Intrusion Collaborative Disposal Method of Spoofed IP Address in DDoS Attacks

doi:10.3969/j.issn.1671-1122.2019.05.003

Abstract

Abstract:

Spoofed IP address is the basis of many DDoS attacks, which makes it difficult to trace and respond to security incidents. URPF is mainly used to prevent the network attacks based on the source address spoofing. Network ingress filtering is used to check the packets from the network inside. On basis of telecom enterprise network this paper proposes the spoofed IP address collaborative disposal method based on the URPF technology and network ingress filtering, which realizes double filtering of the spoofed IP address inside the network and on the boundary export. Experiments show that this method can effectively prevent spoofed IP address traffic. After the large-scale application of Anhui telecom backbone network, monitoring data from CNCERT confirmed that Anhui telecom backbone routers have no local forged traffic and cross-domain forged traffic.

Key words: network security, DDoS attack, spoofed IP address, URPF, network ingress filtering

CLC Number:

TP309

Ke ZHANG, Youjie WANG, Shaoyin CHENG, Lidong WANG. Intrusion Collaborative Disposal Method of Spoofed IP Address in DDoS Attacks[J]. Netinfo Security, 2019, 19(5): 22-29.

Figures/Tables 5

References 19

[1]	PENG Tao, LECKIE C, RAMAMOHANARAO K.Survey of Network-based Defense Mechanisms Countering the DoS and DDoS Problems[J]. ACM Compute Surveys, 2007, 39(1): 1-42.
[2]	ZHANG Yongzheng, XIAO Jun, YUN Xiaochun, et al.DDoS Attacks Detection and Control Mechanisms[J]. Journal of Software, 2012, 23(8): 2058-2072.
[3]	CHI Shuiming, ZHOU Suhang.Research on Defend Against DDoS Attacks[J]. Netinfo Security, 2012, 12(5): 27-31.
	池水明,周苏杭. DDoS攻击防御技术研究[J].信息网络安全,2012,12(5):27-31.
[4]	XIE Gaogang, ZHANG Yujun, LI Zhenyu, et al.A Survey on Future Internet Architecture[J]. Chinese Journal of Computers, 2012, 35(6): 1109-1119.
	谢高岗,张玉军,李振宇,等.未来互联网体系结构研究综述[J].计算机学报,2012,35(6):1109-1119.
[5]	DIETRICH S, LONG N, DITTRICH D.Analyzing Distributed Denial of Service Tools: The Shaft Case[C]// USENIX. The 14th USENIX Conference on System Administration, December 3-8, 2000, New Orleans, Louisiana , USA. New York: ACM, 2000: 329-340.
[6]	BAO Xuhua, HONG Hai, CAO Zhihua.King of Destruction: Analysis of DDoS Attack and Defense Depth[M]. Beijing: China Machine Press, 2014.
	鲍旭华,洪海,曹志华. 破坏之王——DDoS攻击与防范深度剖析[M].北京:机械工业出版社,2014.
[7]	XU Qian.DDoS Attack Principle and Countermeasure[J]. Netinfo Security, 2004, 4(5): 48-50.
	徐茜. DDoS攻击原理及应对策略[J].信息网络安全,2004,4(5):48-50.
[8]	ZHANG Yongzheng, XIAO Jun, YUN Xiaochun, et al.DDoS Attacks Detection and Control Mechanisms[J]. Journal of Software, 2012, 23(8): 2058-2072.
	张永铮,肖军,云晓春,等. DDOS攻击检测和控制方法[J].软件学报,2012,23(8):2058-2072.
[9]	WANG Haining, JIN Cheng, SHIN K G.Defense against Spoofed IP Traffic Using Hop_count Filtering[J]. IEEE/ACM Trans on Networking, 2007, 15(1): 40-53.
[10]	CHEN Xi, YANG Jianhua, XIE Gaogang.Light Weight DDoS Defense Method Based on against Spoofed IP Addresses[J]. Application Research of Computers, 2008, 25(12): 3716-3719.
	陈曦,杨建华,谢高岗. 基于伪造IP地址检测的轻量级DDoS防御方法[J]. 计算机应用研究,2008,25(12):3716-3719.
[11]	FENG Qingyun, QU Haipeng, ZHOU Ying, et al.Packet Marking Scheme to Defend against Spoofed IP DDoS Attack[J]. Computer Engineering, 2008, 34(19): 141-143.
	冯庆云,曲海鹏,周英,等. 基于数据包标记的伪造IP DDos攻击防御[J].计算机工程,2008,34(19):141-143.
[12]	CONG Yuhua.Application of URPF Technology in Network Security[J]. Science &Technology Information, 2011(35): 118-119.
	从玉华. URPF技术在网络安全上的应用[J].科技信息,2011(35):118-119.
[13]	WANG Xiulei, CHEN Ming, XING Changyou, et al.Software Defined Security Networking Mechanism against DDoS Attacks[J]. Journal of Software, 2016, 27(12) : 3104-3119.
	王秀磊,陈鸣,邢长友,等. 一种防御DDoS攻击的软件定义安全网络机制[J].软件学报,2016,27(12):3104-3119.
[14]	CNCERT. 2017 Analysis Report of DDoS Attack Resources in China[EB/OL]. , 2017-12-25.
	CNCERT. 2017年我国DDoS攻击资源分析报告[EB/OL].,2017-12-25.
[15]	FERGUSON P, SENIE D.Network Ingress Filtering: Defeating Denial of Service Attacks which Employ IP Source Address Spoofing[S]. RFC 2827, 2001.
[16]	CNCERT. Monthly Analysis Report of DDoS Attack Resources in China - January 2018[EB/OL]. , 2018-2-11.
	CNCERT.我国DDoS攻击资源月度分析报告-2018年1月[EB/OL]. ,2018-2-11.
[17]	CNCERT. Monthly Analysis Report of DDoS Attack Resources in China - February 2018[EB/OL]. , 2018-3-23.
	CNCERT.我国DDoS攻击资源月度分析报告-2018年2月[EB/OL]. ,2018-3-23.
[18]	CNCERT. Monthly Analysis Report of DDoS Attack Resources in China - March 2018[EB/OL]. , 2018-5-14.
	CNCERT.我国DDoS攻击资源月度分析报告-2018年3月[EB/OL]. ,2018-5-14.
[19]	CNCERT. Monthly Analysis Report of DDoS Attack Resources in China - April 2018[EB/OL]. , 2018-5-14.
	CNCERT.我国DDoS攻击资源月度分析报告-2018年4月[EB/OL]. ,2018-5-14.

端口配置模式	边界过滤法	发送伪造数据包/个	接收伪造数据包/个	对正常业务影响
松散型URPF	无	20	20	无
松散型URPF	有	20	0	无
严格型URPF	无	20	0	有
严格型URPF	有	20	0	有