| 摘 要: SYN-Flood攻击是当前网络上最为常见的DDoS攻击,也是最为经典的拒绝服务攻击,它利用了TCP协 议实现上的一个缺陷,通过向网络服务所在端口发送大量的伪造源地址的攻击报文,就可能造成目标服务器中的半开连 接队列被占满,从而阻止其他合法用户进行访问。为了有效防范这种攻击,在分析攻击原理的基础上,发现可以使用 TCP代理防御及TCP源探测防御方法来解决这个问题,经过测试证明,该办法能够有效降低SYN Flood攻击造成的 危害。 |
| 关键词: DDoS攻击;STN Flood攻击;TCP代理防御;TCP源探测防御 |
|
中图分类号: TP399
文献标识码: A
|
| 基金项目: 全国工业和信息化职业教育教学指导委员会工信行指委“基于校企合作人才培养模式的信息化教学的研究与实践”项目编号:【2018】20号. |
|
| The Principle and Defense of SYN Flood Attack |
|
ZHANG Wenchuan
|
( Lanzhou Petrochemical College of Vocational Technology, Lanzhou 730060, China)
|
| Abstract: SYN-Flood attack is the most common DDoS attack and the most classic denial-of-service attack on the current network.It takes advantage of a flaw in TCP protocol implementation and sends a large number of attack packets of forged source addresses to the port where the network service is located,which may cause the semi-open connection queue in the target server to be occupied,thus preventing other legal users from accessing.In order to effectively prevent this attack,on the basis of analyzing the attack principle,it is found that TCP proxy defense and TCP source detection defense methods can be used to solve this problem.Testsprove that this method can effectively reduce the harm caused by SYN Flood attack. |
| Keywords: DdoSattack;STN Flood attack;TCP proxy defense;TCP source detection defense |
