摘要
Shrew DDoS(Distributed Denial of Service)攻击是一种新型的DDoS攻击,也称低速率DDoS攻击。它是利用TCP超时重传机制的漏洞,通过估计合法TCP流的RTO(Retransmission timeout)作为低速率攻击发包的周期T,周期性的发送短脉冲,使得攻击流可以周期性地占用网络带宽,这样就会让合法的TCP流总是认为网络的负担很重,造成所有受其影响的TCP流进入超时重传状态,最终使得受害主机的吞吐量大幅度降低,从而达到攻击目的。由于其攻击速率低,可以躲避传统的高速率攻击防御机制。这种新型拒绝服务攻击具有隐蔽性好、效果明显的特点。
Shrew DDoS(Distributed Denial of Service)attacks, aslo named low-rate DDoS attack, is a new-style DDoS attack, Low-rate DDoS attacks is essentially a periodic short burst which exploits the deficiencies of the minimum RTO (Retransmission Time Out) ofTCP fiows and forces all affected TCP flows to enter the retransmission timeout state. The period T is calculated by the estimated TCP RTO time implemementations at legitimate sources. Because of its low rate, it can avoid traditional high rate detection mechanism and gravely degrade the throughput of the victim.
出处
《信息安全与通信保密》
2007年第6期179-181,共3页
Information Security and Communications Privacy
