摘要
为了有效防御SYN Flood攻击,同时降低防火墙的压力,提出一种防火墙代理的防御SYN Flood攻击机制,并在Linux平台上通过增加防火墙过滤钩子块和修改服务器协议栈进行了实现。该机制是对SYN中继的改进,避免了防火墙与服务器之间的三次握手过程和修改TCP数据包的序列号及确认号的操作。实验结果表明,该机制能够大幅降低防火墙资源消耗,同时具有更好的防御效果。
To defense SYN flood attacks effectively and reduce the pressure of firewall, the defense SYN flood attack mechanism based on firewall proxy was introduced. It was implemented by adding firewall filter hook block and modifying the server protocol stack based on Linux platform. It was the improvement of the SYN relay, which avoided the three - way handshaking between the firewall and the server, and modifying the serial number and the confirmation number of the TCP packets. Experimental results showed that the mechanism based on the firewall proxy can consume fewer resources and defense more attacks.
作者
刘云
方凯明
何翼
LIU Yun FANG Kai-ming HE Yi(College of Mathematics and Information Science,Guiyang University,Guizhou Guiyang 550005 ,Chin)
出处
《贵阳学院学报(自然科学版)》
2017年第2期24-27,55,共5页
Journal of Guiyang University:Natural Sciences
基金
贵州省联合基金项目:"基于Linux平台的SYN Flood防御关键技术研究"(项目编号:黔科合J字LKG[2013]51号)
