I HC QUC GIA H NI TRNG I HC CNG NGH

Phm Xun Bch

PHNG CHNG TN CNG T CHI DCH V PHN TN VO CC WEBSITE

KHO LUN TT NGHIP I HC H CHNH QUY

Ngnh: Cng ngh thng tin

H NI - 2010
1

I HC QUC GIA H NI TRNG I HC CNG NGH

Phm Xun Bch

PHNG CHNG TN CNG T CHI DCH V PHN TN VO CC WEBSITE

KHO LUN TT NGHIP I HC H CHNH QUY

Ngnh: Cng ngh thng tin Cn b hng dn: TS. Nguyn i Th

H NI - 2010

LI CM N
Li u tin em xin by t lng bit n su sc n thy gio TS. Nguyn i Th hng dn ch bo em rt tn tnh trong sut nm hc va qua. Em xin by t lng bit n n cc thy c gio trong khoa Cng ngh thng tin, trng i hc Cng ngh, i hc Quc gia H Ni. Cc thy c dy bo, ch dn em trong sut bn nm hc ti trng i hc Cng ngh, to iu kin tt nht gip em hon thnh kha lun tt nghip. Ti xin cm n cc bn sinh vin K51 trng i hc Cng ngh, c bit l cc bn sinh vin lp K51CA v K51MMT cng cc thnh vin cng phng 202B k tc x ngoi ng on kt, gip cng ti theo hc cc b mn b ch v th v trong chng trnh hc i hc ti trng. Cui cng, con xin gi ti b, ch gi, m nui cng gia nh lng bit n v tnh cm yu thng.

H Ni, ngy 19/05/2010 Phm Xun Bch

TM TT
Phng chng tn cng t chi dch v, c bit l cc cuc tn cng t chi dch v phn tn vo cc Website vn ang l ti nhn c rt nhiu quan tm ca cc nh nghin cu. Bn cnh nhng kh khn do c s h tng mng cn yu km, s pht trin khng ngng ca cc cng c v phng php tn cng khin cho vic phng v chng tn cng t chi dch v tr thnh mt vn rt nan gii. Kha lun ny s trnh by v mt phng php phng chng tn cng t chi dch v hiu qu bng cch s dng mt kin trc mng bao ph bo v Website. Trong kin trc ny, mt nhm cc SOAP, secure overlay Access Point, s thc hin chc nng kim tra v phn bit ngi truy cp vi cc chng trnh c hi ca nhng k tn cng, a yu cu ca ngi dng hp l n cc node b mt trong mng bao ph bng kt ni SSL thng qua mng . Sau cc node b mt s chuyn tip yu cu ngi dng, qua mt vng lc, n vi Server ch. Vic dng cc b lc mnh lc cc yu cu c hi gi trc tip n Server ch, ch cho php cc node b mt c truy cp, cng vi vic s dng mng bao ph che giu cc node b mt, v nhm cc SOAP trong mng bao ph c th b tn cng sn sng c thay th bng cc SOAP khc, gip cho Website c bo v v hn ch ti a tc ng ca cc cuc tn cng. Tuy vy kin trc t ra bt lc khi mt hoc mt s cc node trong mng bao ph b chim dng tr thnh node gy hi v tn cng mng. Kha lun thc hin cc ci tin, c th pht hin tnh hung node gy hi tn cng, v t ng chuyn hng truy vn trnh khi s tn cng gy hi. Sau khi xy dng mt kch bn tn cng, kin trc ci tin c kim tra cho thy kt qu rt kh quan. T kha: Denial of Service, overlay node, Graphic Turing Test

ii

MC LC
LI CM N.............................................................................................. i TM TT.................................................................................................... ii MC LC................................................................................................... iii M U..................................................................................................... 1 Chng 1: CC CCH THC TN CNG T CHI DCH V.......... 3 1.1 Thit lp nn mng Agent................................................................ 3 1.1.1 Tm kim cc my d b tn thng........................................ 3 1.1.2 t nhp vo my d b tn thng......................................... 3 1.1.3 Phng php ly truyn .......................................................... 4 1.2 iu khin mng li my Agent.................................................... 5 1.2.1 Gi lnh trc tip..................................................................... 5 1.2.2 Gi lnh gin tip..................................................................... 5 1.2.3 Unwitting Agent....................................................................... 6 1.2.4 Thc hin tn cng................................................................... 7 1.3 Cc cch thc tn cng t chi dch v............................................ 8 1.3.1 Khai thc cc im yu ca mc tiu....................................... 8 1.3.2 Tn cng vo giao thc............................................................ 8 1.3.3 Tn cng vo Middleware........................................................ 10 1.3.4 Tn cng vo ng dng............................................................ 10 1.3.5 Tn cng vo ti nguyn.......................................................... 11 1.3.6 Pure Flooding........................................................................... 11 1.4 IP Spoofing....................................................................................... 12 1.5 Xu hng ca DoS........................................................................... 13
iii

Chng 2: CC BIN PHP PHNG CHNG TRUYN THNG...... 14 2.1 Bin php pushback.......................................................................... 14 2.2 Bin php Traceback........................................................................ 15 2.3 Bin php D-WARD........................................................................ 18 2.4 Bin php NetBouncer...................................................................... 19 2.5 Bin php Proof of Work.............................................................. 20 2.6 Bin php DefCOM.......................................................................... 21 2.7 Bin php COSSACK...................................................................... 22 2.8 Bin php Pi..................................................................................... 23 2.9 Bin php SIFF................................................................................. 24 2.10 Bin php lc m chng HCF....................................................... 25 Chng 3: SOS V WEBSOS.................................................................... 27 3.1 Giao thc Chord............................................................................... 27 3.2 Kin trc SOS................................................................................... 29 3.3 Kin trc WebSOS........................................................................... 31 3.3.1 Gii php xut..................................................................... 31 3.3.2 Kin trc ca WebSOS............................................................ 31 3.3.3 C ch ca WebSOS................................................................ 32 3.3.3.1 C ch chung.................................................................... 32 3.3.3.2 C ch nh tuyn............................................................. 34 3.3.4 C ch bo v........................................................................... 34 3.3.5 nh gi u, nhc im ca kin trc WebSOS.................. 36 Chng 4: THC NGHIM, CI TIN V KT QU........................... 37 4.1 Mi trng thc nghim................................................................... 37 4.2 Ci t kin trc WebSOS................................................................ 37 4.3 Kim tra tr ca cc kt ni......................................................... 38
iv

4.4 xut ci tin................................................................................. 39 4.4.1 Vn v mng bao ph ca WebSOS .................................. 39 4.4.2 xut ci tin........................................................................ 40 4.4.3 Thc thi xut....................................................................... 42 4.4.3.1 Kch bn th nghim......................................................... 42 4.3.3.2 Kt qu th nghim........................................................... 43 4.3.3.2.1 Vi chng trnh gc................................................. 43 4.3.3.2.2 Vi chng trnh ci tin........................................... 44 4.4.4 nh gi hiu nng ca chng trnh ci tin.................... 46 Chng 5: KT LUN............................................................................... 50 5.1 Cc kt qu t c................................................................... 50 5.2 Cc kt qu hng ti....................................................................... 50 TI LIU THAM KHO........................................................................... 52

M U
Tn cng t chi dch v (Dos, Denial of Services) ngy cng tr thnh mt mi e da ln i vi s tin cy ca mng internet. L cc cuc tn cng s dng nhiu cch thc t chc v thc hin khc nhau, t vic dng ch mt my ti vic thu thp cc my agent di quyn vi s lng ln n hng chc ngn my phc v tn cng, mc ch ca cc cuc tn cng l lm t lit cc ng dng, my ch, ton b mng li, hoc lm gin on kt ni ca ngi dng hp php ti Website ch. Mt nghin cu ti UCSD [23] ch ra rng ngay t u thp nin ny cc cuc tn cng t chi dch v din ra vi mt t l ln ti 4000 cuc tn cng mi tun. Trong nm 2002, mt cuc tn cng t chi dch v [22] lm sp ti 9 trong s 13 my ch DNS root ca ton th gii. Mc nh hng nghim trng ca cc cuc tn cng t chi dch v, m c bit c nhc n nhiu nht l tn cng t chi dch v phn tn DDoS, dn n mt lot cc nghin cu nhm hiu r hn v cc c ch tn cng, a ti cc cch thc gip c th phng chng nh hng tiu cc ca n. C nhiu phng php c xut nhm chng li cc cuc tn cng t chi dch v, t vic lc cc gi tin trnh gi mo a ch ngun, chuyn hng tn cng, y ngc lung giao thng tn cng tr li mng, cch ly phn bit my khch v giao thng my ch, Mi gii php u rt tt, v cung cp k thut gip chng ta nh v vn tn cng t chi dch v. Song cc phng php ch c th bo v li tng kha cnh ca tn cng t chi dch v. Kha lun ca ti trnh by mt phng php phng chng tn cng t chi dch v phn tn rt hiu qu v ton din hn th. l vic p dng kin trc mng bao ph, bo v mc tiu khi s tip cn ca k tn cng. Da trn kin trc mng bao ph, c mt s xut c a ra l kin trc SOS v WebSOS. Kin trc SOS s dng mt mng bao ph ch cho cc truy vn hp php qua xc thc c php n server ch. Da vo vic s dng cc node b mt, v ch c giao thng t cc node ny mi c th n c server ch, kin trc t ra kh hiu qu trong vic bo v Website. K tha kin trc SOS, WebSOS trin khai mng bao ph vi mt s c ch ci tin nh xc thc ngi dng thng qua bi kim tra CAPTCHA, kt ni thng qua proxylet cng vi vic xc thit lp kt ni SSL v xc thc X.509, nhm tng mc bo mt hn cho h thng. gip cho WebSOS c th trnh c c cc trng hp cc node trong mng bao ph b chim dng tr thnh ngun tn cng, chng ti a ra cc xut ci tin nhm t ng pht hin, v thay i truy vn trnh c cuc tn cng nh vy.
1

Phn tip theo ca kha lun c t chc nh sau: Chng 1: Cc phng thc tn cng t chi dch v nu ln mt cch tng quan v cc cch thc mt k tn cng phi thc hin nhm to ra mt cuc tn cng t chi dch v. Chng 2: Cc phng php phng chng tn cng t chi dch v c xut trc y. Nhiu phng php hin nay vn l nhng nghin cu ng quan tm trong lnh vc phng chng tn cng t chi dch v. Cc phng php lc, vi s pht trin ca c s h tng mng, nu c thc hin ng b c th gim thiu nguy c tn cng t chi dch v cho cc Website. Chng 3: SOS v WebSOS, gii thiu v c ch ca hai kin trc bo v Website khi tn cng t chi dch v thng qua vic s dng mng bao ph v node b mt. T nu ln cc c im ct li c ti s dng tham gia vo kin trc c ci tin nhm phng chng tn cng t chi dch v. Chng 4: Thc nghim, ci tin v kt qu nu ln nhng kt qu ca ti trong vic thc hin trin khai m hnh kin trc WebSOS v cc phn tch nhm a ra ci tin gip h thng tr ln mnh m hn chng li cc cuc tn cng ngay t trong cc node thuc mng bao ph khi mt s node b chim dng tr thnh ngun tn cng. Chng 4 cng a ra cc kt qu nh gi hiu nng ca kin trc ngun WebSOS v kin trc ci tin thng qua kch bn tn cng c xy dng v qua vic o mt s thng s v tr truy vn thc hin qua m hnh cc kin trc ny. Chng 5: Kt lun tng kt li cc kt qu t c, cng vi cc kt qu m nghin cu kha lun hng ti nhm hon thin m hnh hng ti mc tiu c th trin khai thc hin.

Chng 1: CC CCH THC TN CNG T CHI DCH V

Mt cuc tn cng DDoS cn phi c chun b k lng bi k tn cng. Trc tin l bc chim dng cc my khc lm lc lng cho bn thn. Vic ny c thc hin bng cch tm my d b tn thng, sau t nhp vo chng, v ci t m tn cng. Tip theo , k tn cng thit lp cc knh giao tip gia cc my, chng c th c kim sot v tham gia cuc tn cng mt cch c phi hp. Vic ny c thc hin bng cch s dng mt kin trc handler/agent hoc mt iu khin v knh iu khin thng qua mng IRC. Mt khi cc mng DDoS c xy dng, n c th c s dng tn cng nhiu ln, chng li cc mc tiu khc nhau.

1.1 Thit lp nn mng Agent.

Ty vo mi kiu tn cng t chi dch v, k tn cng cn tm kim v thit lp cho mnh mt mng li ln cc my tnh dng cho vic tn cng. Vic ny c th thc hin th cng, bn t ng hoc l t ng hon ton. Trong cc trng hp ca hai DDoS cng c ni ting trc y, trinoo v Shaft, ch qu trnh ci t c t ng, trong khi pht hin v chim dng cc my d b tn thng c thc hin mt cch th cng. Hin nay, nhng k tn cng thng s dng script t ng ha ton b qu trnh.

1.1.1 Tm kim cc my d b tn thng

Qu trnh tm kim d b tn thng c gi l qut - scanning. K tn cng s gi mt gi vi mc tiu la chn xem liu n c cn sng v d b tn thng. Nu nhn thy my ph hp, nhng k tn cng s c gng t nhp vo my.

1.1.2 t nhp vo my d b tn thng

K tn cng cn phi khai thc mt l hng trong my m hn ang c nh tuyn dng c truy cp vo v s hu chng. Phn ln cc l hng bo mt cung cp cho mt k tn cng quyn truy cp vo h thng vi quyn cao nht administrator, v hn c th thm/ xa/ thay i cc tp tin hoc h thng ci t theo thch. V to thun li cho vic truy nhp vo my tnh b s hu trong tng lai, k tn cng thng cho chy mt chng trnh c gng lng nghe kt ni n t mt cng nht nh. Chng trnh ny c gi l backdoor. Kt ni thng qua backdoor mt s c bo v bi mt khu mnh, mt s li m v chp nhn mi kt ni bn ngoi.
3

Thng cc l hng bo mt sao khi c pht hin s c gim nh bi cc bn v patch. Tuy vy cc k tn cng lun c gng khai thc, tm kim cc l hng khc m my c th c. V c mt l hng khng th gim nh, hoc c sa bi bn v, l mt mt m truy nhp my tnh yu. Mt s chng trnh khai thc c cha cc t in mt khu chung thng c s dng. Chng th cc mt khu trong danh sch t nhp vo my tnh. C th mt nhiu thi gian, song trong nhiu trng hp chng cng khai thc c cc mt khu yu ca ngi dng v t c quyn truy nhp hp l n my ngi . Ngi dng thng ngh rng khng t mt khu cho ti khon Administrator l hp l, hoc cho rng, "password" hoc mt s t n gin khc l bo v ti khon. V l nhng nhm ln nghim trng c th khin h phi tr gi t.

1.1.3 Phng php ly truyn

K tn cng cn phi quyt nh mt m hnh pht tn cho vic ci t phn mm c hi ca mnh. Mt m hnh n gin l kho lu tr trung ng, hoc b nh cache, vi cch tip cn: K tn cng lu cc phn mm c hi trong mt kho lu tr tp tin (v d, mt my ch FTP) hoc trang web ca mt Web, v cc my truy cp s b nhim m t kho ny. K tn cng ci t trinoo v Shaft s dng phng php tip cn tp trung nh vy trong nhng ngy u. Nm 2001, su W32/Leaves s dng mt bin th ca cc trang web b cu hnh li lm b nh cache ca n, cng nh cc su W32/ SoBig gi th hng lot trong nm 2003. Vi ngi phng chng, phng php ny c thun li l d dng trong vic nhn din loi b ngun tp trung m c ca k tn cng. Mt m hnh khc l back-chaining, hay l ko-pull, trong nhng k tn cng mang cng c ca mnh t mt my ch lu tr ban u b tn hi n my ch chim dng my mi, c nh vy thnh mt chui ni tip. Cui cng, phng php ch ng, push, hay lan truyn thng kt hp gia vic khai thc v ly truyn trong cng mt tin trnh. im khc bit so vi back-chaining l trong ngay chnh tin trnh khai thc cha cc m c lan truyn n my b tn hi, ch khng phi l copy m c sau khi chim dng cc my tn hi.

1.2 iu khin mng li my Agent

4

Khi mng li cc agent ln dn, k tn cng cn giao tip vi cc my ny iu khin chng cho hot ng tn cng. Mc ch ca vic giao tip ny nhm gip k tn cng c th a ra lnh bt u/ kt thc cc cuc tn cng c th cng nh gip hn c th ly nhng s liu c th v hnh vi ca cc my agent.

1.2.1 Gi lnh trc tip

[17] Mt s cc cng c DDoS nh trinoo xy dng mt mng li handler/agent. y l kin trc cc lp bao ph gip k tn cng c th che giu nh danh ca bn thn. Hn s s dng mt, hoc mt vi my chuyn cc lnh iu khin mng DDoS n cc my nn nhn agents. Cc my ny c gi l cc handler, hay master. Cc cu lnh c th l cc vn bn khng c m ha, hay c m ha, hoc cc chui byte nh phn. Phn tch lnh v iu khin giao thng gia cc handler v cc agent c th cho ci nhn su sc kh nng ca nhng cng c m khng cn phi truy cp vo cc phn mm c hi hay m ngun ca n. cc handler v agent, theo cc cng c nh trinoo, Stacheldraht, v Shaft c th hot ng, cc handler phi bit a ch ca cc agent v nh c chng sau khi h thng hoc chng trnh khi ng li. Cc cng c DDoS trc y thng m ha chng li, ri gi thng bo vi handler trong khi chim dng my agent. Cc handler s lu gi chng trong mt file duy tr thng tin v mng li DDoS. Trong vi trng hp cc handler cn khng cha c ch xc thc, ngha l bt k my no cng c th gi lnh n cho handler. Cc nghin cu trc y v mt s cng c nh trinoo, TFN, Stacheldraht, Shaft, v mstream u cho thy cc handler v agent u c th b pht hin v iu khin li. iu ny khin mt s k tn cng c th s dng mng li DDoS ca k khc, cng nh gip mt s ngi phng th c th iu khin ngc li cc handler ngng cuc tn cng. Mt s cc cng c DDoS dng kin trc handler/ agent bo v truy cp n cc handler bng mt khu, hoc mt khu m ha, hoc m ha danh sch cc agent trnh vic pht hin ra a ch, v iu khin cc agent khi handler b pht hin.

1.2.2 Gi lnh gin tip

[17] Truyn thng trc tip gy ra mt vi nhc im cho nhng k tn cng. V handler cn thit lu nh danh ca cc agent, v thng xuyn, mt my tnh handler s lu nh danh ca cc agent ny, mt khi chng ta pht hin v nm gi mt my, mng my DDoS ton c th c xc nh. Hn na, m hnh truyn thng trc
5

tip to ra s kin bt thng c th d dng pht hin khi kim sot mng. Do c ch ca tryn thng trc tip l handler v agent phi sn sng chp nhn lng nghe trn mt cng nht nh, v vy khi kim tra bng nhin thy my khi to kt ni n mt my khc trn mt cng l l c th pht hin vic my b chim dng. Kim tra cc gi tin gi v nhn qua kt ni ny, ngi qun tr mng c th xc nh a ch ca my mnh kt ni. Ngay c khi khng c kt ni, da vo vic gim st cc cng m trn my cng c th pht hin c cc tin trnh ca handler hoc agent. Cui cng, k tn cng cng phi vit cc m ring ca mnh cho vic truyn cc lnh v iu khin. l l do cc k tn cng chuyn sang vic truyn thng qua cc IRC. Lc ny c k tn cng v cc agent s kt ni n mt IRC server no , v vy n l hp l v khng to ra mt s kin bt thng no c. Vai tr ca hanlder gi c thc hin bi mt knh n l trn IRC server, v thng c bo v bi password. Thng thng c mt knh m ha cng vo trong cc con bot trong my nn nhn, ni m n kt ni vo ban u tm hiu xem knh iu khin thc s nm u. V sau n s kt ni vo trong knh iu khin . Vic nhy knh thm ch cng c th thc hin trong mng IRC thng qua cch ny. T , con bot c th nhn lnh ca k tn cng n qua knh iu khin m n tm c v kt ni n, thc hin lnh, nh qut tm my agent khc, tn cng DDoS, update, Vic gi lnh gin tip c rt nhiu u im. Server th vn tn ti m c duy tr bi ngi khc, cn k tn cng ch cn mt knh thng tin ca server trong hng ngn knh chat khc, nn s rt kh pht hin, d cho l n c th tr thnh mt knh khc l khi c ti hng ngn, chc ngn ngi t nhin tham gia ch trong vi pht. Thm ch khi b pht hin th cng cn phi tip xc c vi ngi qun l server mi c th dng knh truyn, trong khi server IRC rt c th li l mt server nc ngoi no . Hn na, theo c ch phn tn ca IRC, khng cn tt c cc client phi truy cp vo cng mt server IRC mi c th tham gia vo knh handler, m ch cn truy cp vo mt server trong cng mng. Hu ht cc cng c xut hin sau Trinity u li dng c ch truyn thng ny.

1.2.3 Unwitting Agent

[17] Ngoi ra cn c mt lp ca cc cuc tn cng DDoS vi lc lng tham gia l cc my tnh c l hng bo mt m vic khai thc khng nht thit i hi phi ci t bt k phn mm c hi trn my tnh ny, nhng, thay vo cho php k tn cng kim sot cc my ch lm cho chng to ra cc giao thng tn cng. K tn
6

cng tp hp mt danh sch cc h thng d b tn thng v, ti thi im v tn cng, c cc agent thng qua danh sch ny gi cc lnh bt u khai thc cc lung giao thng. Cc lu lng truy cp to ra l hp php. V d, k tn cng c th li dng mt l hng hin nay ti mt my ch Web lm n chy chng trnh PING.EXE. Mt s nh nghin cu gi l cc unwitting agent. S dng cc unwitting agent, thay v phi ci t m c trn my nn nhn, k tn cng s dng cc l hng bo mt thm nhp vo my v chy cc phn mm hp php sn c trn h thng, v vy vic chng tr li hnh ng tn cng ny tr nn rt kh v phc tp. Do trn my nn nhn khng cha m c hi, nn cc chng trnh qut cng truy cp, qut file h thng, hoc qut virus khng th pht hin.Thng ch c th pht hin thng qua vic gim st lu lng mng, cc chng trnh qut l hng bo mt nh Nessus. V ch c cch v cc li bo mt mi gip vic b lm dng my v cc phn mm hp php trong my c hn ch, gim thiu nguy c b chim dng my lm agent cho cuc tn cng.

1.2.4 Thc hin tn cng

Mt s cuc tn cng c ln lch trc v m ha trong m c truyn n cc agent, v nh sn mt thi im th s hot ng, ng lot tn cng vo mt mc tiu no . Tuy nhin, hu ht cc cuc tn cng xy ra khi k tn cng pht i mt lnh t cc handler n cc agent. Trong v tn cng, giao thng iu khin hu ht u gim. Ty thuc vo loi cng c tn cng c s dng, nhng k tn cng c th hoc khng c kh nng pht lnh dng cuc tn cng. Thi hn ca cuc tn cng thng c quy nh ti lnh ca k tn cng hay kim sot bi cc thit lp mc nh bin. Mt im kh tt cho vic phng th nu k tn cng ri khi mng tn cng vo thi im tn cng trn ngp bt u. Tuy nhin, c kh nng l k tn cng l quan st cc cuc tn cng lin tc, tm kim nh hng ca n vo cc mc tiu th nghim. Mt s cng c, nh Shaft, c kh nng cung cp phn hi v thng k tn cng trn ngp. Nhng k tn cng ang th nghim mt s loi tn cng, chng hn nh tn cng trn gi tin ICMP, TCP SYN, v UDP, trc khi chnh thc tn cng thc s nhm vo nhiu mc tiu .

1.3 Cc cch thc tn cng t chi dch v

C mt s phng php gy ra t chi dch v. To ra mt hiu ng DoS l tt c cc cch c th ph hng hoc lm cho h thng ngng hot ng. C nhiu cch lm mt h thng ngng hot ng, v thng s tn ti nhiu l hng trong h thng nhng k tn cng s c gng khai thc hoc nh v tn cng vo trong chng cho n khi hn nhn c kt qu mong mun: mc tiu b phi chuyn sang trng thi offline.

1.3.1 Khai thc cc im yu ca mc tiu

Vic tn cng bng cch khai thc cc im yu ca mc tiu bao gm vic gi cc gi tin khai thc cc l hng tn ti trong my mc tiu . V d, c mt li trong Windows 95 v NT, v mt s ht nhn Linux, trong vic x l khng ng cc gi phn mnh. Thng thng, khi mt gi tin qu ln cho mt mng no , n c chia thnh hai (hoc hn) cc gi nh hn, v mi phn trong s h c nh s th t phn mnh. Vic nh du ch ra th t ca byte u tin v byte cui cng trong gi tin, i vi bn gc. Ti my nhn cc gi tin, chng c hp li thnh cc gi d liu gc thng qua vic ni cc gi tin theo s th t nh. Tuy vy cc l hng trong ht nhn trn khin cho my tr nn khng n nh khi nhn cc gi tin khng ng s th t phn mnh, khin n c th treo, sp , hoc khi ng li. im d b tn thng ny c th c khai thc bng cch gi gi tin UDP vi s th t lp cho nn nhn. C mt s bin th ca vic khai thc ny gi cc mnh c s th t chng nhau, mt gi tin c offset chng ln gi th hai trc khi bt u tiu trong gi u tin, v nh vy. Chng c bit n nh l cc khai thc bonk, boink, teardrop, v newtear. Cc cuc tn cng c bit d gy tn thng xu bi v chng c th lm sp hay treo my bng vic ch cn gi lp li mt hoc hai gi tin c chn la cn thn. Tuy nhin, mt khi l hng c v, cc cuc tn cng ban u tr nn hon ton khng hiu qu.

1.3.2 Tn cng vo giao thc

[17][18]Mt v d l tng ca cc cuc tn cng giao thc l tn cng trn ngp gi TCP SYN. Mt phin kt ni TCP bt u vi vic bt tay ba bc gia mt my khch v my ch. Khch hng gi mt gi tin TCP SYN n my ch, yu cu mt s dch v. Trong phn u gi SYN, khch hng cung cp s th t - sequence number ca mnh, mt uniqueper- s kt ni s c s dng m d liu c gi n my ch (v vy cc my ch c th nhn ra v x l mt tch, th tiu d liu
8

khng ng, hoc d liu lp i lp li). Khi nhn c gi SYN, my ch cp pht mt khi iu khin truyn dn (TCB), lu tr thng tin v khch hng. Sau n tr li bng mt SYN-ACK, thng bo cho khch hng c yu cu rng dch v ca n s c cp, ghi nhn s th t ca khch hng v gi thng tin v s th t ban u ca my ch. Cc khch hng, khi nhn c gi SYN-ACK, cng cp pht mt khi iu khin truyn dn, sau tr li vi mt gi ACK n my ch, hon thnh vic m kt ni. Tim nng lm dng nm trong vic cp pht ngun ti nguyn ca my ch ngay t khi nhn c gi SYN. Khi my ch giao TCB ca mnh v tr li bng mt SYNACK, kt ni c cho l na m. Ngha l ti nguyn my ch cp pht s c gi dnh cho kt ni vi khch hng, cho n khi khch hng gi mt gi tin ACK, ng kt ni (bng cch gi gi tin RST) hoc cho n khi ht hn ch v server ngt kt ni, gii phng khng gian m. V cho d khch hng c gi li gi tin khc, hay khng, th ti nguyn s c cp pht gi trong mt khong thi gian nht nh. Trong mt cuc tn cng trn gi tin TCP SYN, k tn cng to ra v s cc kt ni na m bng cch s dng gi mo IP ngun. Nhng yu cu nhanh chng vt kit b nh TCB ca my ch, v khi my ch s khng cn c th chp nhn yu cu kt ni n na. c th gi cho tnh trng ny c ko di nh mong mun, k tn cng cn phi to ra mt dng u n cc gi SYN i vi nn nhn ( ginh ly nhng ti nguyn c gii phng bi thi gian tm ngng hoc hon thnh cc phin TCP). y l mt cuc tn cng c bit nguy him, khi m my ch nhn c mt s lng ln cc gi SYN hp php v khng th d dng phn bit cc gi t khch hng hp php vi cc gi t giao thng tn cng. thc hin thnh cng mt cuc tn cng trn ngp gi SYN, k tn cng cn xc nh v tr cng m trn my ca nn nhn. Sau , ch cn gi mt lu lng gi tin nh, tm 10 gi SYN/ pht l c th dn dn vt kit ti nguyn ca nn nhn. Mt kiu tn cng SYN t ph bin hn l tn cng trn gi SYN vi cng ngu nhin. Trong , k tn cng to ra mt khi lng ln cc gi tin TCP SYN nhm mc tiu cng ngu nhin ca nn nhn, vi mc tiu p o ti nguyn mng ca nn nhn, hn l lm y b nh m ca nn nhn.

Tn cng vo giao thc rt kh c th chng li bng phng php sa cha, to bn v. Bi to bn v yu cu phi thay i giao thc, trong khi thc t cho thy vic thay i giao thc internet gn nh l bt kh thi. Trong mt s trng hp, vic s
9

dng giao thc hin ti mt cch thng mnh c th gii quyt vn . Nh vic s dng TCP SYN cookies c th gii quyt c tn cng trn gi SYN m ch cn thay i cch server x l kt ni n.

1.3.3 Tn cng vo Middleware

Cc cuc tn cng c th c thc hin trn cc thut ton, chng hn nh hm bm m thng thng s thc hin cc hot ng ca mnh trong thi gian tuyn tnh cho mi mc tip theo. Bng cch chn cc gi tr m to ra cc trng hp xu nht, k tn cng c th khin cc ng dng thc hin chc nng ca mnh trong thi gian tip theo hm m i vi mi tham s nhp vo. Khi k tn cng c th t do gi d liu c x l bng cch s dng hm bm d b tn thng, hn c th gy ra vic CPU ca my ch b s dng qu nng lc khin cho nhng hot ng bnh thng ch tn vi phn ca giy x l, gi phi mt vi pht hon thnh. V n cng khng cn n mt s lng ln request thc hin cng c th lm qu ti cc ng dng, khin n khng cn nng lc phc v c ngi dng hp php.

1.3.4 Tn cng vo ng dng

Nhng k tn cng c th nhm mc tiu mt ng dng c th v gi gi tin t ti gii hn ca yu cu dch v ng dng ny c th x l. V d, cc my ch web phi mt mt thi gian nht nh phc v yu cu trang Web bnh thng, v do s tn ti mt s hu hn cc yu cu ti a cho mi giy m h c th duy tr. Nu chng ta gi nh rng cc my ch Web c th x l 1.000 yu cu mi giy ti cc file to nn trang ch ca mt cng ty, do nhiu nht l 1.000 yu cu ca khch hng c th c x l ng thi. Chng ta gi nh l my ch Web ny bnh thng x l hng ngy l 100 yu cu / giy (mt phn mi cng sut). Nhng nu k tn cng iu khin 10.000 my agent, v c kh nng mi mt my trong s c thc hin mt yu cu mi 10 giy n my ch Web? l tn sut 1.000 yu cu / giy, cng thm vo gi nh giao thng bnh thng na tr thnh 110% cng sut ca my ch. By gi mt phn ln cc yu cu hp php s khng th thng qua bi v my ch b bo ha. Cng nh cc cuc tn cng vo middle ware, mt cuc tn cng ng dng c th khng lm t lit ton b my ch lu tr hoc xut hin nh mt s lng ln cc gi

10

tin gi ti server. V vy, mt ln na, nhiu cch phng th khng th gip bo v chng li loi hnh tn cng ny.

1.3.5 Tn cng vo ti nguyn

Nhng k tn cng c th nhm mc tiu mt ti nguyn c th nh chu k CPU hoc kh nng chuyn i router. Trong thng 1 nm 2001, Microsoft phi chu mt li mt in c bo co gy ra bi mt li cu hnh mng. iu ny ph v mt s lng ln ti sn ca Microsoft. Khi tin tc v cuc tn cng c cng b, ngi ta pht hin ra rng tt c cc my ch DNS ca Microsoft trn cng mt network segment, phc v bi cng mt router. Sau k tn cng nhm vo c s h tng nh tuyn pha trc ca cc my ch v nh sp tt c cc dch v trc tuyn ca Microsoft. Microsoft nhanh chng di chuyn gii tn cc my ch tn min ca h i ni khc v cung cp nh tuyn ng dn d phng n cc my ch gy kh khn cho k tn cng trong vic ph hoi hot ng dch v ca h. Loi b tc nghn v nng cao nng lc c th gii quyt cc cuc tn cng ti nguyn, tuy nhin k tn cng c th p li bng cc cuc tn cng mnh m hn na. V i vi cc cng ty c ngun ti nguyn t hn so vi Microsoft, vt qu kh nng cung cp v dch v phn tn v mt a l c th khng phi l mt la chn kh thi v ti chnh.

1.3.6 Pure Flooding

Vi mt s lng ln cc agent, k tn cng ch cn gi bt k loi gi tin no n mc tiu, cng nhanh cng tt t mi my l tiu th ht bng thng mng ca mc tiu. y c gi l cuc tn cng tiu th bng thng. Nn nhn khng th mt mnh chng li c cuc tn cng ny, v cc gi tin hp php c gi vo lin kt gia nh cung cp dch v v mng ca nn nhn. V vy, nn nhn thng phi yu cu s gip ca cc ISP lc ra cc gi tin tn cng gi ti. Trong cc trng hp , thng cc ISP cng b nh hng bi cuc tn cng, t nht l trn router kt ni gia mng ca ISP v ca nn nhn. Thng chnh h cng cn phi lc li trn router v thm ch cn phi yu cu nh cung cp ng truyn upstream lc cc giao thng n mng ca h. Trong vi trng hp, cc gi tin tn cng l n gin lc nh cc gi tin UDP n cc cng khng c s dng, cc gi tin vi gi tr IP 255. trng hp khc, cc gi tin rt kh lc, nh gi DNS query, http request th vic lc s loi c cc gi tin hp l, do sau khi lc th giao thng
11

gi ti khch hng ca nn nhn s tr v khng, k tn cng t c kt qu ca tn cng DoS.

1.4 IP Spoofing
Mt chin thut c s dng trong cc cuc tn cng nguy him, c bit DDoS l IP Spoofing, hay IP gi mo. Trong cc gi tin mng bnh thng, trng tiu s l ni cha a ch IP ca my ngun, a ch my ch. Gi mo IP din ra khi mt phn mm c hi to ra cc gi tin ring v thay th a ch IP ngun bng mt a ch IP no khc, thng qua vic to v thit lp cc raw socket, socket do ngi dng nh ngha. C mt vi mc gi mo ip khc nhau:
- Gi mo IP mt cch ngu nhin: phn mm s to ra mt a ch IPv4 ngu

nhin trong khong t 0.0.0.0 n 255.255.255.255. Trong mt s trng hp, n s to ra cc a ch IPv4 sai, nh a ch thuc min 192.168.0.0 l min dng cho mng c nhn, hoc a ch multicast, broastcast, a ch khng tn ti (nh 0.1.2.3). Tuy vy trong hu ht trng hp th n u to c a ch IP hp l v c th nh tuyn c.
- Gi mo mt n mng: Nu mt my thuc mng 192.168.1.0/24 th n d dng

gi mo mt my no khc trong cng mt mng, v d nh my 192.168.1.34 c th gi mo d dng my 192.168.1.35 hoc 192.168.1.99.

- Gi mo chnh a ch ca nn nhn: y l mt kiu gi mo rt nguy him nu

nh my ch nn nhn khng c c nhng thit lp phng chng. K tn cng ch cn n gin gi mo a ch ca my nn nhn, gi mt gi tin request, v d nh gi tin TCP SYN, v nu my nn nhn khng c mt c ch lc tt, n s nhn gi tin, cp pht ti nguyn cho request v gi tr li li cho chnh n. iu ny dn ti mt vng lp v tn trong chnh my nn nhn, gia mt bn cn nhn thng tin phn hi cn mt bn th khng bao gi gi thng tin phn hi c. Trong thc t, gi mo a ch IP khng phi l cn thit cho mt cuc tn cng DDoS thnh cng, bi v k tn cng c th vt kit ti nguyn v kh nng x l ca nn nhn vi mt lng ln cc gi tin m khng cn lin quan g n a ch ngun c. Tuy vy mt s k tn cng s dng IP Spoofing cho mt vi l do, nh che giu a ch ca cc agent, t che giu c a ch ca handler v ca k tn cng tt hn, hoc s dng cho tn cng phn x nhiu vng DRDoS l hnh thc tn cng mnh nht
12

hin nay gi mo a ch IP ca nn nhn yu cu mt s server ln gi cc truy vn hp php n server nn nhn, kt qu l nn nhn b tn cng cc server ln trn th gii, v khng th no chng ni. IP Spoofing cng gip k tn cng vt qua c ch bo v ca mt s my ch khi h lu a ch cc khch hng thng xuyn v dng n lm danh sch a ch tin cy u tin truy cp trong trng hp b tn cng.

1.5 Xu hng ca DoS

C mt cuc chy ua lin tc gia nhng k tn cng v ngi phng th. Ngay sau khi c mt phng thc hiu qu bo v chng li mt loi tn cng, nhng k tn cng thay i chin thut, tm kim mt cch vt qua nhng bin php bo v ny. An ninh mng c nng cao, k tn cng cng ci thin cng c ca h, thm cc ty chn ch nh cp gi mo hoc mt n mng gi mo. Mt s lng ln cc cuc tn cng gi mo ngy nay s dng subnet, vt qua c hu ht cc b lc gi mo ip. Cc k thut mi trong chng phn tch khin vic pht hin ra nhim v ca cng c tn cng kh khn hn. Vic che giu m thc thi bng m ha thc hin trong c h iu hnh Windows v Unix. Cc m che giu nh burneye, Shiva, v burneye2 ang c gim st bi cc nh phn tch an ninh gii m c chng. Xu hng pht trin cc cng c tn cng DDoS theo cc chin lc nng cao phn ng phng th s vn tip tc. iu ny c d bo trong phn tch trinoo gc, v xu hng s tip tc khng suy gim. C rt nhiu kch bn tim nng ca DDoS rt kh khn cho c ch bo v x l.

Chng 2: CC BIN PHP PHNG CHNG TRUYN THNG

Ngay sau khi cc cuc tn cng quy m ln u tin, nhiu nghin cu c dnh ring cho cc vn mi v ngn chn, loi b, v bng cch no lc ra cc cuc tn cng DoS nhm vo cc h thng u cui host. Trong khi DDoS l mt vn tng i mi, cc nghin cu lin quan tn ti trong lnh vc kim sot tc
13

nghn, gim nh cc cuc tn cng DoS n gin, dung th li, v duy tr hot ng ca node trong mng. Nhiu nghin cu c gng tip cn gii quyt bi ton con nh hn ca vn phc tp ny. Do tnh cht nhy cm ca d liu trong mng v s phc tp ca hin tng ny, tht kh hiu mt cch y nh hng ca DDoS. Nhiu nguyn mu c kim tra trong cc mi trng phng th nghim m khng c nn hay giao thng hot ng. Mt s tng cho rng giao thng tn cng ch yu l gi mo, v iu ny r rng l sai lm, v nhng ngi khc cho rng kin thc nht nh v topology ca mng, hoc truy cp vo c s d liu c th nhn bit c lu lng truy cp l DDoS hay khng. Nhng ngi khc yu cu sa i ng k v c s h tng Internet, iu c th lm cho n tr thnh khng tng thch vi cc giao thc hin ti v cc ng dng ca khch hng, hoc l khng thc t v k thut, chnh sch, hoc l do chnh tr. Chng 2 ny s tho lun v mt s phng php tip cn nghin nghin cu c thc hin v trin khai.

2.1 Bin php pushback

Pushback, xut ca Mahajan [19] vo thng 7 nm 2002 , ni ln t cc cuc tho lun trong nhm nghin cu DDoS ti hi tho DSIT, Trung tm iu phi CERT. tng, ly t thc t, l nh qun tr mng c gng y li cc giao thng tn cng tr li ngun ca n, hoc bng cch rt mt cp mng trong cc b nh tuyn v xem liu lu lng truy cp c dng li khng, hay bng cch quan st lu lng mng trn cc thit b gim st. Gii hn t l gi gi tin ra ngoi t nn nhn (pushback), sau gim bt p lc vo nn nhn, cho php n trao i lu lng truy cp v tn ti hiu qu trong mt thi im khi cc ngun tn cng ngng hoc g b. Trng hp ny vi gi nh rng cc vi phm giao thng phn b khng u trn tt c cc im c th thm nhp. C hai k thut s dng y: iu khin tc nghn tng hp (ACC) cp a phng v pushback. iu khin tc nghn tng hp cp i phng pht hin ra tc nghn cp router v t mt tn hiu tn cng (hoc nhiu hn trong tng bi cnh thch hp), mt tn hiu tc nghn, m c th c dch ra trong mt b lc router. Cc tn hiu nh ngha ra mt tp hp bng thng cao, mt tp hp con ca lu lng mng, v iu khin tc nghn tng hp a phng xc nh t l gii hn thch hp cho tp hp ny. Pushback sau gi t l gii hn ny ngay lp tc n nhng giao thng upstream ln
14

cn, ni ng gp s lng ln ca giao thng tng hp. C ch ny hot ng tt nht chng li kiu tn cng gi trn DDoS v flash, v chng chia s nhng c im chung, v c gng x l nhng hin tng t gc ca cng vic kim sot tc nghn. Vic t ra gii hn t l qu cao c th khin cc giao thng hp l cng b gii hn, mt mt, cn vic t ra gii hn qu thp c th khin k tn cng vt qua c s bo v.Ni chung, pushback dng nh i hi cc m hnh trin khai tip cn ti router. Phng php tip cn hin ti khng th y t l gii hn qua mt router m khng hiu phng php pushback. Pushback cng yu cu cc router duy tr cc trng thi v lung giao thng, l mt gnh nng thm v c s h tng mng ca phng php.

2.2 Bin php Traceback

Cc xut u tin cho vic bo v chng li DDoS bao gm phng php traceback, thc hin ln du ngc li n a ch cc agent trong mng li DDoS tm ra v tr ca k tn cng. Gi nh ny da trn mt s cng c DDoS gi mo cc ngun tng i t v s lng cc agent (100-2,500). n nay, khi s lng cc agent tham gia tn cng c th thng xuyn ln ti con s hng vn, th phng php traceback vn c th gip chng ta c th truy ngc li subnet ca k tn cng, t nh vo vic block traceback t k tn cng, tc hi ca cuc tn cng s b hn ch ng k. Mt xut sm l Traceback qua gi ICMP bi S.Bellovin [20] vo thng 112001, thng qua vic gi gi tin ICMP, xc sut mi n gi (trong xut ban u n=20.000), cha mt phn ca gi tin b bt, t cc router quan st n ch. im bt li l khi b tn cng nng n vi s lng gi tin gi n qu ln, mt mc tiu c th b mt nhng gi do tc nghn ca cc thit b mng, v mt s mng khng cho php gi ICMP c i qua bin gii router ca h. Thm ch cc gi ICMP cng s to ra lu lng truy cp b sung hng n nn nhn, gp phn thm vo tc nghn ny. ngh sau c s dng mt k thut c gi l nh du gi da theo xc sut (PPM, Probabilistic Packet Marking). Mt ln na, mi 20.000 gi gi n ch, mt router s nh du mt gi tin vi mt tham chiu n chnh n.Mt tn s ly mu thp c la chn trnh mt gnh nng v c s h tng nh tuyn do nh du mt khi lng ln truy cp trong mt cuc tn cng gi trn gi tin. Bng cch phn tch mt s gi d liu c nh du t mt ngun nht nh, cc nn nhn ca cuc tn cng s c gng xy dng mt con ng quay tr li k tn cng, hoc t nht l ti
15

mp gn nht vi ngi tn cng vo c s h tng nh du. ngh ban u ca Savage, 8-2000, khng c bt k quy nh xc thc i vi nhng du hiu, nhng sau c thm k thut s dng mt ngh xc thc v ton vn kim tra do D.X.Song nu ln vo thng 3-2001 ti IEEE INFOCOM 2001. Traceback da trn k thut bm, xut bi A.C.Snoeren vo thng 8-2001 yu cu router tham gia ghi nh mi gi i qua n, nhng trong mt thi gian hn ch. iu ny cho php truy tm cc cuc tn cng mt gi nh "Ping of Death", nhng ch khi truy vn nhanh. Cc b my c lp ngun (SPIE, Source Path Isolation Engine) nh cc gi thng qua vic tnh ton hm bm vi cc phn bt bin ca mt tiu IP (v d, TTL v checksum). tng thm khng gian b sung, hm bm yu, thay v bm m ha mnh, c trin khai di hnh thc cc b lc Bloom Filter. Nhng bn ghi th ng khng cn phi tn ti bn trong cc router ngay c khi cc thit k phn cng a chng vo cc router c tho lun. Cc nh thit k SPIE ngh ra mt cch t mt bn ghi b ng trn mi giao din ca router. Mt s ngi khi ch trch v cho rng n s l qu t thm mt thit b cho mi giao din, do , thit b SPIE c m rng c mt SPIEDER vi nhiu kt ni cho mi giao din trn router. Mc d hm bm yu cho php c li, chng s nhanh chng c nh hng qua nhiu hm bm c p dng ti cc b nh tuyn khc nhau khi khong cch tng dn t nn nhn. Nn nhn khi to mt yu cu traceback thng qua mt mng li thay th (tht hay o) kt ni cc nh qun l traceback, cc agent sinh d liu, v cc b nh tuyn. Do khi lng giao thng ln trn cc mng xng sng, thi gian gia vic nhn mt gi tin vi phm v yu cu cho traceback s mt khong mt vi pht, ty thuc vo nng lc v mng li giao thng. Mt k thut th t s dng traceback, do D.Dean v cc ng nghip ca ng xut vo thng 2 nm 2001, l mt cch tip cn i s i vi vn traceback. Tng t mt phng php ca Savage v ng nhip ti ACM SIGCOMM thng 8-2000, k thut ny mt nhng phn thng tin ln vt vo cc gi tin IP cp b nh tuyn. n ny mi s dng cc k thut i s m ha thng tin ng dn thnh cc gi v ti to li chng vo trang web ca nn nhn. Cc tc gi hy vng s t c s linh hot hn trong vic thit k v ci tin trong loi b thng tin tha k tn cng to ra v cung cp kh nng traceback a tuyn. PPM v xut traceback vi cch tip cn i s cng theo mt s gi nh nh sau:
16

- K tn cng c th gi bt k gi tin. - Nhiu k tn cng c th hnh ng vi nhau. - K tn cng nhn thc c s hot ng ca cc chng trnh traceback. - K tn cng phi gi t nht l hng ngn gi. - Tuyn ng gia cc my ni chung l n nh, nhng cc gi tin c th b sp xp li hoc b mt. - Router khng th thc hin nhiu tnh ton cho mi gi tin. - Router gi nh l khng th b chim dng, nhng khng phi tt c router u phi tham gia traceback. Nhng gi nh phn bit r rng nhng k thut ny vi mt k thut n gi nh traceback da trn k thut bm. D.Dean v ng nghip tho lun v hiu qu so vi Savage, khi nhng yu cu khng gian khc nhau gia 18 v 21 bit. Trong mt s trng hp, h t c kt qu tt hn mt cht cho vic ti to li ng i, nhng s trng hp tnh ton sai vn cn cao. Ngoi vic nh du gi tin, mt n out-ofpacket c xut, tng t nh Bellovin vo thng 8-2001. Cc tc gi nhn ra rng vic ci tin thut ton l cn thit, v vic tm ra cc ti u khc cn c khm ph. Khi nim ny cn ci tin hn na, nhng c th pht trin thnh mt khi nim y ha hn trong thi gian di.

2.3 Bin php D-WARD

D -WARD, xut ca Mirkovic v cc ng nghip [15] vo thng 8-2003, c pht trin ti UCLA di ti tr ca chng trnh DARPA Fault Tolerant Network (FTN). H thng ny da trn mng ngun nhm mc ch pht hin cc cuc tn cng trc hoc khi chng ri khi mng li DDoS ca cc agent. N l mt h thng ni tuyn, trong sut vi ngi s dng trn mng, thng qua vic tp hp s liu thng k giao thng hai chiu t cc router bin ti cc mng ngun v so snh chng vi cc m hnh giao thng mng xy dng da trn giao thc ng dng v giao vn, phn nh s bnh thng (hp php), nghi ng, hoc hnh vi tn cng Da trn m hnh ba tng ny (tn cng, nghi ng, bnh thng), D-WARD p dng t l gii hn ti router tt c cc giao thng i ra ca mt ch cho trc, u tin giao thng kt ni hp php, hi
17

lm chm li lu lng truy cp ng ng, v lm chm li cc kt ni tn cng m n cm nhn. T l gii hn nng ng v thay i theo thi gian, da trn quan st ca tn hiu tn cng v cc chnh sch hn ch v giao thng tiu cc. t giao thng tiu cc s lm gim nh cc chnh sch hn ch. Ging nh hu ht cc h thng nghin cu, D-WARD c th nghim vi mt homegrown thit lp cc tiu ch chun DDoS, v ging nh hu ht cc h thng nghin cu, n hot ng tt theo cc tiu ch chun. Tuy nhin, h thng D-WARD cng tri qua nhiu th nghim c lp vo cui chu k chng trnh DARPA FTN. Nhng th nghim ch ra rng D-WARD c kh nng nhanh chng pht hin nhng v tn cng to ra d thng giao thng hai chiu, chng hn nh tn cng gi trn nng n. D-WARD kim sot hiu qu tt c cc giao thng, trong c giao thng tn cng, v c thit hi v mt mc sai lm ch ng thp. N kp thi khi phc hot ng bnh thng khi kt thc cuc tn cng. Bng cch gii hn t l lu lng tn cng hn l ngn chn n, h thng ny mt cch nhanh chng phc hi t cc sai lm ch ng . Theo thit k, n ngng cc cuc tn cng ti ngun mng, do , n yu cu vic trin khai trn rng (bao gm mt phn ln cc ngun thc t) t c hiu qu mong mun. Tr khi c mt hnh pht cho cc cc hosting ca DDoS agent t ra i vi cc mng ngun, y khng phi l mt h thng m nh khai thc mng s hm h trin khai, bi D-WARD khng cung cp mt li ch ng k cho cc nh trin khai ny. Tuy nhin, n c th c th tch hp n vi c ch bo v khc (nh Cossack ti mc 2.7) m c yu cu hnh ng t mng ngun, cung cp cc response chn lc cho request. Tm li, li th ca D-WARD nm trong vic pht hin v kim sot cc cuc tn cng, gi nh rng giao thng tn cng thay i y so vi cc m hnh giao thng bnh thng. Theo thc t rng D-WARD chn lc gii hn t l lu lng truy cp, n c thit hi thp, v p ng tn cng tng i nhanh. Mt khc, nhng k tn cng vn c th thc hin cc cuc tn cng thnh cng t cc mng khng c trang b vi h thng ny.

2.4 Bin php NetBouncer

NetBouncer, xut ca O'Brien [11], cng ni ln t chng trnh DARPA FTN. y l mt c ch xc thc ngi dng khi ng trn mng ca Server mc tiu. L tng nht, n c nh v ti im nt ca mng li v nhm mc ch ch cho php
18

cc gi tin n t khch hng hoc ngi s dng "hp php". Mt s th nghim cho tnh chnh ng c thc hin trn my khch, v d, mt gi ping (ICMP Echo) th nghim c gi xem liu c mt khch hng thc s ng sau nhng gi c nhn c bi Server ch, v cng l mt Reverse Turing Test, kim tra phn bit gia ngi v my. Ngi c c th xem nh mt bi kim tra khi ng k mt ti khon e-mail trn cc dch v e-mail Yahoo: khch hng c yu cu nhp mt cm t hay ch b bin dng, hin th trong mt hnh nh nn lm cho n tr nn kh c, mt bi kim tra m thng ch mt con ngi c th lm , khng phi l mt my hay chng trnh t ng. V nu bi kim tra c vt qua, chng t ngi dng l hp php, th yu cu n Server ch c tip tc. Nu khng, NetBouncer chm dt kt ni. Mt v d tng tc ca mt Reverse Turing Test c th c tm thy trn trang CAPTCHA ti http://www.captcha.net/. Mt khi cc khch hng chng t rng ngi thc s l hp php, h c thm vo danh sch ca khch hng hp php v c cho u i i vi khch hng cha c hp php. Danh sch ny c qun l bng k thut qun l dch v cht lng v m bo chia s cng bng cc ti nguyn gia tt c cc khch hng hp php. ngn chn mt cuc tn cng t vic k tha cc thng tin ca mt khch hng hp php, tnh hp php ht hn sau mt thi gian nht nh v cn phi c nh gi li bng cch s dng cng mt hoc mt vi bi kim tra khc nhau. Nh vy cch tip cn c th lm vic? N c th nh bi nhiu cuc tn cng gi mo, bi nhng bi kim tra challenge phi tip cn ngun gc thc s ca cc gi tin giao dch hon thnh. Cc ti nguyn mng sn c c chia s mt cch cng bng gia cc khch hng c chng minh tnh hp php ca h. Tuy nhin, NetBouncer gi nh nhng thuc tnh nht nh ca khch hng, chng hn nh kh nng tr li cho ping (v d, kim tra s hin din ca mt khch hng), m khng phi tt c khch hng u h tr, c bit l nhng ngi c ci tng la hay b nh tuyn DSL c bt tnh nng an ninh b sung. Mc d khch hng l hp php, h thng khng c bo v chng li cc cuc tn cng mo danh, ngha l, mt k tn cng c th li dng thc t l mt khch hng hp php thc hin tt c cc cng vic cn thit chng minh tnh hp php ca mnh vi NetBouncer v sau tn cng mng nh vic gi mo a ch IP hp php ca khch hng. Ngoi ra, h thng khng phi l min dch vi ngun ti nguyn cn kit do mt

19

s lng ln cc khch hng hp php. Hn na, ging nh tt c phng th pha mc tiu, n c th b trn ngp bi khi lng ca cc gi trn ng truyn n. Ging nh tt c cc phng n phng th tt chng li DDoS, NetBouncer c li th v hn ch ca n. V mt tch cc, n xut hin cung cp dch v tt cho khch hng hp php trong phn ln cc trng hp. V n nm ni tuyn trn mng, c ngha l n khng c mt s hin din c th nhn thy trn mng ging nh mt cu ni mng, n khng yu cu sa i cho cc my ch v khch hng trn mng c bo v hoc cc my ch kt ni vi nhau. Cc a im trin khai gn nn nhn v n khng yu cu hp tc vi NetBouncers khc. V mt tiu cc, nhng k tn cng c th thc hin cc cuc tn cng thnh cng vo nn nhn / mc tiu bng cch mo nhn hp php hoc tuyn dng mt s lng ln cc agent, c hai u l d dng t c thng qua gi mo v tuyn dng , tng ng. Ngoi ra, NetBouncer t ra cc gi nh nht nh v cc khch hng hp php m khng phi lun lun c chia s bi tt c cc khch hng v nh vy s lm cho h b loi tr khi truy cp vo ti nguyn c bo v. Cc bi kim tra tnh hp php t mt gnh nng ng k n chnh NetBouncer v c th gy cn kit ngun lc ca cc c ch bo v.

2.5 Bin php Proof of Work

Mt cch khc tip cn vn DDoS l xem xt cc bi ton con ca cuc tn cng suy gim kt ni. Nhiu kt ni c khi to bi k tn cng trit tiu s lng kt ni m m mt my ch c th duy tr. Mt mc tiu trong phng chng l bo tn cc ngun lc ny trong cc cuc tn cng nh vy. L ngi bo v, my ch bt u giao ra nhng bi kim tra challenge, khng khc so vi NetBouncer, cho khch hng yu cu kt ni. iu ny xy ra ti mc giao thc TCP / IP, bi h thng cn tp trung vo vic bo v cc ngun ti nguyn lin quan n kt ni mng. Cc my ch phn phi mt cu m ha nh cho cc khch hng yu cu kt ni, v ch i mt gii php. Nu khch hng gii quyt cc cu trong mt ca s thi gian nht nh, cc ti nguyn thch hp sau c phn b trong cng b nh m ca mng(phn ca h iu hnh x l cc giao tip mng). Khch hng m khng gii quyt c cu cc kt ni ca h s b b qua. Cch tip cn ny buc k tn cng dnh nhiu thi gian v ngun lc trc khi t c mt kt ni thnh cng n mt my ch hoc mc tiu, v lm chm tc m anh ta c th lm cn kit cc ngun ti nguyn ca my ch t bt k my no. Trong khi iu ny c overhead thp (my ch vn phi to ra v xc minh cc cu ),
20

thc t giao thc TCP / IP thc hin trn c hai u (client v my ch) phi c sa i cho phng php ny lm vic. Cch phng chng ny ny khng x l c vn nh cc cuc tn cng phn tn trong k tn cng to ra cc yu cu vt kit cc ti nguyn my ch hoc tn cng vt kit ti nguyn cho vic to puzzle hay tiu th bng thng ca ng mng dn n my ch.

2.6 Bin php DefCOM

DefCOM, xut ca Mirkovic [16]. N l mt h thng phn tn kt hp bo v ngun cp, nn nhn, v li mng. N pht hin mt cuc tn cng n v p ng bng vic hn ch t l giao thng, trong khi vn cho php lu thng hp php i qua h thng. N bao gm ba loi nt (router hoc host): node pht cnh bo pht hin mt cuc tn cng, node hn ch t l thi hnh gii hn tc trn tt c lu lng i n mc tiu ca cuc tn cng, v node phn loi gii hn t l giao thng, phn chia cc gi tin hp php vi cc gi tin ng ng ng thi nh du mi gi vi phn loi ca n. Node pht cnh bo v cc node phn loi c thit k cho mng li cnh vic trin khai, trong khi node hn ch t l c thit k cho phn li trin khai ca h thng. Trong trng hp b tn cng, im pht hin c kh nng s cc node pht cnh bo trong mng nn nhn, v node phn loi c kh nng gn vi mng li ngun. DefCOM ln du vt cc cuc tn cng t nn nhn n tt c cc ngun lu lng truy cp hot ng (lu lng tn cng hoc hp php) s dng mt mng li che ph v thng k trao i gia cc nt bo v. Gii hn t l c trin khai bt u t nn nhn, v lan truyn n cc l trn cy giao thng (phn loi gn cc ngun). Gi tin c nh du, phn loi, chuyn ti thng tin v tnh hp php ca mi gi i n cc node hn ch t l. Cc node hn ch t l cp pht bng thng gii hn u tin cho cc gi tin c nh du hp php, sau n nhng gi tin nh du ng ng, v cui cng cc gi tin khng c nh du. iu ny to ra ba cp ca dch v, to ra dch v tt nht vi cc gi tin hp php. Bt k tng la c th thc hin chc nng ca node pht cnh bo. Router li s phi c tng cng vi mt kh nng quan st nh du thc hin chc nng ca node hn ch t l. D-WARD c m t nh l mt ng c vin c kh nng cho chc nng ca node phn loi . Tuy nhin, vic phn chia giao thng hp php vi giao thng tn cng khng cn phi c tt nh D-WARD. Mt node phn loi c th n gin nh du giao thng n xt thy quan trng i vi khch hng ca mng l ngun
21

hp php. Min l tun theo phn loi t l hn yu cu, giao thng ny s khng lm tn thng cc nn nhn. Tm li, thit k ca DefCOM l gip pht hin giao thng bt hp php ti mc tiu, gii hn t l li, v ngn chn lu lng truy cp ng ng/ lu lng tn cng ti mng li ngun. S dng D-WARD nh h thng phn loi ban u ca n, DefCOM cng vn ra xa hn vo ct li x l cc cuc tn cng t cc mng khng c trang b node phn loi giao thng khng hp php. DefCOM x l l lt, trong khi gy ra t s cn tr, hoc l v hi cho giao thng hp php. Do tnh cht che ph ca h thng, DefCOM t n to nn mt gii php m rng v khng cn tip cn vi trin khai thm nh vo vic s dng kin trc peer-to-peer, nhng n yu cu trin khai rng hn phng th ca nn nhn. Theo mt nhc im, x l b h hng hoc ph v cc nt trong mng che ph c th kh kh khn, v DefCOM c kh nng hot ng ti t nu khng c x l.

2.7 Bin php COSSACK

Cozak, xut ca Papadopoulos [8] v pht trin bi i hc Nam California / ISI, nhm mc ch ngn chn cc cuc tn cng t lc ri khi ngun mng, ngha l, cc mng li cha chp cc DDoS agent. Cn gi l watchdogs - cc c quan gim st, mt plug-in cho h thng pht hin xm nhp Snort, pht hin mt cuc tn cng bng cch phn tch v tng ng lu lng truy cp qua mng ngun. Cn c vo mi tng quan (thi gian, loi hnh giao thng), vic tng ng thc th c th ngn chn lu lng truy cp tng t v ng thi nh l mt hnh ng nhm, chnh l cc giao thng tn cng gi n. K thut ny thc thi ti mng ngun, kch hot bi mt thng bo t cc mc tiu ca mt cuc tn cng DDoS, bng cch lc ra cc vi phm giao thng r rng. Tuy nhin, nu lu lng truy cp hp php c xut hin bi cc ng c tng quan, dn n mt sai lm ch quan, th sau lu lng truy cp hp php s b loi b bi Cozak. Mt gi nh chnh ca k thut ny l vic trin khai cc c quan gim st ti ngun mng. Ngun mng ang c ngn cn khi ngun tn cng, nhng mt mng li m khng c c quan gim st vn c th tham gia vo mt cuc tn cng DDoS. Hn ch ny l ph bin cho cc h thng i hi phi c ngun cp trin khai. Khng yu cu sa i mc giao thc hoc p dng cho cc ngun mng. Cc thng tin lin
22

lc gia cc nh kim sot khng c kh nng m rng, v h s dng truyn thng multicast.

2.8 Bin php Pi

Pi, xut ca Yaar [2], l mt h thng bo v mc tiu nn nhn, xy dng trn k thut nh du gi tin cp bin php traceback, chn vo nh danh ng dn vo mc cha s dng trong phn header ca gi tin IP. tng chnh l nhng nh danh ng dn hoc du vn tay xc thc c chn vo bi cc router dc theo ng mng. Cc mc tiu hoc nn nhn sau s t chi cc gi tin vi nh danh ng dn ph hp vi cc gi tin c xc nh r rng nh mt phn ca cuc tn cng. Trong n nh du Pi c bn, tng router tham gia nh du bit nht nh trong trng nhn dng IP ca gi tin IP. Cc v tr ca k hiu trong trng ny c xc nh bi gi tr ca trng TTL (time to live) ca gi tin. K hiu l mt phn ca bng bm ca a ch IP ca router. V gi tr TTL c gim i ti mi router, mt con ng tip gip ca gi tin c xy dng khi n n gn hn vi nn nhn. Ngi ta c th quyt nh ngng nh du trong mt khong cch chng nht nh ca mng nn nhn tng kh nng ti ch ca gi tin trong n ny. B lc Pi c th xy ra mt khi chng trnh nh du c ci t trong c s h tng. n ny gi nh rng nn nhn bit lm th no xc nh s lng ln ca lu lng truy cp tn cng, v d, bng cch chn mt phn ln ca lu lng truy cp n mang nhn hiu tng t. Cc b lc sau nm b tt c lu lng vi nhn hiu nht nh. V tnh, mt s lu lng truy cp hp php chia s nhn hiu vi cc cuc tn cng (v n cng chia s ng dn n cc nn nhn do s dao ng v tnh cht thch nghi ca mng) cng s b gim xung, mt mt.

2.9 Bin php SIFF

Yaar [3] xut gim thiu ngp lt tn cng DDoS bng cch s dng mt c ch trong kh nng ca host cui c th phn chia lu lng truy cp Internet tch thnh hai lp: c quyn v khng c quyn. Host cui c th trao i capabilities s c s dng trong giao thng c quyn. Router sau s xc minh nhng capabilities ny mt cch khng trng thi. Nhng capabilities ny c giao trong mt ng c ch, v vy my c x sai tri (my tn cng) c th c kh nng b thu hi capabilities. Tri ngc

23

vi cch tip cn khc, k hoch ny khng i hi mt c ch che ph, nhng n c yu cu sa i ca my khch v my ch, cng nh c router na. Cc my khch s s dng mt giao thc bt tay vo kh nng trao i, v sau l lu lng truy cp c quyn s c gii quyt nhanh ca mng, tri ngc vi giao thng khng c c quyn m s khng nhn c u tin. C quy nh ti ch ngn chn tn cng gi trn vi lu lng truy cp c quyn ca mt ngi tri php, v d, bi mt ngi c gng to ra capabilities (thc hin bng cch nh du trong mi gi). Nu mt my khch vi capabilities bt u ngp lt, sau cc thng tin cho lu lng truy cp c quyn c th b thu hi vi my khch . Cc tc gi ca c ch ny xut hai con ng: mt l c ch Internet th h tip theo kt hp nhng k thut ny v mt l c ch cho cc giao thc mng hin nay IPv4. l cn cha r rng rng nhng con ng s chng minh hiu qu hay khng. Tm li, k thut ny cng chp nhn nhiu gi thit, trong c gi nh l my khch v my ch cp nht cc phn mm theo giao thc TCP / IP kt hp sa i cn thit cho cc capabilities mi. u im l khng cn thit phi c-lin-ISP hay hp tc gia cc ISP. Tuy nhin, n cng gi nh rng gi mo l hn ch, v vic x l v duy tr trng thi c yu cu ti tng router. Cc giao thc mng mi yu cu nh du khng gian trong tiu gi IP, hp tc ca khch hng v my ch, mi router phi nh du cc gi tin, v tuyn ng gia cc my trn mng vn n nh. Cc gi nh ny l kh hn ch, so vi nhng g c th xy ra trong mt mng thc s.

2.10 Bin php lc m chng HCF

Lc m chng, Hop-Count Filtering, c xut bi Jin [7], l mt d n nghin cu ti i hc Michigan, nhm bo v chng li DDoS bng cch quan st cc gi tr TTL (thi gian sinh sng, s lng cc chng hoc router m mt gi tin s i qua trc khi n ch, hoc b b i trnh chng ng qu di hoc lp li, gi tr c gim i mi router cc gi tin i qua) trong cc gi tin inbound. Trin khai ti cc mng mc tiu, n quan st gi tr TTL cho bt k a ch ngun trn mng m i qua mng mc tiu, c gng suy lun mt s hop m s chng (c ngha l, khong cch ca ngi gi n my phng th) v xy dng bng m rng buc mt IP cho trc vi s chng.

24

H thng ny to nn d on ca chng m bt u vi gi tr TTL quan st v on gi tr TTL ban u c t trong gi tin ngi gi. Ch c mt vi gi tr nh h iu hnh s dng v h l kh khc nhau, to iu kin on chnh xc. S chng sau c tnh bng s chnh lch gia TTL ban u v cc gi tr quan st c. S chng Hop-count phn phi theo phn phi chun (chung ng cong), v c s bin i trong gi tr TTL. Nu k tn cng mun t c iu ny, hn s phi on ng gi tr TTL chn vo mt gi tin gi mo, s chng suy lun ph hp vi gi tr mong i. Gi mo tr nn kh khn, v k tn cng gi phi gi mo gi tr TTL chnh xc lin kt vi mt a ch ngun c gi mo v, tng cng s chng khc bit thch hp gia k tn cng v a ch gi mo, giao thng c hi tr nn mt m hnh d dng hn. Trong cc hot ng chung, cc b lc m chng l th ng trong khi n ang phn tch lu lng v ni n vi cc bng tnh n thnh lp cc gi nh hop. Nu s lng bt xng hp vt qua mt ngng thnh lp, chng trnh bt u lc. Cc bn n u c cp nht lin tc bng cch kim tra mt ngu nhin kt ni TCP n mt trang web trong mng c bo v. Lu rng chng trnh ny c gng ngn chn lu lng truy cp gi mo. Khng c g ngn cn k tn cng khi vic pht ng mt cuc tn cng bng cc ngun thc v mang gi tr TTL chnh xc, v do cc cuc tn cng bng cch s dng cc mng bot ln hoc su vi DDoS, m khng cn phi mo a ch ngun thnh cng, vn s l mt vn . V cc loi tn cng tr nn d dng ngy hm nay, nhng k tn cng ch cn p dng phng php ny trn gi mo a ch ngun c th vt qua phng th nh vy. Ging nh nhng cuc phng th pha nn nhn, phng php ny khng th gip bo v chng li cc cuc tn cng quy m ln da trn vic gi trn ti lin kt ti vo my thc hin vic kim tra cc gi tr TTL.

25

Chng 3: SOS V WEBSOS

3.1 Giao thc Chord
C hai kin trc SOS v WebSOS u s dng mt k thut l nh tuyn theo cu trc, hay bng bm phn tn DHT Distributed Hash Tables, qua vic xy dng mt mng bao ph c ng dng giao thc Chord, v vy trc tin chng ta s tm hiu v giao thc Chord ny. Giao thc Chord l mt giao thc tm kim phn tn c xut bi Stoica v cc ng nghip [14] ti hi ngh ACM Sigcomm din ra vo 8/2001 qua bi bo Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications. Chord cung cp h tr cho mt hot ng duy nht: cho mt gi tr key, n s nh x gi tr key ti mt node trong mng. y vic nh x gi tr key n node trong mng c thc hin bi mt hm bm nht qun, bm gi tr key cho ra mt gi tr bm, chnh gi tr bm ny s tng ng vi node tng ng trong mng. T vic lu tr v tm kim d liu trong mng s d dng c thc hin thng qua vic lin kt mi key vi cc n v d liu lu tr cp key/ d liu ti node m key nh x n.
26

Trong mng Chord, mi node c cp pht mt nh danh ID thng qua mt hm bm nht qun trong khong [0, 2m] vi mt gi tr m nh trc. Cc node trong mng bao ph c sp xp th t theo nh danh ca chng, v c t chc theo vng, thun chiu kim ng h.

Hnh 1: nh tuyn theo Chord [14]. Mi node s duy tr mt bng gi l finger table, cha ng nh danh ca m node trong mng bao ph. Gi tr hng th i trong bng finger table ca node c nh danh x, l node c nh danh nh nht m ln hn hoc bng x + 2i-1. ( (mod 2m)), nh hnh. Khi node x nhn c gi tin c ch l node nh danh y, n gi gi tin n node trong mng theo bng finger table ca n sao cho node ny c nh danh ln nht m cn nh hn y. Nh trn hnh, nu node c nh danh 7 nhn c gi tin m ch n c nh danh l 18, gi tin s c nh tuyn t node 7 n node 16, sau n node 17. Khi gi tin n node 17, node tip theo trong mng bao ph l node 22, v vy node 17 bit rng node 22 l node chu trch nhim cho nh danh 20. Nh vy thut ton nh tuyn ca Chord s khin gi tin c chuyn trong mng n vi node ch qua khong O(m) node.

27

Chord chnh l mt gii php tt cho rt nhiu vn : cn bng ti, phn tn, linh hot, c kh nng m rng. N cng c th x l tt khi cc node tham gia v ri khi mng mt cch thng xuyn.

3.2 Kin trc SOS

SOS c Keromytis v cc ng nghip ca ng [4] xut trong bi bo : SOS: Secure Overlay Services vo ngy 21/08/2002 trong hi tho ACM Sigcomm 2002. tng chnh ca bi bo l xy dng nn mt kin trc tng bao ph quanh server ch, nhm ngn chn k tn cng khi vic tip cn tn cng ph hoi server v ch cho php ngi dng c xc nh confirm user, mi c th kt ni n server. Kin trc SOS c th hin nh hnh v di.

Hnh 2: Kin trc c bn ca SOS [4]

28

Trong kin trc ny, yu cu ca khch hng t source point s i vo mt lp bao ph qua mt node l SOAP Secure Overlay Access Point. Do tnh cht ca SOS, nn node ny s lm nhim v kim tra ngi dng ny c hp l hay khng, qua mt c ch xc thc, nh l login. Sau khi xc thc xong ngi dng, yu cu s c chuyn tip qua mng bao ph. Mng bao ph ny ng vai tr mt firewall phn tn, c xy dng theo giao thc Chord vi k thut nh tuyn theo cu trc, s dng bng bm phn tn DHT. Giao thc Chord s c m t trong phn tip theo. , v trong mng bao ph, cc node c th ng mt trong cc vai tr sau: - SOAP: Secure Overlay Access Point: l cc im truy cp cho khch hng. - Secret Servlet: Cc node c bit, m ch c kt ni n t cc node ny mi c server ch chp nhn. - Beacon: Cc node c bit trong mng bao ph bi n bit c v tr ca cc secret servlet, nh thng bo nh k t cc secret servlet gi ti chng. - Overlay Node: cc node bnh thng khc trong mng. Sau khi node SOAP xc thc xong ngi dng, n s ly a ch Server ch trong gi tin yu cu, s dng hm bm ca chord t c mt gi tr bm. Gi tr bm ny s cho bit v tr ca mt Beacon, nh SOAP chuyn tip yu cu ngi dng n node Beacon . Khi Beacon nhn c gi tin, n li c a ch Server ch, v sau chuyn tip gi tin n Secret Servlet ca server ch. Secret Servlet nhn c gi tin t Beacon, n cng tip tc chuyn tip gi tin n Server ch tng ng. Vn t ra l lm th no Beacon bit c a ch ca Secret Servlet tng ng vi Server ch? iu ny c thc hin thng qua vic nh k, cc Secret Servlet tng ng vi Server ch s s dng hm bm ca Chord vi a ch Server ch, nh ly c gi tr bm v bit c v tr ca Beacon cn bit n. Ngay sau n gi mt thng bo n Beacon , v nh vy Beacon ny s nhn thng bo v bit c Secret Servlet ng vi mt Server ch. Cn vi cc Server ch, c ch ca chng l install mt b lc router gn n nht, v la chn mt s node trong mng bao ph SOS lm Secret Servlet ca mnh, v cho php chuyn tip kt ni thng qua cc b lc n Server ch. Cc router quanh Server ch cng c cu hnh ch chp nhn kt ni n t Servlet ca n.

29

Vi kin trc xut nh vy, SOS c tin tng rng s tr thnh mt phng php tip cn mi v mnh m trong phng php ch ng phng v chng tn cng t chi dch v.

3.3 Kin trc WebSOS

3.3.1 Gii php xut
WebSOS c xut bi D. L. Cook, Morein, Keromytis cng cc ng nghip [10] qua bi bo WebSOS: Protecting Web Servers from DDoS attacks vo thng 92003 ti hi tho quc t ln th 11 ca IEEE v lnh vc mng ICON2003, v bi bo: WebSOS: An Overlay-Based System for Protecting Web Servers from Denial of Service Attacks vit vo nm 2005 [6]. Vi nhiu bin php trnh by chng 2, cch phng chng tn cng DDoS a ra theo mt cch thc b ng, khi m t chc quan st giao thng ti mt im no , i tn cng xy ra, sau mi phn tch cc gi tin gi n nhm t ra cc c ch lc ph hp ngn chn giao thng ca k tn cng. Cch tip cn ny c hai vn kh ln. Th nht l s chnh xc gia vic phn bit giao thng tn cng vi giao thng hp l. Vi D-Ward, DefCom, Cossack, Pi, khi mt sai lm ch quan trong vic phn bit giao thng tn cng xy ra, cc giao thng hp l s b loi b, khch hng s khng th truy cp vo Server ch c. Th hai, l vic to ra mt c ch thit lp b lc su c th hn ch tc hi ca cuc tn cng n mc ti thiu. WebSOS da trn tng ca SOS xy dng nn mt kin trc phng chng tn cng t chi dch v, gip cung cp c kt ni n my ch ch ngay c khi h thng ang l mc tiu ca mt cuc tn cng. Ci tin tng ca SOS, WebSOS s dng h thng kim tra CAPTCHA phn bit ngi dng hp l vi cc autobot, truyn cc yu cu ngi dng trong mng bao ph thng qua web proxy, xc thc khch hng qua giao thc SSL/TLS, m khng cn yu cu vic thay i h tng c s mng sn c.

3.3.2 Kin trc ca WebSOS

V cu trc mng bao ph, WebSOS tha k t m hnh SOS nh hnh 2. Cc node trong mng bao ph vn ng mt trong cc vai tr: SOAP, overlay node, Beacon, Secret Servlet. Tuy vy, khi khng c tn cng t chi dch v, cc my khch c th
30

kt ni trc tip n my ch ch m khng thng qua mng bao ph WebSOS. Ch khi h thng b tn cng, nh cc router cht lng cao c ci t b lc a ch IP, cc kt ni n t bn ngoi s b lc v t chi kt ni n cc my ch ch, ch c cc Secret Servlet mi c quyn truy cp n cc my ch ny, lc mng bao ph WebSOS mi thc s hot ng, v ngi dng mun truy nhp vo my ch ch phi kt ni thng qua mng bao ph ny. Cc SOAP l c ci t Web server nhm to ra v thc hin xc thc ngi dng hp l thng qua bi kim tra CAPTCHA. Cng trn cc web server SOAP, cc applet c lu tr ngi dng c th ti v v chy proxy applet sau khi vt qua bi kim tra CAPTCHA .

Hnh 3: Bi kim tra ngi truy cp s dng CAPTCHA. T kha kim tra trong trng hp ny l zbyc.

Vng lc xung quanh Server ch vn l cc router mnh c install cc b lc IP c th lc mi kt ni n Server trong thi gian din ra cuc tn cng, v ch cho php kt ni t cc Secret Servlet n c Server ch.
31

3.3.3 C ch ca WebSOS
3.3.3.1 C ch chung Vic kt ni thng qua mng bao ph WebSOS c thc hin nh hnh:

Hnh 4: C ch truy cp v xc thc ca ngi dng [6] u tin, ngi dng cn bit mt SOAP v truy cp n n. SOAP ny s c ci t mt webserver thc hin chc nng kim tra CAPTCHA hay Graphic Turing Test- GTT, xc nhn truy cp thc hin bi con ngi. CAPTCHA- Completely Automated Public Turing test to tell Computers and Human Apart, l mt chng trnh c th to ra bi kim tra m hu ht con ngi u c th vt qua, trong khi chng trnh t ng th khng. Trong WebSOS, CAPTCHA c to ra bi chng trnh GIMPY. Khi ngi truy cp vt qua bi kim tra GTT, SOAP s cp cho ngi dng mt chng thc X.509 ngn hn, c m ha ip ca ngi truy cp vo lm chng thc cho vic truy cp vo dch v web, nhm trnh vic s dng li cho agent vi ip khc tn cng. Sau , SOAP s yu cu ngi dng chy mt chng trnh proxy applet (signed applet) browser ca ngi dng kt ni n Server ch thng qua proxy applet , t to kt ni SSL n SOAP. SOAP nhn kt ni ny, v chuyn tip kt ni qua mng bao ph n Beacon thch hp, Beacon s chuyn tip n Secret Servlet. T Secret Servlet, yu cu c chuyn qua vng lc n Server ch. Router vng lc
32

nhn thy IP ca Secret Servlet hp l nn chp nhn cho kt ni n Server. iu ny khin kt ni ca ngi dng tr nn an ton, v cng khin tuyn ng nh tuyn tng ln, gy ra mt tr nht nh.

3.3.3.2 C ch nh tuyn Trong m hnh WebSOS, giao thng t mt ngun ti server ch s i qua cc node theo th t: ngun, SOAP, Beacon, Servlet v Server ch. C ch nh tuyn thng thng c s dng ngi dng kt ni ti SOAP. Hn na, do Beacon bit cc Servlet xc nh tng ng vi cc Server, cng nh Servlet cng bit v tr ca Server, v vy c ch nh tuyn thng thng cng c s dng gia Beacon v Servlet, gia Servlet v Server ch. Cn gia SOAP vi Beacon, mt c ch nh tuyn ca lp bao ph c s dng. Nhm gim qung ng nh tuyn gia chng, nh gim qung ng tng t ngun ti Server ch, thut ton Chord c s dng trong trng hp ny. Trong m hnh SOS gc, qung ng thit lp t ngi dng n Server ch qua mng bao ph c th khc vi qung ng ngc li t Server ch ti ngi dng. Hn na, response t Server ch c th gi trc tip n ngi dng m khng qua li mng bao ph, bi cc knh truyn thng l song cng, v trong cc cuc tn cng DDoS th ch c kt ni ti cc Server ch mi l b tc nghn. Cch thc c nhng thun li kh ln trong vic gim tr ca mng, v hu ht cc kt ni client/server hin nay l khng i xng do cc client thng nhn response nhiu hn l gi i cc request. Trong WebSOS, nh tuyn c thc hin vi tng kt ni c bn. Mi request tip theo trong cng mt kt ni v cc response t Server ch c th i theo qung ng ngc li trong mng bao ph. Trong khi c ch ny lm cho vic p dng tr nn n gin, n cng gy nn hu qu lm cho tr tng ln ng k, v hu ht cc response u i qua mng bao ph vi nhiu chng, hn l vic i trc tip n my khch gim qung ng trong mng ph. 3.3.4 C ch bo v C ch bo v c gi nh trong trng hp k tn cng khng mnh m tn cng gi trn lm qu ti hot ng ca vng lc xung quanh cc Server ch, cng

33

nh khng mnh ti mc tn cng trn lm qu ti tt c cc SOAP trong mng bao ph. Khi khng c cuc tn cng no din ra, cc khch hng, cng nh cc x l t ng nh chng trnh nh ch mc ca google c th truy cp Website mt cch trc tip nh cc Website khc. Khi c du hiu ca mt cuc tn cng t chi dch v phn tn, vng lc xung quanh cc Web Server c kch hot, cc kt ni n Website u b loi b, ngoi tr cc kt ni n t cc Servlet tng ng vi cc Web Server ch. Nh vy, tc hi ca mt cuc tn cng t chi dch v trc tip n cc Server ch b lm gim n mc thp nht nh cc b lc mnh m ny. K tn cng mun tip tc ph hoi Website ch cn cch kt ni n cc Server ch qua mng bao ph, thc hin tn cng. Khi kt ni n mng bao ph, thng qua vic s dng bi kim tra Graphic Turing Test hin i, giao thng t con ngi s c phn bit chnh xc vi giao thng t cc chng trnh my t ng do s m bo ca cc chng trnh CAPTCHA hin i c th khin cc chng trnh nhn dng ch vit t khng th thc hin chnh xc. V vy, cc chng trnh c hi ca k tn cng s b gii hn, khng th tip cn gi gi tin ph hoi ti Server ch c. Thm vo , WebSOS s dng SSL qua mi chng trong mng bao ph, nhm mc ch xc thc chng trc , nhm trnh vic k tn cng c th pht hin c mt s node trong lp bao ph WebSOS v thc hin gi dng cc node . Vi thc t rng chi ph v thi gian to v chng thc m ha vi thut ton RC4 l rt nh (nh phn 4 s cp n), cc node trong mng bao ph khng cn thit phi c ci t thm chc nng c bit khc, v khch hng th n gin ch cn c cp mt chng thc ph hp t qun tr ca WebSOS. Hn na, nhm trnh vic k tn cng s dng IP Spoofing gi gi tin tn cng c IP ngun trng vi IP ca cc Servlet n Server ch, WebSOS xut s dng c ch GRE: Generic Routing Encapsulation theo Farinacci v cc ng nghip vo thng 32000, v Dommety, thng 9-2000. Theo , k tn cng mun gi mo Secret Servlet ngoi vic cn on c IP ca Servlet, cn phi on c c gi tr kha ca GRE. Vi vic s dng kha phc tp, th vic gi mo Servlet l v cng kh khn i vi k tn cng. Cui cng, nu nh k tn cng c thc s gi mo c mt vi Servlet i na, th da vo vic phn tch cc gi tin n nhiu t mt vi Servlet, Server ch
34

hon ton c th chn li tp cc Servlet cho mnh, gi thng bo mi n chng v cc b lc router. Tng kt: Nh vy chng ta xy dng xong kin trc WebSOS cho vic bo v cc WebSite khi tc ng ca cc cuc tn cng t chi dch v. Kin trc ny s trin khai qua cc hot ng chnh l xc nhn ngi dng hp l qua bi kim tra Graphic Turing Test, thc hin kt ni SSL thng qua mt proxy applet qua mng bao ph n mt Servlet, v t Servlet qua mt vng lc n c Server ch.

3.3.5 nh gi u, nhc im ca kin trc WebSOS

Trong khi nhiu xut khc xy dng nn mt h thng chng li tn cng t chi dch v mt cch b ng, th WebSOS a ra mt kin trc ch ng i ph vi DDoS. Ngi dng c th truy cp trc tip vo Website khi khng c tn cng DDoS, gip lm gim tr ca truy cp. Khi pht hin ra mt cuc tn cng, h thng c kch hot hot ng. Nh vo bi kim tra Graphic Turing Test, vic phn loi giao thng hp l v giao thng bt hp php n t cc chng trnh t ng c chnh xc cao, gip loi b giao thng khng hp l khi vic tip cn v tn cng Server ch. Vic kt ni s dng SSL, v vic s dng GRE gip tng cng bo mt trong mng bao ph v ng thi gip chng li vic k tn cng gi mo cc Servlet gi gi tin trn ngp n Server ch. ng dng ca giao thc Chord gip vic nh tuyn trong mng bao ph tr nn nhanh chng, hn na cung cp tnh cn bng ti, linh hot, kh nng phn tn, m rng cho cc node trong mng bao ph cng nh x l tt vic cc node trong mng bao ph c th gia nhp v ri khi mng mt cch thng xuyn. Tuy vy, mt s nhc im cn tn ti ca WebSOS l tr cn cao do vic yu cu ngi dng phi thng qua nhiu chng trung gian trong mng bao ph. Mt im na l cha x l c trng hp mt node trong mng bao ph b chim dng v tr thnh agent ca k tn cng. Hoc k tn cng cng hon ton c th b qua mng bao ph, v thc hin tn cng trc tip vo Server ch qua vng lc, lm cho vng lc b v hiu ha bi vic x l cc gi tin trn ngp.

35

Chng 4: THC NGHIM, CI TIN V KT QU

Thc nghim c tin hnh nhm xy dng nn mt Website vi s bo v ca lp mng bao ph WebSOS. y l thc nghim nhm trin khai gii php WebSOS ra chng 3, ng thi kim tra tr ca yu cu khch hng khi s dng mng bao ph WebSOS so vi vic kt ni trc tip n vi server ch.

4.1 Mi trng thc nghim

Kin trc mng bao ph WebSOS c ci t trn mng li cc my o vi h iu hnh CentOS 5, my tnh 3.0 GHz, RAM 1GB. Chng trnh c 3 module chnh.
-

Module CAPTCHA c ci t trn WebServer Xampp. Module Secure Tunnel Proxylet c vit bi ngn ng Java. Communication Control Module v module Overlay Network (Chord) c vit bi java, v C, tng ng. Website cn bo v l mt my c ci t WebServer Xampp.

4.2 Ci t kin trc WebSOS

So vi xut WebSOS, kin trc thc nghim c xy dng vi c ch c mt s thay i. Cc Servlet c thit lp th cng qua ch dng lnh ch khng thng qua vic nhn cc thng bo n t Server. Vi mi my tnh, tham gia vo mng bao ph WebSOS, my s thc hin dng lnh trong Communication Control Module v module Overlay Network. Khi tham gia vo mng bao ph, nu node ng vai tr Servlet, th n s khai bo lun mt file cha IP ca cc Server ch m n lm Servlet tng ng. Cc node khai bo file tng ng l file rng, s nhn vai tr lm SOAP hoc Beacon, hay ovelay node thng thng. Vi cc my nhn vai tr lm SOAP, ta ci t cho chng thm hai module cn li l module CAPTCHA xc nhn ngi dng hp l, v module Secure Tunnel Proxylet ngi dng ti v chy proxy applet trn trnh duyt ca mnh. Vi cc my lm Server ch, n gin ta ci t Xampp v t mt s file html ln lm Website th nghim cho ngi dng truy cp thng qua mng bao ph.
36

4.3 Kim tra tr ca cc kt ni

Trong khu kim tra tr ca cc kt ni, nhm mc ch kim tra t c kt qu nh khi kch thc mng bao ph l ln, ta da vo kt qu ca Chord, l vi xc sut cao, khi trong mng c 2m node, th vic nh tuyn ch i qua m node. V vy ta to nn mt topo mng vi m=10 node, vo nh tuyn th cng yu cu ngi dng i qua 10 node . Nh vy kt qu t c s tng ng vi vic kim tra trong mi trng mng bao ph c 2m= 210= 1024 nodes. Di y l bng kt qu tng thi gian t khi ngi dng a ra request, n khi nhn c kt qu hin th trn browser, khi thc hin nh tuyn vi qung ng l m=0, 1, 4, 7, 10 node (kt ni trc tip n server, kt ni qua mng bao ph vi qung ng 1 node, 4, 7, 10 node). Server Google.com Coltech.vnu.edu.vn Test.htm (local server) Direct 1.42 1.51 0.64 1 Node 2.07 2.35 1.27 4 Nodes 2.51 2.76 1.35 7 Nodes 2.90 3.51 1.55 10 Nodes 3.49 4.13 1.79

Bng 1: tr khi th nghim kt ni n 1 s trang web C th thy, tr y s nhn 2 hoc 3, l mt tr c th chp nhn c khi mt Website nm trong hon cnh mt cuc tn cng t chi dch v. y do vic nh tuyn qua cc node thc hin mt cch th cng, nn thi gian tr do vic thc hin thut ton nh tuyn Chord b b qua. Ngoi tr do vic nh tuyn cn c thi gian tr do vic cp v chng thc kha qua kt ni SSL. Cc o c v thi gian xc thc kha RSA 1024 bit do Stavrou [6] v cc ng nghip s dng mt my Linux 3 GHz Pentium IV o c khi dng th vin OpenSSL V 0.9.7c. o c cho thy thi gian s dng xc thc ngi dng l rt nh, v qua tnh ton gi s mi kha xc thc ht hn sau 30 pht, th mi node c th xc thc cho 18 triu ngi dng mi gi, l khi cha cn ti tng tc phn cng.

37

Bng 2: Thi gian ng k v xc thc kha RSA 1024 bit [6]

Qua cc o c trn c th thy, d cho tr l vn ln nht ca WebSOS, tr to ra trong cc th nghim l c th chp nhn c. Vi vic cc khch hng c th truy nhp trc tip vo Website trong thi im khng c cuc tn cng, ch kch hot mng bao ph WebSOS trong cuc tn cng, th thi gian tr nh vy l c th chp nhn trong vic trin khai mt cch rng ri.

4.4 xut ci tin

4.4.1 Vn v mng bao ph ca WebSOS
Trong khi xy dng kin trc WebSOS, cc tc gi gi nh rng kin trc WebSOS l n nh v chc chn, ngha l cc node trong mng bao ph WebSOS u ng tin cy, v khng b chim dng bi k tn cng, v k tn cng ch c th tn cng vo h thng t bn ngoi mng bao ph. nghin cu v ci thin kin trc WebSOS, ta gi nh trng hp mt, hoc mt s node trong mng bao ph WebSOS b k tn cng chim dng. T node b chim dng ny, k tn cng c th thc hin mt trong ba hnh thc tn cng sau:
-

Tn cng ton vn d liu: Tn cng ton vn d liu c th trn knh request, bng cch hy b gi tin hoc knh truyn thit lp. Khi node b chim dng hy gi tin trn knh request, ngi dng s nhn thy rng mnh khng th kt ni n server. Khi k node b chim dng tn cng ton vn d liu trn knh truyn thit lp, chng ta c th pht hin ra kiu tn cng ny thng qua gii php ci tin, hoc ngay ng dng pha ngi dng c th nhn thy c thng qua d liu gi v sai, hoc qua vic xc thc c th chuyn sang SOAP khc. Tn cng hy gi tin: tn cng hy cc gi thit lp kt ni khin ngi dng khng th kt ni n server qua node . Phn tch su hn trng hp ny, ta thy trong knh truyn c thit lp, k tn cng c th hy b cc gi tin
38

c truyn gia ngi dng hp l v server. Tng t kiu tn cng ton vn d liu, chng ta c th pht hin kiu tn cng ny thng qua gii php ci tin, hoc ng dng ngi dng cng c th nhn thy qua vic kt ni b ngng, hoc qua thng lng thp ca ng dng.
-

Tn cng gi trn gi tin: Mt node b chim dng c th tham gia tn cng gi trn n server ch thng qua vic gi trn gi tin n Servlet.

4.4.2 xut ci tin

Chng ta s tp trung vo kiu tn cng th nht v th hai: tn cng hy gi tin, v a ra gii php bng cch thit lp mt c ch nhn din kiu tn cng ny, v sau thit lp cho proxylet ca ngi dng thc hin thay i SOAP kt ni n server qua con ng nh tuyn khc khng thng qua node b chim dng. C ch ny c thc hin theo tng bi bo [12] bng cch gi mt gi tin thm d nh k n server ch. p dng vo kin trc WebSOS, chng ta s cho proxylet bn ngi dng thc hin gi mt gi tin thm d nh k n server. Nu server tr li gi tin thm d sai quy nh xc nh trc, th chng ta kt lun l trong con ng nh tuyn c mt node b chim dng v thc hin tn cng hy gi tin, t ta s cho ngi dng t ng thay i SOAP i qua con ng nh tuyn khc. C ch ny l trong sut vi ngi dng v ngi dng s khng phi thc hin xc thc hp l qua SOAP mi. K tn cng cng c th ch chn cc yu cu hp l, ngoi ra cc gi tin thm d v gi tin tr li thm d vn c truyn qua node b chim dng. khc phc trng hp ny, c ch cho php ngi dng khi mt s cc yu cu nht nh khng c tr li t pha server, th proxylet cng t ng kt ni n mt proxy khc, cho php ngi dng thit lp kt ni bnh thng, khng i qua node b chim dng na. xut ci tin c th c th hin di dng gi m nh sau: - xut ci tin thc hin ti proxy applet Thit lp bin s lng thm d khng c tr li ng probe=0; Thit lp bin s lng kt ni hng numD= 0; Thit lp s lng kt ni thnh cng numS= 0; Thit lp bin kim tra kt ni hng drop=false;

39

(*) Nu probe>3, thc hin thay i SOAP cho client v thit lp li gi tr cc bin v mc nh. Nu numD>= 3 , thc hin thay i SOAP cho client v thit lp li cc bin v mc nh. Gi d liu request. Gi d liu probeRequest sau mt khong thi gian random v tng probe ln 1. Kim tra nu drop==true, tng numD ln 1. t gi tr drop=true. Nu s lng kt ni thnh cng numS>7, gn numS= 0 v numD= 0. Nu nhn c d liu response, tng numS ln 1, v t li drop=false. Nu d liu response l probeResponse, gn probe= 0 v numD=0; Quay li (*) - xut ci tin thc hin ti Server ch Nu nhn c request l probeRequest, x l v gi li probeResponse

Nh vy theo gi m, proxylet chy trn client s kim tra nu c 10 ln gi request m c ti 3 ln khng nhn c d liu response th proxylet xem nh c hnh ng tn cng hy gi tin v t ng thay i SOAP kt ni n Server. Ngoi ra, sau mt khong thi gian random, mt gi tin probeRequest c proxylet ti client gi ln Server ch. Nu nh client khng nhn c gi probeResponse ph hp, n s tng mt gi tr numD. Khi numD >=3, proxylet s thc hin thay i SOAP cho client, v gn li numD=0, tip tc qu trnh. Cn nu nhn c gi tin probeResponse ph hp, proxylet ghi nhn khng c tn cng hy gi tin, cc bin c reset, qu trnh c thc hin li t u.

4.4.3 Thc thi xut

40

 thc thi xut, chng ta thay i c ch hot ng ca proxylet, v gi nh k gi tin thm d n server, sau ch gi tin tr li thm d. Nu gi tin tr li khng ng, hoc khng c gi tin tr li thm d th mt bin thit lp sn cng c tng dn, n mt gi tr xc nh trc, proxylet s t ng kt ni n mt SOAP khc m bo truy cp ngi dng. Ngoi ra, khi yu cu ngi dng khng nhn c tr li t server, th bin c thit lp cng tng dn n gi tr nh trc . Khi proxylet kt ni n SOAP khc, bin s c khi to li gi tr 0. Sau khi thc nghim vi h thng, ti thy hiu qu ca c ch l r rt, cc trng hp khi khng c gi tin tr li thm d, hoc cc gi tin tr li t server b hy b, thm ch c khi vic gi ng truyn cho cc gi thm d/ tr li thm d v hy cc gi tin khc, c ch vn c th pht hin v x l hiu qu qua vic thay i SOAP. Danh sch cc SOAP thay i c lu ti tng SOAP, c proxylet c v lu trong mt mng dng thay i SOAP khc khi pht hin c tn cng hy gi tin.

4.4.3.1 Kch bn th nghim

thc thi xut v kim nh cc kt qu ca c ch ra, trc ht chng ta xy dng nn hai kch bn th nghim nh sau: - Kch bn 1: Gi s mt client kt ni n mt SOAP. Sau khi hon tt xc thc ngi dng qua bi kim tra CAPTCHA, ngi dng download v my v chy mt proxy applet nhm kt ni n SOAP. SOAP to chuyn tip yu cu ngi dng qua mng WebSOS overlay node n vi Servlet, ri n Server ch. Trong tuyn ng t SOAP n Servlet, mt node trong c th l mt node b chim dng, v node ny s thc hin tn cng hy b gi tin. Bng vic thc hin khin node vn gi yu cu ngi dng n Server ch cng nh lng nghe thng ip tr li t Server ch, nhng li ngng ghi vo lung thng tin gi ra client, node s hy b mi gi tin t Server gi n ngi dng. pha ngi dng hp l, s chm tr trong vic nhn gi tin dn n tnh trng trang web load qu lu, vic mt kt ni hoc thng lng ng dng thp. Da trn nhng biu hin ny, ta pht hin ra hin tng gi tin b hy nh vo vic gi v nhn gi tin probeRequest, probeResponse, v thc hin bin php i ph. l vic cu hnh khin proxy applet ang chy trn my ngi dng t ng thay i SOAP khc. Ta thc thi kch bn xy dng ny vi c chng trnh gc v chng trnh ci tin, nhm xem xt tc ng ca hnh thc tn cng ny vi chng trnh gc, cng nh kim tra kh nng ca c ch ci tin, xem n c th pht hin v x l tt hnh thc tn cng hy b gi tin ca cc node b chim dng hay khng.
41

- Kch bn 2: Tng t nh kch bn 1, tuy vy node tn cng khng hy b ton b gi tin. Ta gi s k tn cng tinh vi ti mc pht hin ra c cc gi tin probeRequest, probeResponse cho d ta c che giu chng trong gi tin gi i tt th no chng na, hoc l k ch hy b mt s lng ln gi tin trong cc gi tin nhn c t server, ch cho mt s t cc gi tin i qua nh la ngi dng rng vn c kt ni tuy rt chm, vi server v mt cch ngu nhin cc gi tin cha probeRequest v probeResponse u khng b hy, hoc khng b hy ti 3 gi probeResponse lin tip. Nh vy theo kch bn 2, c ch xut gi probeRequest v probeResponse b v hiu ha, ta s phi s dng cch khc pht hin ra l cc gi tin ang b hy b vi s lng ln, bit c tn cng ca mt node c hi v thc hin thay SOAP cho client.

4.3.3.2 Kt qu th nghim
4.3.3.2.1 Vi chng trnh gc Khi thc thi kch bn th nghim vi chng trnh WebSOS gc, hin tng trc quan l pha client ngi dng, cc gi tin request c gi i bnh thng, v vy Browser vn ch cc gi response trong khi khng h c gi response no ti Browser. Trang web vn thng bo Waiting for http://...., song khng th load c trang kt qu. Sau 20 giy (theo thit lp ty bin setSoTimeout trong code chng trnh) khng nhn c response, Browser thng bo Internet Explorer cannot display the webpage.

42

Hnh 5: Kch bn th nghim c thc thi vi chng trnh gc. Cc client khng th nhn response khi trn ng nh tuyn n server c mt node b chim dng thc hin tn cng hy gi tin. Kt qu tt yu xy ra l khi thc thi kch bn vi chng trnh WebSOS gc, Browser ti client khng th nhn c response t Server ch, tng ng vi vic cc ngi dng hp l khng th kt ni n Server ch khi trn ng nh tuyn t client n Server ch c mt node b chim dng, v thc hin hnh thc tn cng hy gi tin. Vi kch bn th 2, do hu ht cc gi tin b hy, nn ngi dng cng gn nh khng th kt ni n server. 4.3.3.2.2 Vi chng trnh ci tin - Kch bn 1: Khi thc hin kch bn th nghim 1 vi chng trnh ci tin, hin tng din ra ban u khng khc g so vi chng trnh gc, l Browser khng th nhn response t Server, trang web vn ch thng bo Waiting for http://.... m khng c hin tng g xy ra. Tuy nhin, sau mt thi gian, khong 14 giy th trang web load bnh thng v ngi dng truy nhp thnh cng. Cc ln truy vn tip theo tr nn bnh thng, khng cn c hin load lu nh ln truy cp trc na.

43

Hnh 6: Kch bn th nghim 1 c thc thi vi chng trnh ci tin. Sau 14 giy loading vi trng hp xu nht (12 giy thc hin c ch), Browser c th load trang web. Cc request sau, Browser gi v nhn truy vn bnh thng. Vi kch bn th nghim 2, trng hp xu nht sau 3 ln truy vn khng thnh cng, ln th 4 tr i Browser cng gi nhn truy vn bnh thng. Nguyn do l bi c ch xut, khi gi truy vn n server th ng thi c sau 3 giy mt probeRequest li c gi ln server (thi gian gia 2 ln gi probeRequest c th iu chnh), v sau 3 ln lin tip gi probeRequest khng thnh cng cc proxy applet t ng thay i SOAP dn n thay i ng dn nh tuyn t client n server ch. Do ng dn khng cn i qua node b chim dng na, nn nh hng ca hnh vi tn cng khng cn. ng thi proxy applet t ng gi li yu cu qua SOAP mi v nhn response, khin trang web c load thnh cng sau khong thi gian ch probeResponse m khng c tr li. V do chuyn SOAP vi ng dn nh tuyn mi, cc truy vn sau ny cng thc hin bnh thng, khng cn hin tng khng c response n Browser na. Cn nhn mnh trng hp trn l trng hp xu nht khi ngi dng mi truy cp gp phi node c hi trn ng dn nh tuyn ca mnh. trng hp tt hn, khi ngi dng ang truy cp chng hn, th mt node trong ng dn nh tuyn b chim dng v tn cng. Lc ny do probeRequest v probeResponse vn ang c
44

gi, v b hy khng nhn c, sau mt khong thi gian khong 12 giy (ln th 4 gi probeRequest), proxy applet s nhn ra node c hi v thay i SOAP. Trong khong thi gian ny c th ngi dng vn cha chuyn trang khc trong Website, v d nh ngi dng ang c bo chng hn, nn ngi dng s khng cm nhn c rng SOAP b thay i, khi vo trang web khc ngi dng khng nhn thy s chm tr no c. - Kch bn 2: Khi thc hin kch bn th hai vi chng trnh ci tin, hin tng xy ra l lc ngi dng load mt trang web nhng khng th kt ni n trang web, hoc trang web b mt qu nhiu phn do b hy s lng ln gi tin. Do gi nh c ch probeRequest v probeResponse b v hiu ha v node tn cng v tnh khng hy b 3 gi tin probe lin tip no, hoc k tn cng tinh vi ti mc cho php cc gi probe i qua mc cho n lc giu gi probe ca chng ta, v vy chng ta cn a ra gii php cho kch bn ny. Gii php c a ra l gii php m s lng gi tin request m khng c c response. Chng ta a ra t l khi c trong 10 gi tin request m c ti 3 gi tin khng nhn c response (t l ny c th thay i cho ph hp vi tng mng) th proxy applet cng coi nh c tn cng hy gi tin, v thc hin thay i SOAP cho client. V vy trong trng hp ny ngi dng s cm thy kh khn hn, bi v c ch m s request khng c tr li, nn ngi dng phi qua ba ln request server m khng nhn c load c trang web. n ln th t tr v sau, ngi dng c th truy vn bnh thng do proxy applet chuyn i SOAP gip ngi dng khng cn b tn cng hy gi tin t node c hi na. trng hp tt hn, khi ngi dng gi yu cu mt trang web, gi s response cho yu cu u tin khng b hy, do trang web thng c nhiu thnh phn, nn mt s lng ln cc request tip theo s c Browser t ng gi ln server download cc thnh phn ny v Browser. V vy tn cng s ch khin ngi dng cm thy trang web thiu nhiu thnh phn, tuy vy n trang web sau proxy applet nhn ra c node c hi, v chuyn SOAP, v vy ngi dng li cm thy thoi mi v truy cp Website bnh thng.

4.4.4 nh gi hiu nng ca chng trnh ci tin

nh gi hiu nng ca chng trnh ci tin so vi chng trnh gc, ta thc hin so snh thi gian truy cp ca hai chng trnh vo mt s a ch khc nhau. C th, qua vic o thi gian truy cp trung bnh vo mt s trang web, ta c kt qu nh bng di:
45

a ch http://nhom3.k51mmt.net.vn/main/news4st.htm http://nhom3.k51mmt.net.vn/main/test.htm http://www.google.com

Truy cp trc tip 0.48 0.84 1.42

Phin bn gc 1.34 2.97 2.31

Phin bn ci tin 1.27 3.12 2.25

3.5 3 2.5
Trc tip

2 1.5 1 0.5 0
news4st_test test_local google.com

Phin bn gc Phin bn ci tin

Hnh 7: Thi gian truy vn trung bnh ca cc chng trnh vo mt s trang web. Cc chng trnh u c chy vi kin trc mng bao ph gm c 3 node.

Thc hin nh gi hiu nng ca chng trnh ci tin so vi chng trnh gc thng qua vic so snh thi gian truy cp trong trng hp b tn cng theo cc kch bn 1 v 2, ta c kt qu nh sau: a ch Trc tip Phin bn gc (c hai kch
46

Phin bn ci tin (kch bn 1)

Phin bn ci tin (kch bn

bn) news4st.htm_local test.htm_local www.google.com 0.48 0.84 1.42 Khng kt ni Khng kt ni Khng kt ni

ln truy cp u tin 14.53 15.19 16.34

2) t ln th 4 2.46 3.57 3.22

18 16 14 12 10 8 6 4 2 0
news4st_test test_local google.com Trc tip Ci tin_kch bn 1 Ci tin_kch bn 2

Hnh 8: Thi gian truy vn trung bnh ca cc chng trnh vo mt s trang web khi thc hin chy vi kch bn 1 v 2. Vi phin bn gc, kt qu lun l khng th kt ni. Kin trc mng bao ph gm 3 node. Vi kch bn 1 c ch pht hin thay i mt 12 giy. Vi kch bn 2 t ln th 4 truy vn mi thnh cng. Cc o c cho thy r s bt lc ca kin trc gc khi 100% th nghim u khng th kt ni vi trng hp node trong mng bao ph b chim dng v tn cng

47

h thng. C ch ci tin cho thy mt kt qu chp nhn c v rt kh quan cho trin khai.

Chng 5: KT LUN
48

Qua thi gian nghin cu v phng chng tn cng t chi dch v, c bit l qua qu trnh thc hin ti kha lun tt nghip: Phng chng tn cng t chi dch v phn tn vo cc Website, ti nm c nhng k thut phng chng tn cng t chi dch v v nhng kin thc v mng bao ph, t xy dng v trin khai c kin trc WebSOS nhm hn ch c cc tn cng t chi dch v vo cc mc tiu Website. Nhng kt qu chnh m ti t c cng nh cc kt qu hng ti, c th c tng kt li nh di y:

5.1 Cc kt qu t c
- Xy dng c kin trc WebSOS vi kh nng c th chng li mnh m cc cuc tn cng t chi dch v. H thng cho php ngi dng truy cp trc tip vo Website, v ch kch hot khi Website b tn cng t chi dch v. Vi vng lc IP mnh m, cng c ch xc thc ngi dng hon ho v vic che giu cc Servlet b mt, Server ch c cch ly v bo v rt tt khi cuc tn cng. - Thc hin cc thc nghim cho thy tr ca h thng phng chng tn cng t chi dch v l chp nhn c, vi kh nng trin khai v m rng cao cho cc Web server cng cng phc v ngi dng. - Thc hin ci tin h thng bng cch t gi nh mt hoc mt vi node trong mng bao ph c th b chim dng, v tn cng h thng bng hnh thc tn cng hy gi tin hay tn cng ton vn gi tin, khin ngi dng hp l khng th truy cp h thng. Cch thc ci tin cho thy hiu qu r rt, v trong sut vi ngi dng to cm gic thoi mi cho ngi dng cho d l trong hon cnh h thng ang b tn cng.

5.2 Cc kt qu hng ti
- Hng ti vic x l tr ca kin trc mng bao ph, bng cch phng php xy dng ng i khng i xng, hoc gi response trc tip t Server ch n client. - Nm trong xut ci tin, gi nh t ra l mt node trong mng bao ph c th b chim dng v tr thnh ngun tn cng. Khi c ch x l ra l kh hiu qu khi node thc hin hnh vi tn cng hy gi tin. Song do gi nh node trong mng bao ph c th b chim dng, node cn c th tham gia hnh vi tn cng nguy him na l hnh vi tn cng gi trn gi tin. Vic xy dng mt c ch hiu qu pht

49

hin, v loi b cc node b chim dng trong mng bao ph chnh l mc tiu cn hng n.

TI LIU THAM KHO

50

[1]

A. C. Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio,

S. T. Kent, and W. T. Strayer, "Hash-Based IP Traceback," Proceedings of ACM SIGCOMM 2001, August 2001, pp. 314 [2] A. Yaar, A. Perrig, and D. Song, "Pi: A Path Identification Mechanism to Defend Against DDoS Attacks," Proceedings of the IEEE Symposium on Security and Privacy, May 2003, pp. 93107. [3] A. Yaar, A. Perrig, and D. Song, "SIFF: a stateless Internet flow filter to mitigate DDoS flooding attacks," Proceedings of the IEEE Symposium on Security and Privacy, May 2004, pp. 130143. [4] [5] Angelos D. Keromytis, Vishal Misra, Dan Rubenstein, SOS: Secure Angelos D. Keromytis, Vishal Misra, Dan Rubenstein, SOS: An Overlay Services, ACM SIGCOMM 2002. Architecture For Mitigating DDoS Attacks, IEEE Journal on Selected Areas of Communications (JSAC), 2003, pages 176-188. [6] Angelos Stavrou, Debra L. Cook, William G. Morein, Angelos D. Keromytis, Vishal Misra, Dan Rubenstein; WebSOS: An Overlay-based System For Protecting Web Servers From Denial of Service Attacks; Computer Networks, Volume 48, Issue 5 (August 2005), pages 781 807. [7] C. Jin, H. Wang, and K. G. Shin, "Hop-Count Filtering: An Effective Defense Against Spoofed DDoS Traffic," Proceedings of the 10th ACM Conference on Computer and Communication Security, ACM Press, October 2003, pp 3041. [8] C. Papadopoulos, R. Lindell, J. Mehringer, A. Hussain, and R. Govindan, "Cossack: Coordinated Suppression of Simultaneous Attacks," Proceedings of 3rd DARPA Information Survivability Conference and Exposition (DISCEX 2003), vol. 2, April 2003, pp. 9496. [9] D. Farinacci, T. Li, S. Hanks, D. Meyer, P. Traina, Generic Routing Encapsulation (GRE), RFC 2784, IETF (March 2000). URL http://www.rfceditor.org/rfc/rfc2784.txt [10] Debra L. Cook, William G. Morein, Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein; WebSOS: Protecting Web Servers From DDoS; Proceedings of the 11th IEEE International Conference on Networks (ICON) (2003); pages 455460.
51

[11]

E. O'Brien. "NetBouncer: A Practical Client-Legitimacy-Based DDoS

Defense via Ingress Filtering," http://www.networkassociates.com/us/_tier0/nailabs/_media/documents/netbouncer.pdf. [12] Elaine Shi, Ion Stoica, David Andersen, Adrian Perrig, OverDoSe: A Generic DDoS Protection Service Using an Overlay Network, CMU Technical Report CMU-CS-06-114, 2006 [13] [14] G. Dommety, Key and Sequence Number Extensions to GRE, RFC Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari 2890, IETF (September 2000). URL http://www.rfc-editor.org/rfc/rfc2890.txt Balakrishnan, Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications, ACM Sigcomm 2001. [15] J. Mirkovic, D-WARD: Source-End Defense Against Distributed Denialof-Service Attacks, PhD thesis, University of California Los Angeles, August 2003, http://lasr.cs.ucla.edu/ddos/dward-thesis.pdf. [16] J. Mirkovic, M. Robinson, P. Reiher, and G. Kuenning, "Forming Alliance for DDoS Defenses," Proceedings of the New Security Paradigms Workshop (NSPW 2003), ACM Press, August 2003, pp. 1118. [17] [18] [19] Jelena Mirkovic, Sven Dietrich, David Dittrich, Peter Reiher; Internet Michael Glenn; A Summary of DoS/DDoS Prevention, Monitoring and R. Mahajan, S. M. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and Denial of Service: Attack and Defense Mechanisms.chm ; Prentice Hall PTR; 2004. Mitigation Techniques in a Service Provider Environment; SANS Institute; 2003. S.Shenker, "Controlling High Bandwidth Aggregates in the Network," ACM SIGCOMM Computer Communications Review, vol. 32, no. 3, July 2002, pp. 6273. [20] [21] 295306 [22] http://c.root-servers.org/october21.txt S. Bellovin, M. Leech, and T. Taylor, "ICMP Traceback Messages," S. Savage, D. Wetherall, A. Karlin, and T. Anderson, "Practical Network Internet draft, work in progress, October 2001. Support for IP Traceback," Proceedings of ACM SIGCOMM 2000, August 2000, pp.

52

[23]

http://edition.cnn.com/2001/TECH/internet/05/24/dos.study.idg/

53