| The DDoS(Distributed Denial of Service) attack threats the safe of network and the usability of the information very much, in recent years. Because of simpleness and validity, it is used widely by attackers. Now most DDoS attacks are TCP flood attacks and are implemented according to TCP protocol. The study of DDoS and TCP SYN flood becomes the hotspot of research about information security. Many foreign and home manufactures develop the special products. In order to detect and defend DDoS to ensure the safe of the system thoroughly, we have to research about the characteristic to solve the problem.When DDoS happens, the flood presents some characteristics, such as the statistical distributing. Although an attacker can forge any field in the IP header, he or she cannot falsify the numbers of hops an IP packet takes the reach its destination, which is solely determined by the Internet routing infrastructure. The hop-count information is indirectly reflected in the TTL field of the IP header. We propose a TTL-based filter to weed out spoofed IP packets. Through the statistical distributing of the hops, we can distinguish the legal packets and spoofed packets.Linux is very popular in the IT field because of its robustness, reliability, flexibility and customizability, so currently most of the servers use Linux operating system. Choosing Linux OS as the basis, and making use of netfilter, we construct the detecting and defending system. We make use of Connection Tracking in order to extend the function. Through the firewall, the system can watch the communication in the border. |
PDF Full Text Request