CAJ | 학술논문

DDOS(分布式拒绝服务)是一种常见的、破坏力强的网络攻击，为了减小其对网络设备的影响，提出一种在接入控制器中基于 Netfilter的防范DDOS攻击的策略。结合改良的 SYN Cookie(标识握手信号的本地数据)技术，对 Linux 内核中的Netfilter进行二次开发，实现了针对DDOS中 SYN Flood(标识握手信号的洪水攻击)方式的防火墙。测试结果表明：该方案能够有效地防止网络攻击，以较小的性能损失保证TCP(传输控制协议)服务的正常工作，并节约了成本。
DDOS(분포식거절복무)시일충상견적、파배력강적망락공격，위료감소기대망락설비적영향，제출일충재접입공제기중기우 Netfilter적방범DDOS공격적책략。결합개량적 SYN Cookie(표식악수신호적본지수거)기술，대 Linux 내핵중적Netfilter진행이차개발，실현료침대DDOS중 SYN Flood(표식악수신호적홍수공격)방식적방화장。측시결과표명：해방안능구유효지방지망락공격，이교소적성능손실보증TCP(전수공제협의)복무적정상공작，병절약료성본。
Distributed Denial of Service (DDOS)is a common and destructive network attack.In order to minimize its impacts on network equipment,this paper presents a Netfilter-based strategy for preventing DDOS attacks on access controllers.Using the improved SYN Cookie technology,it executes a secondary development of Netfilter in the inner core of Linux,realizing a firewall against SYN Flood in DDOS.Test results indicate that this scheme effectively prevents network attacks,ensures the normal service of TCP with little performance loss and saves cost.