Welcome to中国防火墙网
Add to Favorites | Chinese
Setting road by implement the door is restricted to be worth precautionary DDoS
From;    Author:Stand originally
One, precautionary DDoS atttacks a principle

In the attack process that rejects to serve ”(DDoS) in distributed “ , a flock of baleful lead plane or the main engine that are affected by baleful lead plane will transmit much data to the server that suffers attack. Below this kind of circumstance, the network node that stands by network brim will become resource is dried up. The reason has 2: It is to stand by the node of the server to ask to handle only when the design normally a few user data; 2 because data is in,be of network core area collect the node that makes be in the brim to be able to receive more data. In addition, server system itself is atttacked very easily also, break down in the meeting below the circumstance of exceeding overload.

DDoS attack is regarded as issue of a kind of resource government. The purpose of the article should protect server system to won't receive the service of excessive to request in global sex network namely. Of course, this kind of mechanism also can turn into easily the protection of pair of network node. For this, must adopt a kind preventive measure: Before aggressive data bag gathers to make the server breaks down, the road on deferent method by implement in undertake modulatory to discharge, avoid the happening of attack. Specific implementation mechanism is to should be in the upriver road that is apart from with class of server know exactly about sth by implement on setting door is restricted to be worth, the data bulk that is restricted to be worth less than in this door only can adopt a way by implement, and other data will be abandoned or road by to other way by implement.

One of system of this kind of defense main factor is the data bulk that each roads output “ proper ” by the dot. “ proper ” must be inspected the demand at that time allocates and decide, because want between this server and network,undertake trends talks things over. The negotiation in the article method by the server (S) initiate, if the server is in under design capacity (Us) move below the circumstance, do not need to install the door to be restricted to be worth; If the load of the server (Ls) exceeded design capacity, can install the door to be restricted to be worth in the upper reaches of the server will undertake ego is protected. After this, if current door is restricted to be worth,cannot make the load of S under Us, should reduce the door to be restricted to be worth; Conversely, if Ls<Us, should lift the door is restricted to be worth; What if the door is restricted,be worth is elevatory did not make load is inside surveillance period increase apparently, can cancel the door to be restricted to be worth. Dominating algorithmic end is the laden control the server be in [Ls, in Us] limits.

Very apparent, impossible requirement withholds the state information of all network server, because such meetings cause state information explosion. But choosing to protect a mechanism by demand is feasible, this one viewpoint is be based on DDoS to atttack is and rather than of a kind of individual phenomenon the hypothesis of general situation. In any time paragraph inside, we maintain the network that has a few only to be atttacked, major network moves below condition of “ healthy ” . In addition, baleful aggressor chooses those to visit the ” of “ main site with most user to atttack normally, these sites can use the following network structure to assure the safety of oneself.
Previous12 Next

About us | Legal Notices | Sitemap | Links | Partner