CN104683293A - SYN attack defense method based on logic device - Google Patents
SYN attack defense method based on logic device Download PDFInfo
- Publication number
- CN104683293A CN104683293A CN201310616104.0A CN201310616104A CN104683293A CN 104683293 A CN104683293 A CN 104683293A CN 201310616104 A CN201310616104 A CN 201310616104A CN 104683293 A CN104683293 A CN 104683293A
- Authority
- CN
- China
- Prior art keywords
- message
- syn
- address
- logical device
- white list
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/166—Implementing security features at a particular protocol layer at the transport layer
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides an SYN attack defense method based on a logic device. The SYN attack defense method is applied to gateway equipment at a server front end. When a message is received, the logic device performs operation consisting of the following steps: when the message arrives at the logic device, resolving the arriving message through the logic device, and determining an SYN message carrying TCP (Transmission Control Protocol) connection request information from a request end; verifying whether or not the source IP address and the destination IP address of the SYN message are in a white list; and if the source IP address and the destination IP address of the SYN message are in the white list, permitting current connection and a requested end to execute a normal TCP connection process. Compared with the prior art, the SYN attack defense method has the advantages that SYN Flood attack defense is implemented through introduction and use of the logic device, so that the characteristics of high rate and high performance of the logic device are brought into full play. The white list is established through the logic device on the gateway equipment at the server front end, so that little occupation and even zero occupation of SYN defense CPU (Central Processing Unit) resources of the requested end are realized.
Description
Technical field
The present invention relates to computer network security field, particularly relate to a kind of ssyn attack means of defence of logic-based device.
Background technology
Along with the development of network, the status of network in people's life constantly promotes, and the demand of user to network constantly changes, and requires that the information category of transmission gets more and more, require that the service quality provided is also more and more higher, therefore network security becomes the much-talked-about topic of people's growing interest.
TCP (Transmission Control Protocol) agreement is a kind of Internet Transmission control protocol of current extensive use, and it is a Connection-oriented Protocol.In a network, before no matter which direction the opposing party sends data, all first must set up a connection between the two parties, in order to set up this connection, general step is: the first step, request end (normally client) sends a SYN message segment (message segment 1), indicates port and the initial sequence number ISN of the server that client plan connects to requested end (normally server end); Second step, server beams back the SYN message segment (message segment 2) of the initial sequence number comprising server as response, and meanwhile, ISN acknowledged sequence number being set to client adds 1 to confirm the SYN message segment of client, and a SYN will take a sequence number; 3rd step, the ISN that acknowledged sequence number must be set to server by client adds 1 to confirm (message segment 3) the SYN message segment of server.These three message segments complete TCP establishment of connection, and this process is also referred to as three-way handshake (three-way handshake).
At present, network exists a kind of network attack mode connecting three-way handshake process for TCP, its attack pattern is after second step server end sends connection response message, client does not send third time confirmation message mala fide, cause server end to wait for third time handshaking information thus always, and repeatedly can send second time response message to client, thus take a large amount of server resources, finally cause server end cannot serve other clients, be called as Denial of Service attack (Denial of Service, DoS).And PCs a large amount of in operational network is called as distributed denial of service attack (Distributed Denial of Service, DDoS) to collective's attack that server is initiated.
SYN Flood (synchronous mighty torrent) is current most popular DoS(Denial of Service attack) with the distributed refusal of DdoS(, service attack) one of mode, this is that one utilizes Transmission Control Protocol defect, send a large amount of TCP connection request forged, thus make by the attack pattern of attacker's resource exhaustion (CPU at full capacity or low memory).Up to the present, effectively can take precautions against means that SYN Flood attacks and few, SYN Cookie is exactly wherein foremost one.
SYN Cookie does some amendments to the three-way handshake agreement of TCP, is used for taking precautions against a kind of means that SYN Flood attacks specially.Its principle is, when server end receives SYN message and returns SYN ACK message to client, server end does not distribute a special data field, but calculates a cookie value according to this SYN bag.When server end receives client SYN ACK message again, server end checks the legitimacy of this SYN ACK message again according to cookie value.If legal, server end special data field of reallocating is carried out processing following TCP and is connected.
There is following defect in prior art:
Server end, after receiving client SYN message, will calculate cookie value according to this SYN message, and cookie value generally adopts key+message information to carry out hash algorithm and calculates; When server end receives client SYN ACK message again, server end will check according to cookie the legitimacy that SYN ACK wraps.When a large amount of SYN messages and SYN ACK message are to server end, the calculating of cookie value is very complicated algorithm with checking, can consume a large amount of CPU memory sources, affect the use of normal service.Equally, when normal SYN message and SYN ACK message arrive, calculating and the inspection of cookie value also can increase the time of TCP connection establishment, and that causes user to surf the Net is slow.In addition, what produce at random when the generation of key is generally system initialization no longer changes during system cloud gray model, and such key just easy victim cracks, the protection failure causing SYN Flood to attack.
Summary of the invention
In view of this, for the deficiency of existing SYN Flood attack defense method, the invention provides a kind of ssyn attack means of defence of logic-based device, by set up white list reach protection ssyn attack while do not consume service end cpu performance and resource, reduce TCP connection setup time, again can irregular more new key, assailant cannot be cracked.
Specifically, the invention provides a kind of ssyn attack means of defence of logic-based device, be applied on the gateway device of server front end, wherein this gateway device comprises processor and logical device, and logical device carries out the process of following steps when receiving message:
A) message arrives logical device, and logical device is resolved the message arrived, and determines the SYN message carrying TCP connectivity request message from request end;
B) logical device obtains source IP address and the object IP address search white list table of this SYN message, and whether the source IP address of checking SYN message and object IP address, in white list table, then allow this SYN message to pass through in this way, otherwise perform step c);
C) logical device simulation requested end send one corresponding with SYN message and innerly there is wrong response message, if logical device have received the correct reset message corresponding with this response message, then obtain the source IP address of described reset message and object IP address stored in white list table.
Further, response message is SYN ACK message, and reset message is RST message.
Further, the response message that described inside exists mistake is the SYN ACK message with error check number.
Further, described logical device simulation requested end send one corresponding with SYN message and innerly there is wrong response message, if logical device have received the correct reset message corresponding with this response message, then the source IP address and the object IP address that obtain described reset message are specially stored in white list table:
Logical device simulation requested end sends a SYN ACK message with error check number to request end, and wherein this error check number uses pre-defined algorithm to calculate according to the message characteristic of previously selected SYN message and preset-key; When logical device have received RST message, described pre-defined algorithm is used to calculate sequence number value according to the message characteristic of previously selected RST message and preset-key, the sequence number value of carrying in the sequence number value this calculated and this RST message compares, if both are consistent, then by the source IP address of described RST message and object IP address stored in white list table.
Further, wherein the message characteristic of previously selected SYN message and the message characteristic of previously selected RST message are the IP address of message.
As can be seen here, the invention provides a kind of ssyn attack means of defence of logic-based device, use logical device to realize SYN Flood and attack protection, give full play to logical device two-forty, high performance feature, white list table is set up by realization logical device on the gateway device of server front end, the TCP connection request of request end is by the source IP address in logical device checking white list table and object IP address, once by the checking of white list table, requested end is without the need to carrying out SYN protection again, to greatly accelerate TCP connection setup time, improve user's networking speed, reach requested end SYN protection cpu resource zero takies.
Accompanying drawing explanation
Fig. 1 is the basic hardware structure chart of the ssyn attack means of defence gateway device of a kind of logic-based device of the present invention;
Fig. 2 is the ssyn attack means of defence flow chart of a kind of logic-based device of the present invention;
Fig. 3 is the ssyn attack means of defence schematic flow sheet of a kind of logic-based device of the present invention.
Embodiment
In order to make those skilled in the art person better understand the present invention program, below in conjunction with drawings and Examples, the present invention is further described in more detail.
Before description implementation of the present invention, first simply introduce sequence number in lower TCP three-way handshake process and relation between confirming number.In typical Transmission Control Protocol application, two main bodys are generally comprised, request end and requested end; In most cases, the main frame of client is normally played the part of in request end, and requested end normally server end.Server end receives and carries out confirmation of synchronization from sending a SYN ACK message to client after client SYN message, according to standard TCP protocol requirement, confirmation value in this SYN ACK message should be that the sequence number value in SYN message adds 1, and the value that the sequence number in SYNA ACK message is server end to be produced at random, an ACK message can be sent to server end after client receives SYN ACK message to confirm, sequence number value in this ACK message is the confirmation number value in SYN ACK message, and confirmation value is that in SYN ACK message, sequence number value adds 1 in ACK message.
The present invention's realization logical device on the gateway device of server front end completes reply and the verification of TCP connection request, reach seldom taking of cpu resource in server front end SYN protection process, or even zero takies.Please refer to Fig. 1, in a preferred embodiment, the invention provides a kind of gateway device being positioned at server front end, this gateway device logic-based device realizes ssyn attack protection.From hardware, this gateway device comprises: CPU, logical device, nonvolatile memory, internal memory and the network port, and certain gateway device also may comprise other necessary hardware, and this depends on other designing requirements of this equipment.In a preferred embodiment, on the gateway device of front end of the present invention, logical device is FPGA(Field Programmable Gate Array), FPGA is a kind of programmable logic device, applying flexible.Certainly this logical device also can be the logical device of other types, such as common CPLD(Complex Programmable Logic Device) etc.
Please refer to Fig. 2, logical device carries out the process of following steps when receiving message:
A) message arrives logical device, and logical device is resolved the message arrived, and determines the SYN message carrying TCP connectivity request message from request end;
B) logical device obtains source IP address and the object IP address search white list table of this SYN message, and whether the source IP address of checking SYN message and object IP address, in white list table, then allow this SYN message to pass through in this way, otherwise perform step c);
C) logical device simulation requested end send one corresponding with SYN message and innerly there is wrong response message, if logical device have received the correct reset message corresponding with this response message, then obtain the source IP address of described reset message and object IP address stored in white list table.
Please further refer to Fig. 3, in the present embodiment, response message is SYN ACK message, and reset message is RST message.In specific implementation process, the SYN message that client initiates TCP connection request arrives gateway device FPGA, FPGA removes according to the source IP address of this SYN message and object IP address the white list table searching FPGA internal maintenance, judges whether to allow this message to arrive server end.If do not record source IP address and the object IP address of this message in white list table, then current checking would not be passed through, and FPGA will perform the Act1 operation shown in Fig. 3.
In Act1 operation, FPGA revises the SYN message received, generate corresponding with SYN message but innerly there is wrong SYN ACK message, be equivalent to emulating server end send an inner SYN ACK message that there is mistake and return to client, in a preferred embodiment, the inner SYN ACK message that there is mistake is specially the SYN ACK message with error check number.
Client is after receiving inside that FPGA returns and there is the SYN ACK message of error check number, if this client is a legal client, it can require send RST message according to Transmission Control Protocol.If this client is assailant, assailant normally can not respond this SYN ACK message, because assailant's response message then can consume self ample resources, attacks difficulty and greatly improves.So in the present invention, FPGA sends out an inner SYN ACK message that there is mistake and goes back, if assailant then FPGA usually would not receive RST message, so in follow-up flow process, the message of assailant cannot hit white list all the time, therefore also just cannot arrive server end by gateway device.
As previously mentioned, the confirmation number that the SYN ACK message inner band one that logical device emulating server end returns is wrong, its implementation has a variety of.Such as, a value can be filled out at random and be carried in SYN ACK message as a wrong confirmation number and send to client, preserve the confirmation number of this mistake, verify again when waiting for that corresponding RST message arrives.If the sequence number value that the RST message now received carries and the confirmation number value that FPGA fills in SYN ACK message different, then illustrate that RST message is not that legitimate client sends, because legitimate client can carry the sequence number identical with error check number value in SYN ACK message according to protocol requirement in RST message, now the source IP address of this message and object IP address can not be put in white list by FPGA, this processing mode mainly considers that some very brilliant assailants can find that not responding RST message cannot complete attack, these relatively brilliant assailants according to fixed format may send RST message and respond, therefore the present invention can evade this brilliant attack means by the confirmation number of mistake in comparison SYN ACK message further with the consistency of sequence number in RST message, even if make assailant respond RST message, source IP address and the object IP address of this RST message also cannot enter white list.If client is a legitimate client, a RST message can be responded when receiving the SYN ACK message of the inside existence mistake that server end sends, and the error check number that the sequence number that this RST message carries and SYN ACK message are filled out is consistent, now the source IP address of RST message and object IP address can enter in white list table.
Above processing mode can obtain preferably attack protection effect, but realization needs consume certain resource, such as need the confirmation number of preserving the mistake of filling at random, and FPGA also will know which connection request the confirmation number of this mistake is, also need after receiving RST message to search corresponding connection request, the confirmation of this mistake number can be contrasted with the sequence number of corresponding RST message like this; Therefore upper slightly complicated is realized.In order to save system resource further, in the preferred mode of the present invention, this error check number uses pre-defined algorithm to calculate according to the message characteristic of previously selected SYN message and preset-key.When receiving the RST message of reply, FPGA only need use the corresponding message characteristic of this RST message and same preset-key to use same pre-defined algorithm to calculate again and draw a value for one time, sequence number value entrained by the sequence number value calculated and this RST message is compared, if both are consistent, illustrate that RST message is that legitimate client sends, otherwise illustrate that this message is that assailant sends.It is under attack that the present invention makes victim be not easy by the message characteristic of preset-key and message by the mode that predetermined algorithm calculates value, further increase the safeguard function of FPGA to ssyn attack like this, and realize simple, whole process only needs to calculate, and does not relate to complex operations such as tabling look-up.
Be illustrated below by way of an example, suppose that the message characteristic of previously selected SYN message and the message characteristic of previously selected RST message are the IP address of message.The benefit of message characteristic choice for use IP address is because IP address generally can not change in this communication process, can certainly select the feature that other can not change, such as port numbers.
Please refer to Fig. 3, shown in Act1, FPGA receives client and sends that to carry sequence number value be FSN, confirmation value is the SYN(FSN of 0,0) message, FPGA emulating server end is replied one to carry sequence number value be Fsn ' and error check number value is the SYN ACK(Fsn ' of Csn ', Csn ') message is to client.
Further, please refer to Fig. 3, client is after receiving inside that FPGA returns and there is the SYN ACK message of error check number, if this client is a legal client, it can require to send to there is the corresponding RST message of error check SYN ACK message to server end to inside according to Transmission Control Protocol, the sequence number value of RST message is the confirmation number value Csn ' that its corresponding inside exists error check SYN ACK message and carries, confirm that number value is that its corresponding inside exists the sequence number value Fsn ' that error check SYN ACK message carries and adds 1, the then sequence number that carries of RST message and confirm number to be RST(Csn ', Fsn '+1),
Please refer to the Act2 operation shown in Fig. 3, FPGA receive client reply to server end to carry sequence number value be Csn ' and confirm that number value is the RST(Csn ' of Fsn '+1, Fsn '+1) after message, in Act2 operation, the IP address that FPGA uses this RST message to carry and preset-key use pre-defined algorithm to calculate a sequence number value, the sequence number value that this sequence number value and RST message are carried is compared, if both are consistent, by the source IP address of described RST message and object IP address stored in white list table.
As previously mentioned, in this embodiment, the sequence number value that the IP address using this RST message to carry and preset-key use pre-defined algorithm to calculate, the IP address used during the sequence number value of carrying with this RST message of calculating is the value that same IP address and same preset-key use same pre-defined algorithm to calculate, such as all can use the IP address of client, so in SYN message, the IP address of client is the source IP address of this message, in SYN ACK message, the IP address of client is the object IP address of this message, and the IP address of client is the source IP address of this message in RST message, so the sequence number value that the IP address using the RST message received to carry and preset-key use pre-defined algorithm to calculate should also be Csn ', consistent with the sequence number value Csn ' carried in this RST message, determine that the SYN message in this RST message and Act1 belongs to a TCP connection request, then by the source IP address of described RST message and object IP address stored in white list table.
After have sent RST message, client can carry out TCP connection request again, when the SYN message that client sends arrives FPGA again, owing to have recorded this source IP address and object IP address in the white list table of FPGA internal memory, this source IP address and object IP address will be found when searching white list table, then FPGA thinks that this connects and belongs to that legitimate client initiates, and allows SYN message to pass through.Next three-way handshake is completed by normal mode and server end, connection establishment, as the Act3 process in Fig. 3, message arrives server end by gateway device, complete TCP establishment of connection, the realization of this process can the Transmission Control Protocol of normative reference realize, and specifically no longer describes in detail.
The present invention not only ensure that the different of sequence number by the IP address of message from the value that the key preset calculates with predetermined algorithmic approach as far as possible, and the key that SYN protects algorithm can irregularly upgrade, can prevent key victim in long-term operation from cracking brought harm.
In preferred mode, FPGA end is the configuration completing key when opening protection function ssyn attack, and key irregularly can be configured renewal at FPGA end, and that is logical device can preserve the new key that management-side issues.And white list table is a part of memory address space of FPGA Memory Allocation, by stored in the internal storage location of multiple IP addresses form, IP address comprises source IP address and object IP address.This white list table can be configured by FPGA as required and regularly carry out deletion renewal, and namely FPGA regularly can delete the data in white list table.The renewal of key and the update mechanism of white list table can improve safe class further, and the renewal of key can not on protecting the impact that substantially can not have a negative impact, and reason is as follows:
If before 1. the renewal of key occurs in SYN message arrival FPGA, then any impact can not be produced on protection;
If the renewal of key occur in FPGA replied one with after the SYN ACK message of error check number and RST message arrive moment between FPGA, only can make RST message due to the change of key authentication failed; When client retransmits SYN message, reply and the RST authentication of message flow process of SYN ACK message normally can be realized;
If after 3. the renewal of key occurs in RST message arrival FPGA, FPGA can set up the white list table being applicable to the key before upgrading, but a period of time (user is configurable) FPGA can delete this white list table.If attacked after occurring in key updating and between white list list deletion, then protective action can be lost;
If but user coordinated and described white list table ageing time (i.e. white list table effective time) is changed little (level second) before more new key, before more new key, white list table nearly all can be deleted, and FPGA will realize protective action according to new key.
As can be seen from above execution mode, utilizing the account form of specifying to generate error check mode by FPGA can effective security from attacks.In this process because the confirmation number of mistake in SYN ACK message is calculated, therefore assailant has wanted attack not only needs to know this algorithm itself, also need for each message calculates, because the message characteristic (such as source IP address) of the message that assailant sends is normally vicissitudinous, if do not calculated one by one, so result is obviously wrong.Under these circumstances, assailant one wants cracking trajectory, but also will consume huge computational resource, implements and is obviously the devil.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment made, equivalent replacement, improvement etc., all should be included within the scope of protection of the invention.
Claims (7)
1. a ssyn attack means of defence for logic-based device, is applied on the gateway device of server front end, and wherein this gateway device comprises processor and logical device, it is characterized in that, logical device carries out the process of following steps when receiving message:
A) message arrives logical device, and logical device is resolved the message arrived, and determines the SYN message carrying TCP connectivity request message from request end;
B) logical device obtains source IP address and the object IP address search white list table of this SYN message, and whether the source IP address of checking SYN message and object IP address, in white list table, then allow this SYN message to pass through in this way, otherwise perform step c);
C) logical device simulation requested end send one corresponding with SYN message and innerly there is wrong response message, if logical device have received the correct reset message corresponding with this response message, then obtain the source IP address of described reset message and object IP address stored in white list table.
2. the method for claim 1, is characterized in that, response message is SYN ACK message, and reset message is RST message.
3. the method for claim 1, is characterized in that, the response message that described inside exists mistake is the SYN ACK message with error check number.
4. the method for claim 1, it is characterized in that, described logical device simulation requested end send one corresponding with SYN message and innerly there is wrong response message, if logical device have received the correct reset message corresponding with this response message, then the source IP address and the object IP address that obtain described reset message are specially stored in white list table:
Logical device simulation requested end sends a SYN ACK message with error check number to request end, and wherein this error check number uses pre-defined algorithm to calculate according to the message characteristic of previously selected SYN message and preset-key; When logical device have received RST message, described pre-defined algorithm is used to calculate sequence number value according to the message characteristic of previously selected RST message and preset-key, the sequence number value of carrying in the sequence number value this calculated and this RST message compares, if both are consistent, then by the source IP address of described RST message and object IP address stored in white list table.
5. method as claimed in claim 4, is characterized in that, also comprise: the new key that logical device preservation management-side issues is as preset-key.
6. the method for claim 1, is characterized in that, also comprises: logical device regularly deletes the data in white list table.
7. the method for claim 1, is characterized in that, wherein the message characteristic of previously selected SYN message and the message characteristic of previously selected RST message are the IP address of message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310616104.0A CN104683293A (en) | 2013-11-27 | 2013-11-27 | SYN attack defense method based on logic device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310616104.0A CN104683293A (en) | 2013-11-27 | 2013-11-27 | SYN attack defense method based on logic device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104683293A true CN104683293A (en) | 2015-06-03 |
Family
ID=53317902
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310616104.0A Pending CN104683293A (en) | 2013-11-27 | 2013-11-27 | SYN attack defense method based on logic device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104683293A (en) |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105827646A (en) * | 2016-05-17 | 2016-08-03 | 浙江宇视科技有限公司 | SYN attack protecting method and device |
| WO2016180188A1 (en) * | 2015-10-09 | 2016-11-17 | 中兴通讯股份有限公司 | Distributed link establishment method, apparatus and system |
| CN106453419A (en) * | 2016-12-07 | 2017-02-22 | 东软集团股份有限公司 | Method and device for recognizing source IP address legality and for network attack defense |
| CN106470193A (en) * | 2015-08-19 | 2017-03-01 | 互联网域名系统北京市工程研究中心有限公司 | A kind of anti-DoS of DNS recursion server, the method and device of ddos attack |
| CN107395632A (en) * | 2017-08-25 | 2017-11-24 | 北京神州绿盟信息安全科技股份有限公司 | SYN Flood means of defences, device, cleaning equipment and medium |
| CN107579984A (en) * | 2017-09-15 | 2018-01-12 | 哈尔滨工程大学 | A kind of secure communications links method for building up of network-oriented layer |
| CN107948197A (en) * | 2017-12-26 | 2018-04-20 | 北京星河星云信息技术有限公司 | Defend the method and half-connection attack defending platform of half-connection attack |
| CN108667829A (en) * | 2018-04-26 | 2018-10-16 | 腾讯科技(深圳)有限公司 | A kind of means of defence of network attack, device and storage medium |
| CN108833418A (en) * | 2018-06-22 | 2018-11-16 | 北京京东金融科技控股有限公司 | Methods, devices and systems for defensive attack |
| CN109639712A (en) * | 2018-12-29 | 2019-04-16 | 北京神州绿盟信息安全科技股份有限公司 | A kind of method and system for protecting DDOS attack |
| CN111615814A (en) * | 2018-01-23 | 2020-09-01 | 甲贺电子株式会社 | Mutual authentication system for communication lines in IP network |
| CN112887213A (en) * | 2019-11-29 | 2021-06-01 | 北京百度网讯科技有限公司 | Message cleaning method and device |
| CN113542246A (en) * | 2021-07-02 | 2021-10-22 | 南京中新赛克科技有限责任公司 | Active flow response implementation method based on network processor |
| CN114697088A (en) * | 2022-03-17 | 2022-07-01 | 神州绿盟成都科技有限公司 | Method and device for determining network attack and electronic equipment |
| CN116527406A (en) * | 2023-07-03 | 2023-08-01 | 北京左江科技股份有限公司 | Multi-host security system and communication method based on FPGA |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101478537A (en) * | 2008-12-31 | 2009-07-08 | 成都市华为赛门铁克科技有限公司 | Network security protection method and apparatus in uni-direction environment |
| CN101599957A (en) * | 2009-06-04 | 2009-12-09 | 东软集团股份有限公司 | A kind of defence method of SYN flood attack and device |
| CN102291441A (en) * | 2011-08-02 | 2011-12-21 | 杭州迪普科技有限公司 | Method and security agent device for protecting against attack of synchronize (SYN) Flood |
| CN103347016A (en) * | 2013-06-28 | 2013-10-09 | 天津汉柏汉安信息技术有限公司 | Attack defense method |
| CN204153669U (en) * | 2014-08-28 | 2015-02-11 | 刘江 | New type solar energy street lamp |
-
2013
- 2013-11-27 CN CN201310616104.0A patent/CN104683293A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101478537A (en) * | 2008-12-31 | 2009-07-08 | 成都市华为赛门铁克科技有限公司 | Network security protection method and apparatus in uni-direction environment |
| CN101599957A (en) * | 2009-06-04 | 2009-12-09 | 东软集团股份有限公司 | A kind of defence method of SYN flood attack and device |
| CN102291441A (en) * | 2011-08-02 | 2011-12-21 | 杭州迪普科技有限公司 | Method and security agent device for protecting against attack of synchronize (SYN) Flood |
| CN103347016A (en) * | 2013-06-28 | 2013-10-09 | 天津汉柏汉安信息技术有限公司 | Attack defense method |
| CN204153669U (en) * | 2014-08-28 | 2015-02-11 | 刘江 | New type solar energy street lamp |
Cited By (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106470193A (en) * | 2015-08-19 | 2017-03-01 | 互联网域名系统北京市工程研究中心有限公司 | A kind of anti-DoS of DNS recursion server, the method and device of ddos attack |
| WO2016180188A1 (en) * | 2015-10-09 | 2016-11-17 | 中兴通讯股份有限公司 | Distributed link establishment method, apparatus and system |
| CN106572132A (en) * | 2015-10-09 | 2017-04-19 | 中兴通讯股份有限公司 | Chain establishing distribution method, device and system |
| CN106572132B (en) * | 2015-10-09 | 2020-12-29 | 中兴通讯股份有限公司 | Method, device and system for distributing and building link |
| CN105827646B (en) * | 2016-05-17 | 2019-06-11 | 浙江宇视科技有限公司 | The method and device of ssyn attack protection |
| CN105827646A (en) * | 2016-05-17 | 2016-08-03 | 浙江宇视科技有限公司 | SYN attack protecting method and device |
| CN106453419A (en) * | 2016-12-07 | 2017-02-22 | 东软集团股份有限公司 | Method and device for recognizing source IP address legality and for network attack defense |
| CN107395632A (en) * | 2017-08-25 | 2017-11-24 | 北京神州绿盟信息安全科技股份有限公司 | SYN Flood means of defences, device, cleaning equipment and medium |
| CN107395632B (en) * | 2017-08-25 | 2020-09-22 | 北京神州绿盟信息安全科技股份有限公司 | SYN Flood protection method, device, cleaning equipment and medium |
| CN107579984A (en) * | 2017-09-15 | 2018-01-12 | 哈尔滨工程大学 | A kind of secure communications links method for building up of network-oriented layer |
| CN107948197A (en) * | 2017-12-26 | 2018-04-20 | 北京星河星云信息技术有限公司 | Defend the method and half-connection attack defending platform of half-connection attack |
| CN111615814A (en) * | 2018-01-23 | 2020-09-01 | 甲贺电子株式会社 | Mutual authentication system for communication lines in IP network |
| CN111615814B (en) * | 2018-01-23 | 2022-03-04 | 甲贺电子株式会社 | Mutual authentication system for communication lines in IP network |
| CN108667829B (en) * | 2018-04-26 | 2022-05-20 | 腾讯科技(深圳)有限公司 | Network attack protection method, device and storage medium |
| CN108667829A (en) * | 2018-04-26 | 2018-10-16 | 腾讯科技(深圳)有限公司 | A kind of means of defence of network attack, device and storage medium |
| CN108833418A (en) * | 2018-06-22 | 2018-11-16 | 北京京东金融科技控股有限公司 | Methods, devices and systems for defensive attack |
| CN108833418B (en) * | 2018-06-22 | 2021-05-25 | 京东数字科技控股有限公司 | Method, device and system for defending attack |
| CN109639712B (en) * | 2018-12-29 | 2021-09-10 | 绿盟科技集团股份有限公司 | Method and system for preventing DDOS attack |
| CN109639712A (en) * | 2018-12-29 | 2019-04-16 | 北京神州绿盟信息安全科技股份有限公司 | A kind of method and system for protecting DDOS attack |
| CN112887213A (en) * | 2019-11-29 | 2021-06-01 | 北京百度网讯科技有限公司 | Message cleaning method and device |
| CN113542246A (en) * | 2021-07-02 | 2021-10-22 | 南京中新赛克科技有限责任公司 | Active flow response implementation method based on network processor |
| CN114697088A (en) * | 2022-03-17 | 2022-07-01 | 神州绿盟成都科技有限公司 | Method and device for determining network attack and electronic equipment |
| CN114697088B (en) * | 2022-03-17 | 2024-03-15 | 神州绿盟成都科技有限公司 | Method and device for determining network attack and electronic equipment |
| CN116527406A (en) * | 2023-07-03 | 2023-08-01 | 北京左江科技股份有限公司 | Multi-host security system and communication method based on FPGA |
| CN116527406B (en) * | 2023-07-03 | 2023-09-12 | 北京左江科技股份有限公司 | Multi-host security system and communication method based on FPGA |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104683293A (en) | SYN attack defense method based on logic device | |
| JP6858749B2 (en) | Devices and methods for establishing connections in load balancing systems | |
| CN105827646B (en) | The method and device of ssyn attack protection | |
| CN102291441B (en) | Method and security agent device for protecting against attack of synchronize (SYN) Flood | |
| US20210344714A1 (en) | Cyber threat deception method and system, and forwarding device | |
| CN108667730B (en) | Message forwarding method, device, storage medium and equipment based on load balancing | |
| US20140325588A1 (en) | Systems and methods for network access control | |
| US20140331280A1 (en) | Network Privilege Manager for a Dynamically Programmable Computer Network | |
| WO2011140795A1 (en) | Method and switching device for preventing media access control address spoofing attack | |
| CN103347016A (en) | Attack defense method | |
| CN110266650B (en) | Identification method of Conpot industrial control honeypot | |
| CN109450766B (en) | Access processing method and device for work area level VPN | |
| WO2014173365A1 (en) | Ftp application layer packet filtering method, device and computer storage medium | |
| CN107800723A (en) | CC attack guarding methods and equipment | |
| CN102231748A (en) | Method and device for verifying client | |
| CN106878320A (en) | A kind of method and apparatus for preventing IP address spoofing | |
| Hu et al. | IDV: Internet Domain Name Verification Based on Blockchain. | |
| US20110196934A1 (en) | Socket SMTP Load Balancing | |
| CN107104919A (en) | The processing method of firewall box, SCTP SCTP packet | |
| US11658995B1 (en) | Methods for dynamically mitigating network attacks and devices thereof | |
| CN105933298B (en) | Apparatus and method for performing transmission control protocol handshaking | |
| US20150113152A1 (en) | Techniques for improving syn cache performance | |
| Li et al. | Prospect for the future internet: A study based on TCP/IP vulnerabilities | |
| CN111314447B (en) | Proxy server and method for processing access request thereof | |
| CN108833418B (en) | Method, device and system for defending attack |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant after: Hangzhou Dipu Polytron Technologies Inc Address before: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant before: Hangzhou Dipu Technology Co., Ltd. |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150603 |