About CC attack, everyone knows is a disguised attack mode of DDOS attacks, but most users is difficult to detect when attacked, the most common is their bandwidth usage increased suddenly, lets users mistakenly assume that the user traffic increases, the server is running has load, need to increase the bandwidth and server hardware configuration, other Thus the fact of being attacked was ignored, so that the problem of being attacked could not be solved, and the business operation suffered a huge loss.

What is the principle of CC attacks? CC attacks belong to DDOS attacks, so the principle is the same between them, that is, sending a large amount of request data to cause the server to deny service, is a connection attack. Attackers control some hosts to continuously send a large number of data packets to the target server, causing its resource exhaustion, so that the CPU in 100% state for a long time, until the crash down.

Ii. Types of CC attacks:

CC attacks are classified into three types: direct attacks, proxy attacks, and botnet attacks. Direct attacks are mainly aimed at critical defects

WEB applications, in general, only have problems with the writing of the program when this happens, relatively rare.

Proxy attacks, botnet attacks: This is a bit like a DDOS attack, which is defenseless at the WEB application level, so a proxy attack is CC. The attacker will operate a batch of proxy servers, say 100 proxies, and each proxy will issue 10 requests at the same time, so that the WEB server receives 1000 concurrent requests at the same time. And after the request, immediately broken connection with the agent, avoid the agent returns the bandwidth of the data will itself closed, and not a request again, then the process of the WEB server will respond to these requests to queue, so it is with the database server, so that normal request will be ranked very after being processed, Then the page opens extremely slowly or the screen goes blank.
** How to do defense strategy? **

1. Unbind the domain name

The domain name binding is cancelled

The CPU of the Web server returned to normal immediately, and the CONNECTION over IP was fine. However, the disadvantages are also obvious. Canceling or changing the domain name brings inconvenience to others’ access. In addition, it is invalid for IP CC attacks, even if the attacker discovers the new domain name, he will attack the new domain name.

2. Change the Web port

In general

The Web server provides external services through port 80. Therefore, attackers use the default port 80 to attack. Therefore, we can modify the Web port to prevent CC attacks.

3. IIS shielding IP

We found it either by command or by looking at the log

CC attack source IP address, you can set IIS to block the IP address to the Web site access, so as to achieve the purpose of defending IIS attacks.

As is written in the book of the opening, the majority of users are wait for server attacks, began to look for solutions, but in this era of rapid development of Internet, to keep the consciousness of the nip in the bud, can’t wait until lost to think of some way to go to remedy, usual do website optimization, as well as the server security arrangements be not a good thing, don’t always feel trouble, Cause oneself to sink deeper and deeper in the misunderstanding, missed the best time to deal with.