuto funkci t\u00edm, \u017ee rychle otev\u00edr\u00e1 a zav\u00edr\u00e1 velk\u00e9 mno\u017estv\u00ed stream\u016f.<\/li>\n\n\n\n<li><strong>Z\u00e1t\u011b\u017e na servery<\/strong>: Toto chov\u00e1n\u00ed m\u016f\u017ee zp\u016fsobit zna\u010dnou z\u00e1t\u011b\u017e na serveru. Server se sna\u017e\u00ed spravovat a udr\u017eovat mnoho otev\u0159en\u00fdch stream\u016f, co\u017e vy\u017eaduje v\u00fdpo\u010detn\u00ed v\u00fdkon a pam\u011b\u0165. Pokud je tento \u00fatok prov\u00e1d\u011bn intenzivn\u011b a po del\u0161\u00ed dobu, m\u016f\u017ee doj\u00edt k vy\u010derp\u00e1n\u00ed syst\u00e9mov\u00fdch zdroj\u016f serveru.<\/li>\n\n\n\n<li><strong>Resetov\u00e1n\u00ed stream\u016f<\/strong>: \u00dato\u010dn\u00edk po otev\u0159en\u00ed streamu po\u0161le r\u00e1mcov\u00fd sign\u00e1l RESET, kter\u00fd n\u00e1sledn\u011b donut\u00ed server k uzav\u0159en\u00ed dan\u00e9ho streamu. Opakovan\u00e9 vys\u00edl\u00e1n\u00ed t\u011bchto sign\u00e1l\u016f v rychl\u00e9m sledu m\u016f\u017ee zp\u016fsobit, \u017ee server se stane p\u0159et\u00ed\u017een\u00fdm a nedostupn\u00fdm pro legitimn\u00ed u\u017eivatele.<\/li>\n\n\n\n<li><strong>Obt\u00ed\u017en\u00e1 detekce<\/strong>: \u00datoky tohoto typu mohou b\u00fdt obt\u00ed\u017en\u011b detekovateln\u00e9, proto\u017ee se na prvn\u00ed pohled mohou jevit jako b\u011b\u017en\u00e1 komunikace podle protokolu HTTP\/2. To vy\u017eaduje pokro\u010dil\u00e9 monitorovac\u00ed a bezpe\u010dnostn\u00ed n\u00e1stroje schopn\u00e9 rozpoznat anom\u00e1ln\u00ed vzorce v r\u00e1mci HTTP\/2 komunikace.<\/li>\n\n\n\n<li><strong>C\u00edl \u00fatoku<\/strong>: Tento \u00fatok je obvykle zam\u011b\u0159en na webov\u00e9 servery a aplikace, kter\u00e9 pou\u017e\u00edvaj\u00ed HTTP\/2, a jeho c\u00edlem je vyvolat DoS (Denial of Service) stav, kdy server nen\u00ed schopen zpracov\u00e1vat dal\u0161\u00ed legitimn\u00ed po\u017eadavky.<\/li>\n<\/ul>\n\n\n\n<p>Vzhledem k tomu, \u017ee HTTP\/2 je \u0161iroce pou\u017e\u00edv\u00e1n v modern\u00edch webov\u00fdch aplikac\u00edch, je d\u016fle\u017eit\u00e9, aby byla infrastruktura vybavena odpov\u00eddaj\u00edc\u00edmi bezpe\u010dnostn\u00edmi mechanismy pro detekci a zm\u00edrn\u011bn\u00ed takov\u00fdchto \u00fatok\u016f.<\/p>\n\n\n\n<p>Anebo m\u016f\u017eete pou\u017e\u00edt WEDOS Global Protection. WEDOS Global Protection funguje jako reverzn\u00ed proxy, co\u017e znamen\u00e1, \u017ee ve\u0161ker\u00fd vstupn\u00ed provoz proch\u00e1z\u00ed p\u0159es infrastrukturu p\u0159ed dosa\u017een\u00edm c\u00edlov\u00e9ho serveru. Tato architektura umo\u017e\u0148uje efektivn\u011bj\u0161\u00ed filtrov\u00e1n\u00ed a anal\u00fdzu provozu, co\u017e je kl\u00ed\u010dov\u00e9 pro odhalen\u00ed a zastaven\u00ed \u201eHTTP\/2 Rapid Reset\u201c \u00fatok\u016f. Z\u00e1kazn\u00edk tak nemus\u00ed \u0159e\u0161it v podstat\u011b nic.<\/p>\n<\/div><\/div>\n\n\n\n<p> A co dal\u0161\u00ed L7 \u00fatoky? V listopadu jsme ladili ochrany p\u0159ed HTTP flood \u00fatoky, kde se s nimi vypo\u0159\u00e1d\u00e1v\u00e1me rovnou a\u017e na WAF. Je to p\u0159esn\u011bj\u0161\u00ed a efektivn\u011bj\u0161\u00ed. Je t\u0159eba v\u0161e posunout hlavn\u011b kv\u016fli parametrick\u00fdm \u00fatok\u016fm, kter\u00e9 se sna\u017e\u00ed obch\u00e1zet detekci a cache. <\/p>\n\n\n\n<p>Pokles \u00fatok\u016f, kter\u00e9 se sna\u017e\u00ed vy\u010derpat spojen\u00ed, je d\u016fsledkem, \u017ee tyto \u00fatoky nejsou zas tak \u010dast\u00e9. Nav\u00edc testujeme r\u016fzn\u00e9 formy, jak se jim br\u00e1nit. <\/p>\n\n\n\n<p>Co se t\u00fdk\u00e1 WAF, nech\u00e1v\u00e1me proch\u00e1zet v\u00edce \u00fatok\u016f pro jejich efektivn\u011bj\u0161\u00ed eliminaci. Experimentujeme i s <a href=\"https:\/\/blog.wedos.com\/cs\/otestovali-jsme-na-sobe-novou-ochranu-proti-l7-ddos-utokum\" data-type=\"post\" data-id=\"418671\">cache str\u00e1nky m\u00edsto captcha<\/a>. <\/p>\n\n\n\n<p>Dal\u0161\u00ed blokov\u00e1n\u00ed jsou v\u00fdsledkem nov\u00fdch filtr\u016f, kter\u00e9 chr\u00e1n\u00ed hlavn\u011b WordPress p\u0159ed nov\u00fdmi zranitelnostmi, a n\u00e1r\u016fstu po\u010dtu z\u00e1kazn\u00edk\u016f s WordPress obecn\u011b. <\/p>\n\n\n\n<figure class=\"wp-block-table is-style-regular\"><table><tbody><tr><td>L7 DDoS \u2013 zachycen\u00fdch limitov\u00e1n\u00ed p\u0159\u00edstup\u016f (HTTP flood)<\/td><td class=\"has-text-align-right\" data-align=\"right\"><strong>693 449<\/strong><\/td><td class=\"has-text-align-right\" data-align=\"right\">-98,65&nbsp;%<\/td><\/tr><tr><td>L7 DDoS \u2013 zachycen\u00fdch probl\u00e9mov\u00fdch spojen\u00ed (Slowloris, Connection Exhaustion atd.)<\/td><td class=\"has-text-align-right\" data-align=\"right\"><strong>232 910<\/strong><\/td><td class=\"has-text-align-right\" data-align=\"right\">-92,11&nbsp;%<\/td><\/tr><tr><td>Blokov\u00e1no pravidlem WAF<\/td><td class=\"has-text-align-right\" data-align=\"right\"><strong>67<\/strong>&nbsp;<strong>747&nbsp;456<\/strong><\/td><td class=\"has-text-align-right\" data-align=\"right\">+195,62&nbsp;%<\/td><\/tr><tr><td>Dal\u0161\u00ed blokov\u00e1n\u00ed L7<\/td><td class=\"has-text-align-right\" data-align=\"right\"><strong>6 285 144<\/strong><\/td><td class=\"has-text-align-right\" data-align=\"right\">+31,73 %<\/td><\/tr><\/tbody><\/table><figcaption class=\"wp-element-caption\">L7 \u00fatoky zastaven\u00e9 WGP, kter\u00e9 pro\u0161ly p\u0159es ostatn\u00ed ochrany.<\/figcaption><\/figure>\n\n\n\n<div class=\"wp-block-media-text alignwide is-stacked-on-mobile is-vertically-aligned-center has-white-color has-vivid-cyan-blue-background-color has-text-color has-background\" style=\"grid-template-columns:20% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"385\" height=\"400\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png\" alt=\"\" class=\"wp-image-123898 size-full lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png 385w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1-289x300.png 289w\" data-sizes=\"(max-width: 385px) 100vw, 385px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 385px; --smush-placeholder-aspect-ratio: 385\/400;\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><strong>Co je L7 DDoS \u00fatok?<\/strong><\/p>\n\n\n\n<p>L7 DDoS \u00fatok je typ kybernetick\u00fdch \u00fatok\u016f na web nebo aplikaci, kter\u00fd pou\u017e\u00edv\u00e1 b\u011b\u017en\u00e9 internetov\u00e9 po\u017eadavky jako GET a POST. C\u00edlem je zpomalit nebo znep\u0159\u00edstupnit webovou str\u00e1nku nebo t\u0159eba API. <\/p>\n\n\n\n<p>\u00datoky na L7 jsou obt\u00ed\u017en\u011b odhaliteln\u00e9 a odli\u0161iteln\u00e9 od norm\u00e1ln\u00edho provozu, proto\u017ee pou\u017e\u00edvaj\u00ed stejn\u00e9 protokoly a metody jako legitimn\u00ed u\u017eivatel\u00e9. K jejich eliminaci je pot\u0159eba pou\u017e\u00edt speci\u00e1ln\u00ed n\u00e1stroje a techniky a d\u016fkladnou anal\u00fdzu s\u00ed\u0165ov\u00e9ho provozu.<\/p>\n<\/div><\/div>\n\n\n\n<p>Tato \u010d\u00edsla jsou jen prvn\u00ed pokusy o \u00fatok. Jakmile se jedn\u00e1 o opakovan\u00e9 pokusy, kter\u00e9 naberou na s\u00edle (t\u0159eba des\u00edtky tis\u00edc probl\u00e9mov\u00fdch p\u0159\u00edstup\u016f za minutu), tak je IP adresa um\u00edst\u011bna na blacklist. Je to v\u0161ak slo\u017eit\u011bj\u0161\u00ed, proto\u017ee k r\u016fzn\u00fdm IP se chov\u00e1me odli\u0161n\u011b (t\u0159eba mobiln\u00ed oper\u00e1tor dostane JavaScript redirekt nebo captcha). Stejn\u011b tak k odli\u0161n\u00fdm form\u00e1m \u00fatok\u016f.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">L3\/L4<\/h3>\n\n\n\n<p>Samoz\u0159ejm\u011b, \u017ee na\u0161i z\u00e1kazn\u00edci jsou tak\u00e9 pod klasick\u00fdmi L3\/L4 DDoS \u00fatoky. Nicm\u00e9n\u011b ve v\u011bt\u0161in\u011b p\u0159\u00edpad\u016f to nestoj\u00ed za \u0159e\u010d. Na\u0161e ochrany jsou stav\u011bny na \u00fatoky ve stovk\u00e1ch Gbps. V\u0161e pod 10 Gbps ani nepos\u00edl\u00e1 notifikaci technik\u016fm. V\u0161e \u0159e\u0161\u00ed automaty. V listopadu se ochrany vesm\u011bs nudily. Pouze jeden volumetrick\u00fd \u00fatok, kter\u00fd p\u0159es\u00e1hl 14 Gbps byl zaj\u00edmav\u00fd.<\/p>\n\n\n\n<div class=\"wp-block-media-text alignwide is-stacked-on-mobile is-vertically-aligned-center has-white-color has-vivid-cyan-blue-background-color has-text-color has-background\" style=\"grid-template-columns:20% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" width=\"385\" height=\"400\" data-src=\"https:\/\/blog.wedos.cz\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png\" alt=\"\" class=\"wp-image-123898 size-full lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1.png 385w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2022\/12\/ladik-rbt-1-289x300.png 289w\" data-sizes=\"(max-width: 385px) 100vw, 385px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 385px; --smush-placeholder-aspect-ratio: 385\/400;\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><strong>Co jsou L3\/L4 \u00fatoky?<\/strong><\/p>\n\n\n\n<p>DDoS \u00fatoky na L3 a L4 vrstv\u011b se zam\u011b\u0159uj\u00ed na s\u00ed\u0165ovou a transportn\u00ed vrstvu a vyu\u017e\u00edvaj\u00ed r\u016fzn\u00e9 techniky, jak zahlcovat c\u00edlov\u00e9 servery nebo za\u0159\u00edzen\u00ed.<br><br>S\u00ed\u0165ov\u00e1 vrstva (L3) &#8211; zaji\u0161\u0165uje sm\u011brov\u00e1n\u00ed dat mezi r\u016fzn\u00fdmi s\u00edt\u011bmi pomoc\u00ed logick\u00fdch adres (IP).<br><br>Transportn\u00ed vrstva (L4) &#8211; zaji\u0161\u0165uje spolehliv\u00fd a \u0159\u00edzen\u00fd p\u0159enos dat mezi koncov\u00fdmi body pomoc\u00ed protokol\u016f jako TCP nebo UDP.<\/p>\n<\/div><\/div>\n\n\n\n<p>Celkem jsme evidovali <strong>7 299<\/strong> (-1,87 %) DDoS \u00fatok\u016f. Po ru\u0161n\u00e9m z\u00e1\u0159\u00ed tak pokra\u010doval klid.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231201-listopad-1-l3-l4.png\"><img decoding=\"async\" width=\"1024\" height=\"470\" data-src=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231201-listopad-1-l3-l4-1024x470.png\" alt=\"\" class=\"wp-image-466834 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231201-listopad-1-l3-l4-1024x470.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231201-listopad-1-l3-l4-300x138.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231201-listopad-1-l3-l4-768x353.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231201-listopad-1-l3-l4.png 1258w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/470;\" \/><\/a><figcaption class=\"wp-element-caption\">Tradi\u010dn\u00ed DDoS \u00fatoky za listopad.<\/figcaption><\/figure>\n\n\n\n<p>Tradi\u010dn\u00ed volumetrick\u00e9 DDoS \u00fatoky prob\u00edhaj\u00ed trochu jinak. Je to v\u00edce druh\u016f \u00fatok\u016f nar\u00e1z. Tak\u017ee jednotliv\u00e9 \u00fatoky mohou m\u00edt t\u0159eba do 10 Gbps, ale ve v\u00fdsledku, kdy\u017e se to v\u0161echno spoj\u00ed, tak se dostaneme k des\u00edtk\u00e1m nebo stovk\u00e1m Gbps. Pokud vezmeme nejsiln\u011bj\u0161\u00ed \u00fatok, tak vych\u00e1z\u00ed n\u00e1sledovn\u011b:<\/p>\n\n\n\n<p>Nejsiln\u011bj\u0161\u00ed DDoS \u00fatok trval s p\u0159est\u00e1vkou zhruba p\u016fl hodiny a ve \u0161pi\u010dce m\u011bl n\u011bco p\u0159es 14 Gbps. Nikdo ze z\u00e1kazn\u00edk\u016f si ni\u010deho nev\u0161iml.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"453\" data-src=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231201-listopad-1-l3-l4-nejsilnejsi-25-11-1024x453.png\" alt=\"\" class=\"wp-image-466847 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231201-listopad-1-l3-l4-nejsilnejsi-25-11-1024x453.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231201-listopad-1-l3-l4-nejsilnejsi-25-11-300x133.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231201-listopad-1-l3-l4-nejsilnejsi-25-11-768x340.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231201-listopad-1-l3-l4-nejsilnejsi-25-11.png 1276w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/453;\" \/><\/figure>\n\n\n\n<p>Pro dne\u0161n\u00ed p\u0159ehled jsme v\u00e1m tak\u00e9 p\u0159ipravili tabulku nejsiln\u011bj\u0161\u00edch L3\/L4 jednotliv\u00fdch DDoS \u00fatok\u016f za listopadu 2023. \u00dato\u010dn\u00edci v\u011bt\u0161inou skl\u00e1daj\u00ed takov\u00e9to \u00fatoky do jednoho masivn\u00edho.<\/p>\n\n\n\n<figure class=\"wp-block-table is-style-regular\"><table><thead><tr><th>C\u00edl<\/th><th class=\"has-text-align-right\" data-align=\"right\">Top Packets\/s<\/th><th class=\"has-text-align-right\" data-align=\"right\">Top Bits\/s<\/th><\/tr><\/thead><tbody><tr><td>Webhosting<\/td><td class=\"has-text-align-right\" data-align=\"right\">791.2 k<\/td><td class=\"has-text-align-right\" data-align=\"right\">9.0 G<\/td><\/tr><tr><td>VPS<\/td><td class=\"has-text-align-right\" data-align=\"right\">788.9 k<\/td><td class=\"has-text-align-right\" data-align=\"right\">8.9 G<\/td><\/tr><tr><td>VPS<\/td><td class=\"has-text-align-right\" data-align=\"right\">788.9 k<\/td><td class=\"has-text-align-right\" data-align=\"right\">7.8 G<\/td><\/tr><tr><td>Dedikovan\u00fd server<\/td><td class=\"has-text-align-right\" data-align=\"right\">618.0 k<\/td><td class=\"has-text-align-right\" data-align=\"right\">7.5 G<\/td><\/tr><tr><td>VPS<\/td><td class=\"has-text-align-right\" data-align=\"right\">616.7 k<\/td><td class=\"has-text-align-right\" data-align=\"right\">7.4 G<\/td><\/tr><tr><td>VPS<\/td><td class=\"has-text-align-right\" data-align=\"right\">616.7 k<\/td><td class=\"has-text-align-right\" data-align=\"right\">7.3 G<\/td><\/tr><tr><td>Infrastruktura<\/td><td class=\"has-text-align-right\" data-align=\"right\">560.6 k<\/td><td class=\"has-text-align-right\" data-align=\"right\">7.2 G<\/td><\/tr><tr><td>Webhosting<\/td><td class=\"has-text-align-right\" data-align=\"right\">522.2 k<\/td><td class=\"has-text-align-right\" data-align=\"right\">7.1 G<\/td><\/tr><tr><td>Dedikovan\u00fd server<\/td><td class=\"has-text-align-right\" data-align=\"right\">354.1 k<\/td><td class=\"has-text-align-right\" data-align=\"right\">6.9 G<\/td><\/tr><tr><td>VPS<\/td><td class=\"has-text-align-right\" data-align=\"right\">332.2 k<\/td><td class=\"has-text-align-right\" data-align=\"right\">6.9 G<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Nejsiln\u011bj\u0161\u00ed L7 DDoS \u00fatoky<\/h3>\n\n\n\n<p>Ka\u017ed\u00fd m\u011bs\u00edc pro v\u00e1s p\u0159ipravujeme seznam nejsiln\u011bj\u0161\u00edch a zaj\u00edmav\u00fdch DDoS \u00fatok\u016f p\u0159es L7. Pracujeme pouze s po\u017eadavky, kter\u00e9 projdou a\u017e k WAF, tedy p\u0159es blacklisty a \u0159adu dal\u0161\u00edch ochran. <\/p>\n\n\n\n<h4 class=\"wp-block-heading\">1. \u00datok na zkracova\u010d URL &#8211; 3 M request\u016f za minutu <\/h4>\n\n\n\n<p>V nemilost m\u016f\u017ee upadnout i zkracova\u010d URL, \u017ee ale \u00fatok bude a\u017e tak siln\u00fd, nikdo ne\u010dekal. A\u017e k WAF se b\u011bhem 6 minut dostalo p\u0159es 8,1 milion\u016f po\u017eadavk\u016f z 4 247 unik\u00e1tn\u00edch IP adres, kter\u00e9 ve \u0161pi\u010dce dok\u00e1zaly vytvo\u0159it tlak p\u0159esahuj\u00edc\u00ed 3 miliony po\u017eadavk\u016f za minutu.  <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231123-zkracovac-url.png\"><img decoding=\"async\" width=\"1024\" height=\"405\" data-src=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231123-zkracovac-url-1024x405.png\" alt=\"\" class=\"wp-image-468460 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231123-zkracovac-url-1024x405.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231123-zkracovac-url-300x119.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231123-zkracovac-url-768x304.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231123-zkracovac-url-1536x608.png 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231123-zkracovac-url.png 1840w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/405;\" \/><\/a><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">2.  \u00datok na ministerstvo st\u00e1tu &#8211; 2,8 M request\u016f za minutu <\/h4>\n\n\n\n<p>Ochranu st\u00e1tn\u00edch instituc\u00ed m\u00e1me u\u017e odzkou\u0161enou a n\u011bkolik m\u011bs\u00edc\u016f chr\u00e1n\u00edme hned n\u011bkolik ministerstev st\u00e1t\u016f v\u011bt\u0161\u00edch, ne\u017e je \u010cR (v \u010cesku si rad\u011bji nechaj\u00ed shodit web, ne\u017e by vyzkou\u0161eli na\u0161e \u0159e\u0161en\u00ed). N\u011bkdy jsou to opravdu zvl\u00e1\u0161tn\u00ed \u00fatoky a proch\u00e1zet logy je velice zaj\u00edmav\u00e9. Jsou to rozd\u00edln\u00e9 IP (AS) a \u00fato\u010d\u00ed jinak. V tomto p\u0159\u00edpad\u011b to v\u0161ak byl vesm\u011bs standardn\u00ed a jednoduch\u00fd L7 HTTP flood postaven\u00fd na zranitelnosti HTTP\/2 Rapid Reset.<\/p>\n\n\n\n<p>\u00datok se skl\u00e1dal v podstat\u011b ze dvou a celkem s p\u0159est\u00e1vkou trval kolem 8 minut. Celkem \u00fato\u010dn\u00edci poslali 12 M po\u017eadavk\u016f, 2,8 M za minutu ve \u0161pi\u010dce z 2 708 unik\u00e1tn\u00edch IP adres. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231108-utok-na-ministerstvo.png\"><img decoding=\"async\" width=\"1024\" height=\"440\" data-src=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231108-utok-na-ministerstvo-1024x440.png\" alt=\"\" class=\"wp-image-468491 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231108-utok-na-ministerstvo-1024x440.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231108-utok-na-ministerstvo-300x129.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231108-utok-na-ministerstvo-768x330.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231108-utok-na-ministerstvo-1536x660.png 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231108-utok-na-ministerstvo.png 1793w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/440;\" \/><\/a><\/figure>\n\n\n\n<p>Tento \u00fatok byl posledn\u00edm zaj\u00edmav\u00fdm pokusem v listopadu shodit tento vl\u00e1dn\u00ed web. P\u0159edch\u00e1zely tomu dal\u0161\u00ed pokusy. Nejzaj\u00edmav\u011bj\u0161\u00ed byl o p\u00e1r dn\u00ed d\u0159\u00edve, proto\u017ee s p\u0159est\u00e1vkami trval zhruba 2 a p\u016fl hodiny a \u00fato\u010dn\u00edci a\u017e k WAF protla\u010dili <strong>106 milion\u016f po\u017eadavk\u016f<\/strong> z 3 270 unik\u00e1tn\u00edch IP adres. \u0160pi\u010dka 1,9 milion\u016f za minutu tak\u00e9 nebyla zrovna m\u00e1lo. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"441\" data-src=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231105-utok-ma-ministerstvo-1024x441.png\" alt=\"\" class=\"wp-image-468507 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231105-utok-ma-ministerstvo-1024x441.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231105-utok-ma-ministerstvo-300x129.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231105-utok-ma-ministerstvo-768x331.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231105-utok-ma-ministerstvo-1536x661.png 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231105-utok-ma-ministerstvo.png 1800w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/441;\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">3. \u00fatok na e-shop \u2013 1,7 M po\u017eadavk\u016f ve \u0161pi\u010dce<\/h4>\n\n\n\n<p>Tohle je typick\u00fd p\u0159\u00edklad \u00fatoku na e-shopy v listopadu. Trval n\u011bco p\u0159es minutu a ve \u0161pi\u010dce m\u011bl 1,7 M po\u017eadavk\u016f z 2 674 UIP. V\u011bt\u0161ina podobn\u00fdch \u00fatok\u016f trv\u00e1 30\u201360 vte\u0159in, zkus\u00ed poslat na c\u00edlov\u00fd server dost po\u017eadavk\u016f, aby jej provozovatel e-commerce \u0159e\u0161en\u00ed\/hostingu odstavil. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231117-utok-na-eshop.png\"><img decoding=\"async\" width=\"1024\" height=\"405\" data-src=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231117-utok-na-eshop-1024x405.png\" alt=\"\" class=\"wp-image-468528 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231117-utok-na-eshop-1024x405.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231117-utok-na-eshop-300x119.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231117-utok-na-eshop-768x304.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231117-utok-na-eshop-1536x608.png 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231117-utok-na-eshop.png 1837w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/405;\" \/><\/a><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Bonus: \u00fatok na e-shop o Black Friday \u2013 1,3 M po\u017eadavk\u016f ve \u0161pi\u010dce<\/h4>\n\n\n\n<p>Tento \u00fatok byl \u201enejn\u00e1padn\u011bj\u0161\u00ed\u201c, kter\u00fd pro\u0161el na Black Friday a sm\u011b\u0159oval na e-shop, kde zrovna intenzivn\u011b nakupovali z\u00e1kazn\u00edci. Trval hodinu. Za tu dobu \u00fato\u010dn\u00edk poslal 26 milion\u016f po\u017eadavk\u016f z 1 913 unik\u00e1tn\u00edch IP adres. Nakonec z toho vyt\u00e1hl a\u017e 1,3 M po\u017eadavk\u016f za minutu.<\/p>\n\n\n\n<p>Asi nejzaj\u00edmav\u011bj\u0161\u00ed bylo, \u017ee \u00fatok \u0161el z \u010desk\u00fdch IP adres, kde na jednom rozsahu jedna \u00fato\u010dila, dal\u0161\u00ed nakupovala. Dokonce jedna \u00fato\u010d\u00edc\u00ed jednou za \u010das st\u00e1hla i obr\u00e1zky a css, tedy je mo\u017en\u00e9 \u017ee tuto IP sd\u00edlel jak napaden\u00fd po\u010d\u00edta\u010d, tak i n\u011bkdo, kdo si prohl\u00ed\u017eel nab\u00eddku zbo\u017e\u00ed. Tradi\u010dn\u00ed \u0159e\u0161en\u00ed blacklistov\u00e1n\u00ed IP adres by tak na\u0161eho z\u00e1kazn\u00edka st\u00e1lo pen\u00edze. <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"447\" data-src=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231124-utok-na-eshop-logo-1024x447.png\" alt=\"\" class=\"wp-image-468547 lazyload\" data-srcset=\"https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231124-utok-na-eshop-logo-1024x447.png 1024w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231124-utok-na-eshop-logo-300x131.png 300w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231124-utok-na-eshop-logo-768x335.png 768w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231124-utok-na-eshop-logo-1536x671.png 1536w, https:\/\/blog.wedos.com\/wp-content\/uploads\/2023\/12\/20231124-utok-na-eshop-logo.png 1828w\" data-sizes=\"(max-width: 767px) 89vw, (max-width: 1000px) 54vw, (max-width: 1071px) 543px, 580px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 1024px; --smush-placeholder-aspect-ratio: 1024\/447;\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Z\u00e1v\u011br<\/h3>\n\n\n\n<p>Uvid\u00edme, jestli se n\u00e1m poda\u0159\u00ed zkompletovat data za prosinec. Kolegov\u00e9 p\u0159id\u00e1vaj\u00ed dal\u0161\u00ed testovac\u00ed body, kter\u00e9 data nepos\u00edlaj\u00ed, \u010d\u00e1st log\u016f se p\u0159ed\u011bl\u00e1v\u00e1. Tak\u017ee v lednov\u00e9m p\u0159ehledu mo\u017en\u00e1 budou jen novinky a nejv\u011bt\u0161\u00ed \u00fatoky. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>V listopadu \u010delila na\u0161e ochrana nadpr\u016fm\u011brn\u00e9mu mno\u017estv\u00ed DDoS \u00fatok\u016f p\u0159es aplika\u010dn\u00ed vrstvu. Velk\u00e1 \u010d\u00e1st z nich sm\u011b\u0159ovala na e-shopy. V\u0161e pak vyvrcholilo v p\u00e1tek 24. listopadu, kter\u00fd je ozna\u010dov\u00e1n jako Black Friday. To n\u00e1s utvrdilo v p\u0159esv\u011bd\u010den\u00ed, \u017ee se nejednalo o nahodil\u00e9 \u00fatoky, ale s nejv\u011bt\u0161\u00ed pravd\u011bpodobnost\u00ed o konkuren\u010dn\u00ed boj. Zvl\u00e1\u0161t\u011b, kdy\u017e jsme zjistili, \u017ee &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/blog.wedos.com\/cs\/waf-report-z-wedos-global-protection-za-listopad-2023\" class=\"more-link\">Pokra\u010dovat ve \u010dten\u00ed<span class=\"screen-reader-text\"> &#8222;WAF report z WEDOS Global Protection za listopad 2023&#8220;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":468566,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-463561","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-spolecnost"],"_links":{"self":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/463561","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/comments?post=463561"}],"version-history":[{"count":10,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/463561\/revisions"}],"predecessor-version":[{"id":537232,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/463561\/revisions\/537232"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/media\/468566"}],"wp:attachment":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/media?parent=463561"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/categories?post=463561"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/tags?post=463561"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}