| With the popularity of network application, the threat of DoS (denial of service) attacks on network security is increasing. The goal of DoS attacks is not to steal information, but it can make the equipment and network paralysed, so that users can not get network resources. Based on the current destruction of DDoS attacks, the research of defense for such attacks is particularly important. This paper is based on DDoS protective gateway. On the basis of Linux Netfilter-iptables, a module of a dynamic filter for DDoS attacks is designed, and a good test result is received.Firstly, in this paper, the situation of TCP/IP layered is introduced. Several important protocols of the TCP/IP protocol family are described in details, such as IP Internet Protocol, TCP transmission control protocol, UDP user data protocol. These three important agreements are explained in details, and two transfer protocols are compared.Secondly, in the paper the various ways and principles of the DoS attacks are analysized, and then the way of DDoS attacks and principles are described. And the DDOS attacks is mainly used TCP torrent attack SYN Flood, so the most effective method to prevent this attack--SYN Cookie principle is listed, and some improvements are made. A model of a firewall is listed.Thirdley, the hardware platform of the system is introduced. The principles and construction of the platform are described. After the structure of the Linux Netfilter-iptables is analysized in-depth, a dynamic filter to filter DDoS attacks packet is designed. And the overall ideas and processes of the protection are given, and the algorithms to filter the attack packets are also given. Theoretical and application basis for the future study are given.as wellFinally, summary and the prospect of network security are introduced. |
PDF Full Text Request