CN100417090C - Method and system for positioning DoS attack source - Google Patents
Method and system for positioning DoS attack source Download PDFInfo
- Publication number
- CN100417090C CN100417090C CNB2005101094007A CN200510109400A CN100417090C CN 100417090 C CN100417090 C CN 100417090C CN B2005101094007 A CNB2005101094007 A CN B2005101094007A CN 200510109400 A CN200510109400 A CN 200510109400A CN 100417090 C CN100417090 C CN 100417090C
- Authority
- CN
- China
- Prior art keywords
- optical fiber
- olt
- onu
- equipment
- branch road
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Optical Communication System (AREA)
- Small-Scale Networks (AREA)
Abstract
The present invention relates to a method and a system for positioning a rejection service attacking source in the field of network communication. Optical fibre condition monitoring modules are connected with ONU devices through branch optical fibres; the presence and the absence of light signals on the branch optical fibres of the devices are monitored in real time to judge devices with the light signals so as to automatically position the rejection service attacking source. The present invention realizes the accurate and quick position of the rejection service attacking source and makes a passive optical network automatically position fault ONU equipment or malicious ONU users under the condition of no need of manual intervention, so the efficiency is improved, and the maintenance cost is saved.
Description
Technical field
The present invention relates to network communications technology field, relate in particular to a kind of method and system of positioning DoS attack source.
Background technology
PON (EPON) is a kind of technology of being born in beginning of the nineties late 1980s, passing through nearly 20 years development, obtain operator gradually and the consistent of equipment vendor favored, especially in prefect dielectric network and ODN (Optical Distribution Network), has the characteristic that does not have source device owing to it, win the praise of operator now especially, be considered to the developing direction of broadband access technology.
Nonetheless, the passive tapping characteristic of EPON on ODN and network survivability that tree topology had many people's of but always being subjected to comprising equipment operator and equipment vendor query, especially adopting traditional power division to carry out the EPON of branch, DOS (denial of service) problem that burst TDMA (time division multiple access the is multiplexing) multiplex technique that is adopted brings makes them perplex especially.
As shown in Figure 1, the descending employing broadcast mode of EPON, the data that OLT (optical line terminal) sends to ONU (optical network unit) are broadcast to all ONU that is attached thereto by the power division mode of passive optical splitter, and ONU receives the data that belong to self according to the predefined address filtering of internal system; And up, then each passive optical splitter receives the upstream data from each ONU, and the principle that converges by passive light power carries out data to send OLT to after multiplexing.
For the data that guarantee each ONU of up direction can not clash, OLT equipment must be found range to each ONU, control the moment and the duration that each ONU occupies up optical channel according to the range finding result simultaneously, require each ONU must adopt burst mode to send upstream data simultaneously.Under normal circumstances, each ONU all takies data feedback channel transmission data according to the mandate of OLT, network signal conflict can not occur, but breaking down at ONU equipment does not respond the mandate of OLT and takies data feedback channel at random or forever, when perhaps malicious user arbitrarily takies data feedback channel, the EPON state that can paralyse, the DOS problem promptly occurs, at this moment, OLT needs recognition system to be absorbed in the DOS state.
At the problems referred to above, common passive optical network is provided with that an identification DOS error code characteristic value--certain threshold value, OLT monitors the error code situation of upstream data afterwards, and compares with described threshold value.When discovery was out-of-limit, OLT activated all ONU equipment, or in certain considerable time, forbids that all ONU take data feedback channel.At this moment, when the faulted ONU equipment of DOS or malicious user appear causing in system really, OLT still can receive upstream data, OLT informing network management system provides effective warning information in view of the above, there are faulted ONU equipment or malicious user in the system for prompting operator EPON, and caused the denial of service state to occur.
Though can recognition system there be the DOS state in such scheme, and provides warning information, because still there is following shortcoming in the sourceless characteristic of branch node:
1) can not locate faulted ONU equipment or the malicious user that causes the DOS problem, cause in time to carry out attended operation;
2) fault location ONU place branch road needs artificial investigation, and efficient is low, the cost height;
3) location malicious user, do not have possibility substantially because it is oversize manually to investigate the time, malicious user may temporarily be left away, or be revised as voluntarily legal;
4) the positioning problems process network is long break period, has a strong impact on network service quality.
Therefore, in EPON, how to locate the dos attack source fast and become problem demanding prompt solution.
Summary of the invention
In view of above-mentioned existing in prior technology problem, the object of the present invention is to provide a kind of method and system of positioning DoS attack source, monitor having or not of each equipment branch road optical signals over optical fibers by the optical fiber state monitoring module, judge the equipment that has light signal, realized locating accurately, fast the attack source of denial of service.
The objective of the invention is to be achieved through the following technical solutions:
A kind of passive optical network comprises optical line terminal OLT, optical network unit ONU, also comprises:
The optical fiber state monitoring module, link to each other with ONU by branch road optical fiber, the stateless that has that is used for each coupled ONU equipment branch road uplink optical fiber direction light signal of monitoring in real time, send OLT to, enter under the denial of service state confirmation state in system, OLT closes all ONU equipment data feedback channel access authorizations, and the stateless that has of the branch road uplink optical fiber direction light signal that monitors according to described optical fiber state monitoring module is determined the equipment of denial of service, final positioning DoS attack source.
Described optical fiber state monitoring module is connected with optical line terminal OLT by communication port.
A kind of method of positioning DoS attack source comprises:
A, determine that system enters denial of service and confirms state, optical line terminal OLT is closed all ONU equipment data feedback channel access authorizations, the optical fiber state monitoring module with on-line monitoring to the stateless that has of light signal of branch road uplink optical fiber direction send to OLT;
B, OLT have a stateless positioning DoS attack source according to the light signal of described branch road uplink optical fiber direction.
Also comprise before the described steps A:
A1, OLT monitoring of equipment surpass predefined threshold value to the system uplink error performance;
A2, OLT inquire about each ONU equipment uplink state by communication port to the optical fiber state monitoring module.
Described steps A specifically comprises:
The stateless that has of the light signal of each ONU equipment branch road optical fiber that the optical fiber state monitoring module will monitor by communication port sends to OLT equipment.
Described DoS attack source comprises: faulty equipment or malicious user.
As seen from the above technical solution provided by the invention, the present invention has realized locating accurately, fast the attack source of denial of service, makes EPON, under the condition that does not need manual intervention, automatic fault location ONU equipment or malice ONU user, thereby improved efficient, saved maintenance cost.
Description of drawings
Fig. 1 is a prior art EPON tree topology schematic diagram;
Fig. 2 is that system applies of the present invention is in the passive optical network schematic diagram;
Fig. 3 is the method for the invention flow chart;
There is faulted ONU equipment schematic diagram for system applies of the present invention in Fig. 4 in passive optical network;
There is malice ONU user schematic diagram for system applies of the present invention in Fig. 5 in passive optical network.
Embodiment
Core concept of the present invention provides a kind of method and system of positioning DoS attack source, monitor having or not of each equipment branch road optical signals over optical fibers in real time by the optical fiber state monitoring module, judge the equipment that has light signal, thereby the equipment that breaks down of location has solved artificial investigation fault length break period, inefficiency, problem that cost is high.
The invention provides a kind of system of positioning DoS attack source, this system comprises OLT, a plurality of ONU and optical fiber state monitoring module.Described light condition monitoring modular is undertaken alternately by communication port and OLT, link to each other with ONU by branch road optical fiber, be used for the state on each coupled ONU equipment branch road optical fiber of monitoring in real time, send OLT to, OLT judges the equipment light signal that has light signal by the stateless that has of branch road optical signals over optical fibers, determine the equipment that breaks down, reach the purpose of positioning DoS attack source.
Be that example is elaborated to this system and method for work with system applies of the present invention to passive optical network below, the optical fiber state monitoring module in this system is the DET module.
Described system architecture as shown in Figure 2, this passive optical network comprises an OLT equipment and 2 ONU equipment at least, as ONU0 among Fig. 2 and ONU1.Wherein OLT is connected by optical fiber FR with key light splitter SP; ONU0 is connected to from optical branching device SP_sub0 by branch road optical fiber FB0, is connected to key light splitter SP by branch road optical fiber FB0_sub0 more afterwards; ONU1 is connected to from optical branching device SP_sub1 by branch road optical fiber FB1, is connected to key light splitter SP by branch road optical fiber FB1_sub0 afterwards; Be connected to the DET module from optical branching device SP_sub0 by branch road optical fiber FB0_sub1; Then be connected to the DET module from optical branching device SP_sub1 by branch road optical fiber FB1_sub1.Whether the DET module has light signal by branch road optical fiber FB0_sub1 monitoring branch road optical fiber FB0 up direction; By branch road optical fiber FB1_sub1 monitoring branch road optical fiber FB1 up whether light signal is arranged, observation process does not need to be concerned about the particular content of up direction transmission.
Operation principle under this system's normal condition is: OLT is in TDM (time division multiplexing) mode, by by key light splitter SP with from optical branching device SP_sub0 and SP_sub1 and main fiber FR, branch road optical fiber (FB0, FB1, FB0_sub0, FB0_sub1, FB1_sub0, FB1_sub1) ODN of Zu Chenging, be broadcast to all ONU equipment (ONU0, ONU1), after ONU equipment was through range finding and registration, OLT controlled the up of ONU equipment, and ONU equipment is shared up link according to burst TDMA (time division multiple access) mode.At this moment, OLT can correctly receive the upstream data from ONU equipment, can carry out correct data interaction between ONU and the OLT.The DET module is then monitored the uplink state of ONU0 in real time by branch road optical fiber FB0_sub1; Monitor the uplink state of ONU1 in real time by branch road optical fiber FB1_sub1.
The present invention also provides a kind of method of positioning DoS attack source, and being applied to EPON with this method is example, and as shown in Figure 3, this method specifically comprises the steps:
Step 10: determine that system is in denial of service and confirms state;
Suppose to exist faulted ONU equipment or malice ONU user, as the ONU1 equipment among Fig. 4 or Fig. 5, and instruction does not respond this equipment to the OLT upload control, then arbitrarily take or forever take data feedback channel, the upstream data of ONU0 conflicts on main fiber FR with the upstream data of ONU1, causes OLT can't correctly receive the upstream data of ONU0.At this moment, the system uplink error performance that is monitored on the OLT equipment surpasses predefined threshold value, and system enters denial of service and confirms state;
Step 11:OLT closes the data feedback channel to all ONU equipment of system, with the DET module communication;
When system enters denial of service affirmation state, the OLT device shutdown is to the data feedback channel access authorization of all ONU equipment of system, then whether the monitoring data feedback channel exists light signal, and OLT inquires about a branch road uplink optical fiber state by communication port C and DET module communication.
Step 12:DET module is sent to OLT equipment with the uplink state of the branch road optical fiber that monitors;
The DET module is monitored the light signal of each equipment up direction in real time, after the query requests that receives above-mentioned OLT, with on-line monitoring to the uplink state of branch road optical fiber send to OLT equipment with system's predetermined data form by channel C; The uplink state information of described branch road optical fiber comprises having or not of light signal;
Step 13:OLT positioning DoS attack source;
OLT equipment is understood according to the data from the DET module that receive, and confirms still to exist the branch road optical fiber of light signal, thereby determines that the ONU equipment that links to each other with the branch road optical fiber that light signal is arranged is faulted ONU equipment, the attack source that denial of service is caused in final location.
In sum, the present invention monitors the state of each equipment branch road optical fiber in real time by introducing the DET module, realized locating accurately, fast the attack source of denial of service, be applied in the passive optical network, under the condition that does not need manual intervention, automatic fault location ONU equipment or malice ONU user, thereby improved efficient, saved maintenance cost.
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (6)
1. a passive optical network comprises optical line terminal OLT, optical network unit ONU, it is characterized in that, also comprises:
The optical fiber state monitoring module, link to each other with ONU by branch road optical fiber, the stateless that has that is used for each coupled ONU equipment branch road uplink optical fiber direction light signal of monitoring in real time, send OLT to, enter under the denial of service state confirmation state in system, OLT closes all ONU equipment data feedback channel access authorizations, and the stateless that has of the branch road uplink optical fiber direction light signal that monitors according to described optical fiber state monitoring module is determined the equipment of denial of service, final positioning DoS attack source.
2. a kind of passive optical network as claimed in claim 1 is characterized in that, described optical fiber state monitoring module is connected with optical line terminal OLT by communication port.
3. the method for a positioning DoS attack source is characterized in that, comprising:
A, determine that system enters denial of service and confirms state, optical line terminal OLT is closed all ONU equipment data feedback channel access authorizations, the optical fiber state monitoring module with on-line monitoring to the stateless that has of light signal of branch road uplink optical fiber direction send to OLT;
B, OLT have a stateless positioning DoS attack source according to the light signal of described branch road uplink optical fiber direction.
4. the method for a kind of positioning DoS attack source as claimed in claim 3 is characterized in that, also comprises before the described steps A:
A1, OLT monitoring of equipment surpass predefined threshold value to the system uplink error performance;
A2, OLT inquire about each ONU equipment uplink state by communication port to the optical fiber state monitoring module.
5. the method for a kind of positioning DoS attack source as claimed in claim 3 is characterized in that, described steps A specifically comprises:
The stateless that has of the light signal of each ONU equipment branch road optical fiber that the optical fiber state monitoring module will monitor by communication port sends to OLT equipment.
6. the method for a kind of positioning DoS attack source as claimed in claim 3 is characterized in that, described DoS attack source comprises: faulty equipment or malicious user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005101094007A CN100417090C (en) | 2005-10-19 | 2005-10-19 | Method and system for positioning DoS attack source |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005101094007A CN100417090C (en) | 2005-10-19 | 2005-10-19 | Method and system for positioning DoS attack source |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1866860A CN1866860A (en) | 2006-11-22 |
| CN100417090C true CN100417090C (en) | 2008-09-03 |
Family
ID=37425751
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005101094007A Expired - Fee Related CN100417090C (en) | 2005-10-19 | 2005-10-19 | Method and system for positioning DoS attack source |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100417090C (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4442635B2 (en) * | 2007-05-09 | 2010-03-31 | 株式会社日立製作所 | Failure notification method in PON system |
| CN101494497A (en) * | 2008-01-25 | 2009-07-29 | 华为技术有限公司 | Method, system and equipment for managing line |
| CN101360014B (en) * | 2008-09-22 | 2010-09-15 | 电子科技大学 | Method implementing network exception location by multi-point dislocation combined detection |
| CN101594557B (en) * | 2009-07-01 | 2012-04-25 | 北京邮电大学 | Method for positioning malicious user in passive optical network and optical line terminal |
| EP2330755A1 (en) * | 2009-12-07 | 2011-06-08 | Nokia Siemens Networks Oy | Method and device for data processing in an optical network |
| CN104811243B (en) * | 2014-01-26 | 2018-05-04 | 中兴通讯股份有限公司 | Long luminous detection method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2003333092A (en) * | 2002-05-14 | 2003-11-21 | Mitsubishi Electric Corp | Network system, method of tracing attack packet and method of preventing attack packet |
| US6775704B1 (en) * | 2000-12-28 | 2004-08-10 | Networks Associates Technology, Inc. | System and method for preventing a spoofed remote procedure call denial of service attack in a networked computing environment |
| CN1553624A (en) * | 2003-12-19 | 2004-12-08 | 上海交通大学 | Method based on active network returning technology against refuse service attack |
| CN1578231A (en) * | 2003-07-08 | 2005-02-09 | 国际商业机器公司 | Technique of detecting denial of service attacks |
-
2005
- 2005-10-19 CN CNB2005101094007A patent/CN100417090C/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6775704B1 (en) * | 2000-12-28 | 2004-08-10 | Networks Associates Technology, Inc. | System and method for preventing a spoofed remote procedure call denial of service attack in a networked computing environment |
| JP2003333092A (en) * | 2002-05-14 | 2003-11-21 | Mitsubishi Electric Corp | Network system, method of tracing attack packet and method of preventing attack packet |
| CN1578231A (en) * | 2003-07-08 | 2005-02-09 | 国际商业机器公司 | Technique of detecting denial of service attacks |
| CN1553624A (en) * | 2003-12-19 | 2004-12-08 | 上海交通大学 | Method based on active network returning technology against refuse service attack |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1866860A (en) | 2006-11-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6111486B2 (en) | Optical network unit detection method and apparatus, and passive optical network system | |
| JP5276935B2 (en) | Passive optical network system and fault identification method thereof | |
| CN100417090C (en) | Method and system for positioning DoS attack source | |
| JP5564393B2 (en) | Passive optical network system | |
| CN109450527B (en) | Fault determination method and device, computer equipment and storage medium | |
| US20150358076A1 (en) | Port-dualized optical line terminal and passive optical network system capable of measuring rssi of standby line in standby port, and method of determining stability of standby line using the same | |
| JP6321802B2 (en) | Method for identifying long-term emission failure ONUs in passive optical networks | |
| CN102045105A (en) | Fault active detection and isolation method and optical line unit | |
| KR101070278B1 (en) | Station terminal device, communication system, subscriber device management method, and recording medium recording program for station terminal device | |
| CN107666362B (en) | Power communication multi-service isolation access system and access method | |
| CN101478343B (en) | Method, apparatus and system for implementing integrated management relay apparatus | |
| CN1901419A (en) | EPON system for supporting bone fiber optic protection and bone fiber optic protecting method | |
| US7391972B2 (en) | Method and apparatus for maintaining behavior of a network terminal | |
| US20110243554A1 (en) | Passive optical network system | |
| CN101317349A (en) | Passive optical network maintenance method, optical network unit and optical line terminal | |
| CN111954101B (en) | Method and device for detecting repeated ALLOC ID in GPON system | |
| JP4961996B2 (en) | Communication management device monitoring system and method | |
| KR100765471B1 (en) | Optical line termination and optical network unit | |
| JP5434461B2 (en) | Fault ONU identification method and fault ONU identification apparatus | |
| CN102932054A (en) | Method and device for carrying out long light-emitting alarm diagnosis on ONUs (optical network units) on OLT (optical line terminal) side in EPON (Ethernet passive optical network) system | |
| JP4509398B2 (en) | Optical burst transmission / reception control system and method | |
| CN107196699B (en) | Method and system for diagnosing faults of multilayer hierarchical passive optical fiber network | |
| CN1294795A (en) | Method for establishing communication on standby link in optical transmission facilities | |
| CN102201860B (en) | Optical network unit abnormal luminescence failure isolation system and method | |
| CN100438434C (en) | Method for isolating rejection service source and its passive optical network system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20170922 Address after: 075000 Zhangjiakou City, Hebei Province town of Xinhua Street, Wanquan County kongjiazhuang Jardine Park District 5 Building 1 unit 102 room Patentee after: Dong Lihua Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Patentee before: Huawei Technologies Co., Ltd. |
|
| TR01 | Transfer of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20080903 Termination date: 20171019 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |