摘要
网络防火墙的状态检测就是针对连接请求的数据包,检查连接实体其是否符合TCP/IP协议的状态转换规则,相符则接收数据。DoS/DDoS攻击通过在短时间内发送大量短小的数据包给防火墙,造成状态表被填满而拒绝接收新的连接,导致产生拒绝服务攻击。传统的解决方案往往增加防火墙的负担。针对网络上常见的流量型DoS/DDoS攻击造成的状态防火墙状态表溢出故障提供一种应急解决方案。
The intensity and efficiency are two centrally technical indicator of the firewall. The function of state checking of network's fire wall is to check the coming data pack, to judge if those connected entities are accordant with the rule of TCP/IP exchange. Attacks of DoS/DDoS send large numbers of short data packs to firewall in a short time. Those attacks may make firewall's iptables overflow and refuse new connection. The traditional solutions often increase the burden of the firewall. This paper puts a new temporary way to solution this problem in emergent state.
出处
《重庆大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2004年第6期13-16,共4页
Journal of Chongqing University
基金
国家自然科学基金资助项目(60372101)
