Distributed denial-of-service (DDoS) attacks on public servers have become more and more serious recently. Most are SYN Flood attacks. The malicious attackers can easily exhaust the computing and communication resources of its victim within a short period of time. However, there is no method against such attacks completely. This paper seeks to provide a new defence method against SYN Flood attacks which is based on retransmission timeout mechanism. It defenses the SYN flood attacks by receiving packets from the attacker twice. This method, with its easy implementation and small consumption of system resources, can be run on the server host (the firewall) and doesn't need hardware to support. Experiment results show that this method can defense the SYN Flood attacks promptly and efficiently.
展开▼
