[1]徐永红,张琨,杨云,等.Smurf攻击及其对策研究[J].南京理工大学学报(自然科学版),2002,(05):512-516.
 XuYonghong ZhangKun YangYun LiuFengyu.A Study on Smurf Attack and Its Countermeasures[J].Journal of Nanjing University of Science and Technology,2002,(05):512-516.
点击复制

Smurf攻击及其对策研究()
分享到:

《南京理工大学学报》(自然科学版)[ISSN:1005-9830/CN:32-1397/N]

卷:
期数:
2002年05期
页码:
512-516
栏目:
出版日期:
2002-10-30

文章信息/Info

Title:
A Study on Smurf Attack and Its Countermeasures
作者:
徐永红张琨杨云刘凤玉
南京理工大学计算机科学与技术系, 南京210094
Author(s):
XuYonghong ZhangKun YangYun LiuFengyu
Department of Computer Science and Technology,NUST,Nanjing 210094
关键词:
拒绝服务攻击 Smurf 攻击 网络安全
Keywords:
denial of serv ice Smurf at tack network security
分类号:
TP393.08
摘要:
Smurf攻击为DDoS攻击中较为常见的一种。该攻击方式利用TCP/IP协议自身的缺陷 ,结合使用IP欺骗和ICMP回复方法 ,使网络因响应ICMP回复请求而产生大量的数据流量 ,导致网络严重的拥塞或资源消耗 ,引起目标系统拒绝为合法用户提供服务 ,从而对网络安全构成重大威胁。该文在分析了这种攻击实施的原理的基础上 ,提出这种攻击的检测方法和防范技术。
Abstract:
Smurf at tack is one common method among distributed denial of serviceattacks. U t ilizing the bugs of TCP/ IP protocol together w ith spoofed IP address and ICMP echo, this at tack method produces large amount of data packets, w hich w ill lead to serious network congestion and resource consuming. Then, the at tacked system w ill deny service for leg al user. By analyzing the principles of Smurf attack, this paper proposes the detect ion method and defense technology of this at tack.

参考文献/References:

1  Computer emergency response team. Cer t adv isory - 2000. Denial of ser vice developments.http: / / w ww . cer t. org/ advisories/ CA- 2000- 01. html
2  Heberlein L T, Bisho p M. In: Ellen F. Attack class: address spoofing. Proceedings of the 19th National Informat ion Systems Securit y Conference. Balt imo re: Johns Hopkins University Pr ess,1996. 371~ 377
3  Cr aig A. T he latest in denial of ser vice attacks: "smurfing" descript ion and information to mini-mize effects. http: / / w ww . pentics. net/ - denial- of- service/ white- papers/smur f. cgi
4  Ferg uson P, Senie D. Networ k ingress filtering: defeating denial of service attacks, which employ IP sour ce addr ess spoofing. RFC2267- 1998. ww w. landfield. com/ rfcs/ r fc2267. html
5 Dietr ich Long S, Dittrich N. In: Brian B, Robert G. Analyzing distr ibuted denial of ser vice tools: the Shaft case. Pro ceedings of 14th Systems Administration Conference. Berkeley:USENIX Assoc, 2000. 329~ 339
6 Senie D. Changing the default for directed broadcasts in routers. RFC2644 - 1999. http: / /ww w. ietf. org/ rfc
7 Par k K, Lee H. I n: Madacan N K, Deutsch S, Mer kle C L. On the effectiveness of route- based packet filtering for distr ibuted DoS attack prevention in pow er- law Internets. ACMSIGCOMM 2001 Conference. USA: ACM, 2001. 15~ 26

备注/Memo

备注/Memo:
国家自然科学基金资助项目 (6 99730 2 0 );国防科技预研基金资助项目
徐永红 男 31 岁 博士生
更新日期/Last Update: 2002-10-30