您好,欢迎访问三七文档
当前位置:首页 > 商业/管理/HR > 质量控制/管理 > WindowsServerSYNFlood攻击防御的一种方法
ComputerKnowledgeandTechnology:718(20116)WindowsServer2003SYNFlood(,610068):SYNFLOOD。SYNFLOOD,WindowsServer2003TCP\IPSYNFLOOD。:SYNFlood;DoS;;;:TP393:A:1009-3044(2011)18-4304-02OneoftheDefenseMethodsagainstSYNFLOODAttacksunderWindowServer2003OperatingSystemCHENYong(CollageofFundamentalEducation,SichuanNormalUniversity,Chengdu610068,China)Abstract:SYNFLOODAttackisoneofthepopularattacksonInternet.ThispaperintroducesthebasicprinciplesofSYNFLOODAt-tack.ThroughmodifyingtheoperatingsystemregistryofWindowServer2003,wecanimproveTCP/IPcommunicationsecurityforef-fectivelypreventingthenetworkfrominternalandexternalSYNFLOODAttacks.Keywords:SYNFlood;DoS;three-wayhandshake;registry;networksecurityTCP/IP(TransmissionControlProtocol/InternetProtocol),TCP,,。SYNFloodDoS()DdoS(),TCP,TCP,(CPU)。、、、,,。SYNflood,WindowsSever2003SYNflood,。1SYNFloodTCP(1):SYN;SYNSYN+ACK,;ACK,,。,,SYN,,,SYN_RECV。,,Established。SYN/ACKSYN_RECV,ACK,。,IP,“”,。SYNFloodTCP,,IPSYN,。2SYNFloodSYNFlood,SYNTimeout,SYNCookie,。,2。McAfee,IP:2011-04-12:(1983-),,,,,。12SYNFLOODE-mail:info@cccc.net.cn:718(20116),,。,,。IP,TCP/IP,SYNFlood。:“regedit.exe”,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters():2.1SYNSynAttackProtect,REG_DWORD。:1。TCPSYN-ACKS,SynAttackProtect0(),1,SYN,SYN,。2.2SYN1)TcpMaxPortsExhausted,REG_DWORD,5。SYNTCP,065535。2)TCPMaxHalfOpen,REG_DWORD,500。TCPMaxHalfOpen10065535,SynAttackProtect,SYN_RCVDTCP。SynAttackProtect,SYN。3)TCPMaxHalfOpenRetried,REG_DWORD,400。TCPMaxHalfOpenRetried8065535,SynAttackProtect,SYN_RCVDTCP。SynAttackProtect,SYN。2.31)EnableDeadGWDetect,REG_DWORD,0(False)EnableDeadGWDetect:01(FalseTrue).1,TCP,,,TCPInternet(IP),,。0。2)EnablePMTUDiscovery,REG_DWORD,0(False)。EnablePMTUDiscovery:01(FalseTrue)。1,TCP(MTU)。MTUTCP,TCPMTU,。,MTU,。0。,TCP/IP。3)KeepAliveTime,REG_DWORD,:7,200,000(),300,000。KeepAliveTime1-0xFFFFFFFF()。TCP“”。,“”。,“”。300,000(5)。4)NoNameReleaseOnDemand,REG_DWORD,:0,1。NoNameReleaseOnDemand01(FalseTrue)。NetBIOS。,,。1。,,。,。,。3,SYNFloodSYNTCP,。,,,。,SYNFLOOD,TCP。,,TCP,。:[1],.[J].,2008,29(3):583-585.[2].SYNFlood、[J].,2003(12).(4329)14305ComputerKnowledgeandTechnology:718(20116)(4305)[3]LeeRB.CE-L2003-003,TaxonomiesofDistributedDenialofServiceNetworks.Attacks,ToolsandCountermeasures[R].NewJersey:DepartmentofElectricalEngineering,PrincetonUniversity,2003.[4].(DoS)[J].,2003(4):26-28.[5],.SynFlood[J].,2008(9):1588-1590.[6],,.IPSYN[J].,2008,18(12):159-163.[6][EB/OL].[7]RiceA.DefendingNetwordsfromSynFloodinginDepth.technicalreport[R].SansInst,2000.[8],,.[J].,2007,43(29):146-149.;2),,;3),。2.3,P2P。P2P。P2P:1)TCPUDP。P2P(eDonkey、Fasttrack、WinMx、Gnutella)TCP,UDP。,TCPUDP。TCPUDP,,。2)IP。P2P:,AP2P,superpeerIPport。A。,port,IP(A,)。Web,,IP。,mail、DNS,,。。,90%P2P99%P2P。,:,,。,,Internet。,,P2P,P2P,。3P2PP2P。、、、,2。2,:,;,,,;,,,P2P。:[1]KaragiannisT,BroidoA,FaloutsosM,etal.TransportLayerIdentificationofP2PTraffic[C].Taormina,Italy:InternationalMeasurementConference,2004.[2]KaragiannisT,BroideA,FaloutsosM,etal..TransportlayeridentificationofP2Ptraffic[M].ACM,2004.[3]SenS,SpatchscheckO,WangD.Accurate,scalableinnetworkidentificationofP2Ptrafficusingapplicationsignatures[C]//:Pro-ceedingsofthe13thinternationconferenceonWorldWideWeb.ACMPress,2004:512-521.[4],.BitTorrent[J].,2006,23(5):19-20.[5],.P2P[J].,2006,34(6):161-164.2P2P4329
本文标题:WindowsServerSYNFlood攻击防御的一种方法
链接地址:https://www.777doc.com/doc-3875471 .html