摘要: | 隨著現代科技的不斷進步與發展,網路已不僅僅是滿足早期軍事通訊需求的工具,而是透過先進的雲端技術和物聯網技術將各種資源、服務與應用整合於網路中,形成了一個複雜度高、數量大的異質系統。而現代網路中的管理人員為了減少負擔,快速的在問題發生時即時回應,因此紛紛採用了網路監控系統來減輕負擔。Zabbix網路監控工具透過開源的特性以及強大的社群支援,可以有效偵測並管理因系統不穩、效能瓶頸或網路等問題造成的系統中斷,確保網路和服務具備高可用度,為組織及企業提供一個穩定的基礎設施管理方法。 在眾多網路威脅之中,Distributed Denial of Service(DDoS)攻擊是導致網路和服務不可用的重要因素,由於其變化性高以及難以溯源的特性,至今仍缺乏一個完整的解決方案,並隨著殭屍網路數量增加以及DDoS工具的廣泛流傳,使攻擊者進行DDoS攻擊的成本大幅降低,甚至出現了以DDoS攻擊為服務的供應商。相反的,對於一般的使用者而言,網路的重要性卻是正在快速攀升,這樣的反差,使得DDoS攻擊在近年來仍不斷肆虐,企業及組織的基礎設施仍暴露於DDoS攻擊的風險之中,因此擁有DDoS攻擊防禦手段是必要的。現今的防禦手段大多需要額外的軟硬體支援或是購買服務,於是對於DDoS攻擊的防禦力決定於各企業組織的口袋深度,這對於中小企業來講無疑是一大困境,使其需要在經濟壓力與網路安全之間做出抉擇。在這種背景下,發展出易於佈署、經濟負擔不會過大、能成功緩解DDoS攻擊的防禦策略是必要的。 本研究首先提出基於Zabbix網路監控工具的自動化路由黑洞機制,該方案透過本研究所提之UDP Reflection Amplification(URA)偵測模組來偵測新興DDoS攻擊以及使用自動化Remote Trigger Blackhole(RTBH)模組來對邊界路由器上的路由進行控制,進而觸發自動化路由黑洞機制,緩解新興DDoS攻擊所帶來的影響。;As modern technology advances, the Internet has evolved beyond its initial purpose as a military communication tool. It now integrates resources, services, and applications using advanced cloud and IoT technologies, creating a complex, heterogeneous system. Network administrators, in response to demands for efficient system management and timely issue resolution, have adopted network monitoring systems. Among these, the Zabbix network monitoring tool, notable for its open-source nature and strong community support, effectively detects and manages system outages caused by instability, performance bottlenecks, or networking challenges. This tool ensures a high level of network and service availability, providing organizations with a stable approach to infrastructure management. DDoS attacks are powerful threats that can make networks and services unavailable. Due to their high variability and difficulty in tracing, there still lacks a comprehensive solution to handle. The increasing number of botnets and widespread distribution of DDoS tools have significantly reduced the cost for attackers to launch DDoS attacks. On the contrary, for general users, the importance of the network is rapidly rising. This contrast makes DDoS attacks happens a lot in recent years. Most current defense methods require additional software, hardware support, or the acquisition of services. Therefore, defending against DDoS attacks often depends on the financial capacity of each enterprise or organization. In this study, utilizing Zabbix as a monitoring tool, we propose an automated route blackholing mechanism to counter DDoS attacks. We introduce the UDP Reflection Amplification (URA) detection module to detect DDoS activities, and we implement the automated Remote Trigger Blackhole (RTBH) module to mitigate the impact of such attacks. This approach offers a cost-effective solution specifically for alleviating the effects of DDoS attacks |