| Along with the unceasing development of computer network and communication network, complex work is formly made simple, easy, and the declining of working cost, working efficiency rises greatly. At the same time huge hidden safe trouble is coming , especially fast development for Internet and Intranet have put forward unprecedented challenge to network safety. Nvade alarm and guard problem have become more and more an important direction for communication and computer, especially those network attacks that initiated by malice user such as DoS and DDoS.Our telephone net management system has formed one preliminarily via some stage constructions, and it has become a network layer management system which carries out centralized maintenance to provincial words affair net equipments, it has realized concentrates maintenance, concentrates monitoring and concentration management, and it has played important role for raising Jilin province network maintenance efficiency.Along with the fast development of telephone, network scale enlarges rapidly.The complex of the network has brought so many problems to the security of information and the safety of data. Since telephone network has development quickly , large construction scale, and higher security requirement, and is specialy sensitive for information safety. Once arising safe problem, it can cause significant pecuniary loss and unimaginable serious consequence. At the same time, network virus and the development of hacker technology and the safe leak of computer network have threatened the safety of telephone net management system all the time. To solve the safe problem of network, increase to invade warning system is a kind of simple fast for invade to carry out warning, it is a kind of active protection way. Because of the quick construction of network this year, the network management still continuity early stage and the enlarge of the network scale, it is a trend to centralize the safe management separated previously. As the network layer management system, the importance of the network management system strengthen continuously.The research work of this paper has introduced the mechanism according to our safety with telephone net management system,and suggests a control machinemade system based on the defence network attack of DoS/DDoS of fair crowd, including attack fair crowd of local active node which distinguishes and controls the active announcement between machinemade, active node voluntarily to track machinemade and management region control cooperative mechanism. This kind of machinemade system carries out programming based on initiatively network technology and on initiatively network platform to realize. In operable environment discuss realize it's course step by step, in imitating test, it has shown that satisfy effect.Investigation shows that the attack of DoS/DDoS is to have caused server or network section overload because of a group of special bale of rate of flow.we call these bales of rate of flow wraps to be gather crowd. This kind of attack .which is based on fair crowd jamif the fair that passes through tradition in flow out protect mechanism handling, can not reach ideal effect. The use of this paper is machinemade based on the jam control of fair crowd size to eliminate the network attack of DoS/DDoS. Goal is to let the biggest probably maintenance normal transmission of network line and the normal operation of node service , and is made to be able to carry out transmission and handling smoothly except the most bale besides attack bale.Use initiatively network technology in distinguish voluntarily based on fair crowd, we can stock one in wraping jump road from the IP address of node, and this value can not be falsified by attack (the road that endures only from node reliable, it is reliable ), otherwise road from node abandon bale voluntarily. Therefore using the IP onone have been attacked alliance jump road from node IP can distinguish and control attack fair crowd better, cause indirect injury as far as possi...
|
PDF Full Text Request