| 摘要 |
Network attacks, such as a denial of service (DoS) attack, attempt to exhaust server resources and can cause a network to be unavailable for significant periods of time. Although a firewall can be utilized to defend a system from network attacks, the number of incoming connections created can be controlled to defend the system against network attacks. An operating system creates connections, known as sockets, on one or more logical ports. Incoming connections are connections whose creation requests originate from a source outside the operating system. Functionality to control socket creation can be implemented within the operating system, thus allowing a system to be placed directly on a network without a firewall. Implementing defense against network attacks within an operating system reduces the additional cost of having firewall products, and can lead to more efficient network configurations.
|
