摘要
针对中小型网络用户的实际状况,采用IQ80310和Linux2.6内核为开发平台,设计开发一种基于状态检测机制的防火墙。对Linux2.6内核中状态检测机制进行了研究,并以TCP协议为例,详细分析了其实现原理和工作流程。所设计的嵌入式状态检测防火墙具备防火墙的主要功能,并能防范碎片攻击和DoS攻击,具有安全、可靠、成本低廉等设计特点,具有较高的推广应用价值。
According to actual situation of users in small and medium size networks, a firewall based on status-detecting mechanism is developed and designed on the development platforms of IQ80310 and Linux 2.6 kernel. The status-detecting mechanism in Linux 2.6 kernel is studied, and the realization principles and the work flow of the firewall is analysed in detail taking the TCP protocol as example. The designed firewall with embedded status-detecting mechanism contains main firewalls' functions, besides of that, it can defend fragment attacks and DoS attacks. This firewall is secure, reliable, cheep and has promising popularization and application values.
出处
《计算机应用与软件》
CSCD
北大核心
2008年第6期275-276,285,共3页
Computer Applications and Software
关键词
嵌入式系统
状态检测
防火墙
Embedded system Stateful detection Fire wall