摘要
作为最常用的安全产品,防火墙在设计之初并没有考虑到针对拒绝服务攻击的防护,由于部署在网络入口位置,在某些情况下,防火墙甚至成为拒绝服务攻击的目标而导致整个网络的拒绝服务。分析了拒绝服务攻击原理和现有防范策略,重点介绍了SYN Cookie技术,分析其优势和不足,并提出了具有可行性的改进。
As the most commonly used network security products firewall does not take DoS protection into account in the design. Due to the entrance of the network, in some cases, firewall even becomes to the target of DoS attack, and causes denial of the entire network services. On the basis of DoS attack and its defending strategies, especially on the implement of SYN Cookie in Linux kemd, this paper analyses its advantage and defects, and introduced an improvement of SYN Cookie solution.
出处
《武汉理工大学学报》
CAS
CSCD
北大核心
2009年第20期133-136,共4页
Journal of Wuhan University of Technology
