跳到主要內容

臺灣博碩士論文加值系統

(44.220.247.152) 您好!臺灣時間:2024/09/16 20:58
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

: 
twitterline
研究生:林楷勛
研究生(外文):Kai-Hsun Lin
論文名稱:適用於保護應用伺服器以防止分散式阻斷服務攻擊之入侵保護系統
論文名稱(外文):Intrusion Prevention System Suitable for Protecting Application Servers from Distributed Denial of Service Attacks
指導教授:孫宏民
指導教授(外文):Hung-Min Sun
學位類別:碩士
校院名稱:國立清華大學
系所名稱:資訊系統與應用研究所
學門:電算機學門
學類:系統設計學類
論文種類:學術論文
論文出版年:2004
畢業學年度:92
語文別:中文
論文頁數:47
中文關鍵詞:入侵偵測阻斷服務防火牆
外文關鍵詞:IDSDoSDDoSFireWall
相關次數:
  • 被引用被引用:5
  • 點閱點閱:302
  • 評分評分:
  • 下載下載:40
  • 收藏至我的研究室書目清單書目收藏:1
阻斷服務是泛指駭客用攻擊程式讓正常使用者沒有辦法存取特定的服務,一般可以分為三種,一種是針對服務系統漏洞整個癱瘓掉攻擊目標,一種是利用通訊協定的弱點來使正常使用者沒有辦法存取服務,另一種則是用大量的封包流量,讓受攻擊端來不及處理而癱瘓掉,這三者中又以利用通訊協定的阻斷服務最難預防。TCP SYN Flooding是一個著名的阻斷服務攻擊法,它是利用TCP 通訊協定(three-way handshake)的弱點。現在許多知名的網站面對的是傷害更強的分散式阻斷服務攻擊。利用防火牆與入侵偵測系統只能抵禦傳統的阻斷服務攻擊,到目前為止,對於TCP SYN Flooding DDoS Attack攻擊並沒有一個完整的解決方案。本篇論文首先分析TCP SYN Flooding Attack的攻擊原理且提出一個抵禦TCP SYN Flooding攻擊的方法,這個方法藉由產生合法使用者位址的資料庫、監控在Backlog佇列裡半開啟(half-open)數量的多寡與封包過濾機制來對抗DDoS。這個機制主要的優點是它能有效的抵抗TCP SYN Flooding的攻擊,且對於合法使用者不對造成任何的延遲。另外本篇論文也分析和實驗一種應用層的阻斷服務攻擊法,在這篇論文稱之為TCP keep alive攻擊法,本篇論文提出的系統架構同樣可以解決TCP keep alive阻斷服務攻擊。
Dos means that the hacker attempts to degrade the service offered to normal end users. In general, The Dos can be separated in three main types. 1) Exploiting the loophole of system to destroy the whole System. 2) Exploiting the weakness of protocol to block normal users. 3) Using large throughput to make the server hard to service normal users’ request. Above three types, exploiting the weakness of protocol is the hardest to defense. TCP SYN flooding attack is a well-known denial of service (DoS) attack that exploits TCP three-way handshake vulnerability. Recently many famous web sites face a stronger of denial of service attack known as Distributed Denial of Service attack (DDoS). Organizations deploying security measures such as firewalls, and intrusion detection systems (IDS) could face the traditional DoS attack. There is no complete solution neither for protection from SYN Flooding DDoS attack. This paper analyzes a TCP SYN Flooding attack and presents a protection method to protect from SYN Flooding attacks launched by DoS/DDoS tool. It protects the server by generating a legal access database; monitor the backlog queue entries of server and IP filtering. The main advantages are its strong ability to defense TCP SYN Flooding attack, and minimal the delay for legal user access. We also analyze application layer Dos Attack method called TCP keep alive in this paper, and test its attack method. The protect system we proposed also can protect from this attack.
第一章 簡介.....1
第二章 背景介紹.....4
2.1 INTERNET PROTOCOL
2.2 TRANSMISSION CONTROL PROTOCOL
2.2.1 TCP Control Flags
2.2.2 TCP port
2.2.3 TCP Three-way handshake
2.2.4 TCP Backlog Queue
2.2.5 TCP連線建立過程
2.2.6 TCP計時器
2.2.7 SYN Flooding阻絕服務攻擊
2.2.8 分散式阻絕服務攻擊 (DDoS)
2.2.9 DDoS 攻擊程式
2.2.10 Application Keep alive攻擊
第三章 相關研究.....15
3.1 系統設定改善
3.2 改善ROUTER設定
3.2.1 Ingress Filtering
3.2.2 Egress Filtering
3.2.3 IP Traceback
3.3 連線建立的改善
3.4 防火牆
3.4.1 防火牆重導 (Firewall as a Relay)
3.4.2 Firewall as a semi-transparent Gateway
3.5 主動偵測(ACTIVE MONITOR)
3.6 其他防治方法
3.6.1 負載平衡
3.6.2 First SYN reject
3.6.3 亂數丟棄連線請求 (Random Drop)
3.6.4 轉換攻擊目標 (Moving Target)
第四章 提出的系統.....23
4.1 系統描述
4.2 系統架構
4.2.1 正常存取計算元件(Legal Access Computing Component)
4.2.2 偵測元件 (Monitor Component)
4.2.3 封包過濾元件 (Packet Filtering Component)
4.3 相對的演算法 ( ALGORITHM)
4.3.1 正常存取元件
4.3.2 阻斷服務攻擊的偵測
4.3.3 封包過濾
4.3.4 攻擊中的資料庫更新
4.4 系統流程
4.4.1正常情況
4.4.2攻擊情況
第五章 系統實作與實驗分析.....32
5.1 實作
5.1.1 Linux可卸載核心模組
5.1.2 Netfilter
5.2 實驗分析
5.2.1 測試環境
5.2.2 偵測TCP SYN Flooding攻擊
5.2.3 抵禦DDoS攻擊
第六章 結果分析與總結.....43
[1] Denial of Service Attacks, Cert Coordination Center
http://www.cert.org/tech_tips/denial_of_service.html
[2] M. Williams, Ebay, Amazon, Buy.com hit by attacks, IDG News Service, 02/09/00
http://www.nwfusion.com/news/2000/0209attack.html
[3] R. W. Stevens and G. R. Wright. TCP/IP Illustrated, Volume 2, The Implementation. Prentice-Hall, Englewood Cliffs, New Jersey, 1995
[4] J. Postel. RFC - 791 Internet Protocol. Information Science Institute, University of Southern California, CA, Sept. 1981.
[5] J. Postel, editor. RFC - 793 Transmission Datagram Proto-col. Information Sciences Institute, USC, CA, Sept. 1981.
[6] CERT/CC. ‘CERT Advisory CA-1999-17 Denial of Service Tools.’’ 3 March 2000.
http://www.cert.org/advisories/CA-1999-17.html
[7] CERT/CC. ‘Results of the Distributed-Systems Intruder Tools Workshop.’ 2-4 November 1999. http://www.cert.org/reports/dsit_workshop.pdf
[8] Dittrich, S. D. Dittrich, and N. Long. ‘ An analysis of the ‘Shaft’ Distributed denial of Service Tool’. 13 March 2000. http://www.sans.org/y2k/shaft.htm
[9] Dittrich, David. ‘ The DoS Project’s ‘Trinoo’ distributed denial of service attack tool’. 21 October 1999. http://staff.washington.edu/dittrich/misc/trinoo.analysis
[10] Dittrich, David. ‘ The stacheldraht’ distributed denial of service attack tool’. 31 December 1999. http://staff.washington.edu/dittrich/misc/stacheldraht.analysis
[11] Dittrich, David. ‘ The Tribe Flood Network’ distributed denial of service attack tool’. 21 October 1999. http://staff.washington.edu/dittrich/misc/ftn.analysis
[12] M. Graff. Sun Security Bulletin 00136. Mountain View, CA, Oct. 1996
[13] Computer Emergency Response Team (CERT), Carnegie Mellon University, Pittsburgh, PA. TCP SYN Flooding and IP Spoofing Attacks, Sept. 1996. CA-96:2
[14] Cisco Systems Inc. Defining Strategies to Protect Against TCP SYN Denial of Service Attacks, September 1996
[15] P. Ferguson. Network ingress filtering. Internet draft, Cisco Systems, Inc., September 1996
[16] P. Ferguson, D. Senie. Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Spoofing. RFC 2827 May 2000.
[17] Egress Filtering. v 0.2. GIAC Special Notice, SANS Institute Resources,
February 2000.
[18] Computer Emergency Response Team (CERT), Carnegie Mellon University, Pittsburgh, PA. IP Spoofing Attacks and Hijacked Terminal Connections, Jan. 1995. CA-95:01.
[19] C. Schulba, I. Krsul, M. Kuhn, E. Spafford, A. Sundram, D. Zamboni, ‘‘Analysis of a Denial of Service Attack on TCP’’, Proceedings of the 1997 IEEE Symposium on Security and Privacy.
[20] Frank Kargl, et. al. Protecting Web Servers from Distributed Denial of Service Attacks. May 2001.
[21] Livio Ricciulli, et. al. TCP SYN Flooding Defence,
[22] Linux Kernel
http://www.kernel.org/
[23] Loadable Kernel Module
http://www.tldp.org/HOWTO/Module-HOWTO/
[24] Netfilter & Ipteables
http://www.netfilter.org/
[25] W32.Blaster.Worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.blaster.worm.html
[26] Ping of Death
http://compnetworking.about.com/library/glossary/bldef-pingofdeath.htm
[27] Smurf
http://www.cert.org/advisories/CA-1998-01.html
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top
無相關期刊