{"title":"大型校园专属门户的建筑设计","authors":"K. Koht-Arsa, A. Phonphoem, S. Sanguanpong","doi":"10.1109/CCST.2009.5335561","DOIUrl":null,"url":null,"abstract":"Managing high workload and concurrent accesses are challenging tasks for captive portal. The large number of clients generally creates high workload to the system. Furthermore, some worm or Trojan infected clients create a lot more traffic by spreading themselves through the network via HTTP protocol. Such stateful traffic typically leads to network attack, especially a SYN-Flooding. Additionally, some misbehaved software installed in client machines may periodically and/or automatically download, send updates information through the Internet, or repeatedly reconnect to certain designated servers without the high workload awareness. In this paper, the stateless mini HTTP redirector has been proposed. All traffic will be redirected to stateless robust URL target redirector which will eventually send traffic through raw socket, hence bypassing the operating system's TCP/IP stack. With stateless characteristics, the system can absolutely protect the SYN-flooding attack. Moreover, the system includes the user-gent detection module for minimizing the high workload effects from misbehaved software on client machines.","PeriodicalId":117285,"journal":{"name":"43rd Annual 2009 International Carnahan Conference on Security Technology","volume":"71 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Architectural design for large-scale campus-wide captive portal\",\"authors\":\"K. Koht-Arsa, A. Phonphoem, S. Sanguanpong\",\"doi\":\"10.1109/CCST.2009.5335561\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Managing high workload and concurrent accesses are challenging tasks for captive portal. The large number of clients generally creates high workload to the system. Furthermore, some worm or Trojan infected clients create a lot more traffic by spreading themselves through the network via HTTP protocol. Such stateful traffic typically leads to network attack, especially a SYN-Flooding. Additionally, some misbehaved software installed in client machines may periodically and/or automatically download, send updates information through the Internet, or repeatedly reconnect to certain designated servers without the high workload awareness. In this paper, the stateless mini HTTP redirector has been proposed. All traffic will be redirected to stateless robust URL target redirector which will eventually send traffic through raw socket, hence bypassing the operating system's TCP/IP stack. With stateless characteristics, the system can absolutely protect the SYN-flooding attack. Moreover, the system includes the user-gent detection module for minimizing the high workload effects from misbehaved software on client machines.\",\"PeriodicalId\":117285,\"journal\":{\"name\":\"43rd Annual 2009 International Carnahan Conference on Security Technology\",\"volume\":\"71 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-11-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"43rd Annual 2009 International Carnahan Conference on Security Technology\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CCST.2009.5335561\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"43rd Annual 2009 International Carnahan Conference on Security Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCST.2009.5335561","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Architectural design for large-scale campus-wide captive portal
Managing high workload and concurrent accesses are challenging tasks for captive portal. The large number of clients generally creates high workload to the system. Furthermore, some worm or Trojan infected clients create a lot more traffic by spreading themselves through the network via HTTP protocol. Such stateful traffic typically leads to network attack, especially a SYN-Flooding. Additionally, some misbehaved software installed in client machines may periodically and/or automatically download, send updates information through the Internet, or repeatedly reconnect to certain designated servers without the high workload awareness. In this paper, the stateless mini HTTP redirector has been proposed. All traffic will be redirected to stateless robust URL target redirector which will eventually send traffic through raw socket, hence bypassing the operating system's TCP/IP stack. With stateless characteristics, the system can absolutely protect the SYN-flooding attack. Moreover, the system includes the user-gent detection module for minimizing the high workload effects from misbehaved software on client machines.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
