ddos攻击.doc

摘 要 ? 随着计算机技术的发展，网络也在迅猛地普及和发展。人们在享受着网络带来的各种便利的同时，也受到了很多黑客的攻击。在众多的攻击种类中，有一种叫做 DoS（Denial of Service 拒绝服务）的攻击，是一种常见而有效的网络攻击技术，它通过利用协议或系统的缺陷，采取欺骗或伪装的策略来进行网络攻击，最终使得受害者的系统因为资源耗尽或无法作出正确响应而瘫痪，从而无法向合法用户提供正常服务。它看上去平淡无奇，但是攻击范围广，隐蔽性强、简单有效而成为了网络中一种强大的攻击技术，极大地影响了网络和业务主机系统的有效服务。其中，DDoS（Distubuted Denial of Service 分布式拒绝服务）更以其大规模性、隐蔽性和难防范性而著称。 本论文首先研究了Linux系统以及运行于该系统的应用程序漏洞，分级讨论了防御对Linux服务器攻击的方法，并着重介绍了Linux文件系统的安全问题。其次，从Linux基本安全机制、数据传输加密和Linux防火墙等方面来讨论了如何构建安全的Linux系统。还有就是介绍了对Linux系统内核进行修改以达到防御DoS攻击的效果。并对Linux网络安全的未来发展做出了展望。 ? 关键词：DoS；Ddos; Linux ? ? Abstract ? With the development of the computer technology, network is rapidly popularizingand developing. When enjoying the benefits arsing from network, people are on theother hand facing the attack of Hackers, one of which attack is named DoS (Denial of Service) attack. The DoS is an effective and usual network attack technique, whichemploys the bugs of protocols or systems to launch the attack in a disguisd or fake wayand finally disables the victim computer due to resources exhcaust and failure toreponse properly and results in the failure to supply normal service to legitimateusers.Such attack appears ordinary .However it is simple but effective with a wide scopeof attack and high degree of hiding,which to great extent affects the effective service of network and operational host.Among the other things,DDoS (Distubuted Denial of Service) is more notorious of its massive scale,hiding and difficutly of defending. This thesis, firstly, studied the Linux system and some leaks of the applications running on it, discussed the ways how to defend the attacks to Linux servers, and introduced the security of Linux file systems.Secondly, it discussed how to set up a safe Linux system in the way of basic safety mechanism, data delivering encrypts, firewall and so on.Finally, it still analyzed Linux sniffer software. In view of the disadvantages of that software, I thought out a new-fashioned sniffer in terms of the actual，Still have is