中图分类号： TP309.5
文献标识码： A
DOI： 10.19358/j.issn.2096-5133.2021.02.002
引用格式： 郝帅，白翼铭，李致成，等. 反射放大型DDoS攻击的预防策略研究[J].信息技术与网络安全，2021，40(2)：7-13，23.

Research on prevention strategy of reflex amplification DDoS attack

Abstract： With the rapid development of computer and communication technology, the contrast between cyberspace dimensions and the real world is particularly clear, therefore the security of cyberspace is of great significance.In view of the problem of network security caused by reflection amplification DDoS(Distributed Denial of Service), this paper analyzes the vulnerability based on Memcached, DNS, NTP, SNMP, SSDP and CLDAP protocols，and builds server simulation environment of six protocols. It implements the target in the simulation environment IP spoofing and bandwidth amplification based on interactive packet crafting program. In addition, the IP resources in the real network environment are obtained by ZoomEye. The IP in the simulation environment is taken as the victim to test the spoofing effect and bandwidth magnification of IP resources in real network environment. According to the experimental results, the harm of reflection amplification DDoS is analyzed and the prevention strategies are given from the perspective of server and victim.

Key words : network security；reflex amplification；DDoS attack；IP spoofing；bandwidth amplification