In contrast, broiler CC is more difficult than proxy CC protection, because broiler can imitate normal users' requests to visit the website to form a legitimate data packet. CC attacks can be divided into proxy CC attacks and broiler CC attacks. Proxy CC attack is that hackers use the proxy server to generate legitimate webpage requests to the victim host to complete DDoS and pretend; while broiler CC attack is that hackers use CC attack software to control many broilers and initiate attacks.
CC attacks make full use of this feature. Many friends have asked, why use a proxy? Since the proxy can effectively hide its own identity, it can also bypass the firewall. Since the basic firewall will detect the number of concurrent TCP/IP connections, a certain frequency beyond a certain number will be considered as a Connection-Flood. Of course, it is also possible to use broiler to launch CC attacks, which can increase the difficulty of CC protection to a level, causing the server CPU to be 100% or even crashing.
CC attack is a kind of DDoS attack, and their principles are the same, that is, sending a lot of request data to cause server denial of service is a connection attack. The principle of the CC attack is that the attacker controls certain hosts to continuously send many data packets to the other server, which causes the server resources to be exhausted, until it crashes.
CC is mainly used to attack web pages. Everyone has this experience: when a web page is requested by a large number of people, it will be slow to open the web page. CC is to imitate multiple users (the number of threads is the number of users). Stopping to request pages that require a lot of data operations results in a waste of server resources. The CPU stays at 100% for a long time, and there are always unfinished connections until the network is congested, and normal requests are interrupted.
A static page does not require much server resources. It can even be read directly from the memory and sent to you. But dynamic websites such as forums are not the same. I read a post and need to go to the database to determine whether I have it. The permission to read the post, if there is, read out the content in the post and display it. I have visited the database at least twice. If the database is 200MB in size, the system is likely to search this 200MB data space. How much CPU resources and time does this require?
Regarding CC protection measures: CC protection can use a variety of methods, such as prohibiting website proxy access, making the website static as much as possible, restricting the number of connections, and modifying the maximum timeout time.
In addition, drawing on existing experience, you can also use two DDoS protection methods to mitigate CC attacks: (1) Enable browser-based challenges: Web Application Firewall (WAF) can use challenge-based algorithms to filter out CC attack robots . Based on the global public cloud infrastructure, this computing power can be used through Multi CDN to automatically adjust CC protection in proportion to attacks. It is this kind of power that can withstand 300 million CC attacks per minute. (2) Geographical restriction: By ensuring the traffic from the countries and regions of the main user group, and blocking the traffic from the known "attack area", the incoming traffic in a specific area is restricted.
Unlike DDOS, which can use hardware firewalls to filter attacks, CC does not have a good CC protection effect, because the request of the CC attack itself is a normal request. If your site is targeted, the most effective solution is to change the domain name and IP. Although effective, few people generally do this. If it is vulnerable to CC attacks, it is recommended to install soft defense in advance.
This article is from: https://www.zhuanqq.com/News/Industry/304.html