| Summary: | 碩士 === 國立清華大學 === 資訊系統與應用研究所 === 92 === Dos means that the hacker attempts to degrade the service offered to normal end users. In general, The Dos can be separated in three main types. 1) Exploiting the loophole of system to destroy the whole System. 2) Exploiting the weakness of protocol to block normal users. 3) Using large throughput to make the server hard to service normal users’ request. Above three types, exploiting the weakness of protocol is the hardest to defense. TCP SYN flooding attack is a well-known denial of service (DoS) attack that exploits TCP three-way handshake vulnerability. Recently many famous web sites face a stronger of denial of service attack known as Distributed Denial of Service attack (DDoS). Organizations deploying security measures such as firewalls, and intrusion detection systems (IDS) could face the traditional DoS attack. There is no complete solution neither for protection from SYN Flooding DDoS attack. This paper analyzes a TCP SYN Flooding attack and presents a protection method to protect from SYN Flooding attacks launched by DoS/DDoS tool. It protects the server by generating a legal access database; monitor the backlog queue entries of server and IP filtering. The main advantages are its strong ability to defense TCP SYN Flooding attack, and minimal the delay for legal user access. We also analyze application layer Dos Attack method called TCP keep alive in this paper, and test its attack method. The protect system we proposed also can protect from this attack.
|
|---|
