What is a cc attack?

CCThe attack has a definition: The attacker uses a proxy server to generate a legitimate request to the victim host, and the way to implement a denial of service attack is calledCC (Challenge Collapsar)attack. " It is saidCCThe original intention isChanllenge Fatboy, becauseCollapsar (Black Hole) is a product of the Green Alliance technology company, in the field of anti-denial of service attacks have relatively high influence,CCrenamed toChallenge Collapsar, intended to indicate toCollapsarlaunch the Challenge "

CC  striking feature is that attackers use "legitimate" sources ip and access request, collapsar can not judge the true and false had to let go, became a device ( ) ; As for the emphasis on proxy server attacks, just hide the attacker's whereabouts. In fact, when the traffic is small, know your ip There is no way to confirm that you are an attacker, not to hide or to be equally secure ( Span style= "font-family: Song Body" >.

CC attacks differ from DDOS attack also has a significant feature: The attack traffic does not need to be very large, very uniform, the number of access requests is not a lot, occupy the server is a lot of resources, the result is to let the server "down", the attackers are often considered their own server out of the "unknowable" problem.

so CC How does an attack achieve the purpose of the attack?

by constructing targeted business requests that consume the most server-side resources, let the server "overwork" and stop the service, such as the calculated cache space, Access IO number of channels, read-write database operations, disk read and write operations ...

This is like a hospital doctor: usually is a cold fever and other patients, the doctor can see a day - a patient, if all is the United States and other diseases such as Nils Syndrome, doctor one day to clear a patient is good, but a day at the same time to six such difficult patients, even if you hang up the number, it is estimated that the doctor did not have time to show you.

We all say: the trade has to compensate to earn, has the high quality customer, has the formidable customer, if the difficult customer ratio exceeds the normal scope, the cost rises sharply, this sale wants to make money is difficult.

to construct such a targeted business request, there are many methods, the key is to understand the service background of the business processing mechanism, the following introduction of several general web-based ideas:

1 , Once the old data is called, the data is temporarily placed in the Cache storage, because the data is updated fast, the probability of the data being re-accessed is very low, so quickly called the high frequency of new data "extrusion", at this time, You visit this old data again, just the "rummaging" work has to start again;

2. requests for level three pages

The site home page is more likely to be visited, and the three-level page has a few orders of magnitude, even if the site's many "crawlers" often ignore it.

Here you design a different three-level page polling application for the site. For larger sites, the potential impact could be huge:

3. due to the low level of three page access, your design is not very high access repeatability, site acceleration, caching and other optimization measures are basically not used.

4. Empty account transactions: is the account of no money, but also to trade applications, of course, the transaction is not successful, but this for the trading system, the same processing a deal;

Only generic access is mentioned here. Specific attacks on the Web server to attack, the study of its specific types of services, website structure, query algorithm, etc., can be structured to have a very strong targeted access. This is somewhat like The statement design of SQL injection, except that SQL injection is intended to get sensitive data or system execution permissions, while CC attacks are designed to drain each other's resources , stop the service.

CC attack Let DDOS attack from the network level, to the application level, the attack is the server's strained resources, rather than bandwidth, can bypass the network security of the traffic cleaning equipment, the target system directly DDOS attacks, the protection of business systems is often more vulnerable than we think.

First, as people's awareness of the safety of the strengthening of the attack becomes more and more difficult, the information security industry is facing a difficult transition. The reasons can be attributed to:1, the system can be exploited by fewer vulnerabilities ( Discovery Difficulty, economic and political reasons and not public ), Exploiting system vulnerabilities will be more difficult, although the vulnerability to the application is still very many, but the control permission is weak, the harm is small, the time is long. 2, the network of security measures more and more perfect, as well as the massive intervention of the national army, so that the internet is no longer "free", anonymous, hidden has become more and more difficult. The entire information security industry is brewing a disruptive transformation of the attack mentality.

Hunan Hengyang High-protection server rental, hosting, cabinet rental

High-protection! High profile! G-Port! Second Solution! Ignore CC.

Strong launch of ultra-high protection against unlimited special offers

7x24 Hourly Technical Support

Primary resources, recruitment agent, welcome to consult

q:2851506992 tell:15013023312

What is a cc attack?