5 Effective CC Attack Defense Methods

First. Introduction to CC Attack:

With the rapid development and popularization of network technology, the network has changed the way everyone lives and work, and network security problems have become more and more serious. In recent years, the frequency of network intrusions has continued to increase, and the damage has become more and more serious. Distributed denial of service attacks (DDoS) are the most harmful. DDoS attacks can completely disable the ability of the attacked network host to perform normal services in a short period of time.

CC attack (Challenge CoHapsar, challenge black hole) is a common type of DDoS attack. The attacker controls some hosts to continuously send a large number of data packets to the other server, causing the server resources to be exhausted, until the crash. The CC attack is mainly aimed at the WEB server sending a large number of concurrent requests, focusing on the functions that consume more resources in the application and occupy a lot of system resources. The technical content and cost of the CC attack are very low. As long as there are hundreds of IPs and a few processes per IP, there can be thousands of concurrent requests. It is easy to exhaust the resources of the attacked target server and cause website downtime. machine.





Second. Common methods of CC attack:

There are three common methods of CC attacks: single host virtual multiple IP address attacks, proxy server attacks, and botnet attacks.

Single host virtual multiple IP address attack: The attacker uses a host to fabricate multiple IP addresses to send a large number of requests to the specified page of the target server. When the server is too late to process these access requests, the page will not respond, and normal access will be rejected.

Proxy server attack: The attacker sends an access request to the proxy server through the attacking host. Then the attacking host can immediately disconnect from the proxy server and immediately send the next access request, because the proxy server will definitely access the specified page resources of the application server after accepting the access request instruction. Therefore, the attacking host does not need to maintain the access connection like directly accessing the application server, so the efficiency of using this method of attack will be greatly improved.

Botnet attack: The attacker initiates a large number of requests to the server through the botnet. The victim host receives requests from a large number of scattered addresses without any attacker’s IP address information. This attack method highly simulates the normal access of many users to the application server. Process, so it has a strong concealment.

Third. CC attack defense method:

CC attacks can simulate normal users and use real IP addresses for access, so the concealment is strong. The commonly used effective defense methods for CC attacks are as follows:

1. Choose reliable high-defense servers to improve server hardware and network bandwidth resources: high-performance server hardware capabilities and sufficient network bandwidth resources can improve the system's carrying capacity against CC attacks

2. Static website pages: Static website pages can greatly reduce the consumption of system resources, so as to improve the ability to resist system attacks;

3. IP shielding restriction: identify the source IP of the attacker, for the source IP of the CC attack, you can set the shielding IP in IIS to restrict its access to achieve the purpose of preventing IIS attacks;

4. Deploy a high-defense CDN: access the high-defense CDN, hide the server source IP, automatically identify attack traffic, and return normal visitor traffic to the source server IP after cleaning to ensure business security;

5. Close unnecessary ports and services.