隨著網際網路的快速普及,有越來越多生活中重要的服務可藉由網路來加以存取,現今,我們的生活已與網路有著密不可分的關係。 阻絕服務(Denial of Service, DoS)攻擊是近年來網路上常見的攻擊方式,它是利用TCP three-way handshake的弱點來進行攻擊,其目的是為了阻斷合法的使用者存取網路上的服務。阻絕服務攻擊已造成許多企業巨額的財務損失,形成網路安全上重大的威脅。 Linux的核心中包含著防禦阻絕服務攻擊的工具-SYN Cookies,但卻缺乏了額外的TCP options。因此,我們提出了一個更符合標準協定的模型,提供了更多的TCP options,期望能達到兼具安全與效率的目的。
As the Internet’s popularity grows rapidly, an increasing number of critical services are using the Internet for daily operation. Today we can’t live without the Internet. Denial of Service (DoS) attack that exploits TCP three-way handshake is extremely common in today’s networks. The goal of a DoS attack is to prevent legitimate users from using the Internet services. Many organizations have suffered huge financial loss as a result of a DoS attack. It is a big threat to the Internet security. There is a tool, SYN Cookies, for defending against DoS attacks in the Linux kernel but it lacks additional TCP options. So we propose a more standardized model which supports more TCP options. We hope the system will not only offer security but also efficiency.
為了持續優化網站功能與使用者體驗,本網站將Cookies分析技術用於網站營運、分析和個人化服務之目的。
若您繼續瀏覽本網站,即表示您同意本網站使用Cookies。