检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]电子科技大学计算机科学与工程学院,成都610054
出 处:《电子科技大学学报》2007年第6期1183-1186,共4页Journal of University of Electronic Science and Technology of China
基 金:电子信息产业发展基金重点招议标项目(信部运[2005]555)
摘 要:介绍了分布式拒绝服务攻击的原理;分析了四种具有代表性的防御方法;提出一种针对IP欺骗DDoS攻击的防御方法,在自治系统边界,利用活动IP记录表对进入自治系统的数据包进行处理,来自活动IP的网络流直接通过;没有活动记录的IP数据包被自治系统边界路由器或邻近边界的路由器丢弃,并发送网间控制报文协议(ICMP)超时差错报文通报源节点,IP不活动的IP欺骗DDoS攻击数据包不能到达受害节点;被丢弃的合法数据包由其源节点上层协议或应用进行重传。This paper describes the principle of Distributed Denial of Service (DDoS) attack. Several representative defense methods are analyzed to against it. A defense method against IP spoofing DDoS attack is proposed. An active IP record table is used to detect all IP packets passing through the border of autonomy system in this method. Packets of the source IP address which are not active will be discarded by the border routers or routers near the border in the autonomy system, according to the Internet Control Message Protocol (ICMP) protocol, timeout ICMP messages will be sent to the source IP hosts, and thus, IP spoofed packets will be discarded, because their source IP usually are not active. Although some legal packets will also be discarded, the retransmission will be triggered by the timeout ICMP messages immediately.
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.30