CN101771575B - Method, device and system for processing IP partitioned message - Google Patents
Method, device and system for processing IP partitioned message Download PDFInfo
- Publication number
- CN101771575B CN101771575B CN200810241965.4A CN200810241965A CN101771575B CN 101771575 B CN101771575 B CN 101771575B CN 200810241965 A CN200810241965 A CN 200810241965A CN 101771575 B CN101771575 B CN 101771575B
- Authority
- CN
- China
- Prior art keywords
- packet
- message
- fragmentation
- characteristic information
- partitioned
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method, device and system for processing IP partitioned message. The method of the invention comprises the following steps: receiving IP partitioned message sent from a network device; when complete characteristic information is recorded in IP data package owning the IP partitioned message, detecting whether the TCP connection of IP data package owning the IP partitioned message is established, wherein the characteristic information comprises source IP address, destination IP address, source port, destination port and protocol number; and if the TCP connection of the IP data package is not established, performing discarding treatment or recording and counting treatment to the IP partitioned message of the IP data package. The invention can identify IP partitioned attack message quickly and accurately so as to solve the problem of property bottleneck caused by the IP partitioned attack, reduce the pressures of the storage resource of NIDS/NIPS system and the CPU computing resource and increase the handling capability of NIDS/NIPS system and the efficiency of IP partitioned recombination.
Description
Technical field
The present invention relates to the network technology of the communications field, specifically refer to a kind of method, Apparatus and system of processing IP partitioned message.
Background technology
Along with internet, applications is universal, produced various safety problems, for example worm in network, virus and spam, wooden horse, distributed denial of service ddos attacks etc. are more and more common, and the attack moment is all occurring.Network security is presented in face of people as the problem that cannot avoid.At present, for Network Intrusion Detection System NIDS and network intrusions protection system NIPS, as the aggressive security protection system of one, mainly by Intrusion Detection Technique, Attacking Packets is distinguished from legal data packet.
The main class of Intrusion Detection Technique in NIDS/NIPS is that misuse detects.In misuse detecting pattern, first by all intrusion behaviors and mutation thereof, be expressed as definite pattern or feature, set up an intrusion model storehouse.During detection, in order to improve IP fragmentation recombination efficiency, by using more CPU computational resource to meet as possible IP fragmentation recombination system, IP fragmentation recombination system is recombinated to the IP fragmentation receiving, IP packet after IP fragmentation restructuring is detected, by the data characteristics of differentiating detected IP packet in network, whether in collected intrusion model storehouse, occur concluding whether be intrusion behavior.
Inventor finds said method of the prior art, and at least there are the following problems:
Because NIDS/NIPS attempts to improve IP fragmentation recombination efficiency when carrying out intrusion detection protection, need to use more CPU computational resource (multiple IP fragmentation restructuring thread) to meet as possible IP fragmentation restructuring, what in fact IP fragmentation and reassembly attack the most easily exhausted is storage resources, at the storage resources of IP fragmentation at full capacity time, it is intentional transmitting portion burst not that many bursts are attacked, exhaust storage resources, or, many bursts are attacked the random IP fragmentation packet that sends each type, make to be busy with by attacking system the restructuring of these bursts, this reduces the efficiency of IP fragmentation and reassembly greatly, increased overhead, cause performance bottleneck.
Summary of the invention
In view of this, the main purpose of the embodiment of the present invention is to provide a kind of method, Apparatus and system of processing IP partitioned message, by identifying rapidly and accurately the attack fragment message in IP fragmentation, the problem that solution attacks because of IP fragmentation the performance bottleneck causing, alleviate storage resources and the CPU computational resource pressure of NIDS/NIPS system, thereby improved the disposal ability of NIDS/NIPS system and the efficiency of IP fragmentation restructuring.
For achieving the above object, the embodiment of the present invention provides following technical scheme:
A method for processing IP partitioned message, described method comprises:
Receive the IP fragmentation message that the network equipment sends;
When under described IP fragmentation message, IP packet data recording has complete characteristic information, detect the TCP connection of the affiliated IP packet of described IP fragmentation message and whether set up, wherein said characteristic information comprises: source IP address, object IP address, source port, destination interface, protocol number;
If the TCP of described IP packet does not connect, set up, the IP fragmentation message of described IP packet is carried out to discard processing or statistical disposition.
A kind of processing IP partitioned message device, described device comprises:
Receiver module: the IP fragmentation message sending for receiving the network equipment;
Detection module: for when IP packet data recording has complete characteristic information under described IP fragmentation message, detect the TCP connection of the affiliated IP packet of described IP fragmentation message and whether set up;
Processing module: set up for detecting that according to described detection module the TCP of described IP packet does not connect, the IP fragmentation message of described IP packet is carried out to discard processing or statistical disposition.
A kind of processing IP partitioned message system, described system comprises:
Receiver module, the IP fragmentation message sending for receiving the network equipment;
Whether first detection module is complete for detection of the characteristic information of IP packet data recording under IP fragmentation message;
Whether the second detection module, when detecting that when described detection sub-module IP packet data recording has complete characteristic information under described IP fragmentation message, detect under described IP fragmentation message the TCP of IP packet and connect and set up;
Processing module, sets up for detecting that according to described detection module the TCP of described IP packet does not connect, the IP fragmentation message of described IP packet is carried out to discard processing or statistical disposition.
The IP fragmentation message that embodiment of the present invention sends by receiving the network equipment; When under described IP fragmentation message, IP packet data recording has complete characteristic information, detect the TCP connection of the affiliated IP packet of described IP fragmentation message and whether set up, wherein said characteristic information comprises: source IP address, object IP address, source port, destination interface, protocol number; If not connecting, sets up the TCP of described IP packet, the IP fragmentation message of described IP packet is carried out to discard processing or statistical disposition, thereby solved the problem of attacking the performance bottleneck causing because of IP fragmentation, alleviate storage resources and the cpu resource pressure of NIDS/NIPS system, thereby improved the disposal ability of NIDS/NIPS system and the efficiency of IP fragmentation restructuring.
Accompanying drawing explanation
The method flow diagram that Fig. 1 is a kind of processing IP partitioned message of providing in embodiment of the present invention;
Fig. 2 is the concrete methods of realizing flow chart of a kind of processing IP partitioned message in embodiment of the present invention;
Fig. 3 is the composition structural representation of a kind of processing IP partitioned message device in embodiment of the present invention;
Fig. 4 is the composition structural representation of a kind of processing IP partitioned message system in embodiment of the present invention;
Fig. 5 is the application scenarios figure of a kind of processing IP partitioned message system in embodiment of the present invention;
Fig. 6 is the application scenarios figure of the another kind of processing IP partitioned message system in embodiment of the present invention.
Embodiment
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing, embodiments of the invention are described in further detail.
Should be clear and definite, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Based on the embodiment in the present invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.
As shown in Figure 1, the method for a kind of processing IP partitioned message in embodiments of the invention, comprising:
The IP fragmentation message that S100, the reception network equipment send.
Be specially: processing IP partitioned message device receives the IP fragmentation message that the network equipment sends, the described network equipment can be the network equipments such as router, after the IP fragmentation message that described processing IP partitioned message device receiving router sends, by switch, send to subscriber equipment; Also can for switch receiving router send IP fragmentation message after, by described message mirror to processing IP partitioned message device; The message simultaneously user being sent also carries out identical processing.
S102, when under described IP fragmentation message, IP packet data recording has complete characteristic information, whether the TCP that detects IP packet under described IP fragmentation message connects and sets up, wherein said characteristic information comprises: source IP address, object IP address, source port, destination interface, protocol number.
Processing IP partitioned message device to the detailed process that under the IP fragmentation message receiving, IP packet detects is: whether the characteristic information that first detects described IP packet data recording is complete, be whether described IP packet has recorded source IP address, object IP address, source port, destination interface, whether protocol number information, if described characteristic information is complete, detects the TCP connection of the affiliated IP packet of described IP fragmentation message and set up; If it is imperfect to detect the characteristic information of described IP packet data recording, wait for and receive the next IP fragmentation of described IP packet, until described IP packet data recording has after complete characteristic information, more whether the TCP that detects described IP packet connects and sets up.
The concrete TCP that detects described IP packet connects the process of whether having set up and is: obtain the TCP connection status matching with the characteristic information of described IP packet in stream table, the corresponding relation of the characteristic information that described stream table is described IP packet and the connection status of described IP packet; According to the connection status of the IP packet in described stream table, determine whether described IP data connect.Described stream table is stored in the device of processing IP partitioned message, and the application of installation of described processing IP partitioned message is in NIDS or NIPS.
Described stream table when receiving IP packet, according to the characteristic information of IP packet and TCP connection status Dynamic Establishing, and is stored in the device of processing IP partitioned message.Described stream table list item specifically comprises: source IP address, object IP address, source port, destination interface, protocol number, TCP connection status; Concrete connection state information connects for setting up TCP connection or not setting up TCP.
By the IP fragmentation message to having connected, carry out IP restructuring, distinguish fast the message that IP fragmentation and reassembly is attacked, alleviated storage resources and the cpu resource pressure of IDS/IPS system, improved the disposal ability of NIDS/NIPS.If the TCP of the described IP packet of S104 does not connect, set up, the IP fragmentation message of described IP packet is carried out discard processing or records statistical disposition.
Described discard processing is to discharge the storage resources that IP fragmentation takies; Described statistical disposition, for IP fragmentation is extracted key message and records and add up, discharges the storage resources that IP fragmentation takies simultaneously.
If the TCP of affiliated IP packet connects, set up, carry out S106, the IP fragmentation message of described arrival is carried out to IP fragmentation and reassembly (S106 is the same with existing recombination method, is just not described in detail) here.
Refer to Fig. 2, Fig. 2 is the concrete methods of realizing flow chart of a kind of processing IP partitioned message in embodiment of the present invention.
Step S202, receives the IP fragmentation message that the network equipment sends.
Be specially: processing IP partitioned message device receives the IP fragmentation message that the network equipment sends, the described network equipment can be the network equipments such as router, after the IP fragmentation message that described processing IP partitioned message device receiving router sends, by switch, send to subscriber equipment; Also can for switch receiving router send IP fragmentation message after, by described message mirror to processing IP partitioned message device; The message simultaneously user being sent also carries out identical processing.
In step S204, whether the characteristic information that detects described IP packet data recording is complete.
If described characteristic information is complete, continue execution step S206, otherwise, wait for and receive the next IP fragmentation of described IP packet, perform step S202, until described IP packet data recording has after complete characteristic information, then perform step S206.
Whether the characteristic information that detects described IP packet data recording is complete, and whether described IP packet has recorded source IP address, object IP address, source port, destination interface, protocol number information.
In step S206, detect the TCP connection of the affiliated IP packet of described IP fragmentation message and whether set up.
If it is to set up that the TCP of described IP packet connects, perform step S210; If do not set up, perform step S208.
The concrete TCP that detects described IP packet connects the process of whether having set up and is: obtain the TCP connection status matching with the characteristic information of described IP packet in stream table, the corresponding relation of the characteristic information that described stream table is described IP packet and the connection status of described IP packet; According to the connection status of the IP packet in described stream table, determine whether described IP data connect.Described stream table is stored in the device of processing IP partitioned message, and the application of installation of described processing IP partitioned message is in NIDS or NIPS.
Described stream table when receiving IP packet, according to the characteristic information of IP packet and TCP connection status Dynamic Establishing, and is stored in the device of processing IP partitioned message.Described stream table list item specifically comprises: source IP address, object IP address, source port, destination interface, protocol number, TCP connection status; Concrete connection state information connects for setting up TCP connection or not setting up TCP.
By the IP fragmentation message to having connected, carry out IP restructuring, distinguish fast the message that IP fragmentation and reassembly is attacked, alleviated storage resources and the cpu resource pressure of IDS/IPS system, improved the disposal ability of NIDS/NIPS.
In step S208, the TCP of described IP packet connects not foundation, the IP fragmentation message of described IP packet is carried out to discard processing or statistical disposition.
Described discard processing is to discharge the storage resources that IP fragmentation bag takies; Described statistical disposition is that described statistical disposition is that IP fragmentation is extracted key message and records and add up, and discharges the storage resources that IP fragmentation takies simultaneously.
In step S210, if the TCP of affiliated IP packet connects, set up, the IP fragmentation message of described arrival is carried out to IP fragmentation and reassembly.
The specific embodiments being provided by the embodiment of the invention described above can be found out, the IP fragmentation message sending by receiving the network equipment; When under described IP fragmentation message, IP packet data recording has complete characteristic information, detect the TCP connection of the affiliated IP packet of described IP fragmentation message and whether set up, wherein said characteristic information comprises: source IP address, object IP address, source port, destination interface, protocol number; If not connecting, sets up the TCP of described IP packet, the IP fragmentation message of described IP packet is carried out discard processing or records statistical disposition, identify fast IP fragmentation attack message, thereby solved the problem of attacking the performance bottleneck causing because of IP fragmentation, alleviate storage resources and the cpu resource pressure of NIDS/NIPS system, thereby improved the disposal ability of NIDS/NIPS system and the efficiency of IP fragmentation restructuring.
Refer to Fig. 3, Fig. 3 is the composition structural representation of a kind of processing IP partitioned reconstruction unit in embodiment of the present invention.
A kind of processing IP partitioned message device comprises: receiver module 300, detection module 302, processing module 304, and described IP fragmentation message device is applied in NIDS or NIPS system and is specially:
Receiver module 300: the IP fragmentation message sending for receiving the network equipment.
Be specially: processing IP partitioned message device receives the IP fragmentation message that the network equipment sends, the described network equipment can be the network equipments such as router, after the IP fragmentation message that described processing IP partitioned message device receiving router sends, by switch, send to subscriber equipment; Also can for switch receiving router send IP fragmentation message after, by described message mirror to processing IP partitioned message device after, send to receiver module 300; The message simultaneously user being sent also carries out identical processing.
Detection module 302: when IP packet data recording has complete characteristic information under the IP fragmentation message receiving when receiver module 300, detect under described IP fragmentation message the TCP of IP packet and connect and whether set up.
Wherein, described characteristic information comprises: source IP address, object IP address, source port, destination interface, protocol number.
The concrete TCP that detects described IP packet connects the process of whether having set up and is: obtain the TCP connection status matching with the characteristic information of described IP packet in stream table, the corresponding relation of the characteristic information that described stream table is described IP packet and the connection status of described IP packet; According to the connection status of the IP packet in described stream table, determine whether described IP data connect.Described stream table is stored in the device of processing IP partitioned message, and the application of installation of described processing IP partitioned message is in NIDS or NIPS.
Described stream table when receiving IP packet, according to the characteristic information of IP packet and TCP connection status Dynamic Establishing, and is stored in the device of processing IP partitioned message.Described stream table list item specifically comprises: source IP address, object IP address, source port, destination interface, protocol number, TCP connection status; Concrete connection state information connects for setting up TCP connection or not setting up TCP.
By the IP fragmentation message to having connected, carry out IP restructuring, distinguish fast the message that IP fragmentation and reassembly is attacked, alleviated storage resources and the cpu resource pressure of IDS/IPS system, improved the disposal ability of NIDS/NIPS.
Processing module 304: set up for detecting that according to described detection module 302 TCP of described IP packet does not connect, the IP fragmentation message of described IP packet is carried out discard processing or records statistical disposition.
Described discard processing is to discharge the storage resources that IP fragmentation bag takies; Described statistical disposition, for IP fragmentation bag is extracted key message and records and add up, discharges the storage resources that IP fragmentation bag takies simultaneously.
Description by technique scheme is known, and whether embodiment of the present invention, by processing IP partitioned message device, detects the TCP connection of the affiliated IP packet of described IP fragmentation message and set up; If not connecting, sets up the TCP of described IP packet, the IP fragmentation message of described IP packet is carried out to discard processing or statistical disposition, thereby solved the problem of attacking the performance bottleneck causing because of IP fragmentation, alleviate storage resources and the cpu resource pressure of NIDS/NIPS system, thereby improved the disposal ability of NIDS/NIPS system and the efficiency of IP fragmentation restructuring.
Refer to Fig. 4, Fig. 4 is the composition structural representation of a kind of processing IP partitioned message system in embodiment of the present invention.
A kind of processing IP partitioned message apparatus system, described system comprises: receiver module 400, first detection module 402, the second detection module 404, processing module 406, the function that concrete each module completes is as follows:
Be specially: receive the IP fragmentation message that the network equipment sends, the described network equipment can be the network equipments such as router, processing IP partitioned message device receives the IP fragmentation message that the network equipment sends, the described network equipment can be the network equipments such as router, after the IP fragmentation message that described processing IP partitioned message device receiving router sends, by switch, send to subscriber equipment; After the IP fragmentation message that also can send for switch receiving router, described message mirror is sent to receiver module 400 after to processing IP partitioned message device; The message simultaneously user being sent also carries out identical processing.
Whether first detection module 402 is complete for detection of the characteristic information of IP packet data recording under IP fragmentation message.
Whether the characteristic information that detects described IP packet data recording is complete, and whether described IP packet has recorded source IP address, object IP address, source port, destination interface, protocol number information.
If described characteristic information is complete, described characteristic information is sent to the second detection module 404 to process, otherwise, described first detection module 402 is also imperfect for the characteristic information of IP packet data recording under described current IP burst, wait for the next IP fragmentation that receives described IP packet, until described IP packet data recording has complete characteristic information.
The second detection module 404, be used for when described detection sub-module detects that the affiliated IP packet data recording of described IP fragmentation message has complete characteristic information, detect the TCP connection of the affiliated IP packet of described IP fragmentation message and whether set up, and send to processing module 406 to process testing result.
The second detection module 404 specifically comprises: cache module 4042, extraction module 4044, comparison module 4046 and matching treatment module 4048.
Cache module 4042, for the stream table of IP packet described in dynamic generation buffer memory, the corresponding relation of the characteristic information that described stream table is described IP packet and the connection status of described IP packet.
Described stream table when receiving IP packet, according to the characteristic information of IP packet and TCP connection status Dynamic Establishing, and is stored in the device of processing IP partitioned message.Described stream table list item specifically comprises: source IP address, object IP address, source port, destination interface, protocol number, TCP connection status; Concrete connection state information connects for setting up TCP connection or not setting up TCP.
Described discard processing is to discharge the storage resources that IP fragmentation bag takies; Described statistical disposition, for IP fragmentation bag is extracted key message and records statistics, discharges the storage resources that IP fragmentation bag takies simultaneously.
Description by technique scheme is known, and whether the TCP that embodiment of the present invention detects IP packet under described IP fragmentation message by processing IP partitioned message apparatus system connects and set up; If not connecting, sets up the TCP of described IP packet, the IP fragmentation message of described IP packet is carried out discard processing or records statistical disposition, thereby solved the problem of attacking the performance bottleneck causing because of IP fragmentation, alleviate storage resources and the cpu resource pressure of NIDS/NIPS system, thereby improved the disposal ability of NIDS/NIPS system and the efficiency of IP fragmentation restructuring.
Refer to Fig. 5, Fig. 5 is the application scenarios figure of a kind of processing IP partitioned message system in embodiment of the present invention.
Described processing IP partitioned message system is built in NIDS/NIPS, is connected respectively with router with switch, and described switch is connected with this processing IP partitioned message system with user, and concrete annexation as shown in Figure 5.Router completes forwarding, the route of packet, and the package forward that is Intranet user by destination address is given described processing IP partitioned message system, is that the package forward of external user is gone out by destination address simultaneously.All IP fragmentations are analyzed in processing IP partitioned message systems inspection, when under described IP fragmentation message, IP packet data recording has complete characteristic information, whether detect the TCP connection of the affiliated IP packet of described IP fragmentation message sets up, wherein said characteristic information comprises: source IP address, object IP address, source port, destination interface, protocol number; If not connecting, sets up the TCP of described IP packet, the IP fragmentation message of described IP packet is carried out discard processing or records statistical disposition, and result is reported to network management system, network management system is configured and adjusts processing IP partitioned message system, router and user according to testing result, described processing IP partitioned message system also can receive the IP message that user sends simultaneously, and carries out identical handling process.
Refer to Fig. 6, the application scenarios figure of the another kind of processing IP partitioned message system in Fig. 6 embodiment of the present invention.
Processing IP partitioned message system is built in NIDS/NIPS, is connected respectively with exchange with network management system, and switch is connected with router with user respectively, and concrete annexation as shown in Figure 6.The flow that switch sends router, by traffic mirroring (or light splitting), give processing IP partitioned message system, described IP fragmentation is analyzed in processing IP partitioned message systems inspection, when under described IP fragmentation message, IP packet data recording has complete characteristic information, detect the TCP connection of the affiliated IP packet of described IP fragmentation message and whether set up, wherein said characteristic information comprises: source IP address, object IP address, source port, destination interface, protocol number, if not connecting, sets up the TCP of described IP packet, the IP fragmentation message of described IP packet is carried out discard processing or records statistical disposition, and result is reported to network management system, network management system according to testing result to processing IP partitioned message system, router and user are configured and adjust, the TCP that also can work as described IP packet connects while not setting up, directly the described result not connecting being reported to network management system processes, described processing IP partitioned message system also can receive the IP message that user sends simultaneously, and carry out identical handling process.
The above; only for preferably embodiment of the present invention, but protection scope of the present invention is not limited to this, is anyly familiar with in technical scope that those skilled in the art disclose in the present invention; the variation that can expect easily or replacement, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (4)
1. a method for processing IP partitioned message, is characterized in that, comprising:
Receive the IP fragmentation message that the network equipment sends;
When under described IP fragmentation message, IP packet data recording has complete characteristic information, detect the TCP connection of the affiliated IP packet of described IP fragmentation message and whether set up, wherein said characteristic information comprises: source IP address, object IP address, source port, destination interface, protocol number;
If the TCP of affiliated IP packet does not connect, set up, the IP fragmentation message of described IP packet is carried out to discard processing or statistical disposition;
If the TCP of affiliated IP packet connects, set up, the IP fragmentation message of described arrival is carried out to IP fragmentation and reassembly;
Under described IP fragmentation message, IP packet data recording also comprises before having complete characteristic information:
Whether the characteristic information that detects the affiliated IP packet data recording of IP fragmentation message is complete;
Described method further comprises:
When the characteristic information of IP packet data recording under described current IP fragment message is imperfect, wait for the next IP fragmentation message that receives described IP packet, until described IP packet data recording has complete characteristic information.
2. method according to claim 1, is characterized in that, the TCP of the affiliated IP packet of the described IP fragmentation message of described detection connects the step of whether having set up and specifically comprises:
Obtain the TCP connection status matching with the characteristic information of described IP packet in stream table, the corresponding relation of the characteristic information that described stream table is described IP packet and the connection status of described IP packet;
According to the connection status of the IP packet in described stream table, determine whether described IP packet connects.
3. a processing IP partitioned message system, is characterized in that, described system comprises:
Receiver module, the IP fragmentation message sending for receiving the network equipment;
Whether first detection module is complete for detection of the characteristic information of IP packet data recording under IP fragmentation message;
Whether the second detection module, when detecting that when described first detection module IP packet data recording has complete characteristic information under described IP fragmentation message, detect under described IP fragmentation message the TCP of IP packet and connect and set up;
Processing module, does not connect and sets up for the TCP of IP packet under detecting according to described the second detection module, the IP fragmentation message of described IP packet is carried out to discard processing or statistical disposition; When the TCP of affiliated IP packet connection has been set up, the IP fragmentation message of described arrival is carried out to IP fragmentation and reassembly;
Described first detection module also, for when the characteristic information of IP packet data recording under described current IP burst is imperfect, is waited for the next IP fragmentation message that receives described IP packet, until described IP packet data recording has complete characteristic information.
4. system according to claim 3, is characterized in that, described the second detection module specifically comprises:
Cache module, for the stream table of IP packet described in buffer memory, the corresponding relation of the characteristic information that described stream table is described IP packet and the connection status of described IP packet;
Acquisition module, the TCP connection status matching for obtaining stream table and the characteristic information of described IP packet;
Matching treatment module, for according to the connection status of the IP packet of described stream table, determines whether described IP packet connects.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200810241965.4A CN101771575B (en) | 2008-12-29 | 2008-12-29 | Method, device and system for processing IP partitioned message |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200810241965.4A CN101771575B (en) | 2008-12-29 | 2008-12-29 | Method, device and system for processing IP partitioned message |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101771575A CN101771575A (en) | 2010-07-07 |
CN101771575B true CN101771575B (en) | 2014-04-16 |
Family
ID=42504191
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200810241965.4A Expired - Fee Related CN101771575B (en) | 2008-12-29 | 2008-12-29 | Method, device and system for processing IP partitioned message |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101771575B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105100024B (en) * | 2014-05-21 | 2017-12-12 | 腾讯科技(深圳)有限公司 | UDP message bag safety detection method and device |
CN113438176B (en) * | 2021-05-17 | 2022-08-23 | 翱捷科技股份有限公司 | Method and device for processing fragment IP data packet |
CN115118665A (en) * | 2022-05-27 | 2022-09-27 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | IP fragment message resource dynamic recovery method and system based on network load |
CN115022069B (en) * | 2022-06-20 | 2024-04-26 | 武汉思普崚技术有限公司 | IP fragment message recombination method and device for network attack detection |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1411218A (en) * | 2002-04-23 | 2003-04-16 | 华为技术有限公司 | Network addressing control method of zone message |
CN1450757A (en) * | 2002-10-11 | 2003-10-22 | 北京启明星辰信息技术有限公司 | Method and system for monitoring network intrusion |
-
2008
- 2008-12-29 CN CN200810241965.4A patent/CN101771575B/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1411218A (en) * | 2002-04-23 | 2003-04-16 | 华为技术有限公司 | Network addressing control method of zone message |
CN1450757A (en) * | 2002-10-11 | 2003-10-22 | 北京启明星辰信息技术有限公司 | Method and system for monitoring network intrusion |
Also Published As
Publication number | Publication date |
---|---|
CN101771575A (en) | 2010-07-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9009830B2 (en) | Inline intrusion detection | |
CN101083563B (en) | Method and apparatus for preventing distributed refuse service attack | |
CN101594269B (en) | Method, device and gateway device for detecting abnormal connection | |
WO2008131667A1 (en) | Method, device for identifying service flows and method, system for protecting against a denial of service attack | |
CN107547503B (en) | Session table item processing method and device, firewall equipment and storage medium | |
CN101060495A (en) | Message processing method, system and equipment | |
KR100996288B1 (en) | A method for neutralizing the ARP spoofing attack by using counterfeit MAC addresses | |
US20090240804A1 (en) | Method and apparatus for preventing igmp packet attack | |
CN100454895C (en) | Method for raising network security via message processing | |
CN108270722B (en) | Attack behavior detection method and device | |
KR101086397B1 (en) | IP packet error handling apparatus and method using the same, and computer readable medium on which program executing the method is recorded | |
CN101039176A (en) | DHCP monitoring method and apparatus thereof | |
JP5134141B2 (en) | Unauthorized access blocking control method | |
CN102510385A (en) | Method for preventing fragment attack of IP (Internet Protocol) datagram | |
CN101771575B (en) | Method, device and system for processing IP partitioned message | |
CN106487790B (en) | Cleaning method and system for ACK FLOOD attacks | |
CN110071939B (en) | Improvement method for SYN FLOOD protection of traditional DDOS firewall in industrial network | |
CN113890746B (en) | Attack traffic identification method, device, equipment and storage medium | |
CN101582880B (en) | Method and system for filtering messages based on audited object | |
WO2012100494A1 (en) | Method and apparatus for improving security of neighbor discovery snooping | |
CN102546387B (en) | Method, device and system for processing data message | |
CN112612670B (en) | Session information statistical method, device, exchange equipment and storage medium | |
CN111628982B (en) | Flooding attack mitigation method based on credit degree and kini impurities | |
CN113014530B (en) | ARP spoofing attack prevention method and system | |
JP4391455B2 (en) | Unauthorized access detection system and program for DDoS attack |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20140416 Termination date: 20191229 |
|
CF01 | Termination of patent right due to non-payment of annual fee |