J4 ›› 2006, Vol. 28 ›› Issue (5): 3-4.
• 论文 • 上一篇 下一篇
彭江宇[1] 窦文华[2] 龚发根[3]
出版日期:
发布日期:
Online:
Published:
摘要:
DDoS攻击是因特网目前面临的最严峻的威胁之一.如何快速有效地对其进行防范已经成为一项十分有意义的工作.该文提出了一种TCP Proxy与待响应ACK队列相结合的、能够对 TCP绝拒服务攻击进行有效过滤的方法,并用这种方法在Linux内核中实现了一个高速过滤器.实验结果表明,在为TCP传输单独分配带宽的情况下,这种高速过滤器可以有效保护T TCP支持的各种网络服务免受绝拒服务攻击
关键词: DoS DDoS TCP Proxy 待响应ACK队列
Abstract:
DDoS(Distributcd Denial of Service) attack is one of the most great threats to the Internet,It is a meaningful task to implement a mechanism for defending against DDoS attacks quickly and efficiently. This paper proposes a way which combines TCP Proxy with the ACK waiting queue to filter DDoS TCP Fl ooding attacks, and implements it within the Linux kernel. The result shows that, by allocating handwidths separately for TCP, this high-speed filter ca n protect all kinds of services supported by TCP from DDoS attacks.
Key words: DoS;DDoS;TCP Proxy;ACK waitingqueue(AWQ)
彭江宇[1] 窦文华[2] 龚发根[3]. 防范TCP拒绝服务攻击的高速过滤器[J]. J4, 2006, 28(5): 3-4.
0 / / 推荐
导出引用管理器 EndNote|Ris|BibTeX
链接本文: http://joces.nudt.edu.cn/CN/
http://joces.nudt.edu.cn/CN/Y2006/V28/I5/3