| 基于NTP反射放大攻击的DDoS追踪研究 |
| |
| 引用本文: | 姜开达,章思宇,孙 强.基于NTP反射放大攻击的DDoS追踪研究[J].通信学报,2014,35(Z1):7-35. |
| |
| 作者姓名: | 姜开达 章思宇 孙 强 |
| |
| 作者单位: | 上海交通大学 网络信息中心,上海 200240 |
| |
| 摘 要: | 提出了一种利用NTP反射型放大攻击的特点,通过对中国大陆开放公共NTP服务的主机定期发起主动探测(执行monlist指令),利用返回信息对全球范围NTP反射类DRDoS攻击事件进行长期追踪观察和统计分析。追踪从2014年2月开始,初始探测范围为大陆近1.4万台NTP服务主机,每隔2 h一个周期持续进行了164天,观测到了针对数十万个IP地址的疑似DDoS攻击行为。
|
| 关 键 词: | NTP 反射型放大攻击 DDoS DRDoS 行为追踪 |
Research on tracking DDoS based on
NTP reflection amplification attack |
| |
| Kai-da JIANG,Si-yu ZHANG,Qiang SUN.Research on tracking DDoS based on
NTP reflection amplification attack[J].Journal on Communications,2014,35(Z1):7-35. |
| |
| Authors: | Kai-da JIANG Si-yu ZHANG Qiang SUN |
| |
| Affiliation: | Network and Information Center,Shanghai Jiaotong University,Shanghai 200240,China |
| |
| Abstract: | Based on characteristics of NTP reflection amplification attack, proposes a method of regularly launching active detection to hosts of public NTP services in Chinese mainland (execution of monlist instruction) and doing a long-term follow-up observation and statistical analysis of global NTP reflection DRDoS attacks based on the return information. The track began in February 2014, the initial detection range covered 14 000 NTP servers in China mainland, and detection period is 164 days with two hours for each cycle, observed suspected DDOS attacks against hundreds of thousands of IP addresses. |
| |
| Keywords: | NTP reflection amplification attack DDoS DRDoS behavior tracking |
|
| 点击此处可从《通信学报》浏览原始摘要信息 |
|
点击此处可从《通信学报》下载全文 |
