| As an important branch of network's security, firewall technologies attract more and more attention. At present, there are many types of firewall based on Linux which have their own properties. But these firewalls have drawbacks to protect DoS/DDoS attack. So, this dissertation studies the attacks principle of DoS/DDoS, monitoring methods and the means of defense.This dissertation systematically introduces the attack principle of DoS/DDoS, attack modes of DoS/DDoS and the realization of SYN Cookie, made a depth analysis of the shortage of SYN Cookie. The mechanisms of SYN Cookie which can defend the SYN Flood attack but at the same time it also gives opportunities to ACK Flood attack.Because of the deficiency, this dissertation presents a solution, use minor memory to establishment a connection table to improve the life level of firewall.In the aspect of inspect DDoS attack,the paper use multiple thresholds based on the research of data stream characteristics which can raise the accuracy and reduce false positive rate.It realizes the packet capture in network card driver. In comparison to Libpcap this method greatly improve the successful rate of capture.In the aspect of defense DDoS attack,this paper put forward a identity authentication mechanism based on IP address,it establishment a state table to classify the IP address of request connecting.In the aspect of software programming, the connection table, the module of monitoring attack, identity authentication mechanism based on IP address was realized; the full test is made according to the test specification.The experimental results showed that the firewall system has been much more improved than the mechanisms of SYN Cookie and other wireless router in market. |
PDF Full Text Request