![]() At last, victim is flooded by the numerous unsolicited response packets.įig. And the reflectors will send response packets to the victim based on the forged source addresses in those request packets. When received attack commands, the master zombies let slaves send request packets with victim’s address to the reflectors. Then it sends attack commands to master zombies. An attacker first controls some zombies and locates a large number of reflectors. Host that will respond to other request messages, like SYN, SYN/ACK, ICMP request, DNS queries and so on. Journal of Information & Computational Science 8: 1 (2011) 94–111 ![]() Email address: (Yonghui Li).ġ548–7741/ Copyright © 2011 Binary Information Press January 2011 A reflector may be any IP ∗Ĭorresponding author. It uses legitimate hosts called “reflectors” to flood the victim by making slaves spoof the victim’s address. DRDoS is a more sophisticated type of attacks. In DDoS attack, the attacker controls some master zombies and large number of slave zombies it sends attack commands to master zombies, then the master zombies order slave zombies to flood the victim, as shown in Fig. At present, DDoS (Distributed Denial of Service) and DRDoS (Distributed Reflector Denial of Service), which derived from DoS, have already played important roles in network attacks. In the various attack types, DoS (Denial of Service) attack is one of the most threatening patterns. And IP traceback plays an important role in network security because if we can find and punish the intruder, we could eliminate the attack fundamentally. Once a large-scale failure happens in Internet, the social life may suffer from serious confusion, so the network security has received much attention. Over the past decade, Internet has already penetrated into most industries and people are more and more dependent on it. Keywords: IP Traceback Deterministic Packet Marking (DPM) Denial of Service (DoS) Distributed Denial of Service (DDoS) Distributed Reflector Denial of Service (DRDoS) Analysis and simulation results show that ADPM has the following advantages: requires small memory to logs the mark information be able to resist forging mark information can be deployed conveniently and incrementally both the false positive and the number of packets needed for path reconstruction are small. In ADPM, routers mark request packets, log request packets’ mark information and add corresponding logging to response packets, so victims can locate slaves when suffered DRDoS attack. In this paper, we propose a collaborative traceback method-ADPM (Authenticated Deterministic Packet Marking) to trace DRDoS attack. In DRDoS, the slaves hide behind the innocent reflectors, which makes the general DoS or DDoS traceback methods be hard to apply to DRDoS traceback. State Key Laboratory of Networking and Switching Technology Beijing University of Posts and Telecommunications, Beijing 100876, ChinaĪbstract At present, researchers have already proposed many methods for tracing DoS or DDoS attack, but few attention is put on DRDoS (Distributed Reflector Denial of Service) traceback. Journal of Information & Computational Science 8: 1 (2011) 94–111 Available at
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |