摘要
网络中经常出现常用的服务器因分布式拒绝服务(DDOS)攻击而无法正常访问,或者弱口令主机被攻破的情况.该系统针对这种情况,以上海教育城域网(SEMAN)为研究对象,在SEMAN边界设备上即时识别出异常攻击流量,整理出有威胁的攻击源头形成黑名单,并通过边界网关协议(BGP)在城域网内广播形成路由黑洞以剔除这些危险的攻击报文流量.实际运行表明:系统在SEMAN运行以来,大幅度减少了攻击流量以及被攻破的主机数目,有效地保护了网络内部的各个服务器.
On the Internet,some servers often could not work due to DDOS(distributed denial of service),or its weak passwords are disclosed under brute force or dictionary attacks.In light of this situation,the system took SEMAN(shanghai educational metropolitan area network)as study object,distinguished and analyzed abnormal attacking stream on boundary device,produced route black hole blacklist of danger attack sources,and broadcasted it in SEMAN through BGP(border gateway protocol)to reject these danger sources.Practical experience has illustrated that the system achieves very good effect.The amount of attack stream and attacked servers are largely reduced since system works.
作者
周立聘
谢锐
Zhou Lipin;Xie Rui(Network&Information Center,Shanghai Jiaotong University,Shanghai 200240,China)
出处
《华中科技大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2016年第S1期16-19,共4页
Journal of Huazhong University of Science and Technology(Natural Science Edition)
关键词
异常流量
报文分析
报文队列
路由黑洞
黑名单
abnormal stream
packet analysis
packet queue
route black hole
blacklist
