摘要 |
<p>A method and system for defending against the TCP attack are provided, and the method includes: regarding the messages which have the same source internet protocol IP address, destination IP address, source protocol port number, destination protocol port number, input interface, output interface, protocol type and the flag bit field of transfer control protocol TCP messages as a flow; determining the TCP attack's type by the flag bit field of the flow; and based on the TCP attack's type, defending against the TCP attack. The position and the type of the TCP attack in the network can be located accurately by using the method, and itcan be implemented to dynamically defend against the attack source by interacting with the Netflow analysis process device.</p> |