博碩士論文 102522084 詳細資訊




以作者查詢圖書館館藏 以作者查詢臺灣博碩士 以作者查詢全國書目 勘誤回報 、線上人數:15 、訪客IP:3.80.218.53
姓名 蔡維泰(Wei-tai Cai)  查詢紙本館藏   畢業系所 資訊工程學系
論文名稱
(TRAP: A TCP Three-Way Handshake Server for TCP Connection Establishment)
相關論文
★ USB WORM KILLER: Cure USB Flash Worms Through a USB Flash Worm★ Discoverer- Rootkit即時偵測系統
★ 一項Android手機上詐騙簡訊的偵測與防禦機制★ SRA系統防禦ARP欺騙劫持路由器
★ 針對遠端緩衝區溢位攻擊之自動化即時反擊系統★ 即時血清系統: 具攻性防壁之自動化蠕蟲治癒系統
★ DNSPD: Entrap Botnets Through DNS Cache Poisoning Detection★ TransSQL: A Translation and Validation-based Solution for SQL-Injection Attacks
★ A Spam Mail-based Solution for Botnet Detection and Network Bandwidth Protection★ Shark: Phishing Information Recycling from Spam Mails
★ FFRTD: Beat Fast-Flux by Response Time Differences★ Antivirus Software Shield against Antivirus Terminators
★ MAC-YURI : My ACcount, YoUr ResponsIbility★ KKBB: Kernel Keylogger Bye-Bye
★ CIDP Treatment: An Innovative Mobile Botnet Covert Channel based on Caller IDs with P8 Treatment★ PrivacyGuard:A Kernel-based Solution to Enhance the User Privacy When Using Private Browsing
檔案 [Endnote RIS 格式]    [Bibtex 格式]    [相關文章]   [文章引用]   [完整記錄]   [館藏目錄]   至系統瀏覽論文 (2020-6-30以後開放)
摘要(中) 因為發起的門檻十分低,分散式阻斷服務攻擊(DDoS)在這幾年變得來越常見。於 2013 年,垃圾郵件防禦組織SpamHaus就遭受了來自全球各地高峰達到75Gbps的DDoS流量攻擊,而知名程式碼託管網站GitHub也於2015年3月遭受了經過中間人之DDoS放大攻擊。然而,即使TCP/IP的規格已經被公佈數十年之久,至今對於分散式阻斷服務攻擊依然沒有良好的防禦方式。

本篇論文嘗試透過 TCP設計時保留之option欄位,因一般進行SYN-flood之惡意客戶端不會嘗試完成TCP三方交握之程序,如果有一經過認證、合法的客戶端嘗試連線至正遭受SYN-flood分散式阻斷服務攻擊之伺服器,在完成三方交握之後,伺服器端會回傳一特定封包,其TCP封包檔頭之option欄位會包含有新伺服器的IP位置與祕密字串,合法客戶端連線至新伺服器時,新伺服器會檢查是否有包含此祕密字串,若是檢查通過才放行此SYN封包,允許建立連線。
摘要(英) Distributed denial of service (DDoS) attacks has become more and more frequent nowadays. In 2013, a massive DDoS attack was launched against Spamhaus, a non-profit anti-spam mail organization. Up to 75Gbps of DNS reflection traffic were directed to Spamhaus′ servers, causing the service to shut down.

Although DDoS has been long around ever since the internet has become popular, no good solutions has been offered yet.

In this paper, we present a solution based on TCP redirection using TCP header options. When a legitimate client attempted to connect to a server undergoing an SYN-flood DDoS attack, it will try to initiate a TCP three-way handshake, after it has successfully established a connection, the server will reply with a RST packet, which a new server address and a secret is embedded in the TCP header options. The client can thus connect to the new server that only accepts SYN packets with the corrected secret using the supplied secret.
關鍵字(中) ★ 通訊控制協定
★ 阻斷服務攻擊
★ 三方交握
★ Linux
★ Netfilter
★ TCP options
關鍵字(英) ★ TCP
★ DoS
★ Three-way Handshake
★ Linux
★ Netfilter
★ TCP options
論文目次 中文摘要 i
Abstract ii
Acknowledgements iii
Table of Contents iv
List of Figures vi
List of Tables vii
Chapter 1 Introduction 1
Chapter 2 Background 3
2.1 Transmission Control Protocol 3
2.2 Denial of Service Attacks 5
2.3 SYN Flood 5
2.4 TCP Options 7
2.5 Netfilter 8
Chapter 3 Related Work 11
3.1 SYN Cookie 11
3.2 SYN Proxy 13
Chapter 4 System Design 15
4.1 System Overview 15
4.2 System Implementation 19
Chapter 5 Evaluation 23
5.1 Lab Environment 23
5.2 Evaluation Results 24
5.3 Discussion 26
Chapter 6 Conclusion 27
References 28
參考文獻 M. Abu Rajab, J. Zarfoss, F. Monrose, et al., "A multifaceted approach to understanding the botnet phenomenon," in Proceedings of the 6th ACM SIGCOMM conference on Internet measurement, 2006, pp. 41-52.
Kaspersky Lab. (2015, May 29). Statistics on botnet-assisted DDoS attacks in Q1 2015 [Online]. Available: https://securelist.com/blog/research/70071/statistics-on-botnet-assisted-ddos-attacks-in-q1-2015/
M. Prince (2013, Mar. 20). The DDoS That Knocked Spamhaus Offline (And How We Mitigated It) [Online]. Available: https://blog.cloudflare.com/the-ddos-that-knocked-spamhaus-offline-and-ho
R. Graham (2015, Apr. 01) Pin-pointing China′s attack against GitHub [Online]. Available: http://blog.erratasec.com/2015/04/pin-pointing-chinas-attack-against.html
RFC 793 - Transmission Control Protocol [Online]. Available: https://tools.ietf.org/html/rfc793
J. Mirkovic and P. Reiher, "A taxonomy of DDoS attack and DDoS defense mechanisms," ACM SIGCOMM Computer Communication Review, vol. 34, pp. 39-53, 2004.
Juniper Networks, Inc. Understanding Teardrop Attacks [Online]. Available: https://www.juniper.net/techpubs/software/junos-es/junos-es92/junos-es-swconfig-security/understanding-teardrop-attacks.html
L. Miao, W. Ding, and J. Gong, "A real-time method for detecting internet-wide SYN flooding attacks," in Local and Metropolitan Area Networks (LANMAN), 2015 IEEE International Workshop on, 2015, pp. 1-6.
Transmission Control Protocol (TCP) Parameters [Online]. Available: http://www.iana.org/assignments/tcp-parameters/tcp-parameters.xhtml#tcp-parameters-1
P. Salzman (2007, May 18). The Linux Kernel Module Programming Guide [Online]. Available: http://www.tldp.org/LDP/lkmpg/2.6/html/lkmpg.html#AEN40
Netfilter Architecture [Online]. Available: http://www.netfilter.org/documentation/HOWTO/netfilter-hacking-HOWTO-3.html
J. Lemon, "Resisting SYN Flood DoS Attacks with a SYN Cache," in BSDCon, 2002, pp. 89-97.
H. Jin, D. Tang, Y. Zhang, and H. Chen, "SHAK: eliminating faked three-way handshaking in socket handoff," in Parallel and Distributed Processing Symposium, 2004. Proceedings. 18th International, 2004, p. 184.
W. Tang, L. Cherkasova, L. Russell et al., "Modular TCP Handoff Design in STREAMS–Based TCP/IP Implementation," in Networking—ICN 2001, ed: Springer, 2001, pp. 71-81.
Z. Wu and Z. Chen, "A three-layer defense mechanism based on web servers against distributed denial of service attacks," in Communications and Networking in China, 2006. ChinaCom′06. First International Conference on, 2006, pp. 1-5.
P. McHardy. (2013, Aug. 7). netfilter: implement netfilter SYN proxy [Online]. Available: https://lwn.net/Articles/563151/
Hping - Active Network Security Tool [Online]. Available: http://www.hping.org
指導教授 許富皓(Fu-hao Hsu) 審核日期 2015-7-22
推文 facebook   plurk   twitter   funp   google   live   udn   HD   myshare   reddit   netvibes   friend   youpush   delicious   baidu   
網路書籤 Google bookmarks   del.icio.us   hemidemi   myshare   

若有論文相關問題,請聯絡國立中央大學圖書館推廣服務組 TEL:(03)422-7151轉57407,或E-mail聯絡  - 隱私權政策聲明