edumon防火墙典型配置（）.docVIP

edumon防火墙典型配置（） Not yet, but you can refer to the configuration manual, which speaks in great detail. Here are some of the common attacks, defensive knowledge, and common configurations of Eudemon 200 for your simple reference! For more details (including other Eudemon 100 products), go to the manual! Eudemon 200 3 typical network attack methods and Countermeasures No matter how close the firewall filter rules configuration, there is always a need to specify a range where connections are allowed. If the attack user network connection is mixed within the scope of this license, it will have to identify and deal with the related functions of attack prevention. 3.1, common attack methods and Countermeasures 3.1.1 syn-flood Syn-flood attacks are a common form of DoS attack, mainly used to attack network devices that open TCP ports. To understand the principle of syn-flood attack, you need to explain the establishment process of the TCP connection first. The process of establishing TCP connection is called the three handshake, first of all, the client initiates a connection request to the server (SYN message), the server received in this connection request, will respond to a response message (SYN ACK), after the client receives the SYN ACK message, and then send a third ACK message, after the completion of the interaction process the server and client ends, the TCP session has set up normal, can start using the session on the transmission of data. When the server in response to SYN ACK message for the connection establishment has actually allocated sufficient resources, if the ACK message is not received from the client, this part of the resources will be released after a certain time, in order to give the other connection requests. Syn-flood attack is the use of this principle, the connection request is sent to the attacker TCP, attacked device is monitored by the port a large number of connection requests (SYN) message, the attacked device according to the normal proces