In recent years, with the rapid development of the mobile Internet, the number of network attacks has increased year by year, and attacks against websites have become more and more frequent. Among the many attack methods, the most common ones are CC attacks and DDoS attacks, especially Some websites with poor protection capabilities are easily paralyzed once they are attacked, causing unnecessary troubles. So what is the difference between the principles of DDoS attacks and CC attacks? This article will introduce it to you.
CC attack
The previous life of CC was an attack program called fatboy, which was developed by hackers to challenge an anti-DDoS device. It should be regarded as an application layer DDoS. It happened after the TCP 3-way handshake was completed, and the IP it sent was actually real. However, DDoS at the application layer is more powerful than DDoS at the network layer, and most of the current commercial anti-DDOS devices are more effective in defending against DDoS at the network layer. Currently, there is no effective means to deal with DDoS attacks at the application layer. In fact, the attack principle of CC is relatively simple. It is to continuously send requests to some resource-intensive application pages, so as to achieve the purpose of consuming server resources. In web applications, operations such as querying databases, reading and writing hard disk files, etc. are relatively resource-consuming. .
DDoS attack
The principle of DDoS attack is to use network overload to interfere or hinder normal network communication, and then apply a large number of requests to the server, causing the server to run overloaded. So as to block normal data requests, that is, to prevent normal visitors from making normal requests to the server. Several common DDoS attacks include ICMP fllod, SYN flood, and UDP flood, and SYN flood is the most common attack method. It is carried out by using the defects in the design of the TCP protocol. When it attacks, it will create a lot of fake IP source address, and then send a large number of SYN packets to the server, and then the server will return ACK/SYN packets, but the IP is forged, so the server will not receive a response, it will try 3-5 times, and wait for a SYN time, The connection will be dropped if it times out.
The attacker sends a large number of SYN requests with forged source addresses, and the server will consume a lot of resources to process this half-connection. At the same time, SYN/ACK retries are required for these requests. The final result is that the server has no time to pay attention to normal A connection request resulted in a denial of service. This is the principle of DDoS attack.
The difference between the two is:
CC attack simulates users attacking some relatively resource-consuming web pages, while DDoS attack targets IPs. Although the two attack methods are different, the result is that normal users cannot access. If the server does not take good defense measures, it will be black holed by the server operator if it is attacked by a small one, and the black hole time for multiple attacks will become longer and longer, and a large number of users will be lost.