| Distributed denial of service attacks is one of the major attacks on the current network infrastructure.DDoS attacker send a large number of service requests to the target at the same time by the puppet hosts distributed everywhere so that the target cannot provide normal service.With the DDoS attack defense technology based on the network layer or transport layer is becoming more and more popular and Web services popular,resulting in the application layer of the HTTP protocol DDoS attacks.This dissertation designs and implements the DDoS attack prevention scheme in the industry.This system is divided into four modules: user mode configuration storage,kernel configuration storage,packet delivery platform,attack detection,attack prevention.The user mode configuration storage module makes the network administrator control the system conveniently.The kernel configuration storage module save the configuration for the check and defense system in the kernel.The attack detection module detect every packet and check the protect node status to notice the defense module to check the packet.The attack defense module check the packet by send packet to the client to make sure that the client is a real client and pull down the pressure of the server by drop packets that over the max rate.Through testing the DDoS attack defense system by the auto test system,the result shows that the system is meaningful for the server system and the attack packets are drop by the system. |
PDF Full Text Request