随着网络的普及,拒绝服务攻击,特别是近年来出现的分布式拒绝服务攻击所造成的
危害越来越大。由于它的突发性、隐蔽性和不确定性,目前还没有一种有效的办法来防御这种攻击。本文介绍了DoS/DDoS 攻击类型、原理及目前常用的防御办法,提出了一种新的防御系统。在本系统中,以包过虑防火墙为基础,增加了一个检测控制模块。当遭受攻击时,防御系统根据一个合法用户列表自动设置包过滤规则,只对合法用户进行转发,陌生用户则由检测控制模块来检测其合法性,并代替服务器进行三次握手的连接,从而保护服务免受攻击。
关键词:拒绝服务 ;防火墙;包过滤;用户检测
Design and Implementation of Packet filter firewall-based Dos/DDos Protect System Sun,jianghong Wu,shaohua Zhou,anmin Sun,lipeng (Information Security Institute of Sichuan University ,Chengdu 610064) 【Abstract】With the development of network,DoS attack ,especially the DDoS attack which expose in recently years,become more and more dangerous.This paper introduces the principle of Dos and DDoS,and the defence method ,then propose a new defends system.In this system,use a detect module to detect the validity of user.When the attack happens,the fire wall will set filter rule,forward the correct data of user,to avoid the attack to the server.
【Key words】DDos; Firewall; Packet Filter; User detection
暂无评论