| DC 欄位 |
值 |
語言 |
| DC.contributor | 資訊工程學系 | zh_TW |
| DC.creator | 蔡維泰 | zh_TW |
| DC.creator | Wei-tai Cai | en_US |
| dc.date.accessioned | 2015-7-22T07:39:07Z | |
| dc.date.available | 2015-7-22T07:39:07Z | |
| dc.date.issued | 2015 | |
| dc.identifier.uri | http://ir.lib.ncu.edu.tw:88/thesis/view_etd.asp?URN=102522084 | |
| dc.contributor.department | 資訊工程學系 | zh_TW |
| DC.description | 國立中央大學 | zh_TW |
| DC.description | National Central University | en_US |
| dc.description.abstract | 因為發起的門檻十分低,分散式阻斷服務攻擊(DDoS)在這幾年變得來越常見。於 2013 年,垃圾郵件防禦組織SpamHaus就遭受了來自全球各地高峰達到75Gbps的DDoS流量攻擊,而知名程式碼託管網站GitHub也於2015年3月遭受了經過中間人之DDoS放大攻擊。然而,即使TCP/IP的規格已經被公佈數十年之久,至今對於分散式阻斷服務攻擊依然沒有良好的防禦方式。
本篇論文嘗試透過 TCP設計時保留之option欄位,因一般進行SYN-flood之惡意客戶端不會嘗試完成TCP三方交握之程序,如果有一經過認證、合法的客戶端嘗試連線至正遭受SYN-flood分散式阻斷服務攻擊之伺服器,在完成三方交握之後,伺服器端會回傳一特定封包,其TCP封包檔頭之option欄位會包含有新伺服器的IP位置與祕密字串,合法客戶端連線至新伺服器時,新伺服器會檢查是否有包含此祕密字串,若是檢查通過才放行此SYN封包,允許建立連線。 | zh_TW |
| dc.description.abstract | Distributed denial of service (DDoS) attacks has become more and more frequent nowadays. In 2013, a massive DDoS attack was launched against Spamhaus, a non-profit anti-spam mail organization. Up to 75Gbps of DNS reflection traffic were directed to Spamhaus′ servers, causing the service to shut down.
Although DDoS has been long around ever since the internet has become popular, no good solutions has been offered yet.
In this paper, we present a solution based on TCP redirection using TCP header options. When a legitimate client attempted to connect to a server undergoing an SYN-flood DDoS attack, it will try to initiate a TCP three-way handshake, after it has successfully established a connection, the server will reply with a RST packet, which a new server address and a secret is embedded in the TCP header options. The client can thus connect to the new server that only accepts SYN packets with the corrected secret using the supplied secret. | en_US |
| DC.subject | 通訊控制協定 | zh_TW |
| DC.subject | 阻斷服務攻擊 | zh_TW |
| DC.subject | 三方交握 | zh_TW |
| DC.subject | Linux | zh_TW |
| DC.subject | Netfilter | zh_TW |
| DC.subject | TCP options | zh_TW |
| DC.subject | TCP | en_US |
| DC.subject | DoS | en_US |
| DC.subject | Three-way Handshake | en_US |
| DC.subject | Linux | en_US |
| DC.subject | Netfilter | en_US |
| DC.subject | TCP options | en_US |
| DC.title | TRAP: A TCP Three-Way Handshake Server for TCP Connection Establishment | en_US |
| dc.language.iso | en_US | en_US |
| DC.type | 博碩士論文 | zh_TW |
| DC.type | thesis | en_US |
| DC.publisher | National Central University | en_US |