计算机应用
計算機應用
계산궤응용
COMPUTER APPLICATION
2009年
11期
2964-2968
,共5页
网络地址转换%Teredo服务%搜索引擎%bubble-to-open程序
網絡地阯轉換%Teredo服務%搜索引擎%bubble-to-open程序
망락지지전환%Teredo복무%수색인경%bubble-to-open정서
Network Address Translation (NAT)%Teredo service%search engine%bubble-to-open program
现有网络中网络地址转换(NAT)的存在使得其后网络中的主机对外部网络变得不可见,IPv6庞大的地址空间也使得攻击者利用传统的随机地址扫描策略很难找到有漏洞主机.概述当前DDoS攻击的基本原理,具体分析了随着因特网体系结构的变化,网络NAT等设施的出现对DDoS攻击所带来的影响.针对传统理论在研究DDoS攻击过程中的一些不足,提出了一种基于搜索引擎技术和Teredo服务的新型扫描策略,以及对NAT后主机实施DDoS攻击的具体方法.仿真实验证明这种新型DDoS入侵攻击更加有效,对复杂网络环境的适应性也更强.
現有網絡中網絡地阯轉換(NAT)的存在使得其後網絡中的主機對外部網絡變得不可見,IPv6龐大的地阯空間也使得攻擊者利用傳統的隨機地阯掃描策略很難找到有漏洞主機.概述噹前DDoS攻擊的基本原理,具體分析瞭隨著因特網體繫結構的變化,網絡NAT等設施的齣現對DDoS攻擊所帶來的影響.針對傳統理論在研究DDoS攻擊過程中的一些不足,提齣瞭一種基于搜索引擎技術和Teredo服務的新型掃描策略,以及對NAT後主機實施DDoS攻擊的具體方法.倣真實驗證明這種新型DDoS入侵攻擊更加有效,對複雜網絡環境的適應性也更彊.
현유망락중망락지지전환(NAT)적존재사득기후망락중적주궤대외부망락변득불가견,IPv6방대적지지공간야사득공격자이용전통적수궤지지소묘책략흔난조도유루동주궤.개술당전DDoS공격적기본원리,구체분석료수착인특망체계결구적변화,망락NAT등설시적출현대DDoS공격소대래적영향.침대전통이론재연구DDoS공격과정중적일사불족,제출료일충기우수색인경기술화Teredo복무적신형소묘책략,이급대NAT후주궤실시DDoS공격적구체방법.방진실험증명저충신형DDoS입침공격경가유효,대복잡망락배경적괄응성야경강.
The technology of Network Adress Translator (NAT) is widely used in the Internet. With this technology, computers set behind the NAT are separated to the external net. Attacker can hardly find and invade those computer behind the NAT by the conventional technique. Some principles of DDoS attack were briefly introduced and a concrete analysis about the effect of NAT on DDoS attack was given. To overcome the weakness of traditional mode in describing the propagation of DDoS attack, a new scanning strategy based on the Teredo technology and search engines was presented. Attacker could more rapidly invade computers set behind the NAT and use those computers more efficiently to actualize the DDoS attack. Compared with the conventional invasive methods, the simulation results show that the new method is more effective and feasible.