• 欢迎访问速搜资源吧,如果在网站上找不到你需要的资源,可以在留言板上留言,管理员会尽量满足你!

【速搜问答】如何防御CC攻击

问答 admin 3年前 (2020-06-24) 618次浏览 已收录 0个评论

汉英对照:
Chinese-English Translation:

CC攻击一般都是针对网站的域名进行攻击,攻击者在攻击工具中设定攻击对象为该域名然后实施攻击。对于这样的攻击我们的措施是取消这个域名的绑定,让CC攻击失去目标。还可以通过屏蔽IP、域名欺骗解析、更改Web端口等方式来防止CC攻击。

CC attacks are generally aimed at the domain name of the website. The attacker sets the target of attack as the domain name in the attack tool and then carries out the attack. For such attacks, our measures are to cancel the binding of this domain name and let CC attack lose its target. CC attack can also be prevented by shielding IP address, domain name spoofing resolution, changing web port, etc.

CC 攻击是 DDoS 攻击的一种,相比其它的 DDOS 攻击 CC 似乎更有技术含量。你见不到真实源 IP,见不到特别大的异常流量,但会造成服务器无法进行正常连接。服务器应对 CC 攻击的防御手段可以有以下这些。

CC attack is one of DDoS attacks. Compared with other DDoS attacks, CC attack seems to be more technical. You can’t see the real source IP, and you can’t see the extra large abnormal traffic, but it will cause the server to be unable to connect normally. The defense measures of server against CC attack can be as follows.

取消域名绑定

Unbound domain name

一般 CC 攻击都是针对网站的域名进行攻击,攻击者在攻击工具中设定攻击对象为该域名然后实施攻击。对于这样的攻击我们的措施是取消这个域名的绑定,让 CC 攻击失去目标。

In general, CC attacks are aimed at the domain name of the website. The attacker sets the target of attack as the domain name in the attack tool and then carries out the attack. For such attacks, our measures are to cancel the binding of this domain name and let CC attack lose its target.

屏蔽 IP

Shield IP

我们通过命令或在查看日志发现了 CC 攻击的源 IP,就可以在防火墙中设置屏蔽该 IP 对 Web 站点的访问,从而达到防范攻击的目的。

If we find the source IP of CC attack by command or by checking the log, we can set the firewall to shield the access of the IP to the web site, so as to achieve the purpose of preventing attacks.

域名欺骗解析

Domain name spoofing resolution

如果发现针对域名的 CC 攻击,可以把被攻击的域名解析到 127.0.0.1 这个地址上。127.0.0.1 是本地回环 IP 是用来进行网络测试的,如果把被攻击的域名解析到这个 IP 上,就可以实现攻击者自己攻击自己的目的,肉鸡或者代理也会宕机。

If you find a CC attack against a domain name, you can resolve the attacked domain name to 127.0.0.1. 127.0.0.1 is a local loopback IP used for network testing. If the domain name under attack is resolved to this IP, the attacker can attack himself or herself, and the broiler or agent will also shut down.

更改 Web 端口

Change web port

一般情况下 Web 服务器通过 80 端口对外提供服务,因此攻击者实施攻击就以默认的 80 端口进行攻击,所以,我们可以修改 Web 端口达到防 CC 攻击的目的。

In general, the web server provides services through port 80, so the attacker will use the default port 80 for attack. Therefore, we can modify the web port to prevent CC attack.

IIS 防御 CC 攻击操作步骤:

Steps for IIS to defend against CC attack:

1)打开“IIS 管理器”定位到具体站点右键“属性”打开该站点的属性面板

1) Open IIS manager, navigate to specific site, right-click properties, open the property panel of the site

2)点击 IP 地址右侧的“高级”按钮,选择该域名项进行编辑,将“主机头值”删除或者改为其它的值(域名)。

2) Click the “advanced” button on the right side of the IP address, select the domain name item to edit, and delete or change the “host header value” to another value (domain name).

取消域名绑定后,Web 服务器的 CPU 会恢复正常状态,通过 IP 进行访问连接一切正常。但是也有不足之处就是,取消或者更改域名会给别人的访问带来不便。

After the domain name is unbound, the CPU of the web server will return to normal state, and the access and connection through IP will be normal. But there is also a disadvantage that canceling or changing the domain name will bring inconvenience to other people’s access.

域名欺骗解析

Domain name spoofing resolution

如果发现针对域名的 CC 攻击,可以把被攻击的域名解析到 127.0.0.1 这个地址上。这个地址是本地回环 IP 用来进行网络测试的,如果把被攻击的域名解析到这个 IP 上,就可以实现攻击者自己攻击自己的目的,这样就会致使攻击者出现宕机等问题,自作自受。

If you find a CC attack against a domain name, you can resolve the attacked domain name to 127.0.0.1. This address is used by the local loopback IP for network testing. If the domain name being attacked is resolved to this IP, the attacker can attack himself, which will cause the attacker to have downtime and other problems.

又或者当 Web 服务器遭受 CC 攻击时,把被攻击的域名解析到国家权威的 GVM 网站或者是网警的网站,网警就会处理这件事情。

Or when the web server is attacked by CC, resolve the attacked domain name to the national authoritative GVM website or the network police website, and the network police will deal with this matter.

更改 Web 端口

Change web port

一般情况下 Web 服务器通过 80 端口对外提供服务,因此攻击者实施攻击就会以默认的 80 端口进行攻击,所以,用户可以通过修改 Web 端口达到防御 CC 攻击的目的。

In general, the web server provides services through port 80, so the attacker will attack with the default port 80 when executing the attack. Therefore, the user can defend against CC attack by modifying the web port.

1)运行 IIS 管理器,定位到相应站点,打开站点“属性”面板

1) Run IIS manager, locate the corresponding site, and open the site properties panel

2)在“网站标识”下有个 TCP 端口默认为 80,修改为其他端口即可。

2) Under “website ID”, there is a TCP port with the default value of 80, which can be modified to other ports.

IIS 屏蔽 IP

IIS shield IP

当通过命令或在查看日志发现了 CC 攻击的源 IP,可以在 IIS 中设置屏蔽该 IP 对 Web 站点的访问,从而达到防范 IIS 攻击的目的。

When the source IP of CC attack is found by command or by viewing the log, the access of the IP to the web site can be blocked in IIS to prevent IIS attack.

1)在相应站点的“属性”面板中,点击“目录安全性”选项卡

1) In the properties panel of the site, click the directory security tab

2)点击“IP 地址和域名现在”下的“编辑”按钮打开设置对话框

2) Click the “Edit” button under “IP address and domain name now” to open the setting dialog box

3)在此设置为“拒绝访问”即“黑名单”。

3) Set “access denied” here to “blacklist”.

将攻击者的 IP 添加到“拒绝访问”列表中,就达标屏蔽了该 IP 对于 Web 的访问,也就相当于防御了 CC 攻击。

Adding the attacker’s IP to the “access denied” list can shield the access of the IP to the web, which is equivalent to defending against CC attack.


速搜资源网 , 版权所有丨如未注明 , 均为原创丨转载请注明原文链接:【速搜问答】如何防御CC攻击
喜欢 (0)
[361009623@qq.com]
分享 (0)
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址