Method and system for diverting reflective DDOS flow

Abstract

The present invention relates to a method for diverting a reflective DDOS flow. The method comprises the steps of acquiring and detecting a data flow of a network node A, and acquiring an attack source SIP and an attack type set T; sending the attack source SIP and the attack type T to a diversion device; sending, by the diversion device, all requests of the attack type set T to the attack source SIP; and diverting the attack flow sent from the attack source SIP to a network node B, clearing a T type of attack flow generated by the attack type set T, and reinjecting normal flows. A system for diverting a reflective DDOS flow comprises a detection device, a diversion device and a clearing device. The attack source SIP is an IP of a basic server used by a hacker. In the method, the request is sent to the used basic server proactively, so as to divert and attract the flow of the basic server, so that fewer attack requests sent to the basic server by the attacker are processed, as a result, the flow sent to the attacked target by the basic server is reduced indirectly.

Description

technical field [0001] The invention relates to network technology, in particular to a method and system for diverting reflective DDOS traffic. Background technique [0002] At present, whether it is to deal with ordinary DDOS attacks or reflective DDOS attacks, traffic cleaning equipment is deployed in front of the protected end, and the method of active detection and passive pulling and cleaning is used. This method has a very big defect, that is, once the traffic has formed , to the transmission link at the protected end, cleaning can only play a considerable role. If the traffic is not enough to congest the transmission, this cleaning method is still relatively effective, but once the traffic is large enough to congest the transmission, this The effect of this cleaning solution is quite limited, and the reflective DDOS attack traffic can generally reach tens of Gbps or more, and general data centers and small operators may not have sufficient bandwidth to transmit Such ...

AI Technical Summary

Problems solved by technology

[0002] At present, whether it is to deal with ordinary DDOS attacks or reflective DDOS attacks, traffic cleaning equipment is deployed in front of the protected end, and the method of active detection and passive pulling and cleaning is used. This method has a very big defect, that is, once the traffic has formed , to the transmission link at the protected end, cleaning can only play a considerable role. If the traffic is not enough to congest the transmission, this cleaning method is still relatively effective, but once the traffic is large enough to congest the transmission, this The effect of this cleaning solution is quite limited, and the reflective DDOS attack traffic can generally reach tens of Gbps or more, and general data centers and small operators may not have sufficient bandwidth to transmit such a huge traffic

[0003] There is also a relatively new cleaning solution. Cleaning devices are deployed at the transmission source of each network to clean the attack traffic sent by each source. This method of cleaning the source can clean the attack traffic at the point where it is sent. It has a very obvious effect on preventing the formation of large attack traffic, but it also has a big disadvantage. The deployment cost of this cleaning method is very high, and the complexity of network construction is relatively large.

Images