鏈路洪泛攻擊是一種新型態的阻斷服務攻擊,其著重於阻斷網絡中的重要線路。Crossfire 為一種鏈路洪泛攻擊的形式,它藉由將封包送至鄰近目標區域的誘餌服務端,可以達到封鎖整個目標區域的效果。我們的做法目標在於讓攻擊者無法蒐集正確情報以阻止其發動攻擊。在軟體定義網絡的環境中,我們可以任意決定ICMP 超時訊息的來源位址。我們藉由不斷改變超時訊息的來源位址,使攻擊者將相同的路由器錯認成不同的。攻擊者便會建出幾乎找不到攻擊流經過的鏈路圖,使他難以發動攻擊。攻擊者便只好放棄發動Crossfire 攻擊。我們在mininet 環境中以ryu作為控制器進行實驗,驗證攻擊流數量的降低程度。
Link-Flooding Attack(LFA) is a new type of Distributed Denial-of-Service(DDoS) which focuses on important links in the network. Crossfire is one of LFA that blocks the whole area from networks by sending packets to decoy servers near to the target area. We present Router Mutation that stops attackers by forcing them to get wrong network information. In the Software-Defined Networks(SDN) environment, We can send ICMP time exceeded message with any source IP address we want. We send a message with a virtual IP address that keeps changing. The adversary may consider the same router as a different one, so he will build a link-map with few attack flow going through it. It is hard for him to launch an attack based on this information, so the adversary would give up the Crossfire. We verify our approach on Mininet with Ryu controller.