拒绝服务攻击及防御措施

Denial of service attack and defence measures

拒绝服务攻击(DoS)是当前很常见的一种攻击,它攻击目标系统,使得被攻击系统无法给其合法用户提供正常的服务。DoS攻击的目标即可能是主机系统,也可能是网络设备或者网络本身,它主要通过消耗目标系统的CPU能力、内存、网络带宽,或者使系统死机、崩溃等来达到目的。由于DoS攻击一般不需要入侵系统,因此,经常利用UDP,ICMP等协议,DoS攻击中经常伪造源地址,这也导致了DoS攻击难于追查。

Denial of service attack （DoS） is common one kind of attack, it attacks the goal system, causes to attack the system to be unable to give its validated user to provide the normal service. The DoS attack goal namely is possibly the host computer system, the network equipment or network itself. It mainly consumes the goal system CPU ability, the memory, the network band width, or causes the system to die machine, the collapse and so on achieves the goal. Because the DOS attack does not need to invade the system generally, therefore, uses agreements frequently and so on UDP, ICMP, in the DoS attack the forge source address, this also causeds the DoS attack difficulty with to trace frequently.