Wednesday, October 26, 2011

A-ddos - Kernel solution to prevent ddos attack

A-ddos - Kernel solution to prevent ddos attack

a-ddos is a kernel patch in order to prevent DDos attack at the low-hardware-level. It works well on a netbridge.

DDos is short for distributed denial-of-service,it becomes a serious threat nowadays. There hasn't been a perfect solution yet. a-ddos uses 512M(128M in current version) memory to keep tracks of every ipv4 address and a kernel-level timmer to record connections pre-second. While under attack, only the available IPs are allowed to be connected to the server.

Highlighted features
In order to determine every connection, only one memory-access is needed.

The implementation is simple and fast, while under syn-flood attack a-ddos takes less than 10% cpu time to handle.

It's easy to extend the memory usage, nevertheless 4G/8 bit = 512MB can handle the whole IPV4 space!


Read more:

No comments: