| 一种DDoS攻击的防御方案 |
| |
| 引用本文: | 胡小新,王颖,罗旭斌. 一种DDoS攻击的防御方案[J]. 计算机工程与应用, 2004, 40(12): 160-163 |
| |
| 作者姓名: | 胡小新 王颖 罗旭斌 |
| |
| 作者单位: | 电子科技大学计算机学院,成都,610054;中国铁道建筑总公司,北京,100855;上海复旦金士达研发中心,上海,201203 |
| |
| 摘 要: | 分布式拒绝服务攻击(DDoS)是一种攻击强度大、危害严重的拒绝服务攻击。Internet的无状态特性使得防止DDoS攻击非常困难,尽管在学术界和工业界引起了广泛的重视,但目前仍然没有可行的技术方案来对付DDoS攻击。文章提出了一种在局部范围内消除DDoS攻击的综合方案,它包括入侵检测系统、IP标记、IP包过滤等功能,该方案具有操作简单、路由器负担小、易于部署、响应快等特点。
|
| 关 键 词: | 分布式拒绝服务攻击 DDoS IP追踪 包过滤 |
| 文章编号: | 1002-8331-(2004)12-0160-04 |
A Scheme to Prevent DDoS Attacks |
| |
| Hu Xiaoxin Wang Ying Luo Xubin. A Scheme to Prevent DDoS Attacks[J]. Computer Engineering and Applications, 2004, 40(12): 160-163 |
| |
| Authors: | Hu Xiaoxin Wang Ying Luo Xubin |
| |
| Affiliation: | Hu Xiaoxin 1 Wang Ying 2 Luo Xubin 31 |
| |
| Abstract: | Defense against distributed denial-of-service attacks is one of the hardest security problems on the Internet.Among those problems ,the most difficult problem is to trace the attacks back to its origin for the attackers always use incorrect or spoofed IP addresses in the attack packets.There isn't a feasible approach to deal with DDoS attack within the entire INTERNET up to now.In this paper,a system to work out it within an ISP or domain is proposed.The sys-tem,which consists of Intrusion Detection System(IDS),IP traceback(IP marking)and packet filtering subsystems ,is practical and easy to deploy. |
| |
| Keywords: | DDoS attack DDos IP Traceback Packet filtering |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
