CN101051997A - P2P flow identifying control method based on network application - Google Patents
P2P flow identifying control method based on network application Download PDFInfo
- Publication number
- CN101051997A CN101051997A CNA2006101569778A CN200610156977A CN101051997A CN 101051997 A CN101051997 A CN 101051997A CN A2006101569778 A CNA2006101569778 A CN A2006101569778A CN 200610156977 A CN200610156977 A CN 200610156977A CN 101051997 A CN101051997 A CN 101051997A
- Authority
- CN
- China
- Prior art keywords
- user
- control method
- port
- tcp
- flow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The method comprises: adding gateway and ridge between user end and internet in order to make the data sent and received by user pass through said gateway and bridge; when detecting the numbers of sessions under TCP and UDP protocol, the gateway and bridge control and block the traffic connected with the destination ports above 1024.
Description
Technical field
The present invention relates to a kind of control method that software is used, the P2P flow identifying control method in particularly a kind of application Network Based.
Background technology
Along with the development and the application of the Internet and information technology, adopt distributed object location, shared mechanism based on the high speed unloading software of P2P, make the user realize between the network that resource directly tells sharedly, bring great convenience to the user.But just because of above-mentioned mechanism, brought well-knownly influence the network normal communication, divulge a secret, negative effect such as transmitted virus.So adopted a large amount of technological means to control, block the flow of P2P.
Traditional P2P flow rate testing methods is to discern by the data content feature that identification P2P connects, as: on September 29 2005 applying date, open day is on March 22nd, 2006, and application number is 200510096095.2, and publication number is the patent application of CN1750538A.Also disclosed the P2P flow rate testing methods that the data content feature that adopts identification P2P to connect is discerned, but along with the update of P2P software, the feature of its data content is also ever-changing, the feature database renewal speed lags far behind the update speed of P2P software.More and more in addition P2P softwares adopt encryption technology, also cause the feature detection poor operability.
Summary of the invention
Main purpose of the present invention provides a kind of method that adopts behavior to detect identification control P2P flow.With overcome prior art network broadband resource illegally occupied and become divulge a secret, the problem of the pipeline of transmitted virus channel.
To achieve these goals, the invention provides a kind of method that adopts behavior to detect identification control P2P flow, adopt following operating procedure:
1, between terminal use and the Internet, adds gateway, bridge equipment, the user is sent and accept internet data through this equipment.
2, when the data of user capture the Internet are passed through gateway or bridge equipment, described Equipment Inspection active user's TCP, the session number of udp protocol.
3, when target port be that the session number of TCP, UDP more than 1024 or TCP and udp protocol surpasses some threshold values.Think that then this user is using P2P software, and be that flow control or blocking-up action are carried out in connection more than 1024 its target port.
The further technical scheme of the present invention be that described session number detection threshold is set up on their own by the user.
In addition, the user can be provided with not detected eliminating port list, and being in the port of getting rid of in the port list will can not be blocked or hinder control.
Negative effects such as the present invention not only can solve well-knownly influences the network normal communication, divulge a secret, transmitted virus improve network operation speed, and make efficiently simple to P2P flow identification control in network application, have more operability.
Below in conjunction with accompanying drawing most preferred embodiment is elaborated.
Description of drawings
Fig. 1 is a principle assumption diagram of the present invention.
Fig. 2 is a control operation method most preferred embodiment flow chart of the present invention.
Embodiment
With reference to Fig. 1, user 1 is by gateway, bridge 2 access internet.
With reference to Fig. 2, the user asks access internet 1, whether detect is target port greater than 1024 TCP/UDP data 2, if, then add up session number 3, wherein the statistics of TCP session number and differentiation are standard with the target port of Transmission Control Protocol greater than 1024, and the statistics of UDP session number and the target port of distinguishing with udp protocol are standard greater than 1024, if testing result is for denying the data 6 of then letting pass.The session number detection threshold is set up on their own by the user.
After statistics session number 3, judge target port greater than 1024 linking number whether greater than threshold values 4, if then block or current limliting 5; If not, these data 6 of then letting pass finish above-mentioned all implementations then.
When the session number detection threshold was set up on their own by the user, the user can be provided with the not detected port list of sending, and being in the port of getting rid of in the port list will can not be blocked or hinder control.
Certainly, the invention is not restricted to the foregoing description, utilize the identification control method of above-mentioned processing P2P flow all to belong to scope of the present invention.
Claims (3)
1, the P2P flow identifying control method in a kind of application Network Based is characterized in that: adopt following operating procedure:
(1), between terminal use and the Internet, add gateway, bridge equipment, the user sent and accept internet data through this equipment;
(2), when the data of user capture the Internet during, the session number of described Equipment Inspection active user's TCP/UDP agreement through gateway or bridge equipment;
(3), when target port is that the session number of TCP, UDP more than 1024 or TCP and udp protocol surpasses some threshold values, think that then this user is using P2P software, and be that flow control is carried out in connection 1024 or more or blocking-up is moved its target port.
2, the P2P flow identifying control method in the application Network Based as claimed in claim 1, it is characterized in that: described session number detection threshold is set up on their own by the user.
3, the P2P flow identifying control method in the application Network Based as claimed in claim 1 or 2 is characterized in that: not detected eliminating port list can be set, and being in the port of getting rid of in the port list will can not be blocked or hinder control.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA2006101569778A CN101051997A (en) | 2006-11-20 | 2006-11-20 | P2P flow identifying control method based on network application |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA2006101569778A CN101051997A (en) | 2006-11-20 | 2006-11-20 | P2P flow identifying control method based on network application |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101051997A true CN101051997A (en) | 2007-10-10 |
Family
ID=38783196
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNA2006101569778A Pending CN101051997A (en) | 2006-11-20 | 2006-11-20 | P2P flow identifying control method based on network application |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101051997A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009092331A1 (en) * | 2008-01-23 | 2009-07-30 | The Chinese University Of Hong Kong | Systems and processes of identifying p2p applications based on behavioral signatures |
CN102025640A (en) * | 2010-12-24 | 2011-04-20 | 北京星网锐捷网络技术有限公司 | Flow control method, device and network device |
CN102333012A (en) * | 2011-10-17 | 2012-01-25 | 苏州迈科网络安全技术股份有限公司 | Method and device for detecting peer-to-peer (P2P) flow |
CN101383829B (en) * | 2008-10-17 | 2012-09-26 | 杭州华三通信技术有限公司 | Stream recognition method and bandwidth management device |
CN103312562A (en) * | 2013-06-08 | 2013-09-18 | 北京天融信科技有限公司 | Method and device for P2P (peer-to-peer) flow inspection |
CN103457803A (en) * | 2013-09-10 | 2013-12-18 | 杭州华三通信技术有限公司 | Device and method for recognizing P2P flow |
CN103544010A (en) * | 2013-10-17 | 2014-01-29 | 常熟市华安电子工程有限公司 | P2P (peer to peer) downloading software |
CN108848004A (en) * | 2018-08-03 | 2018-11-20 | 深圳市网心科技有限公司 | A kind of P2P flow rate testing methods, system and equipment and storage medium |
CN109889547A (en) * | 2019-03-29 | 2019-06-14 | 新华三信息安全技术有限公司 | A kind of detection method and device of abnormal network equipment |
-
2006
- 2006-11-20 CN CNA2006101569778A patent/CN101051997A/en active Pending
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101911614B (en) * | 2008-01-23 | 2012-12-12 | 香港中文大学 | Systems and processes of identifying p2p applications based on behavioral signatures |
WO2009092331A1 (en) * | 2008-01-23 | 2009-07-30 | The Chinese University Of Hong Kong | Systems and processes of identifying p2p applications based on behavioral signatures |
CN101383829B (en) * | 2008-10-17 | 2012-09-26 | 杭州华三通信技术有限公司 | Stream recognition method and bandwidth management device |
CN102025640A (en) * | 2010-12-24 | 2011-04-20 | 北京星网锐捷网络技术有限公司 | Flow control method, device and network device |
CN102333012B (en) * | 2011-10-17 | 2014-06-04 | 苏州迈科网络安全技术股份有限公司 | Method and device for detecting peer-to-peer (P2P) flow |
CN102333012A (en) * | 2011-10-17 | 2012-01-25 | 苏州迈科网络安全技术股份有限公司 | Method and device for detecting peer-to-peer (P2P) flow |
CN103312562B (en) * | 2013-06-08 | 2016-05-11 | 北京天融信科技股份有限公司 | A kind of method and device that detects P2P flow |
CN103312562A (en) * | 2013-06-08 | 2013-09-18 | 北京天融信科技有限公司 | Method and device for P2P (peer-to-peer) flow inspection |
CN103457803A (en) * | 2013-09-10 | 2013-12-18 | 杭州华三通信技术有限公司 | Device and method for recognizing P2P flow |
CN103457803B (en) * | 2013-09-10 | 2017-02-08 | 杭州华三通信技术有限公司 | Device and method for recognizing P2P flow |
CN103544010A (en) * | 2013-10-17 | 2014-01-29 | 常熟市华安电子工程有限公司 | P2P (peer to peer) downloading software |
CN108848004A (en) * | 2018-08-03 | 2018-11-20 | 深圳市网心科技有限公司 | A kind of P2P flow rate testing methods, system and equipment and storage medium |
CN109889547A (en) * | 2019-03-29 | 2019-06-14 | 新华三信息安全技术有限公司 | A kind of detection method and device of abnormal network equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101051997A (en) | P2P flow identifying control method based on network application | |
KR101095447B1 (en) | Apparatus and method for preventing distributed denial of service attack | |
KR100960152B1 (en) | Method for permitting and blocking use of internet by detecting plural terminals on network | |
WO2010031288A1 (en) | Botnet inspection method and system | |
CN103067218B (en) | A kind of express network packet content analytical equipment | |
CN109587156A (en) | Abnormal network access connection identification and blocking-up method, system, medium and equipment | |
CN105577669B (en) | A kind of method and device of the false source attack of identification | |
CN101621428A (en) | Botnet detection method, botnet detection system and related equipment | |
CN100493065C (en) | Method for using immediate information software by data detection network address switching equipment | |
CN112615854B (en) | Terminal access control method, device, access server and storage medium | |
CN112422567B (en) | Network intrusion detection method oriented to large flow | |
KR20060030821A (en) | Apparatus and method for intrusion detection in network | |
KR101528928B1 (en) | Apparatus and method for managing network traffic based on flow and session | |
Kugisaki et al. | Bot detection based on traffic analysis | |
KR20070079781A (en) | Intrusion prevention system using extract of http request information and method url cutoff using the same | |
CN101741686B (en) | Method applied to traffic identification and control of P2P network based on mathematical modeling technology | |
WO2011012004A1 (en) | Method and system for realizing network flow cleaning | |
CN102647404A (en) | Flow converging method and device for resisting flood attack | |
CN105656872A (en) | Attacker tracking method and system based on backbone network | |
KR20120101839A (en) | System for network inspection and providing method thereof | |
Zhang et al. | Accurate online traffic classification with multi-phases identification methodology | |
KR20130009130A (en) | Apparatus and method for dealing with zombie pc and ddos | |
KR101033510B1 (en) | Method for preventing leakage of internal information using messenger and network contents security system thereof | |
CN101854295B (en) | Method, device and equipment for controlling flow | |
CN114401103A (en) | SMB remote transmission file detection method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Open date: 20071010 |