| 一种基于状态监测的防火墙 |
| |
| 引用本文: | 翁广安,余胜生,周敬利.一种基于状态监测的防火墙[J].计算机工程,2004,30(2):144-145. |
| |
| 作者姓名: | 翁广安 余胜生 周敬利 |
| |
| 作者单位: | 华中科技大学计算机学院,武汉,430074 |
| |
| 摘 要: | 在OpenBSD系统上开发了一种基于状态检测的防火墙,并开发了内置的检测和防范几种常见网络攻击(syn flood、端口扫描、分片攻击、icmp flood、smurf)的功能。由于大多数这种攻击总是用假冒的源地址和随机的源端口来产生攻击包,因此这种防范模型比入侵检测系统的检测-修改防火墙策略模型更为有效。
|
| 关 键 词: | 防火墙 状态监测 网络攻击 端口扫描 |
| 文章编号: | 1000-3428(2004)02-0144-02 |
A State Inspection-based Firewall |
| |
| WENG Guangan,YU Shengsheng,ZHOU Jingli.A State Inspection-based Firewall[J].Computer Engineering,2004,30(2):144-145. |
| |
| Authors: | WENG Guangan YU Shengsheng ZHOU Jingli |
| |
| Abstract: | This paper develops a state inspection-based firewall on OpenBSD system, and develops a buildin function to detect and block some normal network attacks (syn flood, port scan, fragment attack, icmp flood, smurf ). This defense model is more effective than IDSs model which detectes attacks and changes firewall policies, because most attacks of these types always generate packets with spoof source address and random port. |
| |
| Keywords: | Firewall Stateful inspection Network attacks Port scan |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
