| 摘要 |
PROBLEM TO BE SOLVED: To automatically protect, on the side of a device at user's home, the processing function of a CPU from being paralyzed by an increase in processing load for packet discarding caused by a DoS/DDoS attack, in a subscriber line terminating device and a user terminal for preventing the Dos/DDos attack. SOLUTION: In the event of the DoS/DDoS attack through which a large number of packets are intentionally transmitted from an external network, the attack is detected by an IDS function and the like at a subscriber line terminating device 2 on a user's side. When a load to the CPU of the subscriber line terminating device 2 exceeds a threshold, a subscriber line terminating group-side device 4 of a host communication system is notified of a transfer refusal request for requesting the system not to transfer the packets relating to the DoS/DDoS attack. In the subscriber line terminating group-side device 4, filtering is performed using the source addresses, port numbers, or protocols of the packets and the packets affected by the DoS/DDoS attack are discarded by the subscriber line terminating group-side device 4. COPYRIGHT: (C)2009,JPO&INPIT
|
