| 用活动IP表和ICMP报文防御IP欺骗DDoS攻击 |
| |
| 引用本文: | 陈伟,罗绪成,秦志光.用活动IP表和ICMP报文防御IP欺骗DDoS攻击[J].电子科技大学学报(自然科学版),2007,36(6):1183-1186. |
| |
| 作者姓名: | 陈伟 罗绪成 秦志光 |
| |
| 作者单位: | 1.电子科技大学计算机科学与工程学院 成都 610054 |
| |
| 基金项目: | 电子信息产业发展基金重点招议标项目(信部运[2005]555) |
| |
| 摘 要: | 介绍了分布式拒绝服务攻击的原理;分析了四种具有代表性的防御方法;提出一种针对IP欺骗DDoS攻击的防御方法,在自治系统边界,利用活动IP记录表对进入自治系统的数据包进行处理,来自活动IP的网络流直接通过;没有活动记录的IP数据包被自治系统边界路由器或邻近边界的路由器丢弃,并发送网间控制报文协议(ICMP)超时差错报文通报源节点,IP不活动的IP欺骗DDoS攻击数据包不能到达受害节点;被丢弃的合法数据包由其源节点上层协议或应用进行重传。
|
| 关 键 词: | 活动IP DDoS IP欺骗 |
| 收稿时间: | 2007-09-07 |
IP Spoofing DDoS Defense Using Active IP Record and ICMP Message |
| |
| CHEN Wei, LUO Xu-cheng, QIN Zhi-guang.IP Spoofing DDoS Defense Using Active IP Record and ICMP Message[J].Journal of University of Electronic Science and Technology of China,2007,36(6):1183-1186. |
| |
| Authors: | CHEN Wei LUO Xu-cheng QIN Zhi-guang |
| |
| Affiliation: | 1.School of Computer Science and Engineering,University of Electronic Science and Technology of China Chengdu 610054 |
| |
| Abstract: | This paper describes the principle of Distributed Denial of Service (DDoS) attack. Several representative defense methods are analyzed to against it. A defense method against IP spoofing DDoS attack is proposed. An active IP record table is used to detect all IP packets passing through the border of autonomy system in this method. Packets of the source IP address which are not active will be discarded by the border routers or routers near the border in the autonomy system, according to the Internet Control Message Protocol (ICMP) protocol, timeout ICMP messages will be sent to the source IP hosts, and thus, IP spoofed packets will be discarded, because their source IP usually are not active. Although some legal packets will also be discarded, the retransmission will be triggered by the timeout ICMP messages immediately. |
| |
| Keywords: | active IP distributed denial of service IP spoofing |
| 本文献已被 维普 等数据库收录! |
| 点击此处可从《电子科技大学学报(自然科学版)》浏览原始摘要信息 |
|
点击此处可从《电子科技大学学报(自然科学版)》下载全文 |
