| 一种提高状态检测防火墙抵御Syn Flood攻击的方法 |
| |
| 引用本文: | 熊忠阳,张科,张玉芳.一种提高状态检测防火墙抵御Syn Flood攻击的方法[J].小型微型计算机系统,2008,29(5):929-932. |
| |
| 作者姓名: | 熊忠阳 张科 张玉芳 |
| |
| 作者单位: | 重庆大学,计算机学院,重庆,400044 |
| |
| 摘 要: | 针对影响状态检测防火墙性能的Syn Flood攻击,分析了Syn Flood攻击的原理,基于Patricia tries构造半开连接表来处理TCP连接建立的过程,提出了一种利用端口队列来跟踪每个半开连接,根据SYN数据包的统计和状态检测来抵御SynFlood攻击的方法.实验结果表明,该方法在占用较少的系统资源的情况下,有效的提高了状态检测防火墙对Syn Flood攻击的防御能力.
|
| 关 键 词: | 防火墙 状态检测 Syn Flood 拒绝服务攻击 Patricia tries 半开连接 状态检测防火墙 SYN Flood 方法 Attack Defending Firewall Inspection Improve 防御能力 情况 系统资源 结果 实验 SynFlood 统计 数据包 半开连接 跟踪 队列 端口 |
| 文章编号: | 1000-1220(2008)05-0929-04 |
| 修稿时间: | 2007年1月5日 |
A Method to Improve Stateful Inspection Firewall for Defending SYN Flood Attack |
| |
| XIONG Zhong-yang,ZHANG Ke,ZHANG Yu-fang.A Method to Improve Stateful Inspection Firewall for Defending SYN Flood Attack[J].Mini-micro Systems,2008,29(5):929-932. |
| |
| Authors: | XIONG Zhong-yang ZHANG Ke ZHANG Yu-fang |
| |
| Affiliation: | XIONG Zhong-yang,ZHANG Ke,ZHANG Yu-fang (College of Computer Science,Chongqing University,Chongqing 400044,China) |
| |
| Abstract: | Contraposing Syn Flood attack which can affect the performance of Stateful Inspection Firewall greatly,this paper has analyzed the theory of Syn Flood attack.Based on Patrica tries to build half-open connection table to deal with the process of TCP connection,it puts forward a method of defending Syn Flood attack which leads in port queen to track each half-open connection,according to counting the number of SYN packets and checking the connection state.The result of the experiment shows that under using fe... |
| |
| Keywords: | firewall stateful inspection syn flood denial of service patricia tries half-open connection |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
