软件定义边界 SDP 作为分布式拒绝服务(DDoS)攻击的防御机制(英文版)

2020年4月

软件定义边界 SDP 作为分布式拒绝服务(DDoS)攻击的防御机制(英文版)

软件定义边界(SDP)工作组

2014年4月

Abstract

A Distributed Denial-of-Service (DDoS) attack is a large-scale attack in which the perpetrator uses more than one unique source IP address (often thousands of them) to launch simultaneous attacks against a target. The goal is to overload the service (or its network), preventing it from being able to deliver its intended services. Since the incoming traffic flooding the victim originates from many different sources, it is impossible to stop the attack by using simple techniques such as ingress filtering or source blacklisting. This also makes it very difficult to distinguish legitimate user traffic from attack traffic when spread across so many points of origin. Some DDoS attacks involve forging IP sender addresses (IP address spoofing), further complicating efforts to identify and defend against the attack1.

Introduction

5

SDP as a DDoS Defense Mechanism

11

HTTP Flood Attack & SDP Defense

13

TCP SYN Flood Attack and SDP Defense

15

UDP Reflection Attack & SDP Defense

16

Summary

18

更多下载查看

点击下载

深云SDP

云时代的企业安全体系

申请试用

免费试用