| DDoS攻击报文过滤器在Linux防火墙中的应用 |
| |
| 引用本文: | 刘峰,范松波,周斌.DDoS攻击报文过滤器在Linux防火墙中的应用[J].长沙通信职业技术学院学报,2005,4(3):30-35. |
| |
| 作者姓名: | 刘峰 范松波 周斌 |
| |
| 作者单位: | 国防科技大学计算机学院,湖南,长沙,410073 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划) |
| |
| 摘 要: | 分布式拒绝服务攻击(DDoS)是一种攻击强度大、危害严重的拒绝服务攻击。因此,对它进行检测和防御就显得非常困难。文章主要介绍了常用的儿种DDoS方式,提出了一套针对IP报文TTL值分布进行检测以及对TCP报文进行验证过滤的方案,并在此基础上对传统的Linux防火墙进行了改进。实验表明经过改进之后的防火墙能够在一定程度上防御DDoS攻击,比传统的简单报文过滤方法在实时性、准确性上有很大提高。
|
| 关 键 词: | 防火墙 |
| 文章编号: | 1671-9581(2005)-03-0030-06 |
| 收稿时间: | 2005-05-23 |
| 修稿时间: | 2005年5月23日 |
Applying packet filter against DDos in linux firewall |
| |
| LIU Feng,FAN Song-bo,ZHOU Bin.Applying packet filter against DDos in linux firewall[J].Journal of Changsha Telecommunications and Technology Vocational,2005,4(3):30-35. |
| |
| Authors: | LIU Feng FAN Song-bo ZHOU Bin |
| |
| Abstract: | Defense against distributed denial-of-service attacks is one of the hardest security problems on the lnternet. It is very hard to detect and defense them. This paper presents a schema based on the distribution of TTL value of IP packet and verification of TCP packet filtering,on which, we make an improvement on traditional Linux firewall. As it shown by the research result, this firewall under improvement can detect DDoS attack and is more reliable on the recognition of DDoS attack. |
| |
| Keywords: | DDoS TTL Linux Netfilter |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
