近年來隨著科技的發展各式各樣的設備皆可上網對人們的生活帶來許多便利,但相對的也產生了一些資安上的隱憂,如電視、冰箱、監視器等可連網IoT設備可能會被駭客入侵進而被用於惡意的目的上,而其中又以分散式阻斷式服務攻擊(Distributed Denial of Service,DDoS)最為常見也最具攻擊之效果,由於DDoS的目的在於癱瘓某一正常運作之服務使得正常使用者無法存取到該服務,進而造成對方嚴重的損失。 DDoS的種類又分成許多種,其中又以SYN flood以及UDP flood最常為駭客所使用,本論文主要專注於TCP中的SYN flood,SYN flood之目的在於佔用伺服器之資源使得正常使用者無法與伺服器建立連線進而造成服務癱瘓,而本論文目的在於探討現行已發展出各種抵禦Syn flood之防禦方式,分析其各種防禦方式之成效與其優缺點。 ;Nowadays, technology brings many conveniences to our life, but it also leads to some issues about information security. For example, some IoT devices like webcam, television or refrigerator can be used by some hacker. DDoS (Distributed Denial of Service) is the most important one, it can make normal user can’t access the service and make the service and client lost a lot. There are lots of kinds of DDoS. SYN flood and UDP flood is the most common DDoS used by attackers, and this paper will focus on SYN flood attack. The main purpose of SYN flood is run out most of server’s resources and make normal user can’t use this service. The purpose of this paper is that discuss the SYN flood mitigations which have been released in public and analyze advantages and disadvantages of each method by the result.
