There are different ways to perform IP based DoS Attacks. The most common IP based DoS attack is that an attacker sends an extensive amount of connection establishment (1)(e.g. TCP SYN requests) to establish hanging connections with the controller or a DPS. Such a way, the attacker can consume the network resources which should be available for legitimate users. In other (2), the attacker inserts a large amount of (3)packets to the data plane by spoofing all or part of the header fields with random values. These incoming packets will trigger table-misses and send lots of packet-in flow request messages to the network controller to saturate the controller resources. In some cases, an (4)who gains access to DPS can artificially generate lots of random packet-in flow request messages to saturate the control channel and the controller resources. Moreover, the lack of diversity among DPSs fuels fuels the fast propagation of such attacks.
Legacy mobile backhaul devices are inherently protected against the propagation of attacks due to complex and vendor specific equipment. Moreover, legacy backhaul devices do not require frequent communication with core control devices in a manner similar to DPSs communicating with the centralized controller. These features minimize both the impact and propagation of DoS attacks. Moreover, the legacy backhaul devices are controlled as a joint effort of multiple network element. For instance, a single Long Term Evilution(LTE)eNodeB is connected up to 32 MMEs. Therefore, DoS/DDoS attack on a single core element will not terminate the entire operation of a backhaul device(5)the net work.
(1)A.message B、information C、requests D、data
(2)A.methods B、cases C、hands D、sections
(3)A.bad B、real C、fake D、new
(4)A.user B、administrator C、editor D、attacker
(5)A.or B、of C、in D、to
参考答案:C、B、C、D、A
参考解析:执行基于IP的Dos攻击有不同的方法,攻击者最常用的是发送大量的连接建立请求(例如 TCP SYN请求)来建立与控制器或DPS的挂接。这样一来,攻击者就可以消耗合法用户所需的网络资源。在其他情况下,攻击者通过用随机值欺骗所有或部分头字段,将大量假数据包插入数据域,这些传入的数据包将触发表丢失,并在流请求消息中发送大量包到网络控制器以使得控制器资源达到饱和。在某些情况下,获得DPS的攻击者可以人为地在流请求消息中生成大量随机包,使得控制信道和控制器资源饱和。此外,DPS间缺乏多样性也加速了这种攻击的快速传播。
传统的移动回程设备由于其复杂性以及供应商专属性质,天生是防止攻击传播的。此外,传统的回程装置不需要与核心控制设备频繁交流,而DPS与中央控制器的通信则需要。这些特性减少了DoS攻击的影响和传播。此外,传统的回程设备是作为多个网络元素的联合工作方式来控制的。例如,一个单一的长期演进(LTE)基站连接多达32个MME(负责信令处理的关键节点)。因此,对单个核心元素的DoS攻击不会终止回程设备或网络的整个操作。
英语词汇:
perform:执行;实现
artificial:人工的;人为的
extensive:大量的
hang:悬挂;吊
consume:消费
legitimate:合法的
fake:伪造的;假的
spoof:恶作剧;欺骗
saturate:使饱和
lack:缺乏
diversity:差异;多样性
propagation:传播;扩展
fuels:加强;刺激
legacy:传统的;遗留的
backhaul:回运;倒流
inherently:天性地;固有地
protected against:使免受;保护……不受到的侵害
vendor:小贩;卖主;供应商
joint:共同的;联合的
effort:力气;努力;尽力
eNodeB:基站
terminate:终止;结束
entire:全部的