一种实现随机端口的SSL VPN

The Prot Randomized SSL VPN

本文中我们提出一种新的SSLVPN体系结构,以支持所有应用,同时增强抵抗Dos和分类的Dos攻击的能力。SSLVPN的关键优势是不需要特定的客户端软件。当用户要求访问一个服务器时,由JavaApplet编写的SSL客户端模块首先被下载到主机上。但是,并不所有应用都可以很好运行的,因为客户不能通过HTTPS连接某些我们熟知的应用。而且,当SSL端口受到Dos或分类的Dos攻击时,我们不能使用VPN进行连接。改进的VPN同样使用现存SSLVPN中应用的JavaApplet,但是这Applet实现的功能我们称之为动态编码,它通过Java远程方法调用(RMI)实现动态改变。VPN客户端Applet可以和服务器端的VPN服务器和防火墙进行互操作。

In this paper, we propose a port randomized VPN architecture such that any application can use the VPN and the VPN has strength against DOS or DDOS. A key advantage of SSL VPN is that no specialized client software is required. When a user requests access to a server, the SSL client module, which is a Java Applet code, is downloaded into the host at first. However, it is quite likely that with a server through an HTTPS tunnel in some applications as we know. Moreover, there is the possibility that we can not use the VPN connections when the SSL port is under DOS or Distributed DOS（DDOS） attack. The proposed VPN use the same Java Applet as existing SSL VPNs use , but the function of the applet, which we call mobile code, is dynamically changed by Java Remote Method Invocation（RMI）.The VPN client applet can cooperate with a VPN server and a firewall in server side.