CAJ | 학술논문

目前，SYN FLOOD攻击占70%~80%。IP欺骗是常用的方式，如何防止IP欺骗的SYN攻击成为研究热点。设计是以redhat 5.0为平台，结合RED算法设计并实现一个抗SYN攻击的包过滤防火墙，该防火墙在轻度和中度攻击的情况下判断一个数据包的丢弃概率，当被丢弃则保存该数据包到哈希表中，主机等待客户机重传TCP连接请求，检测是否是真实性的IP地址，经过分析研究和实验的验证具有较好的吞吐量，同时正常数据包的通过率很高。当遭受的是重度攻击时，则直接采用的是RED中的随机丢弃数据包。
목전，SYN FLOOD공격점70%~80%。IP기편시상용적방식，여하방지IP기편적SYN공격성위연구열점。설계시이redhat 5.0위평태，결합RED산법설계병실현일개항SYN공격적포과려방화장，해방화장재경도화중도공격적정황하판단일개수거포적주기개솔，당피주기칙보존해수거포도합희표중，주궤등대객호궤중전TCP련접청구，검측시부시진실성적IP지지，경과분석연구화실험적험증구유교호적탄토량，동시정상수거포적통과솔흔고。당조수적시중도공격시，칙직접채용적시RED중적수궤주기수거포。
Currently,SYN FLOOD attack occupies 70%~80% in total attacks,among which IP spoofing is a commonly used way. How to prevent IP spoofing SYN attack has become a research hotspot. A packet filtering firewall resisting SYN attack was designed and realized on the basis of redhat5.0 platform and RED algorithm. The firewall judges the dropping probability of a data packet in the case of mild and moderate attack. The data packets is stored in the hash table if it is discarded,and then the host computer waits for the client to retransmit TCP connection request and checks the authenticity of the IP address. The analysis and experimental verification results indicate that it has better throughput,and its normal data packet passing rate is al-so high. When it subjects to severe attacks,the random discard packets in RED is used directly.