這個特色導致無論從受害主機端或是從ISPs端均難以得知實際參與攻擊的惡意主機。而即使遭攻擊的主機發現長時間都無使用者與其連線,遭攻擊的主機也僅能感覺狀況異常,而無法得知其是否遭受Crossfire 及 Coremelt DDoS攻擊。因此在本論文中我們將發展出一server side的偵測系統,用以偵測server side是否遭受Crossfire及Coremelt DDoS attack,且偵測系統在遭受Crossfire 及 Coremelt DDoS攻擊時被癱瘓的網段之位置。 ;Due to the lack of effective solutions, DoS and DDoS attack is common on the internet now which cause serious damage. There are numerous types of DoS and DDos attack. Among them, Crossfire and Coremelt DDos Attack are considered as difficult problems by computer security experts. The main reason is that the attack packets which caused by Coremelt and Crossfire are not send to the target host machines directly but the machines controlled by attacker. (The target host machines are usually servers on the internet.)
This feature of Coremetl and Crossfire leads to that it’s difficult to know the actual host machines which are participated in the attack from both the ISP side and the victim side. So that the target servers can only feel the abnormal situation but not know whether they suffered from Crossfire and Coremelt attack, even if target servers find that there are no client connections for a long time. In this project we will develop an server side system to detect whether the server side machine suffered from Crossfire and Coremelt attack and the location of the network segment which were paralyzed by Crossfire and Coremelt.