摘要 |
PROBLEM TO BE SOLVED: To provide a distributed countermeasure against denial of service attack in which traffic of the entire network can be reduced by achieving a countermeasure against DDoS through NAT unit. SOLUTION: A Firewall unit 2 and routers 3a, 3b, 6a, 6b, 6c transmit/receive camouflage ARP packet data incorporating encrypted data of setting/releasing conditions of a discard filter for limiting the transmission band of transmission data of terminals 4 and 7 performing DDoS attack of a defence object server 1 in an ARP packet, and set a filter by decrypting the encrypted data. When the discard filter is set in routers 6a, 6b, 6c being connected with a network B not on the server side 1, an NAT unit 5 generates and transmits camouflage ARP packet data where the address information of information about setting/releasing conditions of the discard filter is converted into the address system of the network B. COPYRIGHT: (C)2007,JPO&INPIT
|