| The Denial of Service attack, especially the Distributed denial of service (DDoS) attack is a grave threat to Internet services and even to the network itself. Generally, attackers launch DDoS attacks by directing a massive number of attack sources to send useless traffic to the victim. The victim's services are disrupted when its host or network resources are occupied by the attack traffic. The threat of DDoS attacks has become even more severe as attackers can compromise a huge number of computers by spreading a computer worm using vulnerabilities in popular operating systems.DDoS defense faces different challenges originated from technology and society; there are many technology difficulties to conquer and many composite questions from society to solve.In this paper, the principles and characteristics of DDoS attacks are analyzed, the tools of DDoS attacks in common use are discussed. The challenge of DDoS Defense is also studied. With the study of existed methods of DDoS Defense, the advantage as well as the disadvantage of the methods is pointed out. According to characteristics of DDoS attacks, we introduce a practical scheme to defend against DDoS attacks which implements in two phases. The first is based on IP source address filtering. While in the second step, we analyze the character of attack packages and introduce the rules, then the attack packages can be filtered out according to the rules. In the HIF, the... |
PDF Full Text Request