关键词: DoS DDoS TCP Proxy 待响应ACK队列

Abstract:

DDoS（Distributcd Denial of Service） attack is one of the most great threats to the Internet,It is a meaningful task to implement a mechanism for defending against DDoS attacks quickly and efficiently. This paper proposes a way which combines TCP Proxy with the ACK waiting queue to filter DDoS TCP Fl ooding attacks, and implements it within the Linux kernel. The result shows that, by allocating handwidths separately for TCP, this high-speed filter ca n protect all kinds of services supported by TCP from DDoS attacks.

Key words: DoS;DDoS;TCP Proxy;ACK waitingqueue（AWQ）