| 基于Linux的抗DDoS防火墙的设计与实现 |
| |
| 引用本文: | 李新刚.基于Linux的抗DDoS防火墙的设计与实现[J].淮南职业技术学院学报,2009,9(3):31-33. |
| |
| 作者姓名: | 李新刚 |
| |
| 作者单位: | 淮南矿业集团谢桥矿,安徽,淮南,232001 |
| |
| 摘 要: | DDoS(分布式拒绝服务攻击)是一种攻击强度大、危害严重的攻击方式,它利用合理的请求来占用过多的服务器资源,致使服务超载,无法响应其他的请求,因为这种攻击只需通过远程控制分布在不同计算机上的攻击进程进行攻击,同时运用IP欺骗和洪水攻击等手段,因此对它进行检测和防御就显得非常困难;netfil-ter是L inux2.4以后的内核中采用的一个结构清晰,便于扩展的优秀的防火墙框架;介绍了如何在netfilter基础之上实现一个能防御DDoS攻击的防火墙。
|
| 关 键 词: | 分布式拒绝服务攻击 Linux防火墙 netfilter TCP/IP JSP |
The Design and Implementation of Linux-based anti -DDoS Firewall |
| |
| LI Xin-gang.The Design and Implementation of Linux-based anti -DDoS Firewall[J].Journal of Huainan Vocational & Technical College,2009,9(3):31-33. |
| |
| Authors: | LI Xin-gang |
| |
| Institution: | LI Xin - gang ( Xieqiao Coal Mine, Huainan Mining Group Co. Ltd. , Huainan Anhui 232001 ) |
| |
| Abstract: | Defense against DDoS ( distributed denial - of - service) attacks is one of the hardest security problems on the Intemet. Attacker usually send too many requests for service to engross the resource on the server, and server can not provide service for real request because of overloading. This kind of attack always control many computers distributed on the internet to attack the server. Endacious IP and Flooding attack mode is also used in the attack. So it is very hard to detect and defend DDoS attack. Netfilter is an excellent firewall framework that has plain structure to extend conveniently adopted during the Linux kernel 2.4 and subsequent versions. This paper introduces how to realize a firewall based on neffilter to defend DDoS attack. |
| |
| Keywords: | netfilter TCP/IP JSP |
| 本文献已被 维普 万方数据 等数据库收录! |
|
