|
|||||
|
|
| 嵌入内核式状态检测防火墙的研究与实现 | |
| 引用本文: | 袁暋,侯整风,钟伯成,檀明.嵌入内核式状态检测防火墙的研究与实现[J].合肥学院学报(自然科学版),2009,19(2):33-37. |
| 作者姓名: | 袁暋 侯整风 钟伯成 檀明 |
| 作者单位: | 1. 合肥工业大学,计算机与信息学院,合肥,230009;合肥学院,计算机科学与技术系,合肥,230601 2. 合肥工业大学,计算机与信息学院,合肥,230009 3. 合肥学院,计算机科学与技术系,合肥,230601 |
| 摘 要: | 利用过滤器挂钩驱动程序(Ipthdrv)机制,在Windows·2000/XP内核嵌入用户自定义状态检测模块来过滤数据包.使用TCP包SYN/ACK标志位和UDP包虚连接建立方式维护状态监测表,实现了状态检测.根据状态表存量实时对时间溢出值进行动态调控,控制状态表内表项的存量,避免遭受拒绝服务(DoS)攻击,提高了防火墙抗攻击性能。 |
| 关 键 词: | 防火墙 状态检测 过滤钩子驱动 |
Research and Implementation of the Embedded Kernel State Inspection Firewall |
|
| YUAN Min,HOU Zheng-feng,ZHONG Bo-cheng,TAN Ming.Research and Implementation of the Embedded Kernel State Inspection Firewall[J].Journal of Hefei University :Natural Sciences,2009,19(2):33-37. | |
| Authors: | YUAN Min HOU Zheng-feng ZHONG Bo-cheng TAN Ming |
| Institution: | 1.School of Computer and Information;Hefei University of Technology;Hefei 230009;2.Department of Computer Science and Technology;Hefei University;Hefei 230601;China |
| Abstract: | By using the mechanism of Ipfltdrv,a state inspection module was embedded in the kernel of Windows 2000/XP to filter data packet.State monitor table can be maintained by using TCP SYN/ACK flag and UDP virtual connection.Thus,state detection can be realized.The overflow value of time can be dynamically adjusted according to the state remainder value.In this way,the remainder value can be controlled and Dos attack can also be avoided,which enhance the performance of the anti-attack of firewall. |
| Keywords: | firewall state inspection filter-hook driver |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! | |