CN101247261A - Method and apparatus for preventing DDos attack - Google Patents
Method and apparatus for preventing DDos attack Download PDFInfo
- Publication number
- CN101247261A CN101247261A CNA2007101192352A CN200710119235A CN101247261A CN 101247261 A CN101247261 A CN 101247261A CN A2007101192352 A CNA2007101192352 A CN A2007101192352A CN 200710119235 A CN200710119235 A CN 200710119235A CN 101247261 A CN101247261 A CN 101247261A
- Authority
- CN
- China
- Prior art keywords
- tcp connection
- connection request
- syn message
- message
- invalid
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention provides a method and apparatus for preventing DDos attack, which belongs to transmit technology field of digital information. The method includes: before protected network appliance (namely server) receives TCP connection ask SYN message, server need complete validity checking for TCP connection ask SYN message, and only transmits legality valid TCP connection ask SYN to server terminal, discards attacking TCP connection ask SYN message of occupation system resources, and server will not take on any system resources exhausted risks caused by TCP semi- connection, thereby implementing network appliance attacking convenient, valid safe defense, avoiding affect to user because can not responding new service or down, and is convenient for technology spreading application because of simple operation.
Description
Technical field
The present invention relates to the transmission technique field of digital information, relate in particular to the method and apparatus that prevents under a kind of network concatenation module formula that DDos from attacking.
Background technology
Along with the importance of Internet (internet) in the middle of daily life, business activity is more and more outstanding, it is important unusually that network security also seems thereupon.At present, particularly denial of service of network attack (DoS) formula is attacked also in continuous increase.Because extensively sharing and information exchange fast of the Internet, also make start once on a small scale in addition in large-scale DDoS (Distributed Denial ofService, distributed denial of service) becomes and be more prone to, for example, can utilize the tool software of downloading from the Internet to start malicious attack easily, make the network user when enjoying the convenience that network brings, also will face the danger that network brings legitimate site.
At present, SYN Flood (synchronous flood attack) is as one of attack pattern of current most popular DoS and DDoS, mainly be to utilize TCP (Transmission Control Protocal, transmission control protocol) agreement defective, send a large amount of TCP connection requests of forging to server, make by the attack pattern of attack server resource exhaustion (CPU full load or low memory).
TCP is a kind of Network Transmission control protocol of present extensive use, and it is a kind of Connection-oriented Protocol.In real network was used, TCP was the authentication that is connected of finishing user side (also claiming client) and server end by the three-way handshake mode.The general step that connects authentication was divided into for three steps:
The first step, user send TCP connection request SYN (synchronously) message, indicate the Service-Port that will connect, and initial sequence number ISN;
Second step, server response user request send SYN+ACK (confirmation of synchronization) message to the user, confirm that simultaneously sequence number is ISN+1;
The 3rd step, user side are confirmed the back message using of server, send ACK (affirmation) message to server, and sequence number increases 1 for the server response sequence number.At this moment, promptly finish TCP three-way handshake authentication in succession.
SYN Flood attack means is exactly after server sends back message using (SYN+ACK) in second step of above-mentioned connection authentication, user side does not deliberately send the 3rd step confirmation message, cause server end to wait for the 3rd step handshaking information always, server can send the second step back message using again repeatedly simultaneously, thereby cause in the server ample resources occupied, can't handle normal business.
Whether the defence DDos that can adopt at present: adopt and utilize the detection rule judgment network equipment to be in by the attack state in the network equipment, its detection rule is if attacking implementation and comprises:
The SYN message amount that partly connects in the formation of (1) shaking hands for the first time in the system surpasses normal value;
(2) the SYN message that partly connects in the formation of shaking hands for the first time in the system has surpassed 95% of heap(ed) capacity;
The SYN message growth rate that partly connects in the formation of (3) shaking hands for the first time in the system surpasses its limiting value.
In above-mentioned each rule, the normal value of SYN message amount is the mean value in the daily processing of the network equipment, the newly-increased TCP linking number maximum of per second when the limiting value of its SYN message growth rate is network device processing normal burst flow.When above-mentioned defence method is attacked for about 10000 times/second in defence, the performance boost of nearly 30%-50%.
In this implementation, the network equipment detects according to above-mentioned detection rule, if one of above-mentioned condition appears in the network equipment, just it is under attack to be considered as the network equipment, at this moment, the network equipment is carried out the program that abandons, and the SYN message that aggressive time of staying of occupying system resources is surpassed 1 second abandons.
From the above mentioned, can find that there is following at least problem in prior art:
1, when the digit rate of aggressive SYN message reached the defence peak value of the network equipment, the occupied situation of ample resources still may appear in the protected network equipment, thereby also can cause the network equipment can not respond new service or the network equipment having risk when machine;
2, require the user extremely to understand the self networks situation, and according to the different detection parameter of regularity of network presence configuration, this is more complicated concerning normal network users, and will be along with the variation of network development and application, often revise and detect rule, this will make troubles to user's use.
Summary of the invention
The purpose of the embodiment of the invention provides method and the device that prevents under a kind of network concatenation module formula that DDos from attacking, thereby provides safe and reliable network service to the user.
The method that the embodiment of the invention provides a kind of DDos of preventing to attack, described method comprises:
Receive TCP connection request SYN message;
Whether detect described TCP connection request SYN message effective, if, described TCP connection request SYN message is transmitted to server end, otherwise, described TCP connection request SYN message abandoned.
The equipment that the embodiment of the invention also provides a kind of DDos of preventing to attack comprises:
Receiver module is used to receive TCP connection request SYN message;
Processing module is used to judge whether the described TCP connection request SYN message of described receiver module reception is effective, if effectively, then give notice, otherwise, abandon the TCP connection request SYN message that described receiver module receives;
Sending module is used for the notice sent according to described processing module, transmits the described TCP connection request SYN message that described receiver module receives to described server end.
By technique scheme as can be seen; protected network equipment (being server) receives before the TCP connection request SYN message in embodiments of the present invention; need finish checking to TCP connection request SYN message validity; and only legal and valid TCP connection request SYN message is transmitted to server end; the aggressive TCP connection request SYN message of occupying system resources is abandoned; make server can not bear any because TCP half connects the risk that causes system resource to exhaust; thereby realized the convenience to network equipment attack at DDos; effective Prevention-Security; avoided because of not responding new service or influence because of causing to the user when machine; and since simple to operate, be convenient to applying of technology.
Description of drawings
Fig. 1 is the equipment network system schematic of the embodiment of the invention;
Fig. 2 is the method flow diagram that DDos attacks that prevents of the embodiment of the invention;
Fig. 3 is a technical schematic diagram of the present invention;
Fig. 4 prevents the apparatus structure schematic diagram that DDos attacks for the embodiment of the invention is a kind of.
Embodiment
The embodiment of the invention is before protected network equipment (being server end) receives TCP connection request SYN message; need finish checking to TCP connection request SYN message validity; and only legal and valid TCP connection request SYN message is transmitted to server end; and the aggressive TCP connection request SYN message of occupying system resources is abandoned, because connecting, TCP half cause system resource to exhaust the risk of being born thereby reduced server.
At first, introduce the validity of how verifying from the TCP connection request SYN message of user side, and how to realize legal and valid TCP is connected the process that message is transmitted to server end.
In embodiments of the present invention, when user side when server end sends TCP connection request SYN message, promptly for the first time during handshake request, whether the user node information that detects TCP connection request SYN message correspondence is invalid nodal information, be invalid nodal information if detect, then directly abandon TCP connection request SYN message, be not given to server end; Otherwise, TCP connectivity request message according to the user, produce the TCP connection request response message SYN+ACK of second handshake, at this moment, if responding the TCP that shakes hands for the third time, user side connects confirmation message ACK, think that then this TCP connection request is a legal and valid, and transmit the data that are connected of subsequent user end and server end.
In said process, if the TCP that the user side no third is shaken hands connects confirmation message ACK, do not receive that promptly the TCP that user side returns connects affirmation, then think illegal invalid TCP connection request SYN message, and the invalid nodal information of invalid TCP connection request SYN message correspondence is updated in the invalid nodal information formation, and abandon this TCP connection request SYN message.
In above-mentioned processing procedure, the user node information that detects TCP connection request SYN message correspondence whether be invalid nodal information method can for: whether the IP address of sending the user side of TCP connection request SYN message correspondence by comparison appears in the record queue of invalid nodal information, if, then think invalid nodal information, and abandon this TCP connection request SYN message, otherwise, think that this TCP connection request SYN message is a connection request to be confirmed.
Wherein, described user node information can comprise: user side IP address and user side port information; Promptly in the record queue of described invalid nodal information, writing down the user side IP address and the user side port information of invalid node correspondence, and this invalid nodal information can be for setting in advance, also can be for according to generating at the validity judged result of TCP connection request in the network or upgrading this invalid nodal information.
For the anti-DDos attack method to the embodiment of the invention has further understanding, below in conjunction with Fig. 1 and Fig. 2, the method flow that the anti-DDos of the embodiment of the invention attacks is described, concrete steps are as follows:
Step 21: receive the TCP connection request SYN message that user side sends;
Step 22: whether the user node information that detects above-mentioned TCP connection request SYN message correspondence is in the invalid nodal information that has write down, is the invalid node that has write down if detect, and thinks that then TCP connection request SYN message is invalid, and execution in step 30; Otherwise, can think that this TCP connection request SYN message is a connection request to be confirmed, and execution in step 23;
Above-mentioned detection rule can be set to: whether the user side IP address of sending TCP connection request SYN message by comparison appears in the invalid nodal information formation.
Step 23: send TCP connection request response message SYN+ACK to user side, then, execution in step 24;
Step 24: detect whether receive the TCP connection confirmation message ACK that user side sends.Connect confirmation message ACK if user side sends TCP, think that then it is effectively that TCP asks the SYN message in succession, and execution in step 25, otherwise this TCP connection request SYN message is invalid, and execution in step 29;
Step 25: send TCP connection request SYN message to server end, execution in step 26 then;
Step 26: server end sends TCP connection request response message SYN+ACK, and execution in step 27;
Step 27: the TCP connection confirmation message ACK of user side is forwarded to server end, and execution in step 28 then;
Step 28: TCP request and the data message of transmitting follow-up user side and server end;
Step 29: upgrade invalid nodal information formation, new invalid nodal information is added in the invalid nodal information formation, execution in step 30 then;
Step 30: abandon invalid node TCP connection request SYN message;
As shown from the above technical solution; protected network equipment (being server) receives before the TCP connection request SYN message in embodiments of the present invention; need finish the checking of TCP connection request SYN message validity; and only legal and valid TCP connection request SYN message is transmitted to server end; the aggressive TCP handshake request message first time of occupying system resources is abandoned; make server can not bear any because TCP half connects the risk that causes system resource to exhaust; thereby realized the convenience to network equipment attack at DDos; effective Prevention-Security; avoided because of not responding service of newly arriving or influence because of causing to the user when machine; and technical scheme is simple to operate, is convenient to applying of technology.
Because above-mentioned all method embodiment can realize by device, so the present invention also provides several means embodiment.
Introduce the equipment network system schematic of the embodiment of the invention below again, system forms as shown in Figure 3, and system comprises among the figure: user side, server end and defence layer, wherein,
The defence layer is arranged between user side and server end, thereby checking is mail to the validity of the TCP connection request SYN message of server end from user side, and only legal and valid TCP connection request SYN message is transmitted to server end.
Above-mentioned defence layer can be an independent equipment, also can be for being arranged on user side, or the device in the server end, for the ease of installing and the least possible transformation conventional network equipment, in embodiments of the present invention, defend layer to be set to an autonomous device, be called defensive equipment.Yet,, can will defend layer to be arranged in user side or the server end according to the technical scheme that the embodiment of the invention provides as the technical staff of the technical field of the invention.
User side can be and is connected computer in the network, can send TCP connection request SYN message, and receives the TCP connection request response from defensive equipment and server end;
Server end, just protected equipment can receive the TCP connection request SYN message that defensive equipment is transmitted, and sends TCP connection request message response SYN+ACK to the defence layer;
In embodiments of the present invention, can in preventing DDos attack equipment, two network interface cards can be set, be respectively first network interface card and second network interface card 2, first network interface card be connected with user side (being internet public network end), be responsible for and TCP connection request SYN message source between two-way communication; Second network interface card is connected with server end (being protected equipment), be responsible for and server between two-way communication.
Can comprise in the above-mentioned defensive equipment, receiver module, processing module and sending module as shown in Figure 4, prevent the device structure schematic diagram that DDos attacks for the embodiment of the invention is a kind of, concrete structure is as follows:
(1) receiver module is used to receive the TCP connection request SYN message from user side;
(2) processing module is used to judge whether the TCP connection request SYN message of receiver module reception is effective, if effectively, then give notice, otherwise, abandon the TCP connection request SYN message that described receiver module receives;
Above-mentioned processing module specifically can comprise:
The confirmation message receiver module is used for waiting for after sending TCP connection request response message receiving TCP connection request confirmation message;
Judging treatmenting module is used to judge whether the confirmation message receiver module receives TCP connection request confirmation message, if receive, then gives notice, otherwise, abandon the TCP connection request SYN message that receiver module receives.
(3) sending module is used for the notice sent according to described processing module, transmits the TCP connection request SYN message that receiver module receives to server end.
Optionally, in above-mentioned defensive equipment, can also comprise:
Memory module is used to set in advance invalid nodal information, and wherein, described invalid nodal information can comprise: disabled user's IP address in the network, and port information perhaps, also can be other node identifying informations;
Invalid node recognition processing module is used for the invalid nodal information stored according to memory module, and whether the TCP connection request SYN message that the identification receiver module receives comes from invalid node, if, then abandon this message, otherwise, notification handler module.
Optionally, in above-mentioned defensive equipment, can also comprise invalid nodal information update module, be used for after the message that invalid node recognition processing module identification is received comes from invalid node, this invalid node being added in the memory module.
In embodiments of the present invention, the receiver module in the defensive equipment realizes by first network interface card, this first network interface card specifically can be responsible for and TCP connection request SYN message source between two-way communication; Described sending module realizes by second network interface card, this second network interface card specifically can be responsible for and server between two-way communication.
In embodiments of the present invention, when user side when server end sends TCP connection request SYN message, whether the user's requesting node information that detects above-mentioned TCP connection request SYN message correspondence by detection module is the invalid nodal information of storing in the memory module, if invalid information is then directly abandoned TCP connection request SYN message; If non-registered new TCP connects, then defensive equipment sends TCP connection request response message SYN+ACK to user side, detect defensive equipment by processing module then and whether receive TCP connection confirmation message ACK, if defensive equipment receives, think that then legal and valid TCP connects, will transmit the be connected data of subsequent user end with server end; Otherwise think illegal invalid TCP connection request, and with the user node information updating of above-mentioned TCP connection request message SYN correspondence to invalid nodal information formation, and abandon this message.
As shown from the above technical solution; defensive equipment is arranged in the network of protected server; verify by the TCP connection request SYN message that this defensive equipment subtend user side sends; only legal and valid TCP connection request SYN message is transmitted to server end; thereby can effectively reduce the risk of DDos attack server; avoided attacking and taken a large amount of resource of server because of malice; make server can not bear any, improved the security performance of network because TCP half connects the risk that causes resource exhaustion.
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (10)
1. method that prevents that DDos from attacking is characterized in that described method comprises:
Receive TCP connection request SYN message;
Whether detect described TCP connection request SYN message effective, if, described TCP connection request SYN message is transmitted to server end, otherwise, described TCP connection request SYN message abandoned.
2. the method that prevents that DDos from attacking according to claim 1 is characterized in that whether effective method is the described TCP connection request of described detection SYN message:
After sending TCP connection request response message to described user side, detect whether receive the TCP connection confirmation message ACK that described user side sends,, confirm that then described TCP connection request SYN message is effective if receive, otherwise, confirm that described TCP connection request SYN message is invalid.
3. the method that prevents that DDos from attacking according to claim 2 is characterized in that, also comprises the step that invalid nodal information is set, and the described step that sends TCP connection request response message to described user side comprises:
Whether detect described TCP connection request SYN message is described invalid nodal information, if, then abandon described TCP connection request SYN message, otherwise, TCP connection request response message sent to described user side.
4. the method that prevents that DDos from attacking according to claim 3 is characterized in that, is described invalid nodal information if detect described TCP connection request SYN message, and described method further comprises:
With the user node information updating of described TCP connection request SYN message correspondence to described invalid nodal information.
5. according to claim 3 or the 4 described methods that prevent that DDos from attacking, it is characterized in that described invalid nodal information comprises: user side IP address and port information.
6. an equipment that prevents that DDos from attacking is characterized in that, comprising:
Receiver module is used to receive TCP connection request SYN message;
Processing module is used to judge whether the described TCP connection request SYN message of described receiver module reception is effective, if effectively, then give notice, otherwise, abandon the TCP connection request SYN message that described receiver module receives;
Sending module is used for the notice sent according to described processing module, transmits the described TCP connection request SYN message that described receiver module receives to described server end.
7. the equipment that prevents that DDos from attacking according to claim 6 is characterized in that described equipment also comprises:
Memory module is used to set in advance invalid nodal information;
Invalid node recognition processing module, be used for the invalid nodal information stored according to described memory module, discern the TCP connection request SYN message that described receiver module receives and whether come from invalid node, if, then abandon described TCP connection request SYN message, otherwise, notify described processing module to abandon the TCP connection request SYN message that described receiver module receives.
8. the equipment that prevents that DDos from attacking according to claim 7, it is characterized in that, described equipment also comprises invalid nodal information update module, be used for after the described TCP connection request SYN message that described invalid node recognition processing module identification is received comes from described invalid node, the invalid nodal information of described invalid node correspondence is added in the described memory module.
9. according to claim 6, the 7 or 8 described equipment that prevent that DDos from attacking, it is characterized in that described processing module specifically comprises:
The confirmation message receiver module is used for waiting for after sending described TCP connection request response message receiving described TCP connection request confirmation message;
Judging treatmenting module is used to judge whether described confirmation message receiver module receives described TCP connection request confirmation message, if receive, then gives notice, otherwise, abandon the TCP connection request SYN message that described receiver module receives.
10. according to claim 6, the 7 or 8 described equipment that prevent that DDos from attacking, it is characterized in that described receiver module realizes by first network interface card, and described first network interface card is responsible for and TCP connection request SYN message source between two-way communication; Described sending module realizes by second network interface card, and described second network interface card is responsible for and described server end between two-way communication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007101192352A CN101247261A (en) | 2007-07-18 | 2007-07-18 | Method and apparatus for preventing DDos attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007101192352A CN101247261A (en) | 2007-07-18 | 2007-07-18 | Method and apparatus for preventing DDos attack |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101247261A true CN101247261A (en) | 2008-08-20 |
Family
ID=39947487
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2007101192352A Pending CN101247261A (en) | 2007-07-18 | 2007-07-18 | Method and apparatus for preventing DDos attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101247261A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010048808A1 (en) * | 2008-10-28 | 2010-05-06 | 成都市华为赛门铁克科技有限公司 | A method, system and gateway for preventing the network attack |
| CN101442531B (en) * | 2008-12-18 | 2011-06-29 | 西安西电捷通无线网络通信股份有限公司 | Protection method for safety protocol first message |
| CN104811420A (en) * | 2014-01-23 | 2015-07-29 | 腾讯数码(天津)有限公司 | Method and apparatus for preventing distributed denial of service (DDoS) attacks |
| CN106572132A (en) * | 2015-10-09 | 2017-04-19 | 中兴通讯股份有限公司 | Chain establishing distribution method, device and system |
| CN107087007A (en) * | 2017-05-25 | 2017-08-22 | 腾讯科技(深圳)有限公司 | A kind of defence method of network attack, relevant device and system |
| CN107438074A (en) * | 2017-08-08 | 2017-12-05 | 北京神州绿盟信息安全科技股份有限公司 | The means of defence and device of a kind of ddos attack |
| CN109413037A (en) * | 2018-09-12 | 2019-03-01 | 北京奇安信科技有限公司 | A kind of Modbus method for processing business and device |
| CN110808994A (en) * | 2019-11-11 | 2020-02-18 | 杭州安恒信息技术股份有限公司 | Method and device for detecting brute force cracking operation and server |
| CN112153001A (en) * | 2020-08-21 | 2020-12-29 | 杭州安恒信息技术股份有限公司 | WAF-based network communication method, system, electronic device and storage medium |
| CN112532702A (en) * | 2020-11-19 | 2021-03-19 | 深圳市利谱信息技术有限公司 | Cloud service platform and user side secure communication method and cloud isolation security system |
| CN112615866A (en) * | 2020-12-22 | 2021-04-06 | 杭州易安联科技有限公司 | Pre-authentication method, device and system for TCP connection |
| CN114765549A (en) * | 2020-12-31 | 2022-07-19 | 慧盾信息安全科技(北京)有限公司 | System and method for NAT environment terminal access video monitoring network based on TCP protocol |
-
2007
- 2007-07-18 CN CNA2007101192352A patent/CN101247261A/en active Pending
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010048808A1 (en) * | 2008-10-28 | 2010-05-06 | 成都市华为赛门铁克科技有限公司 | A method, system and gateway for preventing the network attack |
| CN101442531B (en) * | 2008-12-18 | 2011-06-29 | 西安西电捷通无线网络通信股份有限公司 | Protection method for safety protocol first message |
| CN104811420A (en) * | 2014-01-23 | 2015-07-29 | 腾讯数码(天津)有限公司 | Method and apparatus for preventing distributed denial of service (DDoS) attacks |
| CN106572132B (en) * | 2015-10-09 | 2020-12-29 | 中兴通讯股份有限公司 | Method, device and system for distributing and building link |
| CN106572132A (en) * | 2015-10-09 | 2017-04-19 | 中兴通讯股份有限公司 | Chain establishing distribution method, device and system |
| CN107087007A (en) * | 2017-05-25 | 2017-08-22 | 腾讯科技(深圳)有限公司 | A kind of defence method of network attack, relevant device and system |
| CN107438074A (en) * | 2017-08-08 | 2017-12-05 | 北京神州绿盟信息安全科技股份有限公司 | The means of defence and device of a kind of ddos attack |
| CN109413037B (en) * | 2018-09-12 | 2021-11-16 | 奇安信科技集团股份有限公司 | Modbus service processing method and device |
| CN109413037A (en) * | 2018-09-12 | 2019-03-01 | 北京奇安信科技有限公司 | A kind of Modbus method for processing business and device |
| CN110808994A (en) * | 2019-11-11 | 2020-02-18 | 杭州安恒信息技术股份有限公司 | Method and device for detecting brute force cracking operation and server |
| CN110808994B (en) * | 2019-11-11 | 2022-01-25 | 杭州安恒信息技术股份有限公司 | Method and device for detecting brute force cracking operation and server |
| CN112153001A (en) * | 2020-08-21 | 2020-12-29 | 杭州安恒信息技术股份有限公司 | WAF-based network communication method, system, electronic device and storage medium |
| CN112153001B (en) * | 2020-08-21 | 2023-06-23 | 杭州安恒信息技术股份有限公司 | WAF-based network communication method, WAF-based network communication system, electronic device and storage medium |
| CN112532702A (en) * | 2020-11-19 | 2021-03-19 | 深圳市利谱信息技术有限公司 | Cloud service platform and user side secure communication method and cloud isolation security system |
| CN112532702B (en) * | 2020-11-19 | 2023-07-28 | 深圳市利谱信息技术有限公司 | Cloud service platform, secure communication method of user and cloud isolation security system |
| CN112615866A (en) * | 2020-12-22 | 2021-04-06 | 杭州易安联科技有限公司 | Pre-authentication method, device and system for TCP connection |
| CN112615866B (en) * | 2020-12-22 | 2022-07-05 | 南京易安联网络技术有限公司 | Pre-authentication method, device and system for TCP connection |
| CN114765549A (en) * | 2020-12-31 | 2022-07-19 | 慧盾信息安全科技(北京)有限公司 | System and method for NAT environment terminal access video monitoring network based on TCP protocol |
| CN114765549B (en) * | 2020-12-31 | 2024-03-15 | 慧盾信息安全科技(北京)有限公司 | System and method for allowing NAT environment terminal to access video monitoring network based on TCP protocol |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101247261A (en) | Method and apparatus for preventing DDos attack | |
| US8935419B2 (en) | Filtering device for detecting HTTP request and disconnecting TCP connection | |
| CN101291205B (en) | Backup data transmitting method, system, mirror-image server | |
| CN101175013B (en) | Refused service attack protection method, network system and proxy server | |
| CN103795632B (en) | Data message transmission method, related equipment and system | |
| US11689564B2 (en) | Method and apparatus for processing data in cleaning device | |
| WO2006069522A1 (en) | A method, system and apparatus for realizing the data service safety of the mobile communication system | |
| CN105516080A (en) | Processing method, apparatus, and system for TCP connection | |
| US9055099B2 (en) | Method of preventing TCP-based denial-of-service attacks on mobile devices | |
| CN111064755B (en) | Data protection method and device, computer equipment and storage medium | |
| CN107451092A (en) | A kind of data transmission system based on IB networks | |
| JP2011147181A (en) | Method for calculating hashing of message in device communicating with smart card | |
| CN109996349B (en) | Session recovery method and device | |
| JP2005122695A (en) | Authentication method, server computer, client computer, and program therefor | |
| CN110198298B (en) | Information processing method, device and storage medium | |
| JP2006277752A (en) | Computer remote-managing method | |
| CN107257352B (en) | DPDK-based URL authentication redirection system and method | |
| CN1906884B (en) | Preventing network data injection attacks | |
| WO2007094059A1 (en) | Data transmitting and receiving method | |
| CN106131036B (en) | Processing method, device and the terminal of CC attack | |
| CN113810330A (en) | Method, device and storage medium for sending verification information | |
| JP3810998B2 (en) | Computer remote management method | |
| CN108595941A (en) | A kind of data processing method, system and electronic equipment | |
| JP2004220075A (en) | Network authentication access control server, application authentication access control server, and integrated authentication access control system | |
| CN113179247B (en) | Denial of service attack protection method, electronic device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20080820 |