CN111490961B - Communication connection blocking system, method, device and equipment - Google Patents
Communication connection blocking system, method, device and equipment Download PDFInfo
- Publication number
- CN111490961B CN111490961B CN201910074373.6A CN201910074373A CN111490961B CN 111490961 B CN111490961 B CN 111490961B CN 201910074373 A CN201910074373 A CN 201910074373A CN 111490961 B CN111490961 B CN 111490961B
- Authority
- CN
- China
- Prior art keywords
- message
- blocking
- mirror image
- content providing
- providing server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/304—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting circuit switched data communications
Abstract
The embodiment of the invention provides a system, a method, a device and equipment for blocking communication connection, wherein the system comprises: blocking devices, mirroring devices, and clients and content providing servers in a network of VPCs. The client generates a communication packet corresponding to the content retrieval request. And the blocking equipment receives and determines the legality of the mirror image message corresponding to the communication message. If the mirror image message is an illegal message, the blocking device generates a blocking message including a network identifier, wherein the network identifier corresponds to the network to which the content providing server belongs. The blocking equipment can send the blocking message to a correct content providing server according to the network identification so as to disconnect the communication connection between the blocking equipment and the correct content providing server. Based on the capability of determining the network identifier of the blocking device, the blocking message can be directly sent to the content providing server, so that the transmission path of the blocking message is greatly shortened, the influence of the network state on the transmission of the blocking message is avoided, and the success rate of blocking communication connection is improved.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a system, a method, a device, and an apparatus for blocking a communication connection.
Background
A Private network (VPC) is an isolated network environment constructed based on Cloud services, and each VPC network is independent. In order to ensure secure communication between communication devices in each VPC network, a blocking device is provided in addition to the communication devices in the communication system based on the VPC network. The blocking device is used for monitoring whether an illegal access request exists in the communication system. If there is an illegal access request, the blocking device will block the connection between the communication devices to avoid the adverse effect of the illegal access request on the communication system.
In the prior art, common communication connection blocking methods include series blocking and bypass blocking. However, when using these two methods, the blocking success rate of the communication connection is easily affected by the network status, resulting in a low blocking success rate. Therefore, how to increase the blocking success rate of the communication connection becomes an urgent problem to be solved.
Disclosure of Invention
In view of this, embodiments of the present invention provide a system, a method, a device and an apparatus for blocking a communication connection, so as to improve a success rate of blocking the communication connection.
In a first aspect, an embodiment of the present invention provides a system for blocking a communication connection, including: the system comprises a client, a mirror image processing device, a blocking device and a content providing server;
the client is used for generating and sending an original communication message to the mirror image processing equipment;
the mirror image processing device is used for carrying out mirror image processing on the original communication message to obtain a mirror image message corresponding to the original communication message;
the blocking device is configured to receive the mirror image packet sent by the mirror image processing device, and determine a network identifier corresponding to the content providing server if the mirror image packet is an illegal packet; generating a first blocking message according to the network identifier; and sending the blocking message to the content providing server so that the content providing server breaks the communication connection with the client after receiving the first blocking message, wherein the illegal message corresponds to the illegal access operation triggered by the client.
In a second aspect, an embodiment of the present invention provides a method for blocking a communication connection, including:
receiving a mirror image message corresponding to an original communication message generated by a client;
if the mirror image message is an illegal message, determining a network identifier corresponding to a content providing server, wherein the illegal message corresponds to an illegal access operation triggered by a user through the client;
generating a first blocking message according to the network identifier;
and sending the first blocking message to a content providing server so that the content providing server disconnects the communication connection with the client after receiving the first blocking message.
In a third aspect, an embodiment of the present invention provides a device for blocking a communication connection, including:
the receiving module is used for receiving a mirror image message corresponding to an original communication message generated by a client;
a first determining module, configured to determine a network identifier corresponding to a content providing server if the mirror image packet is an illegal packet, where the illegal packet corresponds to an illegal access operation triggered by a user through the client;
the generating module is used for generating a first blocking message according to the network identifier;
and the sending module is used for sending the first blocking message to a content providing server so that the content providing server disconnects the communication connection with the client after receiving the first blocking message.
In a fourth aspect, an embodiment of the present invention provides an electronic device, including a processor and a memory, where the memory is used to store one or more computer instructions, and when the one or more computer instructions are executed by the processor, the method for blocking a communication connection in the second aspect is implemented. The electronic device may also include a communication interface for communicating with other devices or a communication network.
An embodiment of the present invention provides a computer storage medium for storing and storing a computer program, where the computer program is used to enable a computer to implement the method for blocking a communication connection in the second aspect when executed.
The communication connection blocking system provided by the embodiment of the invention comprises: a client, a mirror processing device, a blocking device, and a content providing server. The client is used for generating and sending the original communication message to the mirror image processing equipment. After receiving the original communication message, the mirror image processing device performs mirror image processing on the original communication message, and sends the mirror image message obtained through mirror image processing to the blocking device. The mirror image processing may also be understood as copying, and the mirror image packet corresponding to the original communication packet is a copy of the original communication packet. And then, the blocking equipment receives the mirror image message. If the received mirror image message is an illegal message corresponding to the illegal access operation of the user, the blocking device determines a network identifier corresponding to the content providing server, generates a first blocking message according to the network identifier, and directly sends the first blocking message to the content providing server. After the content providing server receives the first blocking message, the communication connection between the content providing server and the client side can be disconnected, so that the content providing server is prevented from responding to an illegal message, and adverse effects are generated on a communication system.
In the prior art, the blocking message usually needs to pass through many devices before it can be finally transmitted to the content providing server. Therefore, when the network state is unstable, the transmission time of the blocking message is long, and the blocking message cannot be transmitted to the content providing server in time, so that the communication connection between the blocking message and the client cannot be successfully blocked, and the blocking success rate of the communication connection is greatly reduced. As can be seen from the above description, in the system provided by the present invention, the blocking device itself has the capability of determining the network identifier, and then it can generate the first blocking packet including the network identifier and directly send the first blocking packet to the content providing server, where the transmission path of the first blocking packet is short, that is, the number of devices that pass through during the transmission process is small, and therefore, the unstable network state does not affect the transmission of the blocking packet, thereby improving the success rate of blocking the communication connection between the client and the content providing server.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a blocking system for communication connection according to an embodiment of the present invention;
FIG. 2 is a signaling diagram of an interaction process between devices in the system of FIG. 1;
fig. 3 is a schematic structural diagram of another blocking system for communication connection according to an embodiment of the present invention;
fig. 4 is a flowchart of a method for blocking a communication connection according to an embodiment of the present invention;
FIG. 5 is a flow chart of an alternative implementation of step 103 in the embodiment shown in FIG. 4;
fig. 6 is a flowchart of another method for blocking a communication connection according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a blocking apparatus for communication connection according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of an electronic device corresponding to the blocking apparatus for communication connection provided in the embodiment shown in fig. 7.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terminology used in the embodiments of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the examples of the present invention and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, and "a" and "an" generally include at least two, but do not exclude at least one, unless the context clearly dictates otherwise.
It should be understood that the term "and/or" as used herein is merely a relationship that describes an associated object, meaning that three relationships may exist, e.g., a and/or B, may represent: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
The words "if," "if," as used herein may be interpreted as "at … …" or "at … …" or "in response to a determination" or "in response to a recognition," depending on the context. Similarly, the phrases "if determined" or "if identified (a stated condition or event)" may be interpreted as "when determined" or "in response to a determination" or "when identified (a stated condition or event)" or "in response to an identification (a stated condition or event)", depending on the context.
It is also noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a good or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such good or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of additional like elements in the article of commerce or system in which the element is comprised.
In practical applications, a communication connection is usually maintained between the client and the server. However, in order to ensure the security of communication, when one party of communication performs an illegal access operation, the communication connection between the two parties of communication needs to be disconnected. Wherein the user can trigger the access operation through the client. And legitimacy for access operations:
when a user triggers an access operation through a client to acquire content from a server, if the acquired content contains sensitive information, the access operation triggered by the user is an illegal access operation; and if the acquired content does not contain the sensitive information, the access operation triggered by the user is legal access operation. When the user account is abnormal, any operation triggered by the user through the client, such as an opening operation of the client or a clicking operation in a client interface, can be considered as an illegal access operation.
Based on the above description, fig. 1 is a schematic structural diagram of a blocking system for communication connection according to an embodiment of the present invention. As shown in fig. 1, the system may include: a client 11, an image processing device 12, a blocking device 13, and a content providing server 14.
The client 11 may generate an original communication packet and send the original communication packet to the mirror processing device 12. Alternatively, the client 11 may be installed in a terminal device used by a user, and in one case, the client 11 may generate the original communication packet in response to a client start operation triggered by the user. Conventionally, a communication connection may be established between the client terminal 11 and the content providing server 14 by means of a three-way handshake. In the process of establishing connection, the original communication packet may correspond to a handshake signal. Alternatively, the client 11 may also generate the original communication packet in response to a click operation triggered by the user in an operation interface provided by the client. The above opening operation and the clicking operation may be understood as an access operation triggered by a user, that is, an original communication packet corresponds to the access operation triggered by the user. The client 11 then sends the generated original communication packet to the mirroring device 12.
Of course, in any case, the generated original communication packet may optionally include a sender identifier and a receiver identifier, where the two identifiers are used to respectively indicate the corresponding two parties of sending and receiving the packet. In practical applications, the sender identifier may be specifically expressed as an IP address of the sender, which may also be referred to as a source IP address, and the receiver identifier may be specifically expressed as an IP address of the receiver, i.e., a destination IP address. And in general, the sender may be a client and the receiver may be a content providing server. Of course, the roles of the two may be interchanged.
The mirror image processing device 12 is configured to receive and perform mirror image processing on the received original communication packet to generate a mirror image packet corresponding to the original communication packet, where the mirror image processing may be understood as copying of the original communication packet, and the mirror image packet is also a copy of the original communication packet. At this time, the mirror message also corresponds to an access operation triggered by the user.
Alternatively, in practical applications, the mirror image processing device 12 may specifically be composed of a beam splitter and a splitter. In the VPC network, data is usually transmitted in an optical fiber by using an optical signal as a carrier, that is, information corresponding to various messages generated by different devices is included in the optical signal. Therefore, the optical splitter may receive the original optical signal including the information corresponding to the original communication packet, and then split the original optical signal, so as to obtain the first optical signal and the second optical signal. Compared with the original optical signal, the two optical signals contain the same information, but the signal intensity is halved. The splitter will then send the two optical signals to the blocking device 13 and the content providing server 14, respectively. After the content providing server 14 receives the information corresponding to the original communication packet in the second optical signal, corresponding content may be returned to the client.
The blocking device 13 is configured to receive the mirror image packet in the second optical signal, and further determine whether the mirror image packet is an illegal packet. Since the mirror message is a copy of the original communication message, the above-mentioned judgment is actually to determine whether the original communication message is an illegal message. The legality of the message is actually embodied by the legality of the access operation triggered by the user, the legal access operation corresponds to the legal message, and the illegal access operation corresponds to the illegal message.
If the mirror image packet is an illegal packet, which indicates that the access operation triggered by the user is an illegal access operation, the blocking device 13 may determine the network identifiers of the VPC networks to which the client 11 and the content providing server 14 belong, where the network identifiers may specifically include a network ID and a network IP. Wherein, for a client and a content providing server which can communicate, both are usually located in the same VPC network. And in the practical application of the method,
the blocking device 13 then generates a first blocking message according to the network identifier and sends the first blocking message to the content providing server 14. The first blocking message also includes a transceiver identifier, a network identifier and a network address which are the same as those of the encapsulation message. Optionally, the blocking device 13 may also send the first blocking message to the client 11 at the same time as sending the first blocking message to the content providing server 14. In practical applications, the first blocking packet may specifically be an rst (reset) packet. After the client 11 or the content providing server 14 receives the first blocking message, the communication connection with the other party is automatically disconnected, so that adverse effects on the communication system caused by illegal messages are avoided.
It should be noted that the blocking device 13 and the mirroring device 12 provided in this embodiment and the following embodiments can serve a plurality of VPC networks at the same time. Therefore, when the same network identifier and network address as those of the encapsulation packet are included in the first blocking packet, the blocking device 13 can more accurately transmit the first blocking packet to the corresponding content providing server 14.
For the judgment of the validity of the mirror image message, in an optional manner, the blocking device 13 may determine the validity of the message according to the identifiers of the transmitting party and the receiving party, which are the identifiers of the transmitting party and the receiving party, included in the mirror image message. Specifically, if the sender identifier and the receiver identifier included in the mirror image message satisfy the preset connection prohibition relationship, indicating that the two parties of the sender and the receiver have the preset connection prohibition relationship, the blocking device 13 may determine that the mirror image message is an illegal message. This prohibited connection relationship may be pre-stored locally in the blocking device 13.
Alternatively, the mirror message may further include a URL link, where the URL link is used to indicate an access request of the user. The blocking device 13 may also determine the validity of the message based on the URL link included in the mirrored message. Specifically, if the URL link included in the mirror image message is a preset access prohibited link, which indicates that the URL link itself is an illegal link, and access to the URL link is likely to cause adverse effects on the communication system, the blocking device 13 may determine that the mirror image message is an illegal message. Likewise, the preset no access connection may be pre-stored locally at the blocking device 13.
Of course, the blocking device 13 may also determine the validity of the mirror message according to the identification of the transmitting/receiving party and the URL link.
The above description is directed to the case where the mirror message is an illegal message. And for the case of a legitimate message: the splitter in the mirroring device 12 still sends the first optical signal and the second optical signal to the blocking device 13 and the content providing server 14, respectively, and when the blocking device 13 determines that the mirrored message is a legal message, the blocking device 13 does not generate the first blocking message. Meanwhile, the second optical signal will continue to be transmitted, and after the content providing server 14 receives the second optical signal, that is, receives the original communication packet, the communication connection between itself and the client 11 will be established. And the content providing server 14 may also give corresponding feedback on the access request sent by the client 11.
In this embodiment, the client 11 is configured to generate and send an original communication packet to the mirror image processing device 12. After receiving the original communication packet, the mirror image processing device performs mirror image processing on the original communication packet, and sends the mirror image packet obtained by the mirror image processing to the blocking device 13. The mirror image processing may also be understood as copying, and the mirror image packet corresponding to the original communication packet is a copy of the original communication packet. The blocking device 13 then receives the mirrored message. If the received mirror image message is an illegal message corresponding to an illegal access operation of the user, the blocking device 13 determines a network identifier corresponding to the content providing server, and generates a first blocking message according to the network identifier. Finally, this first blocking message is sent directly to the content providing server 14. After the content providing server 14 receives the first blocking message, the communication connection between the content providing server 14 and the client can be disconnected, so that the content providing server 14 is prevented from responding to an illegal message, and a bad influence is generated on a communication system.
In the prior art, the blocking message generally needs to pass through many devices before it can be finally transmitted to the content providing server 14. Therefore, when the network state is unstable, the transmission time of the blocking message is long, and the blocking message cannot be transmitted to the content providing server 14 in time, so that the communication connection between the blocking message and the client 11 cannot be successfully blocked, and the blocking success rate of the communication connection is greatly reduced. As can be seen from the above description, in the system provided by the present invention, based on the capability of the blocking device 13 to determine the network identifier, the first blocking packet may be directly sent to the content providing server 14, and the number of devices that the first blocking packet passes through during the transmission process is small, that is, the transmission path of the blocking packet is greatly shortened, so that even if the network state is unstable, the transmission of the blocking packet is not affected, and thus the success rate of blocking the communication connection between the client 11 and the content providing server 14 is improved.
It should be noted that, on the basis of the above description, fig. 2 is a signaling diagram of interaction between devices in the system embodiment shown in fig. 1, and the above embodiment may also be understood by combining this signaling diagram.
Fig. 3 is a schematic structural diagram of another blocking system for communication connection according to an embodiment of the present invention, as shown in fig. 3. Since each VPC network may include a plurality of clients and a plurality of content providing servers, in order to ensure normal communication between each client and a content providing server and also ensure successful blocking of communication connection therebetween, on the basis of the system shown in fig. 1, the system may further include: a first switching device 21 and a communication network 22.
In practical applications, the first switching device 21 may be a Switch (Switch), for example. The communication Network 22 may be a Metropolitan Area Network (MAN) switching Network.
At this time, after the blocking device 13 generates the first blocking message, the first blocking message sequentially passes through the blocking device 13, the communication network 22, and the first switching device 21, and is finally sent to the content providing server 14. The above transmission path may be referred to as a first path. It can be seen that the number of devices that the first blocking message passes through during the transmission to the content providing server 14 is small, which greatly shortens the transmission time of the first blocking message, so that the content providing server 14 can receive the first blocking message in time and disconnect the communication connection with the client terminal 11 in time, thereby improving the blocking success rate of the communication connection.
However, in practical applications, if there is only one transmission path for the blocking message, when the transmission path fails, the communication connection between the client 11 and the content providing server 14 cannot be successfully blocked. Accordingly, the system may further comprise: a second switching device 23 and a gateway device 24. The device can provide another transmission path for blocking the message.
When the mirror image message is determined to be an illegal message, the blocking device 13 generates a first blocking message and also generates a second blocking message according to the identification of the transmitting and receiving party in the mirror image message, wherein the second blocking message comprises the identification of the transmitting and receiving party which is the same as the mirror image message. And this second blocking message is in turn sent to the gateway device 24 via the communication network 22 and the second switching device 23. In practical applications, the second switching device 23 may be a Switch that is the same as the first switching device, or may be a load balancing Switch (LSW).
The gateway device 24 receives and encapsulates the second blocking packet to obtain a third blocking packet. This encapsulation process may be understood as a process of determining a network identity corresponding to the content providing server and adding it to the blocking message. The third blocking message obtained after encapsulation also includes the identification of the transceiver, the network identification of the VPC network to which the client 11 and the content providing server 14 belong. It can be seen that the content contained in the third blocking message is identical to that contained in the first blocking message, and the names are different only for distinguishing the different generation devices. Then, the third blocking message passes through the gateway device 24, the second data exchange device 23, the image processing device 12, the communication network 22, the first data exchange device 21, and finally reaches the content providing server 14. The above-described transmission path may be referred to as a second path. Optionally, the mirroring device 12 may not mirror the received blocking packet. In practical application, the third blocking message obtained after encapsulation may specifically be a vxlan message, and the ID of the vxlan message may represent the network ID in the network identifier. The number of devices that the second path passes through is increased by a large amount compared to the first path, which results in a longer transmission time for the third blocking message than for the first blocking message.
In a normal case, both the first blocking message and the third blocking message are sent to the content providing server 14. Since the first blocking message will reach the content providing server 14 first, the blocking of the communication connection between the first blocking message and the client terminal 11 is usually accomplished through the first path. When the first path fails, the third blocking message is still transmitted to the content providing server 14 along the second path, so that the content providing server 14 may still disconnect the communication connection between itself and the client terminal 11 after receiving the third blocking message, thereby ensuring that the communication connection between the two can be normally blocked, and thus the second path also has the effect of a backup path.
As can be seen from the above description, in the process of transmitting the first blocking packet and the third blocking packet to the content providing server 14 via the first path and the second path, respectively, the process of determining the network identifier corresponding to the content providing server is involved, but the execution subject is different.
For the encapsulation processing of the gateway device 24, in an optional manner, the gateway device 24 may locally store a preset corresponding relationship between the transceiver identifier and the network identifier, and the gateway device 24 may encapsulate the second blocking packet according to the preset corresponding relationship, that is, add the network identifier to the second blocking packet to obtain a third blocking packet. And the preset corresponding relation can be configured by the artificial gateway device.
For the encapsulation processing of the blocking device 13, in an optional manner, the blocking device 13 may receive the mirror image messages corresponding to the historical original communication message and the historical encapsulation message, where the mirror image message corresponding to the historical original communication message includes the transceiver identifier, and the mirror image message corresponding to the historical encapsulation message includes the transceiver identifier and the network identifier. For the sake of simplicity, the mirror message corresponding to the historical original communication message is referred to as a first mirror message, the mirror message corresponding to the historical encapsulation message is referred to as a second mirror message, and the first mirror message and the second mirror message are both sent by the mirror processing device 12.
And then, associating the first mirror image message and the second mirror image message with the same transceiver identification, and further determining a preset corresponding relation between the transceiver identification and the network identification according to the association relation between the mirror image messages. At this time, the determined preset correspondence is the same as the preset correspondence stored locally by the network device 24. Finally, the blocking device 13 determines the network identifier corresponding to the content providing server according to the established preset corresponding relationship. For the first mirror image packet and the second mirror image packet, an optional obtaining manner is that any historical original communication packet generated by the client 11 within a preset time period is sent to the mirror image processing device 12 through the communication network 22. After the mirror image processing, the mirror image processing device 12 may generate a mirror image packet corresponding to the original communication packet, i.e. a first mirror image packet. At the same time, this historical original communication message is transmitted again via the second data switching device 23 to the gateway device 24. At this time, the gateway device 24 packages the historical original communication packet to obtain a historical packaged packet, the historical packaged packet is transmitted to the mirror processing device 12 through the second data exchange device 23, and the mirror processing device 12 performs mirror processing on the historical packaged packet to obtain a second mirror packet. The mirror processing device 12 may send both the first mirror packet and the second mirror packet to the blocking device 13, so that the blocking device 13 receives the mirror packets. It should be noted that the historical original communication messages are all legal messages.
As can be seen from the above description, the process of determining the network identifier by the blocking device is also performed according to the preset corresponding relationship between the transceiver identifier and the network identifier, but the preset corresponding relationship is obtained by learning the blocking device 13 by using the mirror messages corresponding to the historical original communication message and the historical encapsulation message.
Similar to the embodiment shown in fig. 1, when the original communication packet generated by the client 11 is transmitted to the mirroring device 12 along the communication network 22, the optical splitter and the optical splitter in the mirroring device 12 may generate a first optical signal and a second optical signal, wherein the first optical signal corresponds to the mirrored packet, and the second optical signal corresponds to the original communication packet, and of course, the two packets include identical information. These two optical signals may be transmitted to the blocking apparatus 13 and the content providing server 14, respectively. When the blocking device 13 determines that the received mirror image message is a legal message, the first blocking message is not generated. Meanwhile, after the original communication packet has passed through the client 11, the communication network 22 and the image processing device 12, the original communication packet also passes through the second data exchange device 23, the gateway device 24, the second data exchange device 23, the communication network 22, the first data exchange device 21 and the content providing server 14 in sequence. The transmission path may be referred to as a third path, and all legitimate packets are transmitted to the content providing server 14 through the third path.
Alternatively, in practical applications, after the client 11 generates an original communication message, the message may be transmitted to the communication network 22 through the operator network to which the terminal device installed in the client 11 belongs.
In this embodiment, on the basis of the embodiments shown in fig. 1 to fig. 3, the system may further include a first data switching device 21, a communication network 22, a second data switching device 23, and a gateway device 24. The addition of these devices can provide two transmission paths, namely a first path and a second path, for the blocking message, and the number of devices passing through the process of transmitting the blocking message along the first path is small, and the required transmission time is short, so that the blocking message can be transmitted to the content providing server 14 in time, the communication connection between the blocking message and the client 11 is successfully blocked, and the blocking success rate of the communication connection is greatly improved. When the first path fails, a blocking message may be transmitted through the second path, so as to block the communication connection between the client terminal 11 and the content providing server 14. That is, in different cases, the blocking message may be transmitted by using different paths to block the communication connection between the client terminal 11 and the content providing server 14, thereby improving the success rate of the communication connection blocking.
In addition, the sequence of steps in the embodiments of the methods described below is merely an example, and is not strictly limited.
Fig. 4 is a flowchart of a method for blocking a communication connection according to an embodiment of the present invention. The blocking method for communication connection provided by the embodiment of the present invention may be executed by the blocking device 13 in the embodiment shown in fig. 1 to fig. 3, as shown in fig. 4, the method includes the following steps:
s101, receiving a mirror image message corresponding to an original communication message generated by a client.
S102, if the mirror image message is an illegal message, determining a network identifier corresponding to the content providing server.
S103, generating a first blocking message according to the network identifier.
S104, sending the first blocking message to the content providing server so that the content providing server disconnects the communication connection with the client after receiving the first blocking message.
Specifically, the client 11 may alternatively be installed in a terminal device used by the user. The user may cause the client 11 to generate the original communication packet by triggering a start operation of the client or by a click operation triggered in an operation interface provided by the client. This original communication message corresponds to the access operation triggered by the user through the client 11. The client 11 will send the original communication message to the mirror processing device 12. Then, the mirror processing device 12 performs mirror processing on the received original communication packet to generate a mirror packet, and further sends the mirror packet to the blocking device 13. At this time, the blocking device 13 also acquires the mirror image packet corresponding to the original communication packet. The mirroring process on the original communication packet may be understood as a copy of the original packet, and therefore, the mirrored packet obtained by the mirroring device 12 and the original communication packet are identical packets, which may include the identification of the transmitting and receiving parties. Optionally, the mirror message and the original communication message may also include a URL link indicating the access request of the user. The mirror message, like the original communication message, also corresponds to an access operation triggered by the user via the client 11.
After receiving the mirror image message, the blocking device 13 will also determine whether the mirror image message is an illegal message. If the mirror image message is determined to be an illegal message, which indicates that the access operation triggered by the user is an illegal access operation, a network identifier corresponding to the content providing server is further determined, wherein the network identifier may include a network ID and a network address of a VPC network to which the content providing server belongs. Then, the blocking device 13 may generate a first blocking message according to the transceiver identifier, the network identifier and the network address included in the encapsulation message, and finally send the first blocking message to the content providing server 14, so that after the content providing server 14 receives the first blocking message, the communication connection between itself and the client 11 is disconnected according to the transceiver identifier and the network identifier included in the first blocking message.
Optionally, the validity of the mirror image packet may be verified according to at least one of the sending/receiving party identifier and the URL link included in the mirror image packet, and the specific process may refer to the related description in the embodiment shown in fig. 1, which is not described herein again.
And while the blocking device 13 sends the first blocking message to the content providing server 14, optionally, the blocking device 13 may also send this first blocking message to the client 11 as well. When the client 11 receives the first blocking message, it may disconnect the communication connection between itself and the content providing server 14.
In addition, for other parts not described in detail in this embodiment, reference may be made to the related description in the embodiment shown in fig. 1 to fig. 2, and details are not repeated here.
In this embodiment, the blocking device 13 receives the mirror image packet sent by the mirror image processing device 12. If the received mirror image message is an illegal message, the blocking device 13 will determine the network identifier corresponding to the content providing server, and then generate a first blocking message according to the network identifier. Finally, this first blocking message is sent directly to the content providing server 14. After the content providing server 14 receives the first blocking message, the communication connection between the content providing server and the client 11 can be disconnected, so that the content providing server 14 is prevented from responding to an illegal message, and a bad influence is generated on a communication system. As can be seen from the above description, the first blocking message generated by the blocking device 13 itself is directly sent to the content providing server 14, and in the transmission process of the first blocking message, the transmission path is short, that is, the number of devices passing through is small, so that even if the network state is unstable, the transmission of the blocking message is not affected, and thus the success rate of blocking the communication connection between the client 11 and the content providing server 14 is improved.
Furthermore, for step 103 in the embodiment shown in fig. 4, as shown in fig. 5, an alternative implementation may be:
s201, receiving mirror image messages corresponding to the historical original communication message and the historical encapsulation message in a preset time period, wherein the mirror image message corresponding to the historical original communication message comprises a transceiver identification, and the mirror image message corresponding to the historical encapsulation message comprises a transceiver identification and a network identification.
S202, establishing an association relation between the mirror image message corresponding to the historical original communication message with the same sender-receiver identification and the mirror image message corresponding to the historical encapsulation message.
S203, determining the preset corresponding relation between the transceiver identification and the network identification according to the incidence relation.
And S204, determining the network identifier corresponding to the content providing server according to the preset corresponding relation.
The detailed process of the blocking device 13 to perform the above processing can be referred to the detailed description in the embodiment shown in fig. 3, and is not described herein again.
In addition, corresponding to the embodiment shown in fig. 3, the first blocking message generated by the blocking device 13 may be transmitted to the content providing server 14 through the first path, so that the communication connection between the client terminal 11 and the content providing server 14 is disconnected. While the first blocking message is transmitted through the first path, the first blocking message passes through the blocking device 13, the communication network 22, the first data exchange device 21, and the content providing server 14 in sequence.
However, in practical applications, if there is only one transmission path for the blocking message, when the transmission path fails, the communication connection between the client 11 and the content providing server 14 cannot be successfully blocked. Therefore, another transmission path can be provided for the blocking message. Then, after step 101 in the embodiment shown in fig. 4, as shown in fig. 6, the method for blocking a communication connection may further include the following steps:
s301, if the mirror image message is an illegal message, generating a second blocking message according to the sending and receiving party identification included in the mirror image message.
S302, sending the second blocking message to the gateway device, so that the gateway device packages the second blocking message to obtain a third blocking message, and the content providing server disconnects the communication connection with the client after receiving the third blocking message.
The steps 301-302 and the steps 102-104 are performed substantially simultaneously. That is, when the blocking device 13 determines that the mirror image packet is an illegal packet, on one hand, the blocking device 13 generates a first blocking packet, and sends the blocking packet to the content providing server 14 via the first path. On the other hand, the blocking device 13 may also generate a second blocking message including the identifier of the sender and the second blocking message is sent to the gateway device 24, so that the gateway device 24 encapsulates the second blocking device to obtain a third blocking message which is finally sent to the content providing server. The process of specifically encapsulating and generating the third packet by the gateway device 24 may refer to the relevant description in the embodiment shown in fig. 3, and is not described herein again.
And for a third blackout message generated by the gateway device 24, it may send the blackout message to the content providing server 14 according to the second path. The third blocking packet sequentially passes through the gateway device 24, the second data exchange device 23, the mirror image processing device 12, the communication network 22, the first data exchange device 21, and the content providing server 14 in the transmission process along the second path.
In this way, even when the first path is invalid, the blocking message may be transmitted to the content providing server 14 through the second path, thereby disconnecting the content providing server 14 from the communication with the client terminal 11. I.e. another backup path is provided on the basis of the first path.
In this embodiment, two different transmission paths, that is, a first path and a second path, may be provided for the blocking message, and the number of devices passing through during the transmission of the blocking message along the first path is small, and the transmission time required for the blocking message is short, so that the blocking message may be transmitted to the content providing server 14 in time, the communication connection between the blocking message and the client 11 is successfully blocked, and the blocking success rate of the communication connection is greatly improved. When the first path fails, a blocking message may be transmitted through the second path, so as to block the communication connection between the client terminal 11 and the content providing server 14. That is, in different cases, the blocking message may be transmitted by using different paths to block the communication connection between the client terminal 11 and the content providing server 14, thereby improving the success rate of the communication connection blocking.
The blocking means for a communication connection of one or more embodiments of the present invention will be described in detail below. Those skilled in the art will appreciate that these communicatively coupled blocking devices may each be configured using commercially available hardware components through the steps taught in this disclosure.
Fig. 7 is a schematic structural diagram of a blocking apparatus for communication connection according to an embodiment of the present invention, and as shown in fig. 7, the blocking apparatus includes:
the receiving module 31 is configured to receive a mirror image packet corresponding to an original communication packet generated by a client.
A first determining module 32, configured to determine a network identifier corresponding to a content providing server if the mirror image packet is an illegal packet, where the illegal packet corresponds to an illegal access operation triggered by the user through the client.
The generating module 33 is configured to generate a first blocking packet according to the network identifier.
A sending module 34, configured to send the first blocking packet to a content providing server, so that the content providing server disconnects the communication connection with the client after receiving the first blocking packet.
Optionally, the sending module 34 is specifically configured to: and sending the first blocking message to the content providing server according to a first path, wherein the first blocking message sequentially passes through a blocking device, a communication network, a first data exchange device and the content providing server in the transmission process along the first path.
Optionally, the generating module 33 is further configured to generate a second blocking message according to a sending/receiving party identifier included in the mirror image message if the mirror image message is an illegal message.
The sending module 34 is further configured to send the second blocking packet to the gateway device, so that the gateway device encapsulates the second blocking packet to obtain a third blocking packet, and the content providing server disconnects the communication connection with the client after receiving the third blocking packet, where the third blocking packet sends the blocking packet to the content providing server according to a second path, and the third blocking packet sequentially passes through the gateway device, a second data exchange device, a mirror image processing device, a communication network, a first data exchange device, and the content providing server in a transmission process along the second path.
Optionally, the apparatus further comprises: a setup module 41 and a second determination module 42.
The receiving module 31 is further configured to receive mirror messages corresponding to the historical original communication message and the historical encapsulation message in a preset time period, where the mirror message corresponding to the historical original communication message includes a transceiver identifier, and the mirror message corresponding to the historical encapsulation message includes the transceiver identifier and a network identifier.
The establishing module 41 is configured to establish an association relationship between a mirror image packet corresponding to a historical original communication packet and a mirror image packet corresponding to a historical encapsulation packet, where the mirror image packet has the same identifier of a sender and the sender.
The second determining module 42 is configured to determine the preset corresponding relationship between the transceiver identifier and the network identifier according to the association relationship.
The first determining module 12 is specifically configured to: and determining the network identification corresponding to the content providing server according to the preset corresponding relation.
Optionally, the apparatus further comprises: a third determination module 43.
The third determining module 43 is configured to determine whether the mirror image packet is an illegal packet according to at least one of a transceiver identifier and a URL link included in the mirror image packet.
Optionally, the transceiving identifier specifically includes a sender identifier and a receiver identifier;
the third determining module 43 is specifically configured to: if the sender identification and the receiver identification included in the mirror image message meet a preset connection forbidding relationship, determining that the mirror image message is an illegal message; alternatively, the first and second liquid crystal display panels may be,
and if the URL link included in the mirror image message is a preset access prohibition link, determining that the mirror image message is an illegal message.
The apparatus shown in fig. 7 can perform the method of the embodiment shown in fig. 4 to 6, and reference may be made to the related description of the embodiment shown in fig. 4 to 6 for a part not described in detail in this embodiment. The implementation process and technical effect of the technical solution are described in the embodiments shown in fig. 4 to 6, and are not described herein again.
Having described the internal functions and structure of the blocking means of the communication connection, in one possible design, the structure of the blocking means of the communication connection may be implemented as an electronic device, which may include, as shown in fig. 8: a processor 51 and a memory 52. Wherein, the memory 52 is used for storing a program for supporting the electronic device to execute the method for blocking communication connection provided in the embodiments shown in fig. 4 to fig. 6, and the processor 51 is configured to execute the program stored in the memory 52.
The program comprises one or more computer instructions which, when executed by the processor 51, are capable of performing the steps of:
receiving a mirror image message corresponding to an original communication message generated by a client;
if the mirror image message is an illegal message, determining a network identifier corresponding to a content providing server, wherein the illegal message corresponds to an illegal access operation triggered by a user through the client;
generating a first blocking message according to the network identifier;
and sending the first blocking message to a content providing server so that the content providing server disconnects the communication connection with the client after receiving the first blocking message.
Optionally, the processor 51 is further configured to perform all or part of the steps in the embodiments shown in fig. 4 to 6.
The electronic device may further include a communication interface 53 for communicating with other devices or a communication network.
In addition, an embodiment of the present invention provides a computer storage medium for storing computer software instructions for the electronic device, which includes a program for executing the method for blocking a communication connection in the method embodiments shown in fig. 4 to 6.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by adding a necessary general hardware platform, and of course, can also be implemented by a combination of hardware and software. With this understanding in mind, the above-described aspects and portions of the present technology which contribute substantially or in part to the prior art may be embodied in the form of a computer program product, which may be embodied on one or more computer-usable storage media having computer-usable program code embodied therein, including without limitation disk storage, CD-ROM, optical storage, and the like.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both permanent and non-permanent, removable and non-removable media, may implement the information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (16)
1. A system for blocking a communication connection, comprising: the system comprises a client, a mirror image processing device, a blocking device and a content providing server;
the client is used for generating and sending an original communication message to the mirror image processing equipment;
the mirror image processing device is used for carrying out mirror image processing on the original communication message to obtain a mirror image message corresponding to the original communication message;
the blocking device is used for receiving the mirror image message sent by the mirror image processing device, and if the mirror image message is an illegal message, determining a network identifier corresponding to the content providing server according to a transceiver identifier in the mirror image message and a preset corresponding relationship between the transceiver identifier and the network identifier; generating a first blocking message containing the network identifier; and sending the first blocking message to the content providing server so that the content providing server breaks communication connection with the client after receiving the first blocking message, wherein the illegal message corresponds to illegal access operation triggered by the client by a user.
2. The system of claim 1, further comprising: a first data switching device and a communication network;
the blocking device is specifically configured to: and sending the first blocking message to the content providing server according to a first path, wherein the first blocking message sequentially passes through a blocking device, a communication network, a first data exchange device and the content providing server in the transmission process along the first path.
3. The system of claim 2, further comprising: a second data switching device and a gateway device;
the blocking device is further configured to generate a second blocking message according to a sending/receiving party identifier included in the mirror image message if the mirror image message is an illegal message, and send the second blocking message to the gateway device sequentially through the communication network and the second data exchange device;
the gateway device is configured to encapsulate the second blocking packet to obtain a third blocking packet, where the third blocking packet sends the blocking packet to the content providing server according to a second path, and the third blocking packet sequentially passes through the gateway device, the second data exchange device, the mirror image processing device, the communication network, the first data exchange device, and the content providing server in a transmission process along the second path.
4. The system of claim 3, wherein the gateway device is specifically configured to: determining a network identifier corresponding to the transmitting and receiving party identifier included in the second blocking message according to a preset corresponding relation between the locally stored transmitting and receiving party identifier and the network identifier; and packaging the second blocking message according to the network identifier to obtain the third blocking message.
5. The system according to claim 4, wherein the mirror processing device is configured to obtain a historical original communication packet and a historical encapsulated packet corresponding to the historical original communication packet within a preset time period; mirror image processing is carried out on the historical original communication message and the historical encapsulation message;
the blocking device is specifically configured to: receiving mirror image messages corresponding to the historical original communication messages and the historical encapsulation messages respectively, wherein the mirror image messages corresponding to the historical original communication messages comprise transceiver identifications, and the mirror image messages corresponding to the historical encapsulation messages comprise the transceiver identifications and network identifications;
establishing an incidence relation between a mirror image message corresponding to a historical original communication message and a mirror image message corresponding to a historical encapsulation message, wherein the mirror image messages have the same sender identification;
determining the preset corresponding relation between the transceiver identification and the network identification according to the incidence relation;
and determining the network identification corresponding to the content providing server according to the preset corresponding relation.
6. The system of claim 3, wherein the blocking device is further configured to: and determining whether the mirror image message is an illegal message or not according to at least one of a transceiver identifier and a URL link included in the mirror image message.
7. The system according to claim 6, wherein the sender identification specifically comprises a sender identification and a receiver identification;
the blocking device is specifically configured to:
if the sender identification and the receiver identification included in the mirror image message meet a preset connection forbidding relationship, determining that the mirror image message is an illegal message; alternatively, the first and second electrodes may be,
and if the URL link included in the mirror image message is a preset access prohibition link, determining that the mirror image message is an illegal message.
8. The system according to any one of claims 3 to 7, wherein if the mirror message is a legal message, the original communication message corresponding to the mirror message is sent to the content providing server along a third path, wherein the original communication message sequentially passes through a client, a communication network, a mirror processing device, a second data exchange device, a gateway device, a second data exchange device, a communication network, a first data exchange device, and a content providing server during transmission along the third path.
9. A method for blocking a communication connection, applied to a blocking device, includes:
receiving a mirror image message corresponding to an original communication message generated by a client;
if the mirror image message is an illegal message, determining a network identifier corresponding to the content providing server according to a transceiver identifier in the mirror image message and a preset corresponding relationship between the transceiver identifier and the network identifier; generating a first blocking message containing the network identifier, wherein the illegal message corresponds to an illegal access operation triggered by a user through the client;
and sending the first blocking message to a content providing server so that the content providing server disconnects the communication connection with the client after receiving the first blocking message.
10. The method of claim 9, wherein sending the blackout message to a content providing server comprises:
and sending the first blocking message to the content providing server according to a first path, wherein the first blocking message sequentially passes through a blocking device, a communication network, a first data exchange device and the content providing server in the transmission process along the first path.
11. The method of claim 10, further comprising:
if the mirror image message is an illegal message, generating a second blocking message according to a receiving and sending party identifier included in the mirror image message;
and sending the second blocking message to a gateway device, so that the gateway device packages the second blocking message to obtain a third blocking message, and the content providing server disconnects the communication connection with the client after receiving the third blocking message, wherein the third blocking message sends the blocking message to the content providing server according to a second path, and the third blocking message sequentially passes through the gateway device, a second data exchange device, a mirror image processing device, a communication network, a first data exchange device and the content providing server in the transmission process along the second path.
12. The method of claim 11, further comprising:
receiving mirror image messages corresponding to a historical original communication message and a historical encapsulation message respectively within a preset time period, wherein the mirror image message corresponding to the historical original communication message comprises a transceiver identifier, and the mirror image message corresponding to the historical encapsulation message comprises the transceiver identifier and a network identifier;
establishing an incidence relation between a mirror image message corresponding to a historical original communication message and a mirror image message corresponding to a historical encapsulation message, wherein the mirror image messages have the same sender identification;
determining the preset corresponding relation between the transceiver identification and the network identification according to the incidence relation;
the generating a first blocking message according to the network identifier includes:
determining a network identifier corresponding to the content providing server according to the preset corresponding relation;
and generating the first blocking message according to the network identification.
13. The method of claim 12, further comprising:
and determining whether the mirror image message is an illegal message or not according to at least one of a transceiver identifier and a URL link included in the mirror image message.
14. The method according to claim 13, wherein the sender identity specifically comprises a sender identity and a receiver identity;
determining whether the mirror image message is an illegal message according to at least one of a transceiver identifier and a URL link included in the mirror image message, including:
if the sender identification and the receiver identification included in the mirror image message meet a preset connection forbidding relationship, determining that the mirror image message is an illegal message; alternatively, the first and second electrodes may be,
and if the URL link included in the mirror image message is a preset access prohibition link, determining that the mirror image message is an illegal message.
15. A device for blocking a communication connection, comprising:
the receiving module is used for receiving a mirror image message corresponding to an original communication message generated by a client;
a first determining module, configured to determine, if the mirror image packet is an illegal packet, a network identifier corresponding to a content providing server according to a transceiver identifier in the mirror image packet and a preset correspondence between the transceiver identifier and the network identifier, where the illegal packet corresponds to an illegal access operation triggered by a user through the client;
a generating module, configured to generate a first blocking packet including the network identifier;
and the sending module is used for sending the first blocking message to a content providing server so that the content providing server disconnects the communication connection with the client after receiving the first blocking message.
16. An electronic device, comprising: a memory, a processor; wherein, the first and the second end of the pipe are connected with each other,
the memory is configured to store one or more computer instructions, wherein the one or more computer instructions, when executed by the processor, implement the method of blocking a communication connection according to any one of claims 9 to 14.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910074373.6A CN111490961B (en) | 2019-01-25 | 2019-01-25 | Communication connection blocking system, method, device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910074373.6A CN111490961B (en) | 2019-01-25 | 2019-01-25 | Communication connection blocking system, method, device and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111490961A CN111490961A (en) | 2020-08-04 |
| CN111490961B true CN111490961B (en) | 2022-06-21 |
Family
ID=71795764
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910074373.6A Active CN111490961B (en) | 2019-01-25 | 2019-01-25 | Communication connection blocking system, method, device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111490961B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112087459B (en) * | 2020-09-11 | 2023-02-21 | 杭州安恒信息技术股份有限公司 | Access request detection method, device, equipment and readable storage medium |
| CN113630779B (en) * | 2021-08-17 | 2023-06-02 | 中国联合网络通信集团有限公司 | Network connection management method and device and terminal |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1071256A1 (en) * | 1999-07-21 | 2001-01-24 | Motorola, Inc. | Method for providing seamless communication across bearers in a wireless communication system |
| CN104023036A (en) * | 2014-06-25 | 2014-09-03 | 北京蓝汛通信技术有限责任公司 | TCP (transmission control protocol) bypass blocking method and device |
| CN105357180A (en) * | 2015-09-30 | 2016-02-24 | 华为技术有限公司 | Network system, attack message intercepting method, attack message intercepting apparatus, and device |
| CN107645470A (en) * | 2016-07-20 | 2018-01-30 | 阿里巴巴集团控股有限公司 | A kind of method for blocking bypass by, device, system, electronic equipment |
-
2019
- 2019-01-25 CN CN201910074373.6A patent/CN111490961B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1071256A1 (en) * | 1999-07-21 | 2001-01-24 | Motorola, Inc. | Method for providing seamless communication across bearers in a wireless communication system |
| CN104023036A (en) * | 2014-06-25 | 2014-09-03 | 北京蓝汛通信技术有限责任公司 | TCP (transmission control protocol) bypass blocking method and device |
| CN105357180A (en) * | 2015-09-30 | 2016-02-24 | 华为技术有限公司 | Network system, attack message intercepting method, attack message intercepting apparatus, and device |
| CN107645470A (en) * | 2016-07-20 | 2018-01-30 | 阿里巴巴集团控股有限公司 | A kind of method for blocking bypass by, device, system, electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111490961A (en) | 2020-08-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112948153B (en) | Method and device for message cross-link transmission | |
| CN105379208B (en) | Multi-connection system and method for internet protocol | |
| US9294463B2 (en) | Apparatus, method and system for context-aware security control in cloud environment | |
| CN108512821B (en) | Data transmission method, device and system, network gate and transaction data storage method | |
| CN109347700B (en) | Test method, test device, electronic equipment and storage medium | |
| CN113141365B (en) | Distributed micro-service data transmission method, device, system and electronic equipment | |
| CN111490961B (en) | Communication connection blocking system, method, device and equipment | |
| CN114995214A (en) | Method, system, device, equipment and storage medium for remotely accessing application | |
| CN111211911A (en) | Collaborative signature method, device, equipment and system | |
| CN112700242A (en) | Method, device and medium for detecting sensitive information of block chain in advance | |
| CN113721893A (en) | Micro-service bus design method and device | |
| CN116055524A (en) | Interaction method, processor and device for Internet platform and Internet of things equipment | |
| US20220182417A1 (en) | Distributed network resource security access management system and user portal | |
| CN109639437B (en) | Monitoring method, device, equipment and medium based on trusted data source | |
| KR102442169B1 (en) | A method and apparatus for log verification between heterogeneous operators in edge cloud system | |
| CN113872933A (en) | Method, system, device, equipment and storage medium for hiding source station | |
| US20230254146A1 (en) | Cybersecurity guard for core network elements | |
| CN113098758A (en) | Enterprise message pushing security gateway system based on enterprise WeChat | |
| CN115296866B (en) | Access method and device for edge node | |
| US11973687B2 (en) | Multilayer decentralized server network | |
| US11368459B2 (en) | Providing isolated containers for user request processing | |
| CN112866265B (en) | CSRF attack protection method and device | |
| CN106912064B (en) | Network configuration detection and repair method and device for wireless network | |
| CN114553608A (en) | Method and device for accessing cloud platform | |
| US20230224337A1 (en) | Methods, System and Communication Devices Related to Lawful interception |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |