| As the Internet becomes widely used in our daily life, the security problem will directly effect the future development of the Internet. Distributed Denial of Service (DDoS) is a significant factor which affects the security, and brings many damages to the Internet. The research on how to detect and defend the DDoS attack seems to be very important. Nowadays, people have done a lot of research on this field, but there is no substantial improvement in anti-DDoS attack. The detection of DDoS attack is one of the frontiers of Network Security. So, studying the DDoD attack is very meaningful.We use Red Hat Linux 9.0 operating system. Linux operating system possesses the features of robust, reliability, flexible, and it provides the entire function of fire wall. Furthermore, it contains the Netfilter fire wall, moreover, it can reconstruct and implement some new functions, for example, the complete dynamic NAT, MAC and user based filtering, status based filtering, and packet filtering etc. With these advantages, Linux is very suitable for the server as to detect distributed denial of service attack.In this paper, we introduce the definition of distributed denial of service attack, category, the theory of denial of service attack. Then, we analyze several typical detection algorithm. In regard to the RST SYN Proxy algorithm's weak points, we set forth our opinion, and propose the improved RST SYN Proxy algorithm . Under the environment of laboratory, we use linux operating system, with the help of entropy real time detection method to test the system. At last, we make a conclusion. |
PDF Full Text Request