| DNS server is one of the most important network infrastructure of the internet, almost all of the internet application relies on DNS server. DDoS Attacks against DNS server causes huge destructive and wide implications, so the prevention of such attacks is significant to guarantee the stability of the internet.After analysising of the attack process, we have two typical classes about the DDoS attack against the DNS server: DNS query attack and DNS amplitication attack. In these two types of attacks, the source ip address of the attack packets are forged in order to hide the attackers themselves and achieve better attack effect and so on. So the BH_Comp through detecting and filter the source ip address forge packets to protect the DNS Server.The BH_Comp uses bloom filter as a core data structure and hop count comparison as the detection method. Bloom filter can effectively reduce the storage space and the fixed storage can avoid the potential threat of the DDoS attacks on the dynamic storage structure. The the hop be used by hop count comparison is difficult forged by attackers, so it's easy to create hop priori knowledge database to detect and filter source ip address forge packets to effective defense DDoS attacks.We use 46G traffic from the DNS server of the Central China Education Network during two weeks to test and prove the BH_Comp, and detect the source ip address forge packets is 1.5%. Through in-depth statistical annlysis of the results, we prove the hop of network packets has a certain degree of stability, determine the DNS server did not suffer DNS query attack, but find and confirm six DNS amplification attack using the DNS server as reflector. The detect results show BH_Comp is effective. |
PDF Full Text Request