Section 3: Analysis of the DDoS Logs from the attack against GreatFire
第三节:对针对greatfire的DDOS攻击日志的分析
The staff of GreatFire.org provided the authors with server logs covering the period of March 18 to 28.16 (A report previously published by Great Fire uses a different sample.17) This period appears to capture the end of the DDoS attack on GreatFire.org’s services, as shown by the size of server log files over this period:
greatfire的工作人员向作者提供了3月18至28日的服务器日志(之前一份由greatfire发布的报告使用了不同的样本)。这一周期的日志似乎抓取了针对greatfire的DDOS攻击的结束时刻,由服务器日志文件大小看出来:
To keep our analysis tractable, we examined a sample of the data from March 18th 11:00 GMT to March 19th 7:00 GMT, as seen from two of the three most commonly seen backend servers. For each hour, we selected 30MB of compressed logs for each server.18 The total sample includes 16,611,840 web requests, with 13,183 unique source IP addresses. We used the MaxMind GeoIP2 Lite database19 from March 3rd, 2015 to assign a country of origin to each source IP address. For any IP address that did not result in a definite geolocation using this tool (31 addresses), we looked up the address manually using theiplocation.net service.
为了保证我们的分析是可追踪的,我们检查了一份从3月18日11:00(世界时)到3月19日7:00(世界时),来自于三个最常见的后台服务器中的两个的样本。对于每个小时,我们从每个服务器里取出30MB压缩过的日志。完全的样本包括了16611840个网页请求,里面有13183独特的源IP地址。我们从2015年3月3日开始使用MaxMind GeoIP2 Lite数据库来给每个源IP地址标定上属于哪个国家。对于任何无法使用这工具来得到地理位置的IP地址,我们手动在iplocation.net 上进行查询。
The figure below summarizes the top countries of origin, with China added for comparison.
1/7 1 2 3 4 5 6 下一页 尾页
|