On layer of local area network, can adopt a lot of precautionary measures. For example, although eliminate IP completely in group sham phenomenon is almost impossible, but the net is in charge of but compose builds filter, if data contains the address believing a source of in-house net, input discharge through restricting data, drop charge of in-house and sham IP effectively. Filter still can restrict exterior IP to flow in group, the DoS attack that prevents sham IP is regarded as intermediate system.
Other method still has: Shut or limit specific service, if demarcate UDP serves,allow to be used at the network to diagnose a purpose in in-house net only.
But, these limitative measure may give lawful application (the RealAudio that if use UDP,serves as transmission mechanism) bring negative effect.
2. network transmits a layer
The control that transmits a layer to the network below can have complement to above inadequacy.
Independent the line at the layer fast service quality (QoS) and visit control
Contain the line that can configure intelligent software, independence to control a function at the QoS of the layer and visit fast multilayer the occurrence of switching equipment, improved a network to transmit equipment to protect data to shed the ability of integrality.
In traditional way by implement in, attestation mechanism (what if filter is divided,contain in-house location is sham in group) requirement discharge reachs a road by implement the brim, control the standard conform to in list with specific visit. But safeguard a visit to control list to be cost not only, and great added a way by implement expense.
Under photograph comparing, line fast multilayer switching equipment can realize all sorts of visit control that are based on strategy neatly.
This kind of independence controls capacity at the visit of the layer safety decision-making decision-making and as complete as network structure departure, the member that make the net is in charge of is in effective deploy DoS precautionary measures while, the means that need not use second actor by or commutative develop attacks. Result, the member that the net is in charge of and service supplier can not have the control standard that strategy is based on in center of net of whole town land with certain boundaries, data or intranet environment seam the ground compositive rise, and no matter it is used, is complex be based on a road by implement core serves, still be the 2nd relatively simple exchange. In addition, line attestation of fast processing data but backstage is carried out, do not have function defer basically.
Can filter custom-builtly and mechanism of ” of “ trustful neighbour
Intelligence is multilayer visit pilot another advantage is, can handy implementation is custom-built filter operation, if the basis is specific the standard is custom-built the control granuality that answers to the system. Multilayer exchange but push the specific QoS that sends those who appoint limitation of the biggest bandwidth to configure a file to go up in group, is not the “ with the group simple formulate that is DoS attack to the likelihood passes ” or “ discards ” is decision-making. This kind of means, can prevent DoS attack already, also can reduce discard the risk that lawful data includes.
Previous12 Next