台灣聯合大學博碩士論文系統

Low and slow DoS attack 是一種網路應用層的阻斷服務攻擊（DoS）；它利用的是傳輸速率很慢的封包，以達成占用伺服器連線資源的目的。該攻擊具有低網路流量以及不需太多資源即可發動的特性，因此難以偵測與防禦；即便針對慢速連線進行阻擋，也恐誤傷合法的使用者。本篇論文提出了一個能保護 HTTP 伺服器免於此攻擊、不需伺服器額外調整，且對於連線速率較慢的使用者有更好包容力的解決方案。實驗顯示其能成功保護 Apache 以及 Nginx 伺服器。

Low and slow DoS attack (LSDoS) is a kind of application layer denial-of-service (DoS) attack, which utilizes slow-sending packets in order to drain server's connection resources. This kind of attack has low traffic and requires less resources to mount, thus making it hard to detect and mitigate. By blocking slow-rate connections, we might also block legitimate users. In this paper, our proposed solution, which is tolerable to slow-rate clients, can protect HTTP servers from LSDoS, without the need of modifying the server. Evaluation results show that it can successively protect Apache as well as Nginx servers.

目錄

摘要.................................................................................... i
Abstract .............................................................................. ii
誌謝.................................................................................... iii
目錄.................................................................................... iv
圖目錄................................................................................. vi
表目錄................................................................................. viii
第 1 章 緒論 ........................................................................ 1
第 2 章 背景介紹 .................................................................. 3
2.1 HTTP...................................................................... 3
2.2 Slow Attacks.............................................................. 3
2.2.1 Types of Attack................................................. 4
2.2.2 Characteristics .................................................. 5
第 3 章 相關研究 .................................................................. 6
3.1 調整伺服器設定檔 ...................................................... 6
3.2 其他機制 .................................................................. 7
3.2.1 商用服務 ......................................................... 7
3.2.2 替代方案 ......................................................... 7
3.2.3 學術研究 ......................................................... 7
第 4 章 系統設計 .................................................................. 9
4.1 概觀 ........................................................................ 9
4.2 系統架構 .................................................................. 10
4.2.1 Fast mode ........................................................ 11
4.2.2 Slow mode ....................................................... 12
4.2.3 模式間的轉換 ................................................... 15
第 5 章 實驗結果及分析 ......................................................... 17
5.1 實驗環境 .................................................................. 17
5.2 有效性驗證 ............................................................... 18
5.2.1 Apache 伺服器.................................................. 18
5.2.2 Nginx 伺服器.................................................... 22
5.3 效能分析 .................................................................. 26
第 6 章 討論 ........................................................................ 27
6.1 目前限制 .................................................................. 27
6.2 未來展望 .................................................................. 27
第 7 章 總結 ........................................................................ 29
參考文獻.............................................................................. 30
附錄 A 程式碼 ..................................................................... 32
A.1 effect.sh.................................................................... 32
A.2 probe.sh ................................................................... 33
A.3 download_speed.sh ..................................................... 34

參考文獻

[1] J. Johnson. “What is loic?” (Dec. 2010), [Online]. Available: https://gizmodo.com/what-is-loic-5709630 (visited on 01/27/2022).

[2] S. N. Team. “It was the high school junior, with the botnet, that knocked school offline.” (Sep. 2020), [Online]. Available: https://www.secureworld.io/industry-news/it-was-the-high-school-junior-with-the-botnet-that-knocked-school-offline (visited on 01/27/2022).

[3] P. E. News. “High school student behind ddos attacks| 駭客網站攻擊總統府管理者為高中生.” (May 2018), [Online]. Available: https://news.pts.org.tw/article/395565 (visited on 01/27/2022).

[4] T. Berners-Lee, R. Fielding, and H. Frystyk, “Hypertext transfer protocol – HTTP/1.0,” p. 60, May 1996. doi: 10.17487/RFC1945.

[5] T. Lukaseder, L. Maile, B. Erb, and F. Kargl, “SDN-assisted network-based mitigation of slow DDoS attacks,” Apr. 2018.

[6] B. Zdrnja. “Isc diary | slowloris and iranian ddos attacks.” (Jun. 2009), [Online]. Available: https://isc.sans.edu/forums/diary/Slowloris+and+Iranian+DDoS+attacks/6622 (visited on 10/05/2021).

[7] N. Tripathi, N. Hubballi, and Y. Singh, “How secure are web servers? an empirical study of slow HTTP DoS attacks and detection,” in 2016 11th International Conference on Availability, Reliability and Security (ARES), 2016, pp. 454–463. doi:10.1109/ARES.2016.20.

[8] Slowloris HTTP DoS, https://web.archive.org/web/20150426090206/http://ha.ckers.org/slowloris, (visited on 10/05/2021).

[9] R-U-Dead-Yet? (RUDY), https://sourceforge.net/projects/r-u-dead-yet/, (visited on 10/05/2021).

[10] T. Hirakawa, K. Ogura, B. B. Bista, and T. Takata, “A defense method against distributed slow HTTP DoS attack,” in 2016 19th International Conference on Network-Based Information Systems (NBiS), 2016, pp. 152–158. doi: 10.1109/NBiS.2016.58.

[11] J. Mirkovic and P. Reiher, “A taxonomy of DDoS attack and DDoS defense mechanisms,” ACM SIGCOMM Computer Communication Review, vol. 34, May 2004. doi: 10.1145/997150.997156.

[12] E. Cambiaso, G. Papaleo, G. Chiola, and M. Aiello, “Mobile executions of slow DoS attacks,” Logic Journal of IGPL, vol. 24, Oct. 2015. doi: 10.1093/jigpal/jzv043.

[13] K. Hong, Y. Kim, H. Choi, and J. Park, “SDN-assisted slow HTTP DDoS attack defense method,” IEEE Communications Letters, vol. 22, no. 4, pp. 688–691, 2018. doi: 10.1109/LCOMM.2017.2766636.

[14] S. Suroto, “A review of defense against slow HTTP attack,” JOIV : International Journal on Informatics Visualization, vol. 1, p. 127, Nov. 2017. doi: 10.30630/joiv.1.4.51.

[15] Tan Nguyen. “Slowloris DoS attack and mitigation on Nginx web server.” (Jun. 2017), [Online]. Available: https://hexadix.com/slowloris-dos-attack-mitigation-nginx-web-server/ (visited on 07/29/2021).

[16] Cloudflare. “Cloudflare DDoS protection & mitigation.” (), [Online]. Available: https://www.cloudflare.com/ddos (visited on 07/29/2021).

[17] Akamai Technology. “DDoS protection.” (), [Online]. Available: https://www.akamai.com/solutions/security/ddos-protection (visited on 10/05/2021).

[18] Frank Breedijk. “Slowloris and Nkiller2 vs. the Cisco CSS load balancer.” (Jun. 2009), [Online]. Available: https://web.archive.org/web/20120215200011/http://www.cupfighter.net/index.php/2009/06/slowloris-css/ (visited on 10/05/2021).

[19] Qualys Security Labs. “Testing web servers for slow HTTP attacks.” (Sep. 2011), [Online]. Available: https://web.archive.org/web/20171014171707/http://blog.shekyan.com/2011/09/testing-web-servers-for-slow-http-attacks.html (visited on 10/05/2021).

[20] N. Larsson and F. Ågren Josefsson, A study of slow denial of service mitigation tools and solutions deployed in the cloud, 2019.

[21] A. K. Nick Mathewson and N. Provos. “Libevent –an event notification library.” (), [Online]. Available: https://libevent.org/ (visited on 10/08/2021).

[22] F. Indutny. “Nodejs/llhttp.” (), [Online]. Available: https://github.com/nodejs/llhttp (visited on 04/20/2021).

[23] Oracle Corporation. “Chapter 6. virtual networking.” (), [Online]. Available: https://www.virtualbox.org/manual/ch06.html (visited on 10/05/2021).

[24] Sergey Shekyan. “Shekyan/slowhttptest.” (), [Online]. Available: https://github.com/shekyan/slowhttptest (visited on 01/15/2022).

[25] Gnu wget, https://www.gnu.org/software/wget/, (visited on 01/15/2022).