What is a CC attack? What does CC attack mean? How to protect it

CC attacks are a type of DDoS attacks, which are currently one of the main methods of application-layer attacks, and seem to be more technical than other DDoS attacks. CC attacks use the help of ** servers to generate legitimate requests to the target system, achieving cloaking and DDoS.

CC attacks simulate multiple normal users constantly accessing pages that require a large amount of data operations, such as forums, resulting in a waste of server resources, the CPU is at 100% for a long time, there are always endless requests to be processed, network congestion, and normal access is suspended. This kind of attack has a high technical content, and you can't see the real source IP, and you can't see a particularly large abnormal traffic, but the server just can't connect normally.

CC attacks (CC attacks) are a common type of DDoS attacks, in which attackers control certain hosts to send a large number of packets to the opposing server, causing server resources to be exhausted until the server crashes.

CC attacks mainly target web servers to send a large number of concurrent requests, focusing on the more resource-consuming functions in the application, which occupy a large amount of system resources. As long as there are hundreds of IPs, each IP can have thousands of concurrent requests, which can easily exhaust the resources of the target server and cause downtime. Related Links:

CC attack is a kind of DDoS attack, which is a resource-consuming attack, for example, your ** can only withstand 500 user visits at the same time, and the attacker suddenly simulates thousands of visits, at this time your ** wants to provide normal services to the outside world will not work, and CC attacks are becoming more and more targeted, including games and chat rooms on the application layer, are likely to be CC attacks. For specific DDoS related information, you can go to the starting point for DDoS.

A CC attack is a type of DDoS attack that uses a ** server to send a large number of seemingly legitimate requests to the victim server. CC is named after its tool, and the attacker uses a mechanism to launch DDoS attacks using a large number of widely available free servers. Many free** servers support an anonymous mode, which makes tracking very difficult.

The principle of CC attack is that the attacker controls some hosts to send a large number of packets to the other server without stopping, causing the server resources to be exhausted until it goes down and crashes. CC is mainly used to attack the page, everyone has this experience: when a web page is visited by a large number of people, the opening of the web page is slow, CC is to simulate multiple users to visit those pages that require a large amount of data operations, resulting in a waste of server resources, CPU is at 100% for a long time, there will always be an inexhaustible connection until the network is congested, and normal access is suspended.

CC is a kind of DOS attack, which mainly refers to a page attack, which may cause the access speed to become very slow and affect the customer experience.

In layman's terms, it is to simulate the forgery of a large number of real customers to frequently access and request a certain domain name, which puts pressure on the origin server, causing the requests of real customers to be shelved and unable to be processed, resulting in downtime; The regular type of CC is easier to defend against, and you can pretend to be a security software in the source server to set the policy; use of CDN services; Use Anti-DDoS Pro and improve server configuration. But now CC has evolved many types, infiltration, wall penetration, mutation, mixing, and so on.

HTTP Flood is a type of DDoS (Distributed Denial of Service), formerly known as Fatboy Attack, which is also a common attack method. is an attack on a web service at a Layer 7 protocol. Instead of controlling a large number of broilers, the attacker does not need to control a large number of broilers through a port scanner looking for anonymous http or socks on the Internet, and the attacker makes HTTP requests to the attack target anonymously.

Anonymous servers are widespread on the internet. Therefore, the attack is easy to launch and can maintain long-term high-intensity continuous attacks, and can also hide the attacker** from being tracked.

Features of HTTP CC attacks:

The IPs of HTTP CC attacks are all real and scattered.

Packets for HTTP CC attacks are all normal packets.

Requests for HTTP CC attacks are valid and cannot be denied.

HTTP CC attacks the web page, the server can connect, and the ping is fine, but the web page just can't be accessed.

If the web environment is turned on, the server dies quickly and is prone to packet loss.

If the web server supports HTTPS, an HTTPS flood attack is a more effective attack method. There are two reasons for this:

Second, some protection devices are unable to process HTTPS communication data flows, which will cause attack traffic to bypass protection devices and directly attack web servers.

Easy CC attack defense method.

2.On servers with multiple sites, the number of IP connections and CPU usage time allowed for each site are strictly limited.

5.CDN is added to the frontend of the server.

What is a CC attack

CC attack (Challenge Collapsar) is a kind of DDOS (distributed denial of service), which is a common attack method, in which the attacker keeps accessing the victim host through the server or broiler, causing the server to run out of resources until it crashes until it crashes CC attack uses the server to send a large number of URL requests that require a long computing time, such as database queries. As a result, the server performs a large amount of computing and quickly reaches its own processing power, resulting in DOS

The attacker will actively disconnect once the request is sent to **, because ** does not connect to the target server because the connection on the client's side is disconnected, so the resource consumption of the attack aircraft is relatively small, and from the target server, the requests from ** are legitimate.

Common protection methods for CC attacks

1. Cloud WAF

Advantages: fast installation and configuration, good product guarantee for large companies.

Disadvantages: 1. There is a risk of bypassing the protection of WAF is mainly achieved by reverse, if it does not go through this agent, it will naturally not be able to protect, so if the attacker finds a way to obtain the IP of the company, then it can bypass WAF and attack directly.

2. Access data is not confidential If your access data is confidential information, you can't use WAF.

2. The web server distinguishes between attackers and normal visitors.

For example, when an ordinary viewer visits a web page, he will continue to crawl a series of related files such as html, css, js and ** of the web page, and the CC attack is to crawl the web page through the program, only scraping a file with a URL address, and will not scrape other types of files Therefore, by identifying the IP of the attacker and shielding, it can play a good preventive role.

3. Static content.

Static content can greatly reduce system resource consumption, which defeats the attacker's goal of exhausting server resources.

4. Limit the number of IP connections.

Generally, normal viewers will not visit the same page many times in a row in a second, and the web server can be configured to limit the IP access frequency.

5. Restrict access to **.

Of course, there are several ways to confidently defend against CC attacks:

1. Unbind the domain name.

Generally, CC attacks are aimed at the domain name of **, for example, our ** domain name is:, then the attacker sets the attack object as the domain name in the attack tool and then carries out the attack. Our measure against such an attack is to unbind this domain name, so that the CC attack loses its target.

2. Block IP

If we find the source IP address of the CC attack through commands or check the logs, we can set the firewall to block the IP access to the website, so as to prevent the attack.

3. Change the web port.

Under normal circumstances, the web server provides services through port 80, so the attack is carried out by the rock wheel attacker with the default port of 80, so we can modify the web port to achieve the purpose of preventing CC attacks.

4. Domain name spoofing resolution.

If we find a CC attack on a domain name, we can resolve the attacked domain name to this address. We know that the local loopback IP is used for network testing, and if the attacked domain name is resolved to this IP, the attacker can achieve the purpose of attacking himself, so that no matter how many broilers or ** will go down.

5. Deploy anti-DDoS Pro CDN defense.

Anti-DDoS Pro can automatically identify malicious attacks and intelligently clean these fake traffic, and return normal visitor traffic to the source server IP address to ensure the normal and stable operation of the source server.

OK.

There are a variety of ways to defend against CC attacks, such as unbinding the domain name, changing the web port, blocking the IP address, spoofing the domain name to block the spring block, and using a dedicated anti-CC attack firewall.

C is mainly used to attack the page, CC attack is a new type of attack that uses a large number of visits to a certain page, and causes the ** program to not respond normally, CC attack is generally carried out in the way of **, one can hide their IP, and the other can increase the attack effect.

Methods to determine whether it has been attacked by CC:

1. If it is attacked by a small amount of CC, the site can still be accessed intermittently, but some relatively large files, such as **, will not be displayed. If a small number of CC attacks are dynamically attacked, you will also find that the CPU usage of the server has soared. This is the most basic symptom of CC attack.

2. If it is a static site, such as an HTML page, open the task manager in the case of a CC attack; Looking at the network traffic, you will find that the sending of data in the network application is seriously high, under a large number of cc attacks, it will even reach 99% of the network occupation, of course, in the case of CC attacks, there is no way to access normally, but through the 3389 connection to the server can still be connected normally.

3. If it is dynamic, such as ASP, etc., in the case of CC attack, the IIS site will give an error prompt serveristoobusy, if you do not use IIS to provide services, you will find that the program that provides services automatically crashes and errors for no reason. If there is no problem with the program, it can basically be concluded that it was attacked by CC.

1. ** will become abnormal card, and 503 errors will occur frequently;

2. The log file will become abnormally large, if the usual log file size is hundreds of ks and a few meters at most, and suddenly changes to tens or even hundreds of m, it can be concluded that it was attacked by cc.

3. The number of connections has soared abnormally.

CC attack is a typical attack that disguises a large number of legitimate HTTP requests and leads to the exhaustion of host resources and the network is busy.

Question: Da Yuling Beiyi (Song Zhiwen) a sent to the left province Du Shizhi (Cen Shen).

ChallengeCohapsar is a common type of DDoS attack, in which an attacker generates a legitimate request to the victim host with the help of a service bumper to achieve DDoS and disguise. To put it in layman's terms, the principle of CC attack is that the attacker controls some hosts to continuously send a large number of packets to the other server, causing the server resources to be exhausted until it goes down and crashes.

There are three types of CC attacks, direct attacks, ** attacks, and botnet attacks.

What is a CC attackThe predecessor of the CC attack, known as the FATBOY attack, is a denial of service by constantly sending connection requests to **. The attacker sends a large number of packets to the victim host through the ** server or broiler, causing the other party's server resources to be exhausted until it crashes.

How to defend against CC attacks?

Theoretically, the infinite increase in server configuration can prevent CC attacks, the higher the CPU memory bandwidth configuration, the greater the resistance, but this is only theoretical, just like you are a strong man, fighting with a group of people, three or four people may not have any pressure on you, but what if there are hundreds of people? One person and a sip of water, you are hanging.

So we need a helper to prevent the CCP attack.

First, Anti-DDoS Pro

Anti-DDoS Pro refers to an IP** node with a professional firewall, which can effectively block extraordinary attacks. It's like a group of people fighting hand-to-hand, but you have armor, and the other party will definitely not be able to beat you.

2. Anti-DDoS Server.

Similar to Anti-DDoS Pro IP, Anti-DDoS Pro servers are servers with professional firewalls, which can effectively block CC attacks.

3. Anti-DDoS Pro CDN

Anti-DDoS Pro CDN refers to the Anti-DDoS nodes set up across the country to achieve defense by dispersing attacks. It's like fighting in a group, the other party comes with 100 people, but you have 15 helpers, and all of these helpers are practicing martial arts, and a dozen 10 is not a problem, then the problem is solved.

The three defense methods are recommended for the host bar, because the false kill rate is low, and the cost is also low. For example, cloud acceleration, the price of the professional version is only 795 yuan a year, which is very cost-effective. Related Links: