WindowsServerSYNFlood攻击防御的一种方法

ComputerKnowledgeandTechnology：718(20116)WindowsServer2003SYNFlood（，610068）：SYNFLOOD。SYNFLOOD，WindowsServer2003TCP\IPSYNFLOOD。：SYNFlood；DoS；；；：TP393：A：1009-3044(2011)18-4304-02OneoftheDefenseMethodsagainstSYNFLOODAttacksunderWindowServer2003OperatingSystemCHENYong(CollageofFundamentalEducation,SichuanNormalUniversity,Chengdu610068,China)Abstract:SYNFLOODAttackisoneofthepopularattacksonInternet.ThispaperintroducesthebasicprinciplesofSYNFLOODAt-tack.ThroughmodifyingtheoperatingsystemregistryofWindowServer2003,wecanimproveTCP/IPcommunicationsecurityforef-fectivelypreventingthenetworkfrominternalandexternalSYNFLOODAttacks.Keywords:SYNFlood;DoS;three-wayhandshake;registry;networksecurityTCP/IP（TransmissionControlProtocol/InternetProtocol)，TCP，，。SYNFloodDoS（）DdoS（），TCP，TCP，（CPU）。、、、，，。SYNflood，WindowsSever2003SYNflood，。1SYNFloodTCP（1）：SYN；SYNSYN+ACK，；ACK，，。，，SYN，，，SYN_RECV。，，Established。SYN/ACKSYN_RECV，ACK，。，IP，“”，。SYNFloodTCP，，IPSYN，。2SYNFloodSYNFlood，SYNTimeout，SYNCookie，。，2。McAfee，IP：2011-04-12：（1983-），，，，，。12SYNFLOODE-mail:info@cccc.net.cn：718(20116)，，。，，。IP，TCP/IP，SYNFlood。：“regedit.exe”，HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters（）：2.1SYNSynAttackProtect，REG_DWORD。：1。TCPSYN-ACKS，SynAttackProtect0(),1，SYN，SYN，。2.2SYN1)TcpMaxPortsExhausted，REG_DWORD，5。SYNTCP，065535。2)TCPMaxHalfOpen，REG_DWORD，500。TCPMaxHalfOpen10065535，SynAttackProtect，SYN_RCVDTCP。SynAttackProtect，SYN。3)TCPMaxHalfOpenRetried，REG_DWORD，400。TCPMaxHalfOpenRetried8065535，SynAttackProtect，SYN_RCVDTCP。SynAttackProtect，SYN。2.31)EnableDeadGWDetect，REG_DWORD，0（False）EnableDeadGWDetect：01（FalseTrue）.1，TCP，，，TCPInternet(IP)，，。0。2)EnablePMTUDiscovery，REG_DWORD，0（False）。EnablePMTUDiscovery：01（FalseTrue）。1，TCP(MTU)。MTUTCP，TCPMTU，。，MTU，。0。，TCP/IP。3)KeepAliveTime，REG_DWORD，：7,200,000（），300,000。KeepAliveTime1-0xFFFFFFFF（）。TCP“”。，“”。，“”。300，000（5）。4)NoNameReleaseOnDemand，REG_DWORD，：0，1。NoNameReleaseOnDemand01（FalseTrue）。NetBIOS。，，。1。，,。，。，。3，SYNFloodSYNTCP，。，，，。，SYNFLOOD，TCP。，，TCP，。：[1],.[J].,2008,29(3):583-585.[2].SYNFlood、[J].,2003(12).(4329)14305ComputerKnowledgeandTechnology：718(20116)（4305）[3]LeeRB.CE-L2003-003,TaxonomiesofDistributedDenialofServiceNetworks.Attacks,ToolsandCountermeasures[R].NewJersey:DepartmentofElectricalEngineering,PrincetonUniversity,2003.[4].(DoS)[J].,2003(4):26-28.[5],.SynFlood[J].,2008(9):1588-1590.[6],,.IPSYN[J].,2008,18(12):159-163.[6][EB/OL].[7]RiceA.DefendingNetwordsfromSynFloodinginDepth.technicalreport[R].SansInst,2000.[8],,.[J].,2007,43(29):146-149.；2)，，；3)，。2.3，P2P。P2P。P2P：1)TCPUDP。P2P(eDonkey、Fasttrack、WinMx、Gnutella)TCP，UDP。，TCPUDP。TCPUDP，，。2)IP。P2P：，AP2P，superpeerIPport。A。，port，IP（A，）。Web，，IP。，mail、DNS，，。。，90%P2P99%P2P。，：，，。，，Internet。，，P2P，P2P，。3P2PP2P。、、、，2。2，：，；，，，；，，，P2P。：[1]KaragiannisT,BroidoA,FaloutsosM,etal.TransportLayerIdentificationofP2PTraffic[C].Taormina,Italy:InternationalMeasurementConference,2004.[2]KaragiannisT,BroideA,FaloutsosM,etal..TransportlayeridentificationofP2Ptraffic[M].ACM,2004.[3]SenS,SpatchscheckO,WangD.Accurate,scalableinnetworkidentificationofP2Ptrafficusingapplicationsignatures[C]//:Pro-ceedingsofthe13thinternationconferenceonWorldWideWeb.ACMPress,2004:512-521.[4],.BitTorrent[J].,2006,23(5):19-20.[5],.P2P[J].,2006,34(6):161-164.2P2P4329