A CC attack defense method and its defense system

A blacklist and server technology, applied in the field of defense against CC attacks, it can solve problems such as inability to effectively protect server network security, slow opening of normal request pages, and bandwidth blockage, so as to reduce the number of HTTP requests, increase attack costs, and prevent attacks. Effect

Active Publication Date: 2019-09-06
BEIJING ANPRO INFORMATION TECH
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

A botnet attack is a bit similar to a DDOS attack, which cannot be defended from the level of web applications, so proxy attacks are CC attackers generally operate a batch of proxy servers, for example, 100 proxies, and then each proxy sends 10 requests at the same time, In this way, the web server receives 1000 concurrent requests at the same time, and immediately disconnects the proxy connection after sending the request, so as to prevent the data returned by the proxy from blocking its own bandwidth, and cannot send another request. At this time, the web server will respond to these The request process is queued, and the same is true for the database server. In this way, normal requests will be processed at the back, causing the normal request page to open extremely slowly or a white screen, which cannot effectively protect the network security of the server

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A CC attack defense method and its defense system
  • A CC attack defense method and its defense system
  • A CC attack defense method and its defense system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0103] Embodiment 1: If a single IP access reaches y times every x seconds, the implementation of CC attack protection is triggered, as follows:

[0104] 1) The Admin sets the CC protection level on the M side as the basic protection, and sets the basic protection parameters as follows: a single IP every x seconds, if the access reaches y times, or more than z parallel connections are established, the time to lock the IP is v minutes;

[0105] 2) Hackers use httpd's own ab tool to send attack commands to the server:

[0106] . / ab-n / -c m http: / / 192.168.1.47 / login.jsp, the parameter -n of this command means to send m requests, -c means to resume m parallel connections.

[0107] 3) Admin sets the parameters of the basic protection module as: x=10, y=10, z=10, v=10;

[0108] 4) The hacker uses the ab tool to send a request, the command is: . / ab-n 20http: / / 192.168.1.47 / login.jsp, the command is to send 20 (m=20) requests to the server whose IP address is 192.168.1.47 , at this t...

Embodiment 2

[0109] Embodiment 2: A single IP establishes more than z parallel connections to trigger CC attack protection, and the specific implementation is as follows:

[0110] 1) If Admin sets the parameters of the basic protection module to: x=10, y=100, z=10, v=10; here, try to set a large parameter for y to prevent the CC attack protection from being triggered by the number of visits and skip it CC protection triggered by the number of concurrent connections.

[0111] 2) At this time, the command sent by the hacker using the ab tool is . / ab-c 20http: / / 192.168.1.47 / login.jsp, which is to establish 20 concurrent accesses to the web application whose server IP is 192.168.1.47, At this time, m>z(20>10), the number of parallel connections of a single IP exceeds 10, the basic protection module will add the IP that sent the ab command to the blacklist in the interception module, and the IP will be blacklisted within 10 minutes. The list is valid, that is, the IP will be locked for 10 minu...

Embodiment 3

[0116] Example 3: Implementing the Advanced Protection Module:

[0117] 1) Admin sets the CC protection level to advanced protection on the M side, and sets the protection parameters as: a single IP every x seconds, if the access reaches y times, or if more than z parallel connections are established, the IP will be locked for v minutes, and the verification will pass. The previous single IP is allowed to access at most q times, and the verification code is allowed to refresh the maximum number of times f times. A single verification code is valid within g seconds, and a single IP is saved for s minutes. After passing the verification, a single IP is valid for r hours after passing the verification.

[0118] 2) At this time, the set parameter values ​​are: x=10, y=9999, z=9999, v=10, q=10, f=3, g=60, s=10, r=1, the current parameters are as far as possible Make the unique process of advanced protection effective, so the values ​​of x, y, z, and v can be the maximum value. If the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a CC attack defense method and a CC attack defense system. In view of a user request sent to a Web server, the Web server is effectively protected by intercepting and filtering processes and protection processes with different levels. A backlist and a white list are set in an interception process, and requests in a Web catalogue are intercepted and filtered by network layer interception and application layer interception; the protection of different levels comprises basic protection, intermediate protection and / or advanced protection modules; the intermediate protection comprises basic protection and identification based on user behaviors; and the advanced protection unit comprises basic protection and real user identification. The technical scheme provided by the invention can effectively defend CC attacks of the Web server, the basic protection realizes CC attack protection based on single IP access frequency, the intermediate protection and the advanced protection realize the CC attack protection based on the user behaviors, and slow CC attacks or fast CC attacks can be effectively defended.

Description

technical field [0001] The invention relates to website security technology, in particular to a method and system for defending against CC attacks (Challenge Collapsar). Background technique [0002] CC attack (Challenge Collapsar) is a kind of DDoS (DDoS, Distributed Denial of Service, distributed denial of service), and it is also a common method of website attack. This kind of attack cannot see false IP or particularly large abnormalities. Moreover, the threshold for implementing this technique is relatively low. As long as appropriate tools and some IP proxies are used, a computer user at a beginner or intermediate level can achieve this kind of attack. Therefore, there is a great threat. [0003] The principle of CC attack is that the attacker controls some hosts to send data packets to the other server continuously, causing the server resources to be exhausted until the server crashes. CC is mainly used to attack webpages. Everyone has this experience: when a webpage...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
Inventor 张涛刘恩炙牛伟颖王东艳
Owner BEIJING ANPRO INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap