• Hong Kong High Defence Servers: Limited Time Special Offer, Monthly $800get (from a depot or counter)
start using

Principles of DDoS and cc attacks and common defences (examples)

Being attacked is a good thing, and a bad thing, and

The good thing is that the site traffic is large, will be some people think on, the webmaster Internet experience of more than 10 years, encountered this kind of situation is a common occurrence. Every day, several servers are attacked, are using the multi-rotation technology plus a low version of the defence. That is, a machine was killed directly switched to another above, the famous Chinese companies, such as Alipay with such technology, they are every moment in the encounter hundreds of millions of attacks.

I. Principles of DDoS and CC Attacks

1. Principles of DDoS (Distributed Denial of Service) attacks

DDoS attack is a distributed denial-of-service attack in which the attacker sends massive requests to the target server by controlling a large number of puppet machines (botnets), so that the target server runs out of resources (e.g., bandwidth, CPU, memory, etc.) and is unable to process legitimate user requests normally, which leads to service interruption. Common types of DDoS attacks include UDP flooding attacks, TCP SYN flooding attacks, and so on.
01, Early stages of DDoS attacks

Initial DDoS attacks relied heavily on simple "Ping of Death" (dead signal) attacks, where the attacker sends a large number of anomalous ping requests, making it impossible for the target host or network to process them. As network bandwidth increases, this type of attack is gradually being replaced by more sophisticated attacks.

02, Complexity of Modern DDoS Attacks

Modern DDoS attacks are not just limited to ordinary traffic attacks, attackers can use cloud computing, big data and other technologies to build large-scale botnets to launch attacks. Certain attackers even use Botnet (botnet) rental services to launch huge attacks through hourly billing.

03, Changes in the scale and targeting of attacks

The scale of DDoS attacks has gradually become huge, with some attacks reaching hundreds of Gbps of traffic, and the targets of the attacks are not only limited to traditional high-value targets such as government and finance, but also more and more enterprises, websites, and individuals have become the targets of the attacks. In addition, in recent years, application layer attacks (e.g. HTTP Flood) have become the new favourite of attackers, which can effectively bypass traditional network protection measures.

2. CC (Challenge Collapsar) attack principle

CC attack is a kind of application layer DDoS attack, which mainly targets the application programme of a website. By controlling a large number of clients, the attacker simulates normal users to send a large number of HTTP requests to the target website, exhausting the server's application resources (such as web server threads, database connections, etc.), so that the website is unable to respond to normal user requests.

II. Common forms of defence

1. Basic defence measures

2. DDoS defence methods

  • flow cleaning: Network traffic is directed to a professional cleaning device or service provider, which identifies and filters out attack traffic by analysing the characteristics of the traffic and forwards only legitimate traffic to the target server.
  • speed limit: Limit the rate of incoming traffic to the server to prevent the server from running out of resources due to a large influx of attack traffic.
  • Firewall Policy: Configure firewall rules to restrict access to specific IP addresses or IP segments and filter out abnormal traffic.

3. CC defence modalities

  • CAPTCHA, a type of challenge-response test (computing): Add CAPTCHA to key pages of a website, such as login and form submission, and require users to enter the CAPTCHA in order to continue accessing the site, thus distinguishing between normal users and automated attack programs.
  • Session Management: Manage user sessions to limit the number of requests from the same IP address in a short period of time to prevent malicious users from sending frequent requests.
  • load balancing: Use a load balancer to evenly distribute user requests across multiple servers, reducing the pressure on a single server.

III, code example (Python simulation of simple CC attack defence)

Below is a simple Python code example to simulate a CC attack defence against malicious requests by limiting the number of requests to the same IP address in a short period of time.
python
import time
# Stores the request time and number of requests per IP address
ip_requests = {}
# Maximum number of requests allowed
MAX_REQUESTS = 10
# Time window (seconds)
TIME_WINDOW = 60
def is_allowed(ip):
    current_time = time.time()
    if ip in ip_requests:
        requests, last_time = ip_requests[ip]
        # Check if within time window
        if current_time - last_time < TIME_WINDOW:
            if requests >= MAX_REQUESTS:
                return False
            else:
                ip_requests[ip] = (requests + 1, current_time)
        else:
            # Time window expired, reset request count
            ip_requests[ip] = (1, current_time)
    else:
        # New IP address, logging time and number of requests
        ip_requests[ip] = (1, current_time)
    return True

# Analogue processing request
def handle_request(ip):
    if is_allowed(ip):
        print(f "Allow the transfer of data from {ip} of the request.")
    else:
        print(f "Rejection from {ip} request, could be a CC attack")

# Simulates multiple requests
ips = ["192.168.1.1", "192.168.1.1", "192.168.1.1", "192.168.1.2"]
for ip in ips:
    handle_request(ip)

caveat

  • The above code is just a simple example, actual DDoS and CC attack defence requires more sophisticated techniques and equipment.

IV. Simple simulation of DDoS attack defence code (based on port speed limiting)

DDoS attacks often consume server bandwidth and resources through a large number of packets. The following code simulates a port-based speed-limiting mechanism to defend against DDoS attacks.
import time

# Stores traffic statistics and time per port
port_traffic = {}
# Maximum allowed traffic (bytes/sec)
MAX_TRAFFIC = 1024 * 1024  # 1MB/s
# Time window (seconds)
TIME_WINDOW = 1

def is_port_allowed(port, traffic):
    current_time = time.time()
    if port in port_traffic:
        prev_traffic, last_time = port_traffic[port]
        # Check if within time window
        if current_time - last_time < TIME_WINDOW:
            new_traffic = prev_traffic + traffic
            if new_traffic >= MAX_TRAFFIC:
                return False
            else:
                port_traffic[port] = (new_traffic, current_time)
        else:
            # Time window expired, reset traffic statistics
            port_traffic[port] = (traffic, current_time)
    else:
        # New port, logging traffic and time
        port_traffic[port] = (traffic, current_time)
    return True

# Analogue processing of network packets
def handle_packet(port, packet_size):
    if is_port_allowed(port, packet_size):
        print(f "Allowed ports {port} packets, size: 0 {packet_size} Bytes")
    else:
        print(f "Deny port {port} packets, possibly a DDoS attack.")

# Analogue multiple packets
packets = [(80, 1024), (80, 2048), (443, 512)]
for port, size in packets:
    handle_packet(port, size)

V. Distributed defence with Redis

In real-world scenarios, in order to cope with large-scale traffic and multi-server environments, Redis can be used to store IP or port state information to achieve distributed attack defence.
python
import time
import redis

# Connecting to Redis
r = redis.Redis(host='localhost', port=6379, db=0)

# Maximum number of requests allowed
MAX_REQUESTS = 10
# Time window (seconds)
TIME_WINDOW = 60

def is_allowed_redis(ip):
    current_time = int(time.time())
    key = f "cc.{ip}"
    pipe = r.pipeline()
    pipe.zremrangebyscore(key, 0, current_time - TIME_WINDOW)
    pipe.zadd(key, {current_time: current_time})
    pipe.zcard(key)
    _, _, requests = pipe.execute()
    if requests > MAX_REQUESTS:
        return False
    return True

# Analogue processing request
def handle_request_redis(ip):
    if is_allowed_redis(ip):
        print(f "Allow the transfer of data from {ip} of the request.")
    else:
        print(f "Rejection from {ip} The request may be a CC attack.)

# Simulates multiple requests
ips = ["192.168.1.1", "192.168.1.1", "192.168.1.1", "192.168.1.2"]
for ip in ips:
    handle_request_redis(ip)
These code examples are just basic implementations of defence mechanisms. Actual defence against DDoS and CC attacks requires a combination of specialised hardware appliances, cloud services and more sophisticated algorithms to ensure system security and stability.

Leave a Reply

Your email address will not be published. Required fields are marked *