防SYNFLOOD状态防火墙模型的分析-通信与信息系统专业论文.docxVIP

第 第 PAGE III 页 RESEARCH ON THE MODEL OF THE STATEFUL FIREWALL FOR DEFENDING SYN FLOOD ABSTRACT Due to that the TCP/IP protocol itself is insufficient to guarantee the security of computer network information, additional measures are widely used to protect themselves in network engineering practice. Firewall is currently one of the important and key technologies. DOS and DDOS attacks threat a lot to the security of the network and network server. As a typical attack of DOS/DDOS, using the leak of TCP/IP protocol, SYN FLOOD send large numbers of SYN date packs in a short time. If the packets match the rules of firewall, firewall state table is created to track these links, which may cause firewall’s Iptables overflowed and eventually refuse new connection. The traditional solutions can only protect the security of the host, but not the firewall. Based on intensive study and analyses of the existing stateful firewall model against SYN FLOOD, combining the advantages of these models, the paper is going to design and implement the HAS (Hash-Adaptive threshold-Stateful inspection) stateful firewall model for defending SYN FLOOD. The model has good validity and instantaneity, the security of firewall itself, and steady communication. First, this paper introduces the background of the research, analyzes the necessity to defend the SYN FLOOD attacks and the current situation of stateful firewall models to defend SYN FLOOD abroad. And then, it analyzes the workflow, working mechanism of stateful firewall, and the theory of SYN FLOOD attacks, and emphasizes on the discussion of the stateful firewall model produced by CheckPoint Company. This essay lays a solid theoretical foundation for the design and implementation of the HAS model. Secondly, the paper detailedly describes the design and implementation of the HAS model, including specific algorithm, module structure, rules setting, modifying the kernel, the status function of Linux and the main implementation code modules. T