CC攻击
CC攻击全称Challenge Collapsar,中文意思是挑战黑洞,因为以前的抵抗DDoS攻击的安全设备叫黑洞,顾名思义挑战黑洞就是说黑洞拿这种攻击没办法,新一代的抗DDoS设备已经改名为ADS(Anti-DDoS System),基本上已经可以完美的抵御CC攻击了。CC攻击的原理是通过代理服务器或者大量肉鸡模拟多个用户访问目标网站的动态页面,制造大量的后台数据库查询动作,消耗目标CPU资源,造成拒绝服务。CC不像DDoS可以用硬件防火墙来过滤攻击,CC攻击本身的请求就是正常的请求。我们都知道网站的页面有静态和动态之分,动态网页是需要与后台数据库进行交互的,比如一些论坛用户登录的时候需要去数据库查询你的等级、权限等等,当你留言的时候又需要查询权限、同步数据等等,这就消耗很多CPU资源,造成静态网页能打开,但是需要和数据库交互的动态网页打开慢或者无法打开的现象。这种攻击方式相对于前两种实现要相对复杂一些,但是防御起来要简单的多,提供服务的企业只要尽量少用动态网页并且让一些操作提供验证码就能抵御一般的CC攻击。
攻击种类
CC攻击的种类有三种,直接攻击,代理攻击,僵尸网络攻击,直接攻击主要针对有重要缺陷的 WEB 应用程序,一般说来是程序写的有问题的时候才会出现这种情况,比较少见。僵尸网络攻击有点类似于 DDOS 攻击了,从 WEB 应用程序层面上已经无法防御,所以代理攻击是CC 攻击者一般会操作一批代理服务器,比方说 100 个代理,然后每个代理同时发出 10 个请求,这样 WEB 服务器同时收到 1000 个并发请求的,并且在发出请求后,立刻断掉与代理的连接,避免代理返回的数据将本身的带宽堵死,而不能发动再次请求,这时 WEB 服务器会将响应这些请求的进程进行队列,数据库服务器也同样如此,这样一来,正常请求将会被排在很后被处理,就象本来你去食堂吃饭时,一般只有不到十个人在排队,今天前面却插了一千个人,那么轮到你的机会就很小很小了,这时就出现页面打开极其缓慢或者白屏。
CC攻击防御策略
确定Web服务器正在或者曾经遭受CC攻击,那如何进行有效的防范呢?
(1).取消域名绑定
一般cc攻击都是针对网站的域名进行攻击,比如我们的网站域名是“www.abc.com”,那么攻击者就在攻击工具中设定攻击对象为该域名然后实施攻击。
对于这样的攻击我们的措施是在IIS上取消这个域名的绑定,让CC攻击失去目标。具体操作步骤是:打开“IIS管理器”定位到具体站点右键“属性”打开该站点的属性面板,点击IP地址右侧的“高级”按钮,选择该域名项进行编辑,将“主机头值”删除或者改为其它的值(域名)。
经过模拟测试,取消域名绑定后Web服务器的CPU马上恢复正常状态,通过IP进行访问连接一切正常。但是不足之处也很明显,取消或者更改域名对于别人的访问带来了不变,另外,对于针对IP的CC攻击它是无效的,就算更换域名攻击者发现之后,他也会对新域名实施攻击。
(2).域名欺骗解析
如果发现针对域名的CC攻击,我们可以把被攻击的域名解析到127.0.0.1这个地址上。我们知道127.0.0.1是本地回环IP是用来进行网络测试的,如果把被攻击的域名解析到这个IP上,就可以实现攻击者自己攻击自己的目的,这样他再多的肉鸡或者代理也会宕机,让其自作自受。
另外,当我们的Web服务器遭受CC攻击时把被攻击的域名解析到国家有权威的政府网站或者是网警的网站,让其网警来收拾他们。
现在一般的Web站点都是利用类似“新网”这样的服务商提供的动态域名解析服务,大家可以登录进去之后进行设置。
(3).更改Web端口
一般情况下Web服务器通过80端口对外提供服务,因此攻击者实施攻击就以默认的80端口进行攻击,所以,我们可以修改Web端口达到防CC攻击的目的。运行IIS管理器,定位到相应站点,打开站点“属性”面板,在“网站标识”下有个TCP端口默认为80,我们修改为其他的端口就可以了。
103.107.190.1
103.107.190.2
103.107.190.3
103.107.190.4
103.107.190.5
103.107.190.6
103.107.190.7
103.107.190.8
103.107.190.9
103.107.190.10
103.107.190.11
103.107.190.12
103.107.190.13
103.107.190.14
103.107.190.15
103.107.190.16
103.107.190.17
103.107.190.18
103.107.190.19
103.107.190.20
103.107.190.21
103.107.190.22
103.107.190.23
103.107.190.24
103.107.190.25
103.107.190.26
103.107.190.27
103.107.190.28
103.107.190.29
103.107.190.30
103.107.190.31
103.107.190.32
103.107.190.33
103.107.190.34
103.107.190.35
103.107.190.36
103.107.190.37
103.107.190.38
103.107.190.39
103.107.190.40
103.107.190.41
103.107.190.42
103.107.190.43
103.107.190.44
103.107.190.45
103.107.190.46
103.107.190.47
103.107.190.48
103.107.190.49
103.107.190.50
103.107.190.51
103.107.190.52
103.107.190.53
103.107.190.54
103.107.190.55
103.107.190.56
103.107.190.57
103.107.190.58
103.107.190.59
103.107.190.60
103.107.190.61
103.107.190.62
103.107.190.63
103.107.190.64
103.107.190.65
103.107.190.66
103.107.190.67
103.107.190.68
103.107.190.69
103.107.190.70
103.107.190.71
103.107.190.72
103.107.190.73
103.107.190.74
103.107.190.75
103.107.190.76
103.107.190.77
103.107.190.78
103.107.190.79
103.107.190.80
103.107.190.81
103.107.190.82
103.107.190.83
103.107.190.84
103.107.190.85
103.107.190.86
103.107.190.87
103.107.190.88
103.107.190.89
103.107.190.90
103.107.190.91
103.107.190.92
103.107.190.93
103.107.190.94
103.107.190.95
103.107.190.96
103.107.190.97
103.107.190.98
103.107.190.99
103.107.190.100
103.107.190.101
103.107.190.102
103.107.190.103
103.107.190.104
103.107.190.105
103.107.190.106
103.107.190.107
103.107.190.108
103.107.190.109
103.107.190.110
103.107.190.111
103.107.190.112
103.107.190.113
103.107.190.114
103.107.190.115
103.107.190.116
103.107.190.117
103.107.190.118
103.107.190.119
103.107.190.120
103.107.190.121
103.107.190.122
103.107.190.123
103.107.190.124
103.107.190.125
103.107.190.126
103.107.190.127
103.107.190.128
103.107.190.129
103.107.190.130
103.107.190.131
103.107.190.132
103.107.190.133
103.107.190.134
103.107.190.135
103.107.190.136
103.107.190.137
103.107.190.138
103.107.190.139
103.107.190.140
103.107.190.141
103.107.190.142
103.107.190.143
103.107.190.144
103.107.190.145
103.107.190.146
103.107.190.147
103.107.190.148
103.107.190.149
103.107.190.150
103.107.190.151
103.107.190.152
103.107.190.153
103.107.190.154
103.107.190.155
103.107.190.156
103.107.190.157
103.107.190.158
103.107.190.159
103.107.190.160
103.107.190.161
103.107.190.162
103.107.190.163
103.107.190.164
103.107.190.165
103.107.190.166
103.107.190.167
103.107.190.168
103.107.190.169
103.107.190.170
103.107.190.171
103.107.190.172
103.107.190.173
103.107.190.174
103.107.190.175
103.107.190.176
103.107.190.177
103.107.190.178
103.107.190.179
103.107.190.180
103.107.190.181
103.107.190.182
103.107.190.183
103.107.190.184
103.107.190.185
103.107.190.186
103.107.190.187
103.107.190.188
103.107.190.189
103.107.190.190
103.107.190.191
103.107.190.192
103.107.190.193
103.107.190.194
103.107.190.195
103.107.190.196
103.107.190.197
103.107.190.198
103.107.190.199
103.107.190.200
103.107.190.201
103.107.190.202
103.107.190.203
103.107.190.204
103.107.190.205
103.107.190.206
103.107.190.207
103.107.190.208
103.107.190.209
103.107.190.210
103.107.190.211
103.107.190.212
103.107.190.213
103.107.190.214
103.107.190.215
103.107.190.216
103.107.190.217
103.107.190.218
103.107.190.219
103.107.190.220
103.107.190.221
103.107.190.222
103.107.190.223
103.107.190.224
103.107.190.225
103.107.190.226
103.107.190.227
103.107.190.228
103.107.190.229
103.107.190.230
103.107.190.231
103.107.190.232
103.107.190.233
103.107.190.234
103.107.190.235
103.107.190.236
103.107.190.237
103.107.190.238
103.107.190.239
103.107.190.240
103.107.190.241
103.107.190.242
103.107.190.243
103.107.190.244
103.107.190.245
103.107.190.246
103.107.190.247
103.107.190.248
103.107.190.249
103.107.190.250
103.107.190.251
103.107.190.252
103.107.190.253
103.107.190.254
103.107.190.255
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
