摘要
密罐是一种用来发现攻击工具、攻击策略与攻击者攻击动机的技术。在本文中,我们考虑一种特殊的安全威胁:运行僵尸网络的个人与组织。僵尸网络是一个可以由攻击者远程控制的已被攻陷主机组成的网络。由于它们数量巨大(可以把几万台主机连接在一起),因此对网络构成了极其严重的威胁。在蜜网的帮助下,我们可以观察运行僵尸网络。由于记录数据的丰富性,这使得重构攻击者的行动、使用的工具和详细地研究他们成为了可能。这里,我们对僵尸网络、普遍的攻击技术做更进一步的介绍。
Honeypots are a well known technique for discovering the tools, tactics, and motives of attackers. In this paper we look at a special kind of threat : the individuals and organizations who run botnets. A botnet is a network of compromised machines that can be remotely controlled by an attacker. Due to their immense size ( tens of thousands of systems can be linked together), they pose a severe threat to the net. With the help of honeynets we can observe the people who run botnets. Due to the wealth of data logged, it is possible to reconstruct the actions of attackers, the tools they use, and study them in detail. In this paper we take a closer look at botnets, common attack techniques, and the individuals involved.
出处
《信息技术与信息化》
2006年第6期47-49,共3页
Information Technology and Informatization
关键词
僵尸网络
密罐
分布式拒绝服务攻击
Botnet Honeypots Distributed denial - of- service attacks
