What is a cc attack?
CC attack, English Challenge Collapsar, translated as "challenge black hole", is A distributed denial-of-service (DDoS) attack that targets weak points in service system performance. Traditional DDoS attacks generally exploit flaws in the underlying network technology of the victim server to launch attacks, and the attacker consumes relatively little traffic. With the advancement of technology, effective defense has been basically achieved.
CC attacks are different from traditional DDoS attacks. They target weak links in the application layer of business systems. Attackers need to consume more network bandwidth to launch. However, because attacks are launched based on business characteristics, currently There is no universal and effective defense method, so the attack success rate is relatively high.
Performance weaknesses in the server business are not necessarily defects in software implementation. For example, for common CMS websites, the homepage can carry tens of thousands of RPS (requests per second) without any problems under Cache and other technologies, but the search function of the CMS may only carry a few hundred RPS.
Considering that the number of website users is usually small, the actual pressure on the homepage is only a few hundred RPS, and the search is only a few RPS, the website can run normally. At this time, if a hacker concludes that search is a weak link in performance, launches a CC attack on the search function, and sends search requests to the website through hundreds of proxy servers across the country, the website will soon be overwhelmed and forced to go offline.
Interfaces in websites that need to handle complex transactions are generally likely to become targets of CC attacks, including search, chat, SMS sending, verification code generation, etc.
The above is the detailed content of What is a CC attack?. For more information, please follow other related articles on the PHP Chinese website!