網際網路的阻斷式攻擊行為,從1998年開始至今已經有十多年之久,雖然有不少學者提供防禦或是找出攻擊來源的方法,但至今尚未有一個可以徹底防禦的做法。2000年2月,全球性大型的網站均遭受網際網路的阻斷式攻擊,包括入口類型網站的Yahoo、拍賣網站的eBay、網路購物網站的Amazon,甚至連CNN新聞網站都受到波及。 阻斷式攻擊(denial of service)延伸發展至分散式阻斷式攻擊(distributed denial of service),同一時間從不同地方的電腦,發送大量網路封包到同一台網路主機,造成該網路主機無法承受處理巨量的封包,達成分散式阻斷式攻擊的目的。所造成的影響就是該網路主機服務中斷,使用者無法正常使用該網路主機的各項服務。這些攻擊並沒有要獲取網站的任何資料,也沒有入侵修改任何資料,只是讓網站的服務癱瘓。為了改善分散式阻斷式攻擊,目前有不少的改善方案,例如:短時間內找出攻擊來源,將攻擊來源的封包阻擋於網路主機之外。但是,找出攻擊來源必須從目前連線資料中過濾找出,花費時間過濾,導致主機服務中斷時,無法於第一時間內排除障礙。所以,我們整合多平台的方式,將遭受攻擊的網路主機,能於第一時間發現遭攻擊,並於最短時間內排除攻擊來源,恢復網路主機的各項服務功能。 本文將深入探討阻斷式攻擊的模式,並從網路使用者端、網路主機端及網路服務提供者等三方面,防止使用者電腦變成攻擊者,防禦網路主機變成被攻擊者,而網路服務提供者成為網路使用監督者,共同來抵擋阻斷式攻擊的發生。
Since 1998, internet denial of service (DoS) attack activity has a history over ten years. Though many researchers provided some strategies of defense or finding the attack source, none of them can prevent DoS completely until now. In February 2000, global large sites were all hit by DoS attacks. These sites include portal-type site Yahoo!, eBay auction site and Amazon online shopping site. Even CNN news site was affected. DoS extends to distributed denial of service (DDoS) attack. In a DDoS attack, a large number of attacking packets which come from different addresses are sent to the targeted system. Objective of DDoS has been achieved when the system cannot afford and handle these packets. The attacks may cause interruption of sever service and make the services and resource unavailable to its intended users. The aim of these attacks is neither to acquire data of the website nor to change them, but to make its services collapsed. In order to weaken DDoS attacks, many methods have been proposed. For example, some methods find the source of attack in the shortest possible time and prevent the attacking packets from flooding bandwidth of the web server. However, it needs to take some time to find and filter the source of attack from current connections, which makes it impossible to remove obstacles rapidly when service interruption occurs. Therefore, we use the approach of multi-platform integration to discover the sources as soon as possible and eliminate it in the shortest time, to restore the services of web server. In this thesis, we discuss the models of DDoS attacks from internet users, web server and internet service provider. Our proposed methods can prevent a user becoming an attacker, and web server to be attacked. Besides, our proposed methods also results that internet service provider become a supervisor and resist the DDoS attacks.