通信学报
通信學報
통신학보
JOURNAL OF CHINA INSTITUTE OF COMMUNICATIONS
2014年
z1期
31-35
,共5页
NTP%反射型放大攻击%DDoS%DRDoS%行为追踪
NTP%反射型放大攻擊%DDoS%DRDoS%行為追蹤
NTP%반사형방대공격%DDoS%DRDoS%행위추종
NTP%reflection amplification attack%DDoS%DRDoS%behavior tracking
提出了一种利用NTP反射型放大攻击的特点,通过对中国大陆开放公共NTP服务的主机定期发起主动探测(执行monlist指令),利用返回信息对全球范围NTP反射类DRDoS攻击事件进行长期追踪观察和统计分析。追踪从2014年2月开始,初始探测范围为大陆近1.4万台NTP服务主机,每隔2 h一个周期持续进行了164天,观测到了针对数十万个IP地址的疑似DDoS攻击行为。
提齣瞭一種利用NTP反射型放大攻擊的特點,通過對中國大陸開放公共NTP服務的主機定期髮起主動探測(執行monlist指令),利用返迴信息對全毬範圍NTP反射類DRDoS攻擊事件進行長期追蹤觀察和統計分析。追蹤從2014年2月開始,初始探測範圍為大陸近1.4萬檯NTP服務主機,每隔2 h一箇週期持續進行瞭164天,觀測到瞭針對數十萬箇IP地阯的疑似DDoS攻擊行為。
제출료일충이용NTP반사형방대공격적특점,통과대중국대륙개방공공NTP복무적주궤정기발기주동탐측(집행monlist지령),이용반회신식대전구범위NTP반사류DRDoS공격사건진행장기추종관찰화통계분석。추종종2014년2월개시,초시탐측범위위대륙근1.4만태NTP복무주궤,매격2 h일개주기지속진행료164천,관측도료침대수십만개IP지지적의사DDoS공격행위。
Based on characteristics of NTP reflection amplification attack, proposes a method of regularly launching ac-tive detection to hosts of public NTP services in Chinese mainland (execution of monlist instruction) and doing a long-term follow-up observation and statistical analysis of global NTP reflection DRDoS attacks based on the return in-formation. The track began in February 2014, the initial detection range covered 14 000 NTP servers in China mainland, and detection period is 164 days with two hours for each cycle, observed suspected DDOS attacks against hundreds of thousands of IP addresses.
