How can the server and Zhejiang machine room cabinet website resist HTTP/cc attacks? The server host users are most worried about network attacks. At present, the most common attack is against bandwidth. In order to reduce the impact of attacks, users must constantly purchase bandwidth to reduce the impact. In fact, for CC attack users, if we start from the source, we can effectively improve the effect of advanced defense protection. An attack is an attack on the network service in Layer 7 protocol. Compared with the other three layers and four layers, attackers do not need to control a large number of chickens. Instead, they use port scanners to search the Internet for anonymous HTTP or socks proxies. An attacker sends an HTTP request to the target through an anonymous proxy. Anonymous proxy servers exist widely on the Internet. Therefore, the attack is easy to launch and can maintain long-term high-intensity continuous attacks. It can also hide the source of the attacker to avoid being tracked.
Features of HTTP/cc attacks:
1. HTTP/cc attack IP is real and distributed
2. HTTP/cc attack packet is normal
3. All http/cc attack requests are valid and cannot be rejected
4. Http/cc attacks web pages. Can connect, ping is normal, but cannot access the web page
5. If IIS is enabled, the server will die soon, and data packets will be lost easily
6. Like the DNS service, the web service also has a caching mechanism. If a large number of attackers' requests hit the server cache, the main effect of this attack is only to consume network bandwidth resources, and the consumption of computing and IO resources is very limited. Therefore, an efficient http/cc attack should constantly send http requests for different resources and pages, and try to request resources that cannot be cached (such as keyword search results, user related information, etc.), So as to better increase the burden of the server and achieve the ideal attack effect.
Of course, http/cc attacks will also cause serious chain reactions, which will not only directly lead to slow response to Web front-end attacks, but also indirectly attack business layer logic such as back-end Java and more back-end database services, increasing their pressure. The massive log data generated by HTTP/cc attacks will even affect the server where the logs are stored. If the web server supports HTTPS, HTTPS flood attack is a more effective method. There are two reasons. First, when communicating with HTTPS, the Web server needs to consume more resources for authentication and encryption. Secondly, at present, some protection devices cannot process HTTPS communication data streams, leading to attack traffic bypassing protection devices and directly attacking network servers
How can the server and Zhejiang machine room cabinet website resist HTTP/cc attacks? The defense against HTTP/cc attacks is mainly achieved through caching. Background services try to protect the results directly returned from the device cache. When an advanced attacker invades the cache, the cleaning device will intercept HTTP requests for special processing. The early method was to set a threshold for the HTTP request frequency of the source IP, and add IP addresses higher than the threshold to the blacklist. This method is too simple, easy to cause miskill, and cannot shield proxy server attacks. Therefore, it is gradually abolished and replaced by a human-computer recognition scheme based on JavaScript jump. HTTPflood is a program that simulates HTTP requests. Generally speaking, it does not parse the server, returned data, JS and other code. Therefore, when the cleaning device intercepts an HTTP request, it will return a special JavaScript code. The browser of a normal user will normally handle [600m servers] without affecting the use, and the attacker will attack spaces. Because the disguise of HTTP/cc attacks is ever-changing, few strategies or hardware protection can achieve perfect elimination. Therefore, for HTTP/cc attacks, we need network maintenance personnel with certain skills to make open calls, which are open in most cases.
