The Implement And Improvement Of SYN Cookie On The Basis Of IPv6 Protocol

SYN Flood attack is the most destructive attacking means on Internet. This kind of attack sends a number of connection requests or useless packets to attacked victim, in which exploits the flaws of TCP/IP and limitation in network bandwidth resource. These illegal packets take up the victim system resource and bandwidth, thus make the victim unable to response other client's normal request.SYN Cookie adopt a new connect mode names no handshake which don't distribute beforehand any resource but make a cookie with client's connect information and make it become the SYN+ACK message's initial sequence number. So SYN Cookie can resist SYN Flood attack effectively.The mainly contributions of this paper include these following four aspects: (1) It discusses the attacking principle, attacking mechanism and attacking modes elaborately and provides fundamental references to SYN Cookie scheme against SYN Flood attack. (2) It discusses the principle and implement elaborately of SYN Cookie scheme, and put s forward the shortage of SYN Cookie scheme. The paper implement the SYN Cookie technique on the base of vxWorks platform so it prove SYN Cookie scheme's validity on the aspect of the problem which resist SYN Flood attack (3) Aiming at the prevention of attacks, this thesis discovers some flaws of SYN cookie and presents an improving prevention scheme based on tiny distribute of resource and retransmissions of SYN and ACK message .in which heightens survival ability of attacked system.