| 状态防火墙受攻击导致状态表溢出故障的解决 |
| |
| 引用本文: | 杨劲.状态防火墙受攻击导致状态表溢出故障的解决[J].重庆大学学报(自然科学版),2004,27(6):13-16. |
| |
| 作者姓名: | 杨劲 |
| |
| 作者单位: | 重庆工商大学,计算机工程与信息科学学院,重庆,400020 |
| |
| 摘 要: | 网络防火墙的状态检测就是针对连接请求的数据包,检查连接实体其是否符合TCP/IP 协议的状态转换规则,相符则接收数据.DoS/DDoS攻击通过在短时间内发送大量短小的数据包给防火墙,造成状态表被填满而拒绝接收新的连接,导致产生拒绝服务攻击.传统的解决方案往往增加防火墙的负担.针对网络上常见的流量型DoS/DDoS攻击造成的状态防火墙状态表溢出故障提供一种应急解决方案.
|
| 关 键 词: | 网络安全 状态防火墙 DoS/DDoS攻击 |
| 文章编号: | 1000-582X(2004)06-0013-04 |
| 修稿时间: | 2004年1月3日 |
Solution of Stateful Firewall's Iptables Overflow Caused by Attack |
| |
| YANG Jin.Solution of Stateful Firewall's Iptables Overflow Caused by Attack[J].Journal of Chongqing University(Natural Science Edition),2004,27(6):13-16. |
| |
| Authors: | YANG Jin |
| |
| Abstract: | The intensity and efficiency are two centrally technical indicator of the firewall. The function of state checking of network's fire wall is to check the coming data pack, to judge if those connected entities are accordant with the rule of TCP/IP exchange. Attacks of DoS/DDoS send large numbers of short data packs to firewall in a short time. Those attacks may make firewall's iptables overflow and refuse new connection. The traditional solutions often increase the burden of the firewall. This paper puts a new temporary way to solution this problem in emergent state. |
| |
| Keywords: | network security stateful firewall attack of DoS/DDoS |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《重庆大学学报(自然科学版)》浏览原始摘要信息 |
| 点击此处可从《重庆大学学报(自然科学版)》下载免费的PDF全文 |
