DDoS攻击中的IP源地址伪造协同处置方法  被引量:5

Intrusion Collaborative Disposal Method of Spoofed IP Address in DDoS Attacks

在线阅读下载全文

作  者:张可 汪有杰 程绍银[3] 王理冬[4] ZHANG Ke;WANG Yoiyie;CHENG Shaoyin;WANG Lidong(Anhui Branch, National Computer Network Emergency Response Technical Team, Hefei Anhui 230041, China;Anhui Telecom Network Security Operation Center, Hefei Anhui 230031, China;School of Cyber Security, University of Science and Technology of China, Hefei Anhui 230027, China;Anhui Institute of Electronic Products Supervision and Inspection(Anhui Information Security Testing Evaluation Center), Hefei Anhui 230061, China)

机构地区:[1]国家计算机网络应急技术处理协调中心安徽分中心,安徽合肥230041 [2]安徽电信网络安全操作中心,安徽合肥230031 [3]中国科学技术大学网络空间安全学院,安徽合肥230027 [4]安徽省电子产品监督检验所(安徽省信息安全测评中心),安徽合肥230061

出  处:《信息网络安全》2019年第5期22-29,共8页Netinfo Security

基  金:安徽省自然科学基金[1208085QF112];量子通信与量子计算机重大项目安徽省引导性项目[AHY150400]

摘  要:IP源地址伪造是多种DDoS攻击的基础,给安全事件的溯源和响应处置造成了很大困难。URPF主要用于防止基于源地址欺骗的网络攻击行为,边界过滤法用于对来自网络内部的数据包进行检查。基于基础电信运营企业网络,文章提出了基于URPF技术和边界过滤法的IP源地址伪造协同处置方法,可在网内和边界出口双重过滤伪造IP源地址。实验结果表明,该方法有效阻止了IP源地址伪造流量。某省电信骨干网大规模应用后,CNCERT监测数据证实骨干路由器已无本地伪造流量和跨域伪造流量出现。Spoofed IP address is the basis of many DDoS attacks, which makes it difficult to trace and respond to security incidents? URPF is mainly used to prevent the network attacks based on the source address spoofing. Network ingress filtering is used to check the packets from the network inside. On basis of telecom enterprise network this paper proposes the spoofed IP address collaborative disposal method based on the URPF technology and network ingress filtering, which realizes double filtering of the spoofed IP address inside the network and on the boundary export. Experiments show that this method can effectively prevent spoofed IP address traffic. After the large-scale application of Anhui telecom backbone network, monitoring data from CNCERT confirmed that Anhui telecom backbone routers have no local forged traffic and cross-domain forged traffic.

关 键 词:网络安全 DDOS攻击 IP源地址伪造 URPF 边界过滤法 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象