摘要
分布式拒绝服务(DDoS)攻击已经成为目前整个互联网安全的严重威胁。提出了防御DDoS攻击的两道防线:(1)由ISP(Internet服务提供商)提供的主动缓解技术,ISP收集的曾参与攻击的网络实体组成的黑名单使客户可以共享。针对每个客户生成的信任列表和黑名单,结合用户自己制定的策略生成特定用户的缓解策略;(2)采用服务器漫游技术缓解DDoS攻击,服务器集合中的几个是活跃的并提供服务,其余用作蜜罐,只有合法客户才能跟踪漫游的服务器。实验证明,配置蜜罐后能有效地过滤掉攻击流量,使服务器能继续为合法客户提供服务。
DDoS Attacks has become a severe threat to Internet Security. This paper presents two lines of defense for mitigating DDoS &tracks: (1) A proactive approach which is supposed to be provided by ISP (Internet Service Provider) :Black list composing of network entities who have paticipated in a previous attack ,which is collected by ISP,can be shared among clients. Trust list and Black list generated for each customer,together with user specific policies,will produce the patlcular client' s DDoS mitigation directive;(2) Employing server roaming as an approach for mitigating DDoS attacks:A subset of servers are active and providing service,while the rest are honeypots. Only legitimate clients can follow the active server as it roams. The experiment shows that the attack flow is filtered as soon as an attack is detected by a honeypot,allowing the server to continue providing service to legitimate clients during the attack.
出处
《计算机安全》
2009年第2期3-6,共4页
Network & Computer Security
基金
黑龙江高校学术骨干项目(1151G012)
