臺灣博碩士論文加值系統

網際網路的觸角已延伸至社會每一個領域。舉凡電子商務、軍事指管通電情監偵（C4ISR），及政府電子化服務，資訊網路已全然深入其運作之中。從這些改變及事實，可觀察出網路阻斷服務的問題，不僅將對電子商務造成影響，於軍事及政治層面亦具有相當之影響力。
迄今，似無詳盡的資訊可提供網路阻斷服務的完整面貌。本論文針對網路阻斷服務之攻擊進行學術性的研究，經由對網路阻斷服務攻擊理論及程序深入研究，規劃出整合式網路阻斷服務攻擊平台架構，並建構整合式網路阻斷服務攻擊平台，以利對網路阻斷服務攻擊的特性與現象有更深層面的了解。本研究中，亦對網路阻斷服務理論予以驗証及記述發現之事實，並對整合式網路阻斷服務攻擊平台進行改良。本研究期望可對我國未來資訊戰力的發展作出正面性的助益。

The Internet already pervades in each corner of our society. The electronic commerce, military C4ISR, and electronic services of the Government are adopting digital information and the network deeply into their operations. All these changes and facts indicate the potential problems of network denial of service which will not only influence electronic commerce, but will also include the military and political arenas.
As of today, it seems there is no detailed information for providing a big picture of network denial of service attacks. In this thesis, it provides an academic research over the network denial of service. With a depth of analysis on the theory and procedures of denial of service attacks, the preliminary integrated denial of service attack platform is originated. The integrated denial of service attack platform is constructed in order to have a better understanding of the characteristics and phenomena from denial of service attacks. A major part of this study is focusing on the verification and findings from the actual experiments based upon theory of network denial of service. The result of the above study is to better revise the integrated denial of service attack platform and it is expected to have a positive influence on our information force.

TABLE OF CONTENTS
DEDICATION ..........................................I
TABLE OF CONTENTS .........................................II
LIST OF FIGURES .........................................IV
LIST OF TABLE .........................................VI
ACKNOWLEDGMENTS ........................................VII
摘 要 ................................................VIII
ABSTRACT .................................................IX
CHAPTER 1 INTRODUCTION .................................1
1.1 General Overview .................................1
1.2 Motivation ..........................................2
1.3 Research method and Research Structure ...............3
1.4 Objective and Scope .................................5
CHAPTER 2 LITERATURE REVIEW .................................7
2.1 Definitions of Denial of Service (DoS) ...............7
2.2 Types of Denial of Service and Associated Theory ......8
2.3 The Analysis of Various Denial of Service ............18
2.4 Flow Chart of Denial of Service Attack and Structured
Framework ...........................................22
CHAPTER 3 CONCEPTION OF DOS ATTACK PLATFORM ..............25
3.1 Requirement of Integrated DoS Attack Platform Based on
Theory, Flow Chart, and User-Friendly Interface .....25
3.2 Web-Based Central Control Panel .......................28
3.3 Scanning Sub-System ................................28
3.4 Attack Programs Sub-System .......................29
3.5 Spoofed IP Database ................................29
3.6 Targeted IP Database ................................30
CHAPTER 4 CONSTRUCTION AND LABORATORY DESIGN ..............31
4.1 Construction of Attack Simulation Environment and
Consideration ....................................31
4.2 The Attack System Prototype for Integrated Denial of
Service .........................................33
4.3 Verifications and Findings .......................42
4.4 Revision of Integrated DoS Attack Platform ...........50
CHAPTER 5 DEMONSTRATION ................................52
5.1 Demonstration 1 of Integrated DoS Attack ............52
5.2 Demonstration 2 of Integrated DoS Attack ............53
CHAPTER 6 CONCLUSIONS AND RECOMMENDATIONS .............55
6.1 Conclusions and Contributions ......................55
6.2 Recommendations and Future Work ......................56
BIBLIOGRAPHY...............................................58
VITA .................................................62

[1] 王效蘭發行（民九十年‧五月），「白宮網站爆灌一度關閉」，聯
合報
[2] 李志成譯，堀田 倫英、石井 達夫、廣川 類著（民八九年‧九
月），PHP與PostgreSQL徹底攻略，博碩文化
[3] 李卓桓、瞿華等編著，百資科技編譯（民九十年‧二月），Linux網
路程式設計，機械工業出版社
[4] 林育生、嚴大中、廖百齡、俞齊醒、陳寶騏、江清泉等著（民九十
年‧十二月），「整合式網路安全系統」，國防通信電子及資訊季
刊，第二期，頁23-36
[5] 施威銘研究室編著，（民八九年‧十二月），RED HAT LINUX 7 指
令參考手冊，旗標出版
[6] 曾守正著（民八九年‧八月），資料庫系統之理論與實務，儒林書
局
[7] 張仁川、葉俊賢著（民九十年‧五月），精通FrontPage 2000，文
魁書局
[8] 張維國譯（民九十年‧十一月），Tim Converse、Joyce Park著，
精通PHP，博碩文化
[9] 楊文誌著（民八九年‧六月），深入LINUX建構與管理，旗標出版
[10] 閰雪著（民八九年‧八月），中國大陸的駭客技術，松崗書局
[11] Andrew S.T., Computer Networks, 3 rd Ed, Prentice-Hall,
1996.
[12] Computer Coordination Center., “CERT Advisory CA-96-26
Denial- of-Service Attack via pings”,
http://www.cert.org/advisories /CA-1996 -26 .html”, Dec.
1996. - visited 20.5.2001.
[13] Computer Coordination Center, “CERT Advisory “CA-97-28
IP Denial- of-Service Attacks”,
http://www.cert.org/advisories/CA-1997-28.html”, Dec.
1997. - visited 20.5.2001.
[14] Computer Coordination Center, “CERT Advisory “CA-2000-
01 Denial- of-Service Developments”,
http://www.cert.org/advisories/CA-2000- 01.html”, Jan.
2000. - visited 20.5.2001.
[15] Computer Coordination Center, “CERT Advisory “CA-1998-
13 Vulnera -bility in Certain TCP/IP Implementations”
http://www.cert. org/ advisories/CA-1998-13.html”, Dec.
1998. - visited 20.5.2001.
[16] Chen Y.W., “Study on the prevention of SYN flooding by
using traffic policing”, IEEE/IFIP NOMS, pp. 593 -604,
2000.
[17] Elliot J., “Distributed denial of service attacks and
the zombie ant effect”, IT Professional, pp. 55-57,
Mar./Apr. 2000.
[18] Ferguson P., Senie D., “Network Ingress Filtering:
Defeating Denial of Service Attacks which employ IP
Source Address Spoofing”, Jan. 1998.
[19] Frank Kargl, Joern Maier, Michael Weber, ”Protecting Web
Servers from Distributed Denial of Service Attacks”, The
Tenth International World Wide Web Conference, ACM, May
2001.
[20] Fulp E., Zhi Fu, Reeves D.S., Wu S.F., Xiaobing Zhang,
“Preventing denial of service attacks on quality of
service”, DARPA Information Survivability Conference &
Exposition II, pp. 159 -172, 2001
[21] Gregg D. M., Blackert W. J., Heinbuch D.V., Furnanage D.,
“Assessing and quantifying denial of service attacks”,
IEEE MILCOM: Communications for Network-Centric
Operations, pp. 76-80, 2001.
[22] Harris B., Hunt R., “TCP/IP security threats and attack
methods”, ELSEVIER Computer Communications, Feb. 1999.
[23] Lau F., Rubin S. H., Smith M. H., Trajkovic L.,
“Distributed Denial of Service Attacks”, IEEE
International Conference on System, Man, and Cybernetic,
2000.
[24] Momjian B., PostgreSQL Introduction and Concepts. Addison
－Wesley., Nov. 2000.
[25] Roger M. N., “Denial of Service”, Communications of the
ACM, ACM, Nov. 1994.
[26] SecurityFocus Corporation Site,
http://www.securityfocus.com - visited 25.3.2001.
[27] Stuart Mcclure, Joel Scambray, George Kurrt, Hacking
Exposed: Network Security Secrets and Solutions, Third
Edition, Osborne/McGraw-Hill, Apr. 2001.
[28] Stevens W. R., Advanced Programming in the Unix
Environment, Addison－Wesley., Sep. 2000.
[29] Stevens W. R., TCP/IP Illustrated, Volume 1 The
Protocols, Addison－Wesley, Oct. 1999.
[30] Stevens W. R., TCP/IP Illustrated, Volume 3 TCP for
Transactions, HTTP, NNTP, and the Unix Domain Protocols,
Addison－Wesley, Jan. 1996.
[31] Stevens W. R., Unix Network Programming Volume 1,
Prentice-Hall, Jul. 1998.
[32] Stevens W. R., Unix Network Programming Volume 2,
Prentice-Hall, Jul. 1998.
[33] Stevens W. R., Wright G. R., TCP/IP Illustrated, Volume 2
The Implementation, Addison－Wesley, Jul. 2000.
[34] Warren W. G., Linux Socket Programming by Example, Que.,
Apr. 2000.
[35] Wooding K., “Magnification Attacks - Smurf, Fraggle, and
Others”,
http://www.pintday.org/whitepapers/dos-smurf.shtml-
visited 25.3.2001.