Method and device for protecting CC attack, medium and computer equipment

Abstract

The embodiment of the invention relates to the field of network security, and provides a CC attack protection method and device, a medium and computer equipment, and the method comprises the steps that a proxy server receives a first access request, and obtains a first visitor identifier and a first access target identifier; if the first access target identifier exists in the traction configuration information, hanging up the first access request, and sending the first visitor identifier and the first access target identifier to cleaning equipment; the cleaning equipment takes the first visitor identifier and the first access target identifier as first identifiers for caching; if the number of the first identifiers is greater than a first number threshold, feeding back interception information of a second access request corresponding to the first identifiers to the proxy server; and the proxy server intercepts the second access request according to the interception information, so that CC attacks of a large number of dispersed IPs on a certain target access interface form are intercepted and protected, server resource exhaustion is avoided, and the risk of server crash is reduced.

Description

technical field [0001] The embodiments of the present application relate to the technical field of network security, and in particular to a method, device, medium and computer equipment for protecting against CC attacks. Background technique [0002] Challenge Collapsar (CC for short) attack refers to a network attack method in which the attacker uses a proxy server to generate legitimate requests directed to the victim server, thereby realizing Distributed Denial of Service (DDos for short) and camouflage. Specifically, CC attacks are mainly aimed at attacks on web servers or applications, which use standard GET / POST access requests, such as URIs (Universal Resource Identifiers) that involve database operations or other URIs that consume system resources, resulting in server resource consumption. cannot respond to normal access requests. [0003] One of the attack methods in the CC attack is to use a large number of scattered IP (IP Address, the protocol for interconnectio...

AI Technical Summary

Problems solved by technology

Specifically, CC attacks are mainly aimed at attacks on web servers or applications, which use standard GET / POST access requests, such as URIs (Universal Resource Identifiers) that involve database operations or other URIs that consume system resources, resulting in server resource consumption. Exhausted, unable to respond to normal access requests

[0003] One of the attack methods in the CC attack is to use a large number of scattered IP (IP Address, the protocol for interconnection between networks) to initiate a small number of requests for a certain server interface to achieve the purpose of the attack. This method is more difficult in actual confrontation Prevention, however, this method is extremely easy to cause exhaustion of server resources, until it crashes

Images