本文已被:浏览 2515次 下载 4876次
Received:July 09, 2010 Revised:July 30, 2010
Received:July 09, 2010 Revised:July 30, 2010
中文摘要: syn-flood 是拒绝服务攻击中较为常见的一种,它利用建立TCP 连接需要进行三次握手的特点,向被攻击者发送大量非法的第一次握手数据包,导致被攻击者建立了大量的处于SYN_RCVD 状态的TCP 连接,使得被攻击者无法建立正常的TCP 连接。首先介绍了TCP 连接的建立过程,提出了一种代理三次握手的方法来解决被攻击者的资源被大量消耗的问题,经过测试证明,该办法能够较为有效地降低syn-flood 攻击造成的危害。
中文关键词: DDoS syn-flood 三次握手 syn-cookies SYN 代理
Abstract:syn-flood is a common denial of service attack. It uses the characteristics that it requires three-way handshake to establish TCP connection to send a large number of illegal first handshake packet to the target, leading to establish a large number of TCP connections of SYN_RCVD state on the target.So the target cannot establish normal TCP connection. This paper firstly describes the process of establishing a TCP connection,and then proposes a way that agency three-way handshake to solve the problem of over-consumption of resources. It is proved that it can reduce the harm of the syn-flood attack.
keywords: DDoS syn-flood three-way handshake syn-cookies syn-proxy
文章编号: 中图分类号: 文献标志码:
基金项目:
| Author Name | Affiliation |
| LONG Heng | Training Center, Maoming Vocational Technical College, Maoming 525000, China |
| Author Name | Affiliation |
| LONG Heng | Training Center, Maoming Vocational Technical College, Maoming 525000, China |
引用文本:
龙恒.SYN 代理防御syn-flood 攻击的原理及实现.计算机系统应用,2011,20(3):214-217
LONG Heng.Principle and Realization of SYN Proxy for Defensing Syn-Flood Attack.COMPUTER SYSTEMS APPLICATIONS,2011,20(3):214-217
龙恒.SYN 代理防御syn-flood 攻击的原理及实现.计算机系统应用,2011,20(3):214-217
LONG Heng.Principle and Realization of SYN Proxy for Defensing Syn-Flood Attack.COMPUTER SYSTEMS APPLICATIONS,2011,20(3):214-217
