| In recent years, the DoS (Denial of Service) attack threats the safe of network and the usability of the information very much, and the successive DDoS (Distributed Denial of Service), which has the features of distributed and Denial of service attack, is more covert and more difficult to find. Nowadays, the study of DDoS becomes the hotspot of the researches about attack, and many foreign and home manufacturers develop the special products, but in order to detect and defend DoS/DDoS to ensure the safe of the system thoroughly, it cannot arrive at the finally favorable effect only by the outer defense. Therefore, we have to pay our attentions to the final targets that are attacked: the pivotal data source and the server system it depends on.Linux is very popular in the IT field because of its robustness, reliability, flexibility and customizability, so currently most of the servers use Linux operating system. Choosing Linux OS as the basis, and making use of LSM framework to present the kernel patch of Netfilter firewall and LIDS invasion detection as LKM fashion, we construct a host secure defense system. On one hand, the stateful and stateless packet filtering technology of Netfilter are used to configure the network safe strategies to enhance its ability of detection and defense of DDoS attack and decrease the possibility of the realization of the DDoS attack as possible as we can, then the network service is protected to ensure normal use; on the other hand, the safe access control technology of the LIDS is used to configure the system safe strategies to enhance the safe performance of the system, to avoid becoming the dummy computer of the DDoS attack and decrease the destroy and loss of the host computer caused by the attack of the DDoS. As the last barrier of the network safe, it is an effective complement to the global safe architecture of the network to set up the host safe system in the server to detect and defend the DDoS attack.
|
PDF Full Text Request