| Denial of service attack is the most destructive attacking means on Internet. Thiskind of attack sends a number of connection request or useless packets to attackedvictim, in which exploits the holes of software,the flaws of TCP/IP and limitation innetwork bandwidth resource. The attacks take up the victim system resource andbandwidth, thus making the victim unable to response other's normal request.In this paper the main ideas are as follow:I. To introduce the basic concepts and technologies of firewall. At the same timeto explain DoS attack principle and method and to introduce SYN Flood attacks'principle in details.II. To offer a new model which protects against SYN Flood attacks by thecontrast and analyses of two models of defending SYN Flood attacks.III. Firewall designed in this paper is developed based on Netfilter, and it isrealized by the use of the LKMs of Linux.In the experiment, we tried attacking a Web server by using three computers withXdos software. According to the effects on firewall attacked by DoS when we turn iton or not, we can test the effect on defended the attack by DoS after improving thealgorithms. Through test on the firewall,it can meet the requirement and protectagainst DoS attacks effectively. |
PDF Full Text Request