DDos 响应分析(补)
<p style="text-align:justify;text-justify:inter-ideograph;text-indent:30.0pt;mso-char-indent-count:2.0;mso-outline-level:1"><font class="Apple-style-span" color="#808000" size="3"><span lang="EN-US" style="font-family: 微软雅黑, sans-serif; "> DDos </span><span style="font-family: 微软雅黑, sans-serif; ">响应分析<span lang="EN-US"></span></span></font></p>
<p style="text-align:justify;text-justify:inter-ideograph;text-indent:18.0pt;
mso-char-indent-count:2.0"><font class="Apple-style-span" color="#808000" size="3"><span style="font-family: 微软雅黑, sans-serif; "> 要前瞻性防范针对专用网络的攻击,一个解决方法就是将合法路径<span lang="EN-US">“</span>隐藏<span lang="EN-US">”</span>起来,使攻击者难觅其踪,并且要定期改变网络的拓扑结构。源地址过滤、秘密代理服务器<span lang="EN-US">(servlet) </span>和虚拟覆盖网络</span><span lang="EN-US" style="font-family: 微软雅黑, sans-serif; ">(</span><span style="font-family: 微软雅黑, sans-serif; ">带有安全覆盖接入点,<span lang="EN-US">SOAP)</span>在重新配置方案中是非常有帮助的<span lang="EN-US"></span></span></font></p>
<p style="text-align:justify;text-justify:inter-ideograph;text-indent:18.0pt;
mso-char-indent-count:2.0"><font class="Apple-style-span" color="#808000" size="3"><span style="font-family: 微软雅黑, sans-serif; "> 如果任何传输需要穿过覆盖网络,都必须首先在覆盖网络的入口点<span lang="EN-US">(SOAP </span>机器<span lang="EN-US">)</span>进行验证。只有经过确认的用户才能访问网络</span><span style="font-family: 微软雅黑, sans-serif; ">。如果攻击者发现了客户端前面的过滤路由器的地址,他们仍有可能进行强行攻击。<span lang="EN-US"></span></span></font></p>
<p style="text-align:justify;text-justify:inter-ideograph;text-indent:18.0pt;
mso-char-indent-count:2.0"><span style="font-family: 微软雅黑, sans-serif; "><font class="Apple-style-span" color="#808000" size="3"> 保护专用网的另一个解决方案是使用<span lang="EN-US">“Client Puzzle”</span>等加密过程。此种方法需要客户端牺牲一些资源来证明自身是合法的。基本原理是,当服务器受到攻击时,它将小的加密<span lang="EN-US"> Puzzle </span>分发到提出服务请求的客户端。为了完成请求,客户端必须正确解开<span lang="EN-US">
Puzzle</span>。<span lang="EN-US"></span></font></span></p>
<p style="text-align:justify;text-justify:inter-ideograph;text-indent:18.0pt;
mso-char-indent-count:2.0"><font class="Apple-style-span" color="#808000" size="3"><span style="font-family: 微软雅黑, sans-serif; "> 其他解决方案可以过滤和降低<span lang="EN-US"> DDOS </span>流量。在资源复制中<span lang="EN-US">(</span>例如<span lang="EN-US">
XenoService)</span>,受感染计算机或网络</span><span style="font-family: 微软雅黑, sans-serif; ">通过生成所需资源的副本,对<span lang="EN-US">DDOS</span>攻击进行响应。合法性测<span lang="EN-US">(NetBouncer) </span>可将合法流量与非法流量区分开。使用遏制技术</span><span style="font-family: 微软雅黑, sans-serif; ">,<span lang="EN-US">ISP </span>可以使用<span lang="EN-US">
honeypot </span>捕获恶意代码,然后研究和阻止这些代码。<span lang="EN-US"></span></span></font></p>
<p style="text-align:justify;text-justify:inter-ideograph;text-indent:18.0pt;
mso-char-indent-count:2.0"><span style="font-family: 微软雅黑, sans-serif; "><font class="Apple-style-span" color="#808000" size="3"> 为了撰写这些日志,我查阅了一些白皮书和理论论文。其中最重要的是<span lang="EN-US">VrizlynnThing Ling Ling </span>博士在<span lang="EN-US"> 2008 </span>年<span lang="EN-US"> 8 </span>月的提交的一篇<span lang="EN-US"> 204 </span>页的博士论文,该论文给我留下了深刻印象响应方法的用法如下图:<span lang="EN-US"></span></font></span></p>
<p style="text-align:justify;text-justify:inter-ideograph;text-indent:18.0pt;
mso-char-indent-count:2.0"><span style="font-family: 微软雅黑, sans-serif; "><font class="Apple-style-span" color="#808000" size="3"> <span lang="EN-US">DDos</span>响应的相关知识就介绍忘了,结合以前关于<span lang="EN-US">DDos</span>的介绍,相信大家已对<span lang="EN-US">DDos</span>有了一个深入的认识了,总之,知己知彼百战百胜,有攻击就必有防御的措施。<span lang="EN-US"></span></font></span></p>
<p style="text-align:justify;text-justify:inter-ideograph"><span lang="EN-US" style="font-family: 微软雅黑, sans-serif; "><font class="Apple-style-span" color="#808000" size="3"> </font></span></p>
页:
[1]