CN107888580A - A kind of method and device of anti-ddos attack - Google Patents
A kind of method and device of anti-ddos attack Download PDFInfo
- Publication number
- CN107888580A CN107888580A CN201711082146.5A CN201711082146A CN107888580A CN 107888580 A CN107888580 A CN 107888580A CN 201711082146 A CN201711082146 A CN 201711082146A CN 107888580 A CN107888580 A CN 107888580A
- Authority
- CN
- China
- Prior art keywords
- wan interface
- main
- auxiliary
- interface
- network equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/70—Admission control; Resource allocation
- H04L47/76—Admission control; Resource allocation using dynamic resource allocation, e.g. in-call renegotiation requested by the user or requested by the network in response to changing network conditions
Abstract
The embodiment of the present invention provides a kind of method and apparatus of anti-ddos attack, the main wan interface of network equipments configuration and auxiliary wan interface, wherein, the MAC Address of the MAC Address of the main wan interface and the auxiliary wan interface is different, when listening to the main wan interface of the network equipment by ddos attack, the main wan interface of the network equipment is deactivated;The auxiliary wan interface of the network equipment is activated to be dial-up connection to network again.By the method and apparatus of above-mentioned ddos attack, attack of the attacker to present networks equipment can be effectively blocked, can effectively take precautions against ddos attack user.
Description
Technical field
The present embodiments relate to the communications field, more particularly to a kind of preventing distributed refusal service (Distributed
Denial ofService, DDoS) attack method and device.
Background technology
With the development of the communication technology, communication security is increasingly taken seriously, and communication security is the basis of information security, is
Correct, the transmitting of information provide physics guarantee.
Most basic DoS attack is exactly that excessive Service Source is taken using rational service request, so that legal
The response that user can not be serviced.
Distributed denial of service (Distributed Denial of Service, DDoS) attack refers to by means of client/clothes
Be engaged in device technology, multiple computers are joined together as Attack Platform, ddos attack is started to one or more targets, from into
The power of Denial of Service attack is improved again.Generally, DDoS primary control programs are arranged on one by attacker using a stealing account number
On individual computer, it will be communicated in the time primary control program of a setting with a large amount of Agents, Agent has been installed within
On many computers on network.With regard to offensive attack when Agent receives instruction.Utilize client/server technology, master control journey
Sequence can activate the operation of hundreds and thousands of secondary Agents in seconds.
Ddos attack takes a large amount of Internet resources by a large amount of legal requests, to reach the purpose of paralysis network.It is this
Attack pattern can be divided into following several:Normal network communication is disturbed or even blocks by making network over loading;By to service
Device submits a large amount of requests, makes server excess load;Block a certain user access server;Block certain service and particular system or individual
The communication of people.
The attack meanses that ddos attack is taken are exactly distributed, and traditional point-to-point attack is changed in the pattern of attack
Blow mode, attack pattern is set random situation occur, and when being attacked, usually used is also common
Agreement and service, so simply from agreement and service type on be difficult to attack make a distinction.What is attacked
When, Attacking Packets are all by camouflage, are also what is forged on source IP address, are so difficult to attack against each other and hit progress
The determination of address, in terms of lookup and it is difficult.
Ddos attack is attack a kind of easy and effective and with very big harmfulness, and it is manufactured a large amount of by various means
Puppet's machine consumption network bandwidth and system resource, or attacking system defect, make the normal service shape at a standstill of normal system
State, it is impossible to normal users are serviced, so as to realize that refusal normal users access service.The network connected extensively at a high speed is to big
Family is brought conveniently, and extremely advantageous condition is also created for ddos attack.Attacker combines more in check computers
Get up and initiate ddos attack to object-computer, it is a kind of attack pattern to cooperate on a large scale, mainly aims at bigger business
Industry website, there is larger destructiveness.
Existing anti-ddos attack have it is varied, for example, the anti-ddos attack method of one of which be close it is unwanted
Service, system default can open many no services, open these services, corresponding port will open to the outside world, add
The probability of ddos attack is met with, closing can reduce probability.Another anti-ddos attack method is the necessary gas defence of installation and fire prevention
Wall software, system safety is paid attention at any time, monitor whether to meet with ddos attack in real time by software.Another anti-ddos attack method
It is to increase hardware firewall in network, the attack message of big flow is blocked by hardware firewall.Also a kind of anti-ddos attack
Method is conscientiously to check the daily record of the network equipment and host/server system, as long as daily record starts a leak or time change, that
This machine may be attacked.
But several anti-ddos attack schemes of prior art, if turned off some services, influence system work(can be caused
Energy;If installing software firewall, can cause to increase system loading;If installation hardware firewall, can cause increase hardware into
This;If checking daily record, can cause to save manpower, and it is cumbersome.
The content of the invention
Many aspects of the present invention provide a kind of method and apparatus of anti-ddos attack, can effectively block attacker to Home Network
The attack of network equipment, it can effectively take precautions against ddos attack user.
An aspect of of the present present invention provides a kind of method of anti-ddos attack, wherein, the main wan interface of network equipments configuration and auxiliary
Wan interface is helped, wherein, the MAC Address of the MAC Address of the main wan interface and the auxiliary wan interface is different, described
Method includes:
When listening to the main wan interface of the network equipment by ddos attack, the network equipment is deactivated
The main wan interface;
The auxiliary wan interface of the network equipment is activated to be dial-up connection to network again.
Alternatively, the main wan interface for deactivating the network equipment includes:Disconnect the main wan interface
Internet connects.
Alternatively, methods described also includes:The IP address of the main wan interface is discharged, the release main wan interface is related
Data configuration, delete the routing iinformation of the main wan interface.
Alternatively, methods described also includes:The IP address of the auxiliary wan interface is obtained, according to the IP of the acquisition
Location more new routing information.
Alternatively, the auxiliary wan interface of the activation network equipment includes:Enable the institute of the network equipment
State auxiliary wan interface.
Another aspect of the present invention provides a kind of device of anti-ddos attack, including:
Main wide area network wan interface and auxiliary wan interface, wherein, the physical MAC address of the main wan interface and described auxiliary
Help the MAC Address of wan interface different;
Monitor, for whether monitoring the main wan interface by preventing distributed refusal service DDoS attack;
Processor, for when the monitor listens to the main wan interface by ddos attack, deactivating the net
The main wan interface of network equipment, the auxiliary wan interface is activated to be dial-up connection to network again.
Alternatively, the processor specifically includes for deactivating the main wan interface of the network equipment:The place
Device is managed, the Internet for disconnecting the main wan interface connects.
Alternatively, the processor, it is additionally operable to discharge the IP address of the main wan interface, discharges the main wan interface phase
The data configuration of pass, delete the routing iinformation of the main wan interface.
Alternatively, the processor is additionally operable to obtain the IP address of the auxiliary wan interface, according to the IP of the acquisition
Location more new routing information.
Alternatively, the processor includes for activating the auxiliary wan interface of the network equipment:The processor
For enabling the auxiliary wan interface of the network equipment.
The method and apparatus of the anti-ddos attack of foregoing description, MAC Address and the auxiliary due to the main wan interface
The MAC Address of wan interface is different, so, the IP address and the auxiliary WAN that the main wan interface uses when enabling connect
The IP address that mouth uses when enabling is different.Therefore, when disabling or disconnect the main wan interface, and auxiliary wan interface is enabled
Again during dialup networking, new IP address is obtained equivalent to the auxiliary wan interface, generates new route, and attacker is still
Using the IP address (IP address that i.e. described main wan interface uses when enabling) being released as purpose IP attack victim,
, can be effective so as to block attack of the attacker to present networks equipment and the IP address of now described main wan interface has been not present
Take precautions against ddos attack user.
Brief description of the drawings
Fig. 1 is a kind of schematic flow sheet of the method for anti-ddos attack of one embodiment of the invention;
Fig. 2 is a kind of structural representation of the device of anti-ddos attack of another embodiment of the present invention.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention
In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is
Part of the embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art
The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
The techniques described herein may be used in various communication systems, such as 2G, 3G, 4G communication system and next generation communication system
Unite (for example, 5G), such as global mobile communication (Global System forMobile Communication, GSM) system,
CDMA (Code Division MultipleAccess, CDMA) system, time division multiple acess (Time Division
MultipleAccess, TDMA) system, WCDMA (Wideband Code Division Multiple Access,
WCDMA) system, frequency division multiple access (Frequency Division MultipleAccess, FDMA) system, OFDM
(Orthogonal Frequency-Division Multiple Access, OFDMA) system, Single Carrier Frequency Division Multiple Access (SC-FDMA)
System, GPRS (General Packet Radio Service, GPRS) system, Long Term Evolution (Long
Term Evolution, LTE) system, and other such communication systems.Cdma system can realize that such as wireless universal land connects
Enter the radiotechnics such as (Universal Terrestrial RadioAccess, UTRA), CDMA2000.UTRA include broadband-
CDMA (WCDMA) and other CDMA variants.In addition, CDAM2000 covers IS-2000, IS-95 and IS-856 standard.TDMA system
The radiotechnics of global system for mobile communications (GSM) etc. can be achieved.OFDMA system can realize such as evolved universal terrestrial
Wireless access (Evolved-UMTS Terrestrial Radio Access, E-UTRA), Ultra-Mobile Broadband (Ultra
Mobile Broadband, UMB), IEEE802.11 (Wi-Fi), IEEE802.16 (WiMAX), IEEE802.20, Flash-
The radiotechnics such as OFDMA.UTRA and E-UTRA is UMTS (Universal Mobile
Telecommunication System, UMTS) a part.3GPP Long Term Evolutions (for example, LTE) are UMTS use E-
UTRA version, it can use OFDMA on the uplink, and can use SC-FDMA on uplink.UTRA、E-UTRA、
UMTS, LTE and GSM are described in the document of " third generation partnership project (3GPP) " tissue.In addition, CDAM2000 and UMB descriptions
In the document of " third generation partnership project 2 (3GPP2) " tissue.
The terms "and/or", only a kind of incidence relation for describing affiliated partner, expression may have three kinds of passes
System, for example, A and/or B, can be represented:Individualism A, while A and B be present, these three situations of individualism B.In addition, herein
Middle character "/", it is a kind of relation of "or" to typically represent forward-backward correlation object.In addition, the terms " system " and " network "
Often it is used interchangeably herein.
As shown in figure 1, the schematic flow sheet of the method for a kind of anti-ddos attack of one embodiment of the invention, described anti-
The method of ddos attack is applicable not only to router, be also applied for it is various connection internets the network equipments, such as terminal device,
Handheld device, computer, notebook etc..
Terminal device, can be that wireless terminal can also be catv terminal, wireless terminal can refer to provide a user language
The equipment of sound and/or data connectivity, there is the portable equipment of wireless connecting function or be connected to radio modem
Other processing equipments.Wireless terminal can be through wireless access network (Radio Access Network, RAN) and one or more cores
Heart net is communicated, and wireless terminal can be mobile terminal, such as mobile phone (or being " honeycomb " phone) and with mobile whole
The computer at end, for example, it may be portable, pocket, hand-held, built-in computer or vehicle-mounted mobile device, it
Language and/or data are exchanged with wireless access network.For example, PCS (Personal Communication
Service, PCS) phone, wireless phone, Session initiation Protocol (SIP) phone, WLL (Wireless Local
Loop, WLL) stand, the equipment such as personal digital assistant (Personal Digital Assistant, PDA).Wireless terminal can also
Referred to as system, subscri er unit (Subscriber Unit), subscriber station (Subscriber Station), movement station (Mobile
Station), mobile station (Mobile), distant station (Remote Station), access point (Access Point), remote terminal
(Remote Terminal), access terminal (Access Terminal), user terminal (UserTerminal), user agent
Or user equipment (User Equipment) (UserAgent).
Router (Router), it is each internal network i.e. LAN (LAN), external network i.e. wide area network in connection internet
The equipment of (Wide AreaNetwork, WAN), router can automatically select and set route according to the situation of channel, with optimal
Path, signal is sent by tandem.Router has been widely used for all trades and professions at present, and the product of various different class is
As realizing connection, key internetworking and backbone network and the main force of internet interconnection business inside various backbone networks.
It is for connecting multiple logically separate networks, so-called Logic Networks that router, which is also known as gateway device (Gateway),
Network is to represent single a network or a subnet.When data are transferred to another subnet from a subnet, can pass through
The routing function of router is completed.Therefore, router has the function of judging network address and select IP paths, and it can be more
In internetworking environment, flexible connection is established, each seed can be connected with media access method with entirely different packet
Net, router only receive source station or the information of other routers, belong to a kind of InterWorking Equipment of Internet.
But for the convenience of description, the present embodiment illustrates by taking the network equipment as an example, and the network equipment is any one
The equipment for connecting internet, such as terminal device, handheld device, computer, notebook etc., the network equipment are a kind of multiterminal
Jaws equipment, it can connect different transmission rates and run on the LAN (LAN) and wide area network (WAN) of various environment, also may be used
To use different agreements.
In the present embodiment, the network equipments configuration has multiple interfaces, for example, including main wan interface, auxiliary wan interface,
LAN interface and wave point, these interfaces are used to ensure the network equipment normal work, wherein, the thing of the main wan interface
The MAC Address for managing (Media Access Control, MAC) address and the auxiliary wan interface is different.The present invention's
In another embodiment, the auxiliary wan interface can be the wan interface newly increased, can also pass through software merit rating.
Under normal circumstances, main wan interface enables, and auxiliary wan interface does not enable.
Step 101, whether the main wan interface of the network equipment is monitored by ddos attack.
For example, set a monitor in the network equipment, whether the main wan interface is monitored by ddos attack,
For example, whether the visit capacity that the monitor monitors the main wan interface in the scheduled time is more than or equal to threshold value, for example, institute
Whether the number of visitors or flowing of access for stating main wan interface are more than or equal to corresponding threshold value.
If the visit capacity that monitor monitors the main wan interface is more than or equal to threshold value, described in the monitor determination
Main wan interface is by ddos attack;If the visit capacity that monitor monitors the main wan interface is less than threshold value, the monitor
Determine the main wan interface not by ddos attack.
Step 102, if the main wan interface is by ddos attack, the main WAN for deactivating the network equipment connects
Mouthful.
For example, the main wan interface for deactivating the network equipment includes:The network equipment disconnects or disabling
The Internet connection of the main wan interface.
In another embodiment of the invention, when the network equipment disconnects or disabled the Internet of the main wan interface
During connection, the network equipment discharges the IP address of the main wan interface, discharges the related data configuration of the main wan interface,
Delete the routing iinformation of the main wan interface.
Step 103, the auxiliary wan interface of the network equipment is activated to be dial-up connection to network again.
For example, under normal circumstances, auxiliary wan interface does not enable, the auxiliary WAN of the activation network equipment connects
Mouth includes:Enable the auxiliary wan interface of the network equipment.In another embodiment of the present invention, when the network equipment
When enabling the auxiliary wan interface, the IP address of the auxiliary wan interface is obtained, road is updated according to the IP address of the acquisition
By information, so that the network equipment is connect according to the routing iinformation after the new IP address of acquisition and renewal by the auxiliary WAN
Mouth is connected to network, such as internet.
Step 104, if the main wan interface is continuing with the main wan interface and continues to supervise not by ddos attack
Listen.
In another embodiment of the present invention, the monitor continues to monitor the visit capacity of the main wan interface.
Because the MAC Address of the main wan interface and the MAC Address of the auxiliary wan interface are different, so, institute
The IP address stated the IP address that is used when main wan interface enables and used when the auxiliary wan interface enables is different.Cause
This, when enabling auxiliary wan interface dialup networking again, obtains new IP address, generation is new equivalent to the auxiliary wan interface
Route, and attacker is still made using the IP address (IP address that i.e. described main wan interface uses when enabling) that is released
For purpose IP attack victim, and the IP address of now described main wan interface 201 has been not present, so as to block attacker to this
The attack of the network equipment, it can effectively take precautions against ddos attack user.
As shown in Fig. 2 a kind of apparatus structure schematic diagram of anti-DDos attacks for another embodiment of the present invention, described anti-
The device of DDos attacks can be that can connect the arbitrary equipment of internet, for example, router, terminal device, handheld device, computer,
Notebook etc..
The device of the anti-DDos attacks includes main wan interface 201, auxiliary wan interface 202, LAN interface 203, wirelessly connect
Mouth 204, monitor 205, processor 206, memory 207 and bus 208, the main wan interface 201, the auxiliary wan interface
202nd, the LAN interface 203, the wave point 204, the monitor 205, the processor 206 and the memory 207
It is connected with each other by the bus 208.
In the present embodiment, the main wan interface 201, auxiliary wan interface 202, LAN interface 203, wave point 204 are used for
The work of the network equipment and other communication equipments, wherein, the MAC Address and the auxiliary WAN of the main wan interface 201
The MAC Address of interface 202 is different.
In another embodiment of the invention, the auxiliary wan interface 202 can be the wan interface newly increased, can also
Pass through software merit rating.
In another embodiment of the invention, the wave point 204 includes transmission antenna and transtation mission circuit.
In embodiments of the present invention, the processor 206 can be CPU (Central Processing
Unit, CPU), the processor 206 can also be other general controls processors, digital signal processor (Digital Signal
Processing, DSP), it is application specific integrated circuit (Application Specific Integrated Circuit, ASIC), existing
It is field programmable gate array (Field-Programmable GateArray, FPGA) or other PLDs, discrete
Door or transistor logic, discrete hardware components etc..The general controls processor can be microcontrol processor or
It is any conventional control processor, such as single-chip microcomputer etc..
The memory 207 is used for store program codes or instruction, and described program code includes computer-managed instruction, institute
State processor 206 to be used to perform program code or the instruction that the memory 207 stores so that the processor 206 performs phase
The function of pass, it is described in detail below.
The memory 207 may include high-speed RAM memory, it is also possible to also including nonvolatile memory (non-
Volatile memory), a for example, at least magnetic disk storage, for example, can be used for storing threshold value.
The bus 208 can be industry standard architecture (Industry StandardArchitecture, ISA)
Bus, Peripheral Component Interconnect standard (Peripheral Component Interconnect, PCI) bus or extension industry mark
Quasi- structure (Extended Industry StandardArchitecture, EISA) bus etc..The system of bus 208 can divide
For address bus, data/address bus, controlling bus etc..For ease of representing, only represented in figure with a thick line, it is not intended that only
A piece bus or a type of bus.
Whether the monitor 205, the main wan interface 201 for listening to the network equipment attack by DDoS
Hit.
For example, whether the monitor 205 monitors the main wan interface 201 by ddos attack, for example, the monitoring
Whether the visit capacity that device 205 monitors the main wan interface 201 in the scheduled time is more than or equal to threshold value, for example, the main WAN
Whether the number of visitors or flowing of access of interface 201 are more than or equal to corresponding threshold value.
If the visit capacity that monitor 205 monitors the main wan interface 201 is more than or equal to threshold value, the monitor 205
Determine the main wan interface 201 by ddos attack;If the visit capacity that monitor 205 monitors the main wan interface 201 is small
In threshold value, the monitor 205 determines the main wan interface 201 not by ddos attack.
The processor 206, is used for, if the monitor 205 determines the main wan interface 201 by ddos attack,
Deactivate the main wan interface 201 of the network equipment.
For example, the main wan interface 201 that the processor 206 deactivates the network equipment includes:The processor
206 disconnect or disable the Internet connection of the main wan interface 201.
In another embodiment of the invention, when the processor 206 disconnects or disables the net of the main wan interface 201
When network layers connect, the processor 206 is additionally operable to discharge the IP address of the main wan interface 201, discharges the main wan interface
201 related data configurations, delete the routing iinformation of the main wan interface 201.
The processor 206 is additionally operable to activate the auxiliary wan interface 202 of the network equipment so as to the company of dialing again
It is connected to network.
For example, the auxiliary wan interface 202 that the processor 206 activates the network equipment includes:The processor
206 enable the auxiliary wan interface 202 of the network equipment.In another embodiment of the present invention, when the processor 206
When enabling the auxiliary wan interface 202, it is additionally operable to obtain the IP address of the auxiliary wan interface 202, according to the acquisition
IP address more new routing information, so that the network equipment passes through institute according to the routing iinformation after the new IP address of acquisition and renewal
State auxiliary wan interface 202 and be connected to network, such as internet.
The processor 206, if the main wan interface 201 is additionally operable to not by ddos attack, it is determined that being continuing with institute
State main wan interface 201.
In another embodiment of the present invention, the monitor 205 is additionally operable to continue the visit for monitoring the main wan interface 201
The amount of asking.
Because the MAC Address of the main wan interface 201 and the MAC Address of the auxiliary wan interface 202 are different, institute
So that the IP address that the IP address and the auxiliary wan interface 202 that the main wan interface 201 uses when enabling use when enabling is mutual
Differ.Therefore, when the processor 206 enables auxiliary 202 dialup networking again of wan interface, equivalent to the auxiliary WAN
Interface 202 obtains new IP address, generates new route, and attacker is still using IP address (the i.e. described master being released
The IP address that wan interface 201 uses when enabling) it is used as purpose IP attack victim, and the IP of now described main wan interface 201
Address has been not present, and so as to block attack of the attacker to present networks equipment, can effectively take precautions against ddos attack user.
In summary, the method and apparatus of the anti-ddos attack of foregoing description, serviced without closing, do not influence system work(
Energy;Moreover, need not think to check daily record, realized completely by system, save manpower;Further, it is complete without increasing hardware cost
Realized full by code, it is portable strong.
In several embodiments provided herein, it should be understood that disclosed system, apparatus and method can be with
Realize by another way.For example, device embodiment described above is only schematical, for example, the module or
The division of unit, only a kind of division of logic function, can there are other dividing mode, such as multiple units when actually realizing
Or component can combine or be desirably integrated into another system, or some features can be ignored, or not perform.It is another, institute
Display or the mutual coupling discussed or direct-coupling or communication connection can be by some interfaces, device or unit
INDIRECT COUPLING or communication connection, can be electrical, mechanical or other forms.
The unit illustrated as separating component can be or may not be physically separate, show as unit
The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
On NE.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs
's.
In addition, each functional unit in each embodiment of the application can be integrated in a processing unit, can also
That unit is individually physically present, can also two or more units it is integrated in a unit.Above-mentioned integrated list
Member can both be realized in the form of hardware, can also be realized in the form of SFU software functional unit.
If the integrated unit is realized in the form of SFU software functional unit and is used as independent production marketing or use
When, it can be stored in a computer read/write memory medium.Based on such understanding, the technical scheme of the application is substantially
The part to be contributed in other words to prior art or all or part of the technical scheme can be in the form of software products
Embody, the computer software product is stored in a storage medium, including some instructions are causing a computer
It is each that equipment (can be personal computer, server, or network equipment etc.) or processor (processor) perform the application
The all or part of step of embodiment methods described.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage
(Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disc or CD
Etc. it is various can be with the medium of store program codes.
Described above, above example is only to illustrate the technical scheme of the application, rather than its limitations;Although with reference to before
Embodiment is stated the application is described in detail, it will be understood by those within the art that:It still can be to preceding
State the technical scheme described in each embodiment to modify, or equivalent substitution is carried out to which part technical characteristic;And these
Modification is replaced, and the essence of appropriate technical solution is departed from the spirit and scope of each embodiment technical scheme of the application.
Claims (10)
- A kind of 1. method of preventing distributed refusal service DDoS attack, it is characterised in that the main wide area network WAN of network equipments configuration connects Mouth and auxiliary wan interface, wherein, the MAC Address of the physical MAC address of the main wan interface and the auxiliary wan interface is mutual not Identical, methods described includes:When listening to the main wan interface of the network equipment by ddos attack, the described of the network equipment is deactivated Main wan interface;The auxiliary wan interface of the network equipment is activated to be dial-up connection to network again.
- 2. the method for claim 1, wherein the main wan interface for deactivating the network equipment includes:It is disconnected Open the Internet connection of the main wan interface.
- 3. the method for claim 1, wherein methods described also includes:The IP address of the main wan interface is discharged, is released The related data configuration of the main wan interface is put, deletes the routing iinformation of the main wan interface.
- 4. the method for claim 1, wherein methods described also includes:The IP address of the auxiliary wan interface is obtained, According to the IP address of the acquisition more new routing information.
- 5. the method as described in claim 1-4 any one, wherein, the auxiliary WAN of the activation network equipment Interface includes:Enable the auxiliary wan interface of the network equipment.
- A kind of 6. device of preventing distributed refusal service DDoS attack, it is characterised in that including:Main wide area network wan interface and auxiliary wan interface, wherein, the physical MAC address of the main wan interface and the auxiliary WAN The MAC Address of interface is different;Monitor, for whether monitoring the main wan interface by preventing distributed refusal service DDoS attack;Processor, for when the monitor listens to the main wan interface by ddos attack, deactivating the network and setting The standby main wan interface, the auxiliary wan interface is activated to be dial-up connection to network again.
- 7. device as claimed in claim 6, wherein, the processor is used for the main WAN for deactivating the network equipment Interface specifically includes:The processor, the Internet for disconnecting the main wan interface connect.
- 8. device as claimed in claim 6, wherein, the processor, it is additionally operable to discharge the IP address of the main wan interface, The related data configuration of the main wan interface is discharged, deletes the routing iinformation of the main wan interface.
- 9. device as claimed in claim 6, wherein, the processor is additionally operable to obtain the IP address of the auxiliary wan interface, According to the IP address of the acquisition more new routing information.
- 10. the device as described in claim 6-9 any one, wherein, the processor is used to activate the network equipment The auxiliary wan interface includes:The processor is used for the auxiliary wan interface for enabling the network equipment.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711082146.5A CN107888580A (en) | 2017-11-07 | 2017-11-07 | A kind of method and device of anti-ddos attack |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711082146.5A CN107888580A (en) | 2017-11-07 | 2017-11-07 | A kind of method and device of anti-ddos attack |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107888580A true CN107888580A (en) | 2018-04-06 |
Family
ID=61779170
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711082146.5A Withdrawn CN107888580A (en) | 2017-11-07 | 2017-11-07 | A kind of method and device of anti-ddos attack |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107888580A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109194692A (en) * | 2018-10-30 | 2019-01-11 | 扬州凤凰网络安全设备制造有限责任公司 | Prevent the method that network is attacked |
-
2017
- 2017-11-07 CN CN201711082146.5A patent/CN107888580A/en not_active Withdrawn
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109194692A (en) * | 2018-10-30 | 2019-01-11 | 扬州凤凰网络安全设备制造有限责任公司 | Prevent the method that network is attacked |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3226508B1 (en) | Attack packet processing method, apparatus, and system | |
WO2017148263A1 (en) | Prevention and control method, apparatus and system for network attack | |
CA2541156C (en) | System and method for dynamic distribution of intrusion signatures | |
JP5504256B2 (en) | Network recognition adapter for applications | |
US20080229382A1 (en) | Mobile access terminal security function | |
Choi | Implementation of content-oriented networking architecture (CONA): a focus on DDoS countermeasure | |
WO2015176445A1 (en) | Preset networked address firewall isolation application system for mobile terminal | |
WO2019237813A1 (en) | Method and device for scheduling service resource | |
EP3863317A1 (en) | Method and device for determining category information | |
WO2016180181A1 (en) | Service function deployment method and apparatus | |
EP2561708A1 (en) | Method and apparatus for determining access point service capabilities | |
US20070011731A1 (en) | Method, system & computer program product for discovering characteristics of middleboxes | |
CA2680231A1 (en) | System and method for providing data and device security between external and host devices | |
CN105357180B (en) | Network system, the hold-up interception method of attack message, device and equipment | |
CN105337890B (en) | A kind of control strategy generation method and device | |
ES2738106T3 (en) | Processing procedure for network address translation technology, NAT device and BNG device | |
CN100420197C (en) | Method for guarding against attack realized for networked devices | |
CN106656648B (en) | Application flow dynamic protection method and system based on home gateway and home gateway | |
CN104125213A (en) | Distributed denial of service DDOS attack resisting method and device for firewall | |
CN110505243A (en) | The processing method and processing device of network attack, storage medium, electronic device | |
CN101599889A (en) | Prevent the method for MAC address spoofing in a kind of ethernet switching device | |
CN101141396B (en) | Packet processing method and network appliance | |
Wang et al. | Insecurity of operational cellular IoT service: new vulnerabilities, attacks, and countermeasures | |
CN107888580A (en) | A kind of method and device of anti-ddos attack | |
WO2015018200A1 (en) | Method and apparatus for upgrading detection engine in firewall device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
TA01 | Transfer of patent application right | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20200818 Address after: 318015 no.2-3167, zone a, Nonggang City, no.2388, Donghuan Avenue, Hongjia street, Jiaojiang District, Taizhou City, Zhejiang Province Applicant after: Taizhou Jiji Intellectual Property Operation Co.,Ltd. Address before: 201616 Shanghai city Songjiang District Sixian Road No. 3666 Applicant before: Phicomm (Shanghai) Co.,Ltd. |
|
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20180406 |