CN107888580A - A kind of method and device of anti-ddos attack - Google Patents

A kind of method and device of anti-ddos attack Download PDF

Info

Publication number
CN107888580A
CN107888580A CN201711082146.5A CN201711082146A CN107888580A CN 107888580 A CN107888580 A CN 107888580A CN 201711082146 A CN201711082146 A CN 201711082146A CN 107888580 A CN107888580 A CN 107888580A
Authority
CN
China
Prior art keywords
wan interface
main
auxiliary
interface
network equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201711082146.5A
Other languages
Chinese (zh)
Inventor
李蕾蕾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Taizhou Jiji Intellectual Property Operation Co.,Ltd.
Original Assignee
Shanghai Feixun Data Communication Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Feixun Data Communication Technology Co Ltd filed Critical Shanghai Feixun Data Communication Technology Co Ltd
Priority to CN201711082146.5A priority Critical patent/CN107888580A/en
Publication of CN107888580A publication Critical patent/CN107888580A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • H04L47/76Admission control; Resource allocation using dynamic resource allocation, e.g. in-call renegotiation requested by the user or requested by the network in response to changing network conditions

Abstract

The embodiment of the present invention provides a kind of method and apparatus of anti-ddos attack, the main wan interface of network equipments configuration and auxiliary wan interface, wherein, the MAC Address of the MAC Address of the main wan interface and the auxiliary wan interface is different, when listening to the main wan interface of the network equipment by ddos attack, the main wan interface of the network equipment is deactivated;The auxiliary wan interface of the network equipment is activated to be dial-up connection to network again.By the method and apparatus of above-mentioned ddos attack, attack of the attacker to present networks equipment can be effectively blocked, can effectively take precautions against ddos attack user.

Description

A kind of method and device of anti-ddos attack
Technical field
The present embodiments relate to the communications field, more particularly to a kind of preventing distributed refusal service (Distributed Denial ofService, DDoS) attack method and device.
Background technology
With the development of the communication technology, communication security is increasingly taken seriously, and communication security is the basis of information security, is Correct, the transmitting of information provide physics guarantee.
Most basic DoS attack is exactly that excessive Service Source is taken using rational service request, so that legal The response that user can not be serviced.
Distributed denial of service (Distributed Denial of Service, DDoS) attack refers to by means of client/clothes Be engaged in device technology, multiple computers are joined together as Attack Platform, ddos attack is started to one or more targets, from into The power of Denial of Service attack is improved again.Generally, DDoS primary control programs are arranged on one by attacker using a stealing account number On individual computer, it will be communicated in the time primary control program of a setting with a large amount of Agents, Agent has been installed within On many computers on network.With regard to offensive attack when Agent receives instruction.Utilize client/server technology, master control journey Sequence can activate the operation of hundreds and thousands of secondary Agents in seconds.
Ddos attack takes a large amount of Internet resources by a large amount of legal requests, to reach the purpose of paralysis network.It is this Attack pattern can be divided into following several:Normal network communication is disturbed or even blocks by making network over loading;By to service Device submits a large amount of requests, makes server excess load;Block a certain user access server;Block certain service and particular system or individual The communication of people.
The attack meanses that ddos attack is taken are exactly distributed, and traditional point-to-point attack is changed in the pattern of attack Blow mode, attack pattern is set random situation occur, and when being attacked, usually used is also common Agreement and service, so simply from agreement and service type on be difficult to attack make a distinction.What is attacked When, Attacking Packets are all by camouflage, are also what is forged on source IP address, are so difficult to attack against each other and hit progress The determination of address, in terms of lookup and it is difficult.
Ddos attack is attack a kind of easy and effective and with very big harmfulness, and it is manufactured a large amount of by various means Puppet's machine consumption network bandwidth and system resource, or attacking system defect, make the normal service shape at a standstill of normal system State, it is impossible to normal users are serviced, so as to realize that refusal normal users access service.The network connected extensively at a high speed is to big Family is brought conveniently, and extremely advantageous condition is also created for ddos attack.Attacker combines more in check computers Get up and initiate ddos attack to object-computer, it is a kind of attack pattern to cooperate on a large scale, mainly aims at bigger business Industry website, there is larger destructiveness.
Existing anti-ddos attack have it is varied, for example, the anti-ddos attack method of one of which be close it is unwanted Service, system default can open many no services, open these services, corresponding port will open to the outside world, add The probability of ddos attack is met with, closing can reduce probability.Another anti-ddos attack method is the necessary gas defence of installation and fire prevention Wall software, system safety is paid attention at any time, monitor whether to meet with ddos attack in real time by software.Another anti-ddos attack method It is to increase hardware firewall in network, the attack message of big flow is blocked by hardware firewall.Also a kind of anti-ddos attack Method is conscientiously to check the daily record of the network equipment and host/server system, as long as daily record starts a leak or time change, that This machine may be attacked.
But several anti-ddos attack schemes of prior art, if turned off some services, influence system work(can be caused Energy;If installing software firewall, can cause to increase system loading;If installation hardware firewall, can cause increase hardware into This;If checking daily record, can cause to save manpower, and it is cumbersome.
The content of the invention
Many aspects of the present invention provide a kind of method and apparatus of anti-ddos attack, can effectively block attacker to Home Network The attack of network equipment, it can effectively take precautions against ddos attack user.
An aspect of of the present present invention provides a kind of method of anti-ddos attack, wherein, the main wan interface of network equipments configuration and auxiliary Wan interface is helped, wherein, the MAC Address of the MAC Address of the main wan interface and the auxiliary wan interface is different, described Method includes:
When listening to the main wan interface of the network equipment by ddos attack, the network equipment is deactivated The main wan interface;
The auxiliary wan interface of the network equipment is activated to be dial-up connection to network again.
Alternatively, the main wan interface for deactivating the network equipment includes:Disconnect the main wan interface Internet connects.
Alternatively, methods described also includes:The IP address of the main wan interface is discharged, the release main wan interface is related Data configuration, delete the routing iinformation of the main wan interface.
Alternatively, methods described also includes:The IP address of the auxiliary wan interface is obtained, according to the IP of the acquisition Location more new routing information.
Alternatively, the auxiliary wan interface of the activation network equipment includes:Enable the institute of the network equipment State auxiliary wan interface.
Another aspect of the present invention provides a kind of device of anti-ddos attack, including:
Main wide area network wan interface and auxiliary wan interface, wherein, the physical MAC address of the main wan interface and described auxiliary Help the MAC Address of wan interface different;
Monitor, for whether monitoring the main wan interface by preventing distributed refusal service DDoS attack;
Processor, for when the monitor listens to the main wan interface by ddos attack, deactivating the net The main wan interface of network equipment, the auxiliary wan interface is activated to be dial-up connection to network again.
Alternatively, the processor specifically includes for deactivating the main wan interface of the network equipment:The place Device is managed, the Internet for disconnecting the main wan interface connects.
Alternatively, the processor, it is additionally operable to discharge the IP address of the main wan interface, discharges the main wan interface phase The data configuration of pass, delete the routing iinformation of the main wan interface.
Alternatively, the processor is additionally operable to obtain the IP address of the auxiliary wan interface, according to the IP of the acquisition Location more new routing information.
Alternatively, the processor includes for activating the auxiliary wan interface of the network equipment:The processor For enabling the auxiliary wan interface of the network equipment.
The method and apparatus of the anti-ddos attack of foregoing description, MAC Address and the auxiliary due to the main wan interface The MAC Address of wan interface is different, so, the IP address and the auxiliary WAN that the main wan interface uses when enabling connect The IP address that mouth uses when enabling is different.Therefore, when disabling or disconnect the main wan interface, and auxiliary wan interface is enabled Again during dialup networking, new IP address is obtained equivalent to the auxiliary wan interface, generates new route, and attacker is still Using the IP address (IP address that i.e. described main wan interface uses when enabling) being released as purpose IP attack victim, , can be effective so as to block attack of the attacker to present networks equipment and the IP address of now described main wan interface has been not present Take precautions against ddos attack user.
Brief description of the drawings
Fig. 1 is a kind of schematic flow sheet of the method for anti-ddos attack of one embodiment of the invention;
Fig. 2 is a kind of structural representation of the device of anti-ddos attack of another embodiment of the present invention.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is Part of the embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
The techniques described herein may be used in various communication systems, such as 2G, 3G, 4G communication system and next generation communication system Unite (for example, 5G), such as global mobile communication (Global System forMobile Communication, GSM) system, CDMA (Code Division MultipleAccess, CDMA) system, time division multiple acess (Time Division MultipleAccess, TDMA) system, WCDMA (Wideband Code Division Multiple Access, WCDMA) system, frequency division multiple access (Frequency Division MultipleAccess, FDMA) system, OFDM (Orthogonal Frequency-Division Multiple Access, OFDMA) system, Single Carrier Frequency Division Multiple Access (SC-FDMA) System, GPRS (General Packet Radio Service, GPRS) system, Long Term Evolution (Long Term Evolution, LTE) system, and other such communication systems.Cdma system can realize that such as wireless universal land connects Enter the radiotechnics such as (Universal Terrestrial RadioAccess, UTRA), CDMA2000.UTRA include broadband- CDMA (WCDMA) and other CDMA variants.In addition, CDAM2000 covers IS-2000, IS-95 and IS-856 standard.TDMA system The radiotechnics of global system for mobile communications (GSM) etc. can be achieved.OFDMA system can realize such as evolved universal terrestrial Wireless access (Evolved-UMTS Terrestrial Radio Access, E-UTRA), Ultra-Mobile Broadband (Ultra Mobile Broadband, UMB), IEEE802.11 (Wi-Fi), IEEE802.16 (WiMAX), IEEE802.20, Flash- The radiotechnics such as OFDMA.UTRA and E-UTRA is UMTS (Universal Mobile Telecommunication System, UMTS) a part.3GPP Long Term Evolutions (for example, LTE) are UMTS use E- UTRA version, it can use OFDMA on the uplink, and can use SC-FDMA on uplink.UTRA、E-UTRA、 UMTS, LTE and GSM are described in the document of " third generation partnership project (3GPP) " tissue.In addition, CDAM2000 and UMB descriptions In the document of " third generation partnership project 2 (3GPP2) " tissue.
The terms "and/or", only a kind of incidence relation for describing affiliated partner, expression may have three kinds of passes System, for example, A and/or B, can be represented:Individualism A, while A and B be present, these three situations of individualism B.In addition, herein Middle character "/", it is a kind of relation of "or" to typically represent forward-backward correlation object.In addition, the terms " system " and " network " Often it is used interchangeably herein.
As shown in figure 1, the schematic flow sheet of the method for a kind of anti-ddos attack of one embodiment of the invention, described anti- The method of ddos attack is applicable not only to router, be also applied for it is various connection internets the network equipments, such as terminal device, Handheld device, computer, notebook etc..
Terminal device, can be that wireless terminal can also be catv terminal, wireless terminal can refer to provide a user language The equipment of sound and/or data connectivity, there is the portable equipment of wireless connecting function or be connected to radio modem Other processing equipments.Wireless terminal can be through wireless access network (Radio Access Network, RAN) and one or more cores Heart net is communicated, and wireless terminal can be mobile terminal, such as mobile phone (or being " honeycomb " phone) and with mobile whole The computer at end, for example, it may be portable, pocket, hand-held, built-in computer or vehicle-mounted mobile device, it Language and/or data are exchanged with wireless access network.For example, PCS (Personal Communication Service, PCS) phone, wireless phone, Session initiation Protocol (SIP) phone, WLL (Wireless Local Loop, WLL) stand, the equipment such as personal digital assistant (Personal Digital Assistant, PDA).Wireless terminal can also Referred to as system, subscri er unit (Subscriber Unit), subscriber station (Subscriber Station), movement station (Mobile Station), mobile station (Mobile), distant station (Remote Station), access point (Access Point), remote terminal (Remote Terminal), access terminal (Access Terminal), user terminal (UserTerminal), user agent Or user equipment (User Equipment) (UserAgent).
Router (Router), it is each internal network i.e. LAN (LAN), external network i.e. wide area network in connection internet The equipment of (Wide AreaNetwork, WAN), router can automatically select and set route according to the situation of channel, with optimal Path, signal is sent by tandem.Router has been widely used for all trades and professions at present, and the product of various different class is As realizing connection, key internetworking and backbone network and the main force of internet interconnection business inside various backbone networks.
It is for connecting multiple logically separate networks, so-called Logic Networks that router, which is also known as gateway device (Gateway), Network is to represent single a network or a subnet.When data are transferred to another subnet from a subnet, can pass through The routing function of router is completed.Therefore, router has the function of judging network address and select IP paths, and it can be more In internetworking environment, flexible connection is established, each seed can be connected with media access method with entirely different packet Net, router only receive source station or the information of other routers, belong to a kind of InterWorking Equipment of Internet.
But for the convenience of description, the present embodiment illustrates by taking the network equipment as an example, and the network equipment is any one The equipment for connecting internet, such as terminal device, handheld device, computer, notebook etc., the network equipment are a kind of multiterminal Jaws equipment, it can connect different transmission rates and run on the LAN (LAN) and wide area network (WAN) of various environment, also may be used To use different agreements.
In the present embodiment, the network equipments configuration has multiple interfaces, for example, including main wan interface, auxiliary wan interface, LAN interface and wave point, these interfaces are used to ensure the network equipment normal work, wherein, the thing of the main wan interface The MAC Address for managing (Media Access Control, MAC) address and the auxiliary wan interface is different.The present invention's In another embodiment, the auxiliary wan interface can be the wan interface newly increased, can also pass through software merit rating.
Under normal circumstances, main wan interface enables, and auxiliary wan interface does not enable.
Step 101, whether the main wan interface of the network equipment is monitored by ddos attack.
For example, set a monitor in the network equipment, whether the main wan interface is monitored by ddos attack, For example, whether the visit capacity that the monitor monitors the main wan interface in the scheduled time is more than or equal to threshold value, for example, institute Whether the number of visitors or flowing of access for stating main wan interface are more than or equal to corresponding threshold value.
If the visit capacity that monitor monitors the main wan interface is more than or equal to threshold value, described in the monitor determination Main wan interface is by ddos attack;If the visit capacity that monitor monitors the main wan interface is less than threshold value, the monitor Determine the main wan interface not by ddos attack.
Step 102, if the main wan interface is by ddos attack, the main WAN for deactivating the network equipment connects Mouthful.
For example, the main wan interface for deactivating the network equipment includes:The network equipment disconnects or disabling The Internet connection of the main wan interface.
In another embodiment of the invention, when the network equipment disconnects or disabled the Internet of the main wan interface During connection, the network equipment discharges the IP address of the main wan interface, discharges the related data configuration of the main wan interface, Delete the routing iinformation of the main wan interface.
Step 103, the auxiliary wan interface of the network equipment is activated to be dial-up connection to network again.
For example, under normal circumstances, auxiliary wan interface does not enable, the auxiliary WAN of the activation network equipment connects Mouth includes:Enable the auxiliary wan interface of the network equipment.In another embodiment of the present invention, when the network equipment When enabling the auxiliary wan interface, the IP address of the auxiliary wan interface is obtained, road is updated according to the IP address of the acquisition By information, so that the network equipment is connect according to the routing iinformation after the new IP address of acquisition and renewal by the auxiliary WAN Mouth is connected to network, such as internet.
Step 104, if the main wan interface is continuing with the main wan interface and continues to supervise not by ddos attack Listen.
In another embodiment of the present invention, the monitor continues to monitor the visit capacity of the main wan interface.
Because the MAC Address of the main wan interface and the MAC Address of the auxiliary wan interface are different, so, institute The IP address stated the IP address that is used when main wan interface enables and used when the auxiliary wan interface enables is different.Cause This, when enabling auxiliary wan interface dialup networking again, obtains new IP address, generation is new equivalent to the auxiliary wan interface Route, and attacker is still made using the IP address (IP address that i.e. described main wan interface uses when enabling) that is released For purpose IP attack victim, and the IP address of now described main wan interface 201 has been not present, so as to block attacker to this The attack of the network equipment, it can effectively take precautions against ddos attack user.
As shown in Fig. 2 a kind of apparatus structure schematic diagram of anti-DDos attacks for another embodiment of the present invention, described anti- The device of DDos attacks can be that can connect the arbitrary equipment of internet, for example, router, terminal device, handheld device, computer, Notebook etc..
The device of the anti-DDos attacks includes main wan interface 201, auxiliary wan interface 202, LAN interface 203, wirelessly connect Mouth 204, monitor 205, processor 206, memory 207 and bus 208, the main wan interface 201, the auxiliary wan interface 202nd, the LAN interface 203, the wave point 204, the monitor 205, the processor 206 and the memory 207 It is connected with each other by the bus 208.
In the present embodiment, the main wan interface 201, auxiliary wan interface 202, LAN interface 203, wave point 204 are used for The work of the network equipment and other communication equipments, wherein, the MAC Address and the auxiliary WAN of the main wan interface 201 The MAC Address of interface 202 is different.
In another embodiment of the invention, the auxiliary wan interface 202 can be the wan interface newly increased, can also Pass through software merit rating.
In another embodiment of the invention, the wave point 204 includes transmission antenna and transtation mission circuit.
In embodiments of the present invention, the processor 206 can be CPU (Central Processing Unit, CPU), the processor 206 can also be other general controls processors, digital signal processor (Digital Signal Processing, DSP), it is application specific integrated circuit (Application Specific Integrated Circuit, ASIC), existing It is field programmable gate array (Field-Programmable GateArray, FPGA) or other PLDs, discrete Door or transistor logic, discrete hardware components etc..The general controls processor can be microcontrol processor or It is any conventional control processor, such as single-chip microcomputer etc..
The memory 207 is used for store program codes or instruction, and described program code includes computer-managed instruction, institute State processor 206 to be used to perform program code or the instruction that the memory 207 stores so that the processor 206 performs phase The function of pass, it is described in detail below.
The memory 207 may include high-speed RAM memory, it is also possible to also including nonvolatile memory (non- Volatile memory), a for example, at least magnetic disk storage, for example, can be used for storing threshold value.
The bus 208 can be industry standard architecture (Industry StandardArchitecture, ISA) Bus, Peripheral Component Interconnect standard (Peripheral Component Interconnect, PCI) bus or extension industry mark Quasi- structure (Extended Industry StandardArchitecture, EISA) bus etc..The system of bus 208 can divide For address bus, data/address bus, controlling bus etc..For ease of representing, only represented in figure with a thick line, it is not intended that only A piece bus or a type of bus.
Whether the monitor 205, the main wan interface 201 for listening to the network equipment attack by DDoS Hit.
For example, whether the monitor 205 monitors the main wan interface 201 by ddos attack, for example, the monitoring Whether the visit capacity that device 205 monitors the main wan interface 201 in the scheduled time is more than or equal to threshold value, for example, the main WAN Whether the number of visitors or flowing of access of interface 201 are more than or equal to corresponding threshold value.
If the visit capacity that monitor 205 monitors the main wan interface 201 is more than or equal to threshold value, the monitor 205 Determine the main wan interface 201 by ddos attack;If the visit capacity that monitor 205 monitors the main wan interface 201 is small In threshold value, the monitor 205 determines the main wan interface 201 not by ddos attack.
The processor 206, is used for, if the monitor 205 determines the main wan interface 201 by ddos attack, Deactivate the main wan interface 201 of the network equipment.
For example, the main wan interface 201 that the processor 206 deactivates the network equipment includes:The processor 206 disconnect or disable the Internet connection of the main wan interface 201.
In another embodiment of the invention, when the processor 206 disconnects or disables the net of the main wan interface 201 When network layers connect, the processor 206 is additionally operable to discharge the IP address of the main wan interface 201, discharges the main wan interface 201 related data configurations, delete the routing iinformation of the main wan interface 201.
The processor 206 is additionally operable to activate the auxiliary wan interface 202 of the network equipment so as to the company of dialing again It is connected to network.
For example, the auxiliary wan interface 202 that the processor 206 activates the network equipment includes:The processor 206 enable the auxiliary wan interface 202 of the network equipment.In another embodiment of the present invention, when the processor 206 When enabling the auxiliary wan interface 202, it is additionally operable to obtain the IP address of the auxiliary wan interface 202, according to the acquisition IP address more new routing information, so that the network equipment passes through institute according to the routing iinformation after the new IP address of acquisition and renewal State auxiliary wan interface 202 and be connected to network, such as internet.
The processor 206, if the main wan interface 201 is additionally operable to not by ddos attack, it is determined that being continuing with institute State main wan interface 201.
In another embodiment of the present invention, the monitor 205 is additionally operable to continue the visit for monitoring the main wan interface 201 The amount of asking.
Because the MAC Address of the main wan interface 201 and the MAC Address of the auxiliary wan interface 202 are different, institute So that the IP address that the IP address and the auxiliary wan interface 202 that the main wan interface 201 uses when enabling use when enabling is mutual Differ.Therefore, when the processor 206 enables auxiliary 202 dialup networking again of wan interface, equivalent to the auxiliary WAN Interface 202 obtains new IP address, generates new route, and attacker is still using IP address (the i.e. described master being released The IP address that wan interface 201 uses when enabling) it is used as purpose IP attack victim, and the IP of now described main wan interface 201 Address has been not present, and so as to block attack of the attacker to present networks equipment, can effectively take precautions against ddos attack user.
In summary, the method and apparatus of the anti-ddos attack of foregoing description, serviced without closing, do not influence system work( Energy;Moreover, need not think to check daily record, realized completely by system, save manpower;Further, it is complete without increasing hardware cost Realized full by code, it is portable strong.
In several embodiments provided herein, it should be understood that disclosed system, apparatus and method can be with Realize by another way.For example, device embodiment described above is only schematical, for example, the module or The division of unit, only a kind of division of logic function, can there are other dividing mode, such as multiple units when actually realizing Or component can combine or be desirably integrated into another system, or some features can be ignored, or not perform.It is another, institute Display or the mutual coupling discussed or direct-coupling or communication connection can be by some interfaces, device or unit INDIRECT COUPLING or communication connection, can be electrical, mechanical or other forms.
The unit illustrated as separating component can be or may not be physically separate, show as unit The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple On NE.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs 's.
In addition, each functional unit in each embodiment of the application can be integrated in a processing unit, can also That unit is individually physically present, can also two or more units it is integrated in a unit.Above-mentioned integrated list Member can both be realized in the form of hardware, can also be realized in the form of SFU software functional unit.
If the integrated unit is realized in the form of SFU software functional unit and is used as independent production marketing or use When, it can be stored in a computer read/write memory medium.Based on such understanding, the technical scheme of the application is substantially The part to be contributed in other words to prior art or all or part of the technical scheme can be in the form of software products Embody, the computer software product is stored in a storage medium, including some instructions are causing a computer It is each that equipment (can be personal computer, server, or network equipment etc.) or processor (processor) perform the application The all or part of step of embodiment methods described.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disc or CD Etc. it is various can be with the medium of store program codes.
Described above, above example is only to illustrate the technical scheme of the application, rather than its limitations;Although with reference to before Embodiment is stated the application is described in detail, it will be understood by those within the art that:It still can be to preceding State the technical scheme described in each embodiment to modify, or equivalent substitution is carried out to which part technical characteristic;And these Modification is replaced, and the essence of appropriate technical solution is departed from the spirit and scope of each embodiment technical scheme of the application.

Claims (10)

  1. A kind of 1. method of preventing distributed refusal service DDoS attack, it is characterised in that the main wide area network WAN of network equipments configuration connects Mouth and auxiliary wan interface, wherein, the MAC Address of the physical MAC address of the main wan interface and the auxiliary wan interface is mutual not Identical, methods described includes:
    When listening to the main wan interface of the network equipment by ddos attack, the described of the network equipment is deactivated Main wan interface;
    The auxiliary wan interface of the network equipment is activated to be dial-up connection to network again.
  2. 2. the method for claim 1, wherein the main wan interface for deactivating the network equipment includes:It is disconnected Open the Internet connection of the main wan interface.
  3. 3. the method for claim 1, wherein methods described also includes:The IP address of the main wan interface is discharged, is released The related data configuration of the main wan interface is put, deletes the routing iinformation of the main wan interface.
  4. 4. the method for claim 1, wherein methods described also includes:The IP address of the auxiliary wan interface is obtained, According to the IP address of the acquisition more new routing information.
  5. 5. the method as described in claim 1-4 any one, wherein, the auxiliary WAN of the activation network equipment Interface includes:Enable the auxiliary wan interface of the network equipment.
  6. A kind of 6. device of preventing distributed refusal service DDoS attack, it is characterised in that including:
    Main wide area network wan interface and auxiliary wan interface, wherein, the physical MAC address of the main wan interface and the auxiliary WAN The MAC Address of interface is different;
    Monitor, for whether monitoring the main wan interface by preventing distributed refusal service DDoS attack;
    Processor, for when the monitor listens to the main wan interface by ddos attack, deactivating the network and setting The standby main wan interface, the auxiliary wan interface is activated to be dial-up connection to network again.
  7. 7. device as claimed in claim 6, wherein, the processor is used for the main WAN for deactivating the network equipment Interface specifically includes:The processor, the Internet for disconnecting the main wan interface connect.
  8. 8. device as claimed in claim 6, wherein, the processor, it is additionally operable to discharge the IP address of the main wan interface, The related data configuration of the main wan interface is discharged, deletes the routing iinformation of the main wan interface.
  9. 9. device as claimed in claim 6, wherein, the processor is additionally operable to obtain the IP address of the auxiliary wan interface, According to the IP address of the acquisition more new routing information.
  10. 10. the device as described in claim 6-9 any one, wherein, the processor is used to activate the network equipment The auxiliary wan interface includes:The processor is used for the auxiliary wan interface for enabling the network equipment.
CN201711082146.5A 2017-11-07 2017-11-07 A kind of method and device of anti-ddos attack Withdrawn CN107888580A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711082146.5A CN107888580A (en) 2017-11-07 2017-11-07 A kind of method and device of anti-ddos attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711082146.5A CN107888580A (en) 2017-11-07 2017-11-07 A kind of method and device of anti-ddos attack

Publications (1)

Publication Number Publication Date
CN107888580A true CN107888580A (en) 2018-04-06

Family

ID=61779170

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711082146.5A Withdrawn CN107888580A (en) 2017-11-07 2017-11-07 A kind of method and device of anti-ddos attack

Country Status (1)

Country Link
CN (1) CN107888580A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109194692A (en) * 2018-10-30 2019-01-11 扬州凤凰网络安全设备制造有限责任公司 Prevent the method that network is attacked

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109194692A (en) * 2018-10-30 2019-01-11 扬州凤凰网络安全设备制造有限责任公司 Prevent the method that network is attacked

Similar Documents

Publication Publication Date Title
EP3226508B1 (en) Attack packet processing method, apparatus, and system
WO2017148263A1 (en) Prevention and control method, apparatus and system for network attack
CA2541156C (en) System and method for dynamic distribution of intrusion signatures
JP5504256B2 (en) Network recognition adapter for applications
US20080229382A1 (en) Mobile access terminal security function
Choi Implementation of content-oriented networking architecture (CONA): a focus on DDoS countermeasure
WO2015176445A1 (en) Preset networked address firewall isolation application system for mobile terminal
WO2019237813A1 (en) Method and device for scheduling service resource
EP3863317A1 (en) Method and device for determining category information
WO2016180181A1 (en) Service function deployment method and apparatus
EP2561708A1 (en) Method and apparatus for determining access point service capabilities
US20070011731A1 (en) Method, system & computer program product for discovering characteristics of middleboxes
CA2680231A1 (en) System and method for providing data and device security between external and host devices
CN105357180B (en) Network system, the hold-up interception method of attack message, device and equipment
CN105337890B (en) A kind of control strategy generation method and device
ES2738106T3 (en) Processing procedure for network address translation technology, NAT device and BNG device
CN100420197C (en) Method for guarding against attack realized for networked devices
CN106656648B (en) Application flow dynamic protection method and system based on home gateway and home gateway
CN104125213A (en) Distributed denial of service DDOS attack resisting method and device for firewall
CN110505243A (en) The processing method and processing device of network attack, storage medium, electronic device
CN101599889A (en) Prevent the method for MAC address spoofing in a kind of ethernet switching device
CN101141396B (en) Packet processing method and network appliance
Wang et al. Insecurity of operational cellular IoT service: new vulnerabilities, attacks, and countermeasures
CN107888580A (en) A kind of method and device of anti-ddos attack
WO2015018200A1 (en) Method and apparatus for upgrading detection engine in firewall device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20200818

Address after: 318015 no.2-3167, zone a, Nonggang City, no.2388, Donghuan Avenue, Hongjia street, Jiaojiang District, Taizhou City, Zhejiang Province

Applicant after: Taizhou Jiji Intellectual Property Operation Co.,Ltd.

Address before: 201616 Shanghai city Songjiang District Sixian Road No. 3666

Applicant before: Phicomm (Shanghai) Co.,Ltd.

SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20180406