CC attack attack technology content is low, the use of tools and some IP proxy, a primary and intermediate level computer users will be able to carry out attacks. However, if you understand the principle of CC attacks, it is not difficult for CC attack some effective preventive measures.
in principle, all firewall basically will detect concurrent TCP/IP connection number, more than a certain number of a certain frequency will be considered Connection-Flood. But if the number of IP is large enough to make fewer connections of single IP, may not be so the firewall can prevent CC attacks.
There are several ways to prevent
finally, I spent half an hour to write a small program, run after the automatic screening of hundreds of IP, the website is normal, it proves that the firewall is not valid for the CC attack defense, the most effective way is in the server through the program automatically shielded to prevent.
CC attacks, one is through the firewall, and some Internet companies also provide some services such as firewall, XX site guards and XX Bao, another method is to write their own procedures to prevent CC attacks, the website yesterday met, this also let me try a variety of effective CC attack method to prevent.
CC (Challenge Collapsar DDOS) attack (distributed denial of service) a is a common site of attack, the attacker through a proxy server or to the broiler victim host constantly send a large number of data packets, causing the other server resources exhausted, until the crash down.
actually, by analyzing the web log, or it is easy to tell which is the IP CC attack, CC attack because after all is through the program to crawl the web, browse the characteristics different from ordinary or great, such as ordinary visitors to access a web page will be continuous crawling HTML file, CSS file, JS documents and pictures and a series of related documents, and the CC attacker only grab a URL address file, does not capture other types of files, the User Agent and most ordinary visitors, this can on the server it is easy to tell which visitors is CC attack, the attacker can determine if IP, so preventive measures is very simple, only need the batch IP shield can achieve CC attack prevention purpose.
CC attack threshold is still quite low, a proxy or hundreds of broilers can attack others, its cost is very low, but the effect is obvious, such as:
I’d like to start using certain site guards to prevent attacks from the interface, seems to prevent a large number of CC attacks, but the login, traffic still abnormal, attack still looks, this effect did not reach the site guards.