机构地区: 中国信息安全产品测评认证中心
出 处: 《计算机工程与科学》 2006年第5期3-4,26,共3页
摘 要: DDoS攻击是因特网目前面临的最严峻的威胁之一。如何快速有效地对其进行防范已经成为一项十分有意义的工作。该文提出了一种TCPProxy与待响应ACK队列相结合的、能够对TCP绝拒服务攻击进行有效过滤的方法,并用这种方法在Linux内核中实现了一个高速过滤器。实验结果表明,在为TCP传输单独分配带宽的情况下,这种高速过滤器可以有效保护TCP支持的各种网络服务免受绝拒服务攻击。 DDoS(Distributcd Denial of Service) attack is one of the most great threats to the Internet,It is a meaningful task to implement a mechanism for defending against DDoS attacks quickly and efficiently. This paper proposes a way which combines TCP Proxy with the ACK waiting queue to filter DDoS TCP Flooding attacks, and implements it within the Linux kernel. The result shows that, by allocating handwidths separately for TCP, this high-speed filter can protect all kinds of services supported by TCP from DDoS attacks.
领 域: [自动化与计算机技术] [自动化与计算机技术]