Introduction of CC Attack

CC attack is actually a kind of DDoS attack. The traffic of this attack is not very high, but it is very destructive, which directly causes the system service to hang up and cannot be served normally. In my opinion, the experience of long-term protection can be divided into the following types:
1. Syn-cc attack: this kind of attack is more common, hackers directly use high concurrency to request the target, resulting in the target website or application can not provide normal service. Protection is nothing more than conventional concurrency restrictions. General hard defense can filter these conventional CC attacks. As shown in the figure below:
2. Post traffic consumption type: this type uses the destination address without limiting the dynamic request, and malicious submission data interaction causes service interruption. The conventional bandwidth consumption is very high. If it is not elastic, the bandwidth will be consumed for a long time, such as CPU, memory and bandwidth resources. What's more terrifying to the users is that the website registration SMS interface is maliciously requested by the post, resulting in the consumption of thousands of yuan of SMS fees in a few seconds. At present, in this attack, this kind of affected website accounts for a very large proportion. Once, several friends came to me to help them completely solve the problem.
Here we have to say that Xiaobian's friends have no pen talents. Their SMS interface balance of more than 2000 was directly consumed in a few seconds. At first, they bought the WAF firewall of XX cloud. Finally, they found that the shielding could not be completed. The recharge cost was consumed in a few minutes. Finally, the security of the ink maker was found. After the analysis by the ink technician, it was found that the WAF filter only filtered about 60% of the evil If you want to request, the effect is not so good. You can immediately put the ink on it. The fingerprint identification protection developed by the new designer will stabilize. For several days in a row, there are many malicious requests, which are directly put into the blacklist, so that hackers can no longer consume the cost of the interface.
3. Simulation of UA and conventional Baidu camouflage; this attack is also a conventional camouflage, very many, after all, domestic Baidu crawler. Visual inspection as long as there are website attacks, there will be CC attacks disguised as Baidu.
4. Browser vulnerability CC request attack; using browser vulnerability to control the browser to launch an attack and request the real address, which can be said to be the most difficult attack to protect. At present, no one can say that they can handle this attack, but there are very few people with this strength, so there is no need to worry about it at present. Over the years, I have been exposed to this type of attack, which needs to be customized. I have also encountered this kind of attack twice in total, which is also a perfect solution. Because this visit is indeed a normal visit, different from others, it is not a disguise but a real request.
5. Crazy proxy type, super many broiler IP request type; there are many proxy websites on the Internet, hackers buy these proxy IP to launch malicious requests, and half of the agents are estimated to be purchased for CC attacks (personal guess, don't spray if you don't like it).
6. Routing box hijacking attack; this kind of attack is also relatively difficult to prevent, and the request is also a legitimate request, and the number of routing boxes is very large. Once I met someone on the Internet who said that they could control millions of routing boxes, I was afraid of that. However, if someone dares to attack, it should have a background, or it is young and does not consider the consequences.
7. Other perverts; other comprehensive evaluation, is generally a lot of online versions of a variety of attackers simulated out, the world is infinite, everything.
When we find that the website is attacked by CC, don't panic too much. First, check whether the website server is hacked, find out the black chain of the website, and then do a good job in the security defense of the website, turn on the IP ban Ping, which can prevent scanning and close unnecessary ports.