| With the rapid development integration of computer and Internet technology in recent years, the popularization of broadband speed engineering works steadily, mobile Internet, cloud computing, cloud storage, big data and other new technologies, new business promote each other, and developing fast.The rapid development of Internet technology has deep into every corner of society. However, both sides of the development of the Internet is also increasingly prominent:hacking activities have become increasingly frequent, the website back portal, mobile Internet malware, targeted APT increase everyday, the problem of information security becomes more and more prominent, information security of the state, enterprises, individuals is facing serious challenges. Statistics show that in recent years, most information security incidents is involved in DDoS attacks, and DDoS attacks also showed a rising trend in development.The urgent demand to deal with DDoS attacks defense program, based on the current actual situation of small and medium-sized enterprises, this thesis proposes the detection filter method to deal with DDoS attacks with Linux platform, for SMEs to deal with the lightweight DDoS attack defense. First, this thesis describes the major DDoS attacks in recent years, and introduces the research status of DDoS attack and DDoS attack against at home and abroad. Based on consulting a large number of relevant data of attack on DDoS, this thesis describes DDoS attack method, the common attack means, analyzes the basic principle and characteristics of DDoS attacks, as well as the common detection method. Based on the previous analysis, we focus on the analysis of several representative DDoS attack which is easy to happen. Through in-depth analysis of the attack principle and the attack surface of attack method, we summarize the specific strategies to deal with different DDoS attack defense.With the characteristics of the open source platform Linux, this thesis analyzes the Netfilter security framework of Linux, and focuses on the analysis of the key security module of Netfilter security framework.At Last, combining with above result, we gets specific application examples.Based on the above summarized of the linux Netfilter security framework and the specific defense strategy of DDoS attacks, this thesis implements the defense strategies into actual operational firewall program with multiple security modules of netfilter. The experiments show that, the proposed defense method can effectively defend against the lightweight DDoS attack. |
PDF Full Text Request