The kernel of the Linux server is analyzed to find out the main cause of the server’s denial of service when it is attacked. In the kernel, when the connection request information memory is full, the new connection request is discarded. Therefore, the printk function was used to alert the kernel output log when the memory was full, the processing of discarding the connection request in the kernel was changed, and the function tcp_syn_flood_action was applied to full memory processing. In the function tcp_syn_flood_action, the free function was used to release the memory according to the condition, so that the new connection request has a storage space, thereby offering the server’s normal service. Finally, the proposed defense technology is verified to be effective.
展开▼
