信息网络安全 ›› 2019, Vol. 19 ›› Issue (5): 22-29.doi: 10.3969/j.issn.1671-1122.2019.05.003

• 技术研究 • 上一篇    下一篇

DDoS攻击中的IP源地址伪造协同处置方法

张可1(), 汪有杰2, 程绍银3, 王理冬4   

  1. 1. 国家计算机网络应急技术处理协调中心安徽分中心,安徽合肥 230041
    2. 安徽电信网络安全操作中心,安徽合肥 230031
    3. 中国科学技术大学网络空间安全学院,安徽合肥 230027
    4. 安徽省电子产品监督检验所(安徽省信息安全测评中心),安徽合肥 230061
  • 收稿日期:2019-03-04 出版日期:2019-05-10 发布日期:2020-05-11
  • 作者简介:

    作者简介:张可(1986—),男,安徽,高级工程师,硕士,主要研究方向为网络与信息安全;汪有杰(1981—),男,安徽,工程师,本科,主要研究方向为网络与信息安全;程绍银(1981—),男,安徽,讲师,博士,主要研究方向为网络安全;王理冬(1980—),男,安徽,高级工程师,硕士,主要研究方向为网络与信息安全。

  • 基金资助:
    安徽省自然科学基金[1208085QF112];量子通信与量子计算机重大项目安徽省引导性项目[AHY150400]

Intrusion Collaborative Disposal Method of Spoofed IP Address in DDoS Attacks

Ke ZHANG1(), Youjie WANG2, Shaoyin CHENG3, Lidong WANG4   

  1. 1. Anhui Branch, National Computer Network Emergency Response Technical Team, Hefei Anhui 230041, China
    2. Anhui Telecom Network Security Operation Center, Hefei Anhui 230031, China
    3. School of Cyber Security, University of Science and Technology of China, Hefei Anhui 230027, China
    4. Anhui Institute of Electronic Products Supervision and Inspection(Anhui Information Security Testing Evaluation Center),Hefei Anhui 230061, China
  • Received:2019-03-04 Online:2019-05-10 Published:2020-05-11

摘要:

IP源地址伪造是多种DDoS攻击的基础,给安全事件的溯源和响应处置造成了很大困难。URPF主要用于防止基于源地址欺骗的网络攻击行为,边界过滤法用于对来自网络内部的数据包进行检查。基于基础电信运营企业网络,文章提出了基于URPF技术和边界过滤法的IP源地址伪造协同处置方法,可在网内和边界出口双重过滤伪造IP源地址。实验结果表明,该方法有效阻止了IP源地址伪造流量。某省电信骨干网大规模应用后,CNCERT监测数据证实骨干路由器已无本地伪造流量和跨域伪造流量出现。

关键词: 网络安全, DDoS攻击, IP源地址伪造, URPF, 边界过滤法

Abstract:

Spoofed IP address is the basis of many DDoS attacks, which makes it difficult to trace and respond to security incidents. URPF is mainly used to prevent the network attacks based on the source address spoofing. Network ingress filtering is used to check the packets from the network inside. On basis of telecom enterprise network this paper proposes the spoofed IP address collaborative disposal method based on the URPF technology and network ingress filtering, which realizes double filtering of the spoofed IP address inside the network and on the boundary export. Experiments show that this method can effectively prevent spoofed IP address traffic. After the large-scale application of Anhui telecom backbone network, monitoring data from CNCERT confirmed that Anhui telecom backbone routers have no local forged traffic and cross-domain forged traffic.

Key words: network security, DDoS attack, spoofed IP address, URPF, network ingress filtering

中图分类号: