CN101052046A - Anti-virus method and device for fire-proof wall - Google Patents
Anti-virus method and device for fire-proof wall Download PDFInfo
- Publication number
- CN101052046A CN101052046A CNA2007101031596A CN200710103159A CN101052046A CN 101052046 A CN101052046 A CN 101052046A CN A2007101031596 A CNA2007101031596 A CN A2007101031596A CN 200710103159 A CN200710103159 A CN 200710103159A CN 101052046 A CN101052046 A CN 101052046A
- Authority
- CN
- China
- Prior art keywords
- message
- virus
- module
- fire compartment
- compartment wall
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention adds the anti-virus function into the firewall using a security policy of the firewall so as to make the binding between the anti-virus function and the other functions of the firewall such that the firewall and anti-virus functions can be executed simultaneously, and the system resources can be greatly reduced.
Description
Technical field
The present invention is a kind of anti-virus method and device that is used for fire compartment wall, belongs to the safe practice field of network firewall.Relate to safety regulation and anti-virus mechanism.
Background technology
Anti-virus has important status in security fields, it focuses on finding virus timely and accurately and making mutually deserved processing, the anti-virus functionality of network security product mainly is at SMTP at present, POP3, FTP, messages such as HTTP carry out virus scan, the condition code of storing in content in the documents and the virus base, and to contain virus file carry out relevant treatment, if the file of transmission is the file of certain compressed format, then virus scan module need be with the compressed file decompress(ion), scanning All Files wherein.Therefore the event data stream amount is bigger, and anti-virus module then can take more processor time and internal memory, and inevitable other function to whole system is produced certain influence.The effective utilization of reduction system.Therefore present most of anti-virus products all are independently systems, have independently hardware or software equipment, and such defective is the cost that has increased considerably the user.Be unfavorable for administering and maintaining.Yet for network security products such as fire compartment walls, data traffic is probably considerably beyond the data traffic of the network interface of common PC, carry the transfer of data of one or several local area network (LAN)s simultaneously, wherein may comprise numerous personnel's mail transmission or World Wide Web (WWW) transmission of Information.
The major function of fire compartment wall is that the data message on the network is carried out the part restriction, only allows user-defined message to pass through.Do not possess the killing ability of virus, PAA then provides the function of anti-virus, but does not have the separating capacity of message, if the user needs this two functions simultaneously, must buy two complete equipments, and is with high costs.
If anti-virus functionality is integrated on the fire compartment wall, use other function of fire compartment wall simultaneously again, the performance burden of increase networking products that will be bigger influences the use of other function.
Summary of the invention
The present invention designs at the problem of depositing in the above-mentioned prior art just a kind of anti-virus method and device that is used for fire compartment wall is provided, its thinking is to utilize the security strategy of fire compartment wall self, anti-virus functionality is added on it, its objective is provides a kind of anti-virus method that is used for fire compartment wall, this method can be utilized the characteristics of fire compartment wall itself, other function setting on anti-virus functionality and the fire compartment wall is bound, the work of fire compartment wall and the work of anti-virus are carried out simultaneously, saved the resource of system significantly, reduced system simultaneously and purchased the cost of building and moving.Another object of the present invention has just provided a kind of device that is applicable to the anti-virus method of above-mentioned fire compartment wall, and when this device used the function of fire compartment wall and anti-virus functionality at the same time, system got the requirement that performance still can reach the user.
The objective of the invention is to realize by following measure:
This kind is used for the anti-virus method of fire compartment wall, it is characterized in that: steps of the method are:
(1) on fire compartment wall, sets up the user-defined safety regulation that packet is checked, comprise requirement in the safety regulation to the five-tuple attribute in the IP message that meets ICP/IP protocol in the packet, the kind that also comprises the application layer protocol type that to carry out the anti-virus processing, and the requirement of the anti-virus processing of these protocol type kind needs;
(2) check the IP message that meets ICP/IP protocol in the packet that enters fire compartment wall, read wherein five-tuple-source address, far distance port, destination address, destination interface, protocol type-attribute, and itself and user-defined safety regulation compared, if meet user-defined safety regulation, then allow this message by this inspection, otherwise, abandon this message;
(3) for the message that passes through, check the data of message inside once more, determine the protocol type of application layer, this moment, processing mode also was divided into following two kinds:
[3-1] if when protocol type is four kinds of FTP, HTTP, POP, SMTP, then message is sent to anti-virus module and carries out anti-virus and handle; If anti-virus module thinks that this message is safe, then sends fire compartment wall with message.Here be meant by network and send to the destination address that the message that writes down in the information of message need arrive.Otherwise, then message is handled according to user's being provided with of anti-virus functionality.
[3-2] sends fire compartment wall if protocol type is not one of above-mentioned four kinds or disappearance with message.
Be applicable to the above-mentioned device that is used for the anti-virus method of fire compartment wall, it is characterized in that; This device comprises:
Protocol stack module: all that flow into fire compartment wall meet the IP message of ICP/IP protocol all will be through this module, the data here refer to the IP message, read 5 tuple information in the IP message that enters fire compartment wall, and itself and user-defined safety regulation are compared;
Data channel module: after protocol stack module allows the IP message to pass through, the IP message will arrive the data channel module, when the IP message need carry out the anti-virus processing, this module can continue to check previously described five-tuple information, and source address is met the message that the user is provided with send to anti-virus module, when if the user does not specify this message to need virus checking, module can send to message other module, perhaps directly sends to the user;
Anti-virus module: this module is carried out virus checking and processing to the IP message that sends over;
Above-mentioned three modules connect successively.
In above-mentioned 3 modules, the performance cost maximum be exactly anti-virus module, generally, anti-virus module will scan all data that enter system, therefore no matter data safety whether, and system all will check one time, caused the wasting of resources, and when in conjunction with the security strategy of fire compartment wall, protocol stack only thinks that with the user unsafe data send to anti-virus module, makes other can guarantee that safe data walk around virus checking.So reduced the amount of information that anti-virus module need be handled to a great extent, promptly guaranteed the safety of data, the problem that has solved stable performance and effectively utilized is arranged.
This kind that technology of the present invention provided is in conjunction with the anti-virus scheme of security strategy, can on the basis of sacrificing security not, save system resource significantly, when accomplishing to use simultaneously the function of fire compartment wall and anti-virus functionality, system gets the requirement that performance still can reach the user.
Description of drawings
Fig. 1 is that the data of the environment for use of technical solution of the present invention constitute schematic diagram
Fig. 2 is a software flow pattern in the technical solution of the present invention
Fig. 3 is the structured flowchart of the device of technical solution of the present invention
Embodiment
In the network environment of reality, unsafe Data Source can be thought the data from internet, and perhaps certain can determine to contain the server of unsafe factor,
Network security product for a company or department, data flow may be from a lot of networks, comprise internet, other department of same company, the VPN network of other places branch company, wherein the data of some network are not need anti-virus scan, for example from the data of other department or from data in server, these network messages of correct differentiation, only scanning needs to take precautions against and vigilant data.
Shown in accompanying drawing 1, a department has a fire compartment wall 4, and several work station 5, one station servers 6 are arranged in the department, a network interface 41 of fire compartment wall 4 connects Internet, interface 42 connects all the other departments of same company, and interface 43 connects the VPN network of distal portion company, and interface 44 connects local work station 5, local work station 5 can pass through VPN access to netwoks remote equipment, visit Internet and other department's swap data also can be visited local server.
According to above-mentioned principle, the present invention can only scan at the data from some particular ip address, and the individual event scanning of data flow also can be provided, and will save very big performance cost, accelerates the time of data by secure network products such as fire compartment walls.
Said system adopts the described anti-virus method that is used for fire compartment wall of technical solution of the present invention at work, and its step is as follows:
(1) many safety regulations of definition on fire compartment wall, comprise requirement in the safety regulation to the five-tuple attribute in the IP message that meets ICP/IP protocol in the packet, the kind that also comprises the application layer protocol type that to carry out the anti-virus processing, and the requirement of the anti-virus processing of these protocol type kind needs;
Three safety regulations wherein are as follows:
[1-1] is provided with and allows source address is 202.108.33.32, and protocol type is that the IP message of SMTP can pass through fire compartment wall, and requires fire compartment wall that message is carried out the anti-virus processing.Be set at dropping packets when anti-virus module finds that message contains virus." 202.108.33.32 " wherein is the IP address of the server of the last website of Internet.The effect of this safety regulation is that to allow the address be that the server of 202.108.33.32 sends mail to in-company user.But need carry out anti-virus handles.
[1-2] is provided with and allows destination address is 192.168.10.100, and protocol type is that the IP message of FTP can pass through fire compartment wall, and requires fire compartment wall that message is carried out the anti-virus processing.Be set at dropping packets when anti-virus module finds that message contains virus.192.168.10.100 wherein is the address of server 6.The effect of this safety regulation is to allow the user to download or upload file from server, handles but need carry out anti-virus.
[1-3] is provided with and allows source address is 192.168.20.0, and protocol type is that the IP message of SMTP can pass through fire compartment wall, does not require that fire compartment wall carries out anti-virus to message and handles.The address of " 192.168.20.0 " long-range VPN network wherein.The effect of this safety regulation is that the main frame of long-range VPN network internal can not carry out virus checking to the inner mail that sends of department.
(2) fire compartment wall will begin to check that all enter the IP message of fire compartment wall this moment, read wherein five-tuple-source address, far distance port, destination address, destination interface, protocol type-attribute, and itself and user-defined safety regulation compared, if meet user-defined safety regulation, then allow this message to pass through, otherwise, abandon this message;
The concrete operations that can occur are as follows:
[2-1] then sends to anti-virus module with message if the source address of message is 202.108.33.32.
[2-2] then sends to anti-virus module with message if the destination address of message is 192.168.10.100.
[2-3] then sends the direct slave firewall of message if the source address of message belongs to the 192.168.20.0 network segment.
[2-4] message does not meet above-mentioned any one condition, then abandons.
(3) for the message that passes through, check the data of message inside, determine whether application layer protocol is SMTP or FTP, the processing mode of this moment also is divided into following two kinds:
[3-1] then sends to message anti-virus module and carries out the anti-virus processing if find that protocol type is SMTP or File Transfer Protocol;
[3-2] then sends fire compartment wall with this message if protocol type is not SMTP and FTP or disappearance.
Can see like this, safe because the message on the Internet is not thought, handle so will carry out anti-virus; All to carry out the anti-virus processing so send to the mail of internal network by 202.108.33.32.Equally, in order to protect the safety of server 6, the file that then is sent to server 6 needs anti-virus to handle equally.And that the information of far-end VPN network can be thought is safe, therefore it is not carried out anti-virus and handles, and handles so the mail that all main frames from the VPN network send to department's internal network does not carry out anti-virus.So reached the purpose of only handling non-safety information, saved performance cost.
Below check the setting about anti-virus functionality scope of application attribute of inquiring user, determine whether the user specifies this protocol type need carry out anti-virus and handle, if desired, then anti-virus module writes a temporary file with this message content, continue to accept to belong to it the message that same TCP connects, repeat this step, after all messages that belong to this TCP connection arrive, finish the action of writing of temporary file.Anti-virus module reads the virus signature of virus base and the content of the temporary file that write just now compares, and has occurred some virus signatures in the temporary file, thinks that then there is virus in this temporary file, the deletion temporary file.Otherwise, temporary file is reverted to IP message when entering fire compartment wall, send fire compartment wall.
Be applicable to the above-mentioned device that is used for the anti-virus method of fire compartment wall, it is characterized in that; This device comprises:
Protocol stack module 1: all that flow into fire compartment wall meet the IP message of ICP/IP protocol all will be through this module, the data here refer to the IP message, read 5 tuple information in the IP message that enters fire compartment wall, and itself and user-defined safety regulation compared, and decision being set whether abandoning this message according to the user.
Data channel module 2: after protocol stack module 1 allows the IP message to pass through, the IP message will arrive data channel module 2, when the IP message need carry out the anti-virus processing, this module can continue to check previously described five-tuple information, and source address is met the message that the user is provided with send to anti-virus module, when if the user does not specify this message to need virus checking, module can send to message other module, perhaps directly send to the user, so just accomplish only to send the user and thought the message that need carry out virus checking, thereby saved the unnecessary performance expense greatly.
Anti-virus module 3: this module is carried out virus checking and processing to the IP message that sends over, after message is sent to anti-virus module, module can be carried out virus checking to the data file in the message, because the data that message comprises are limited, so a complete data file needs a lot of messages to transmit usually, module at first will be reassembled into the information in these messages original data file, then virus signature in the database of virus information and data file are compared, if in message, found known virus signature, think that then there is virus in this data file, and with associated packet loss, like this, contain viral data and just can not arrive the user there.
Shown in accompanying drawing 3, above-mentioned three modules connect successively.
At first, all data messages that enter fire compartment wall enter protocol stack module 1, the undefined message of user can not pass through, and in the message that allows to pass through, still can not think it all is safe, for example from internal server and data internal network, or from the data of far-end VPN passage, can think safe, data from Internet are then not all right, this part data will mail to anti-virus module 3 through data channel module 2 and check so, send to internal network afterwards.
Technical solution of the present invention advantage compared with prior art is to determine according to the five-tuple of data message Decide whether carry out virus scan, rather than only for certain agreement data are carried out virus scan, this Sample can reduce the data volume of scanning, and the quickening system gets the reaction time, reduces accounting for of system resource With, can not reduce the security of product simultaneously. Make the safety product unlatching anti-virus functionality such as fire wall After performance reduction amount reduce to minimum.
Claims (2)
1. anti-virus method that is used for fire compartment wall is characterized in that: steps of the method are:
(1) on fire compartment wall, sets up the user-defined safety regulation that packet is checked, comprise requirement in the safety regulation to the five-tuple attribute in the IP message that meets ICP/IP protocol in the packet, the kind that also comprises the application layer protocol type that to carry out the anti-virus processing, and the requirement of the anti-virus processing of these protocol type kind needs;
(2) check the IP message that meets ICP/IP protocol in the packet that enters fire compartment wall, read wherein five-tuple-source address, far distance port, destination address, destination interface, protocol type-attribute, and itself and user-defined safety regulation compared, if meet user-defined safety regulation, then allow this message to pass through, otherwise, abandon this message;
(3) for the message that passes through, check the data of message inside once more, determine the protocol type of application layer, this moment, processing mode also was divided into following two kinds:
[3-1] if when protocol type is four kinds of FTP, HTTP, POP, SMTP, then message is sent to anti-virus module and carries out anti-virus and handle;
[3-2] sends fire compartment wall if protocol type is not one of above-mentioned four kinds or disappearance with message.
2. one kind is applicable to the above-mentioned device that is used for the anti-virus method of fire compartment wall, it is characterized in that; This device comprises:
Protocol stack module (1): all that flow into fire compartment wall meet the IP message of ICP/IP protocol all will be through this module, the data here refer to the IP message, read 5 tuple information in the IP message that enters fire compartment wall, and itself and user-defined safety regulation are compared;
Data channel module (2): after protocol stack module (1) allows the IP message to pass through, the IP message will arrive data channel module (2), when the IP message need carry out the anti-virus processing, this module can continue to check previously described five-tuple information, and source address is met the message that the user is provided with send to anti-virus module, when if the user does not specify this message to need virus checking, module can send to message other module, perhaps directly sends to the user;
Anti-virus module (3): this module is carried out virus checking and processing to the IP message that sends over;
Above-mentioned three modules connect successively.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007101031596A CN101052046A (en) | 2007-05-22 | 2007-05-22 | Anti-virus method and device for fire-proof wall |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007101031596A CN101052046A (en) | 2007-05-22 | 2007-05-22 | Anti-virus method and device for fire-proof wall |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101052046A true CN101052046A (en) | 2007-10-10 |
Family
ID=38783235
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2007101031596A Pending CN101052046A (en) | 2007-05-22 | 2007-05-22 | Anti-virus method and device for fire-proof wall |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101052046A (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101714958B (en) * | 2009-10-31 | 2011-11-30 | 福建伊时代信息科技股份有限公司 | Multifunctional comprehensive security gateway system |
| CN102289614A (en) * | 2010-06-18 | 2011-12-21 | 三星Sds株式会社 | Anti-malware system and operating method thereof |
| CN102497371A (en) * | 2011-12-13 | 2012-06-13 | 曙光信息产业(北京)有限公司 | Sampling equipment based on quintuple and load contents |
| CN102594623A (en) * | 2011-12-31 | 2012-07-18 | 成都市华为赛门铁克科技有限公司 | Data detection method and device for firewalls |
| CN101795267B (en) * | 2009-12-30 | 2012-12-19 | 成都市华为赛门铁克科技有限公司 | Method and device for detecting viruses and gateway equipment |
| CN102891855A (en) * | 2012-10-16 | 2013-01-23 | 北京神州绿盟信息安全科技股份有限公司 | Method and device for securely processing network data streams |
| CN103746996A (en) * | 2014-01-03 | 2014-04-23 | 汉柏科技有限公司 | Packet filtering method for firewall |
| CN104022998A (en) * | 2013-03-01 | 2014-09-03 | 北京瑞星信息技术有限公司 | Network transmission data virus detection processing method |
| CN104519065A (en) * | 2014-12-22 | 2015-04-15 | 北京卓越信通电子股份有限公司 | Implementation method of industrial control firewall supporting Modbus TCP protocol filtering |
| CN104539600A (en) * | 2014-12-22 | 2015-04-22 | 北京卓越信通电子股份有限公司 | Industrial control firewall implementing method for supporting filtering IEC 104 protocol |
| CN104702584A (en) * | 2013-12-10 | 2015-06-10 | 中国科学院沈阳自动化研究所 | Modbus communication access control method based on rule self-learning |
| CN105099821A (en) * | 2015-07-30 | 2015-11-25 | 北京奇虎科技有限公司 | Flow monitoring method and apparatus based on cloud virtual environment |
| CN105117647A (en) * | 2015-08-18 | 2015-12-02 | 国家计算机网络与信息安全管理中心广东分中心 | Trojan behavior recovery method |
| CN105407106A (en) * | 2015-12-23 | 2016-03-16 | 北京奇虎科技有限公司 | Access control method and device |
| CN107342969A (en) * | 2016-05-03 | 2017-11-10 | 阿里巴巴集团控股有限公司 | System, the method and apparatus of message identification |
| CN107786500A (en) * | 2016-08-25 | 2018-03-09 | 北京计算机技术及应用研究所 | Terminal security module centralized management system |
| CN112351014A (en) * | 2020-10-28 | 2021-02-09 | 武汉思普崚技术有限公司 | Firewall security policy compliance baseline management method and device between security domains |
| CN112751839A (en) * | 2020-12-25 | 2021-05-04 | 江苏省未来网络创新研究院 | Anti-virus gateway processing acceleration strategy based on user traffic characteristics |
-
2007
- 2007-05-22 CN CNA2007101031596A patent/CN101052046A/en active Pending
Cited By (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101714958B (en) * | 2009-10-31 | 2011-11-30 | 福建伊时代信息科技股份有限公司 | Multifunctional comprehensive security gateway system |
| CN101795267B (en) * | 2009-12-30 | 2012-12-19 | 成都市华为赛门铁克科技有限公司 | Method and device for detecting viruses and gateway equipment |
| CN102289614B (en) * | 2010-06-18 | 2015-07-29 | 三星Sds株式会社 | Anti-malware system and method for operating thereof |
| CN102289614A (en) * | 2010-06-18 | 2011-12-21 | 三星Sds株式会社 | Anti-malware system and operating method thereof |
| CN102497371A (en) * | 2011-12-13 | 2012-06-13 | 曙光信息产业(北京)有限公司 | Sampling equipment based on quintuple and load contents |
| WO2013097475A1 (en) * | 2011-12-31 | 2013-07-04 | 华为技术有限公司 | Data detecting method and device for firewall |
| CN102594623A (en) * | 2011-12-31 | 2012-07-18 | 成都市华为赛门铁克科技有限公司 | Data detection method and device for firewalls |
| US9398027B2 (en) | 2011-12-31 | 2016-07-19 | Huawei Technologies Co., Ltd. | Data detecting method and apparatus for firewall |
| CN102594623B (en) * | 2011-12-31 | 2015-07-29 | 华为数字技术(成都)有限公司 | The data detection method of fire compartment wall and device |
| CN102891855A (en) * | 2012-10-16 | 2013-01-23 | 北京神州绿盟信息安全科技股份有限公司 | Method and device for securely processing network data streams |
| CN102891855B (en) * | 2012-10-16 | 2015-06-03 | 北京神州绿盟信息安全科技股份有限公司 | Method and device for securely processing network data streams |
| CN104022998A (en) * | 2013-03-01 | 2014-09-03 | 北京瑞星信息技术有限公司 | Network transmission data virus detection processing method |
| CN104022998B (en) * | 2013-03-01 | 2016-12-28 | 北京瑞星信息技术股份有限公司 | Transmitted data on network Viral diagnosis processing method |
| CN104702584B (en) * | 2013-12-10 | 2017-11-28 | 中国科学院沈阳自动化研究所 | A kind of Modbus communications access control methods based on self-learning-ruler |
| CN104702584A (en) * | 2013-12-10 | 2015-06-10 | 中国科学院沈阳自动化研究所 | Modbus communication access control method based on rule self-learning |
| CN103746996A (en) * | 2014-01-03 | 2014-04-23 | 汉柏科技有限公司 | Packet filtering method for firewall |
| CN104519065B (en) * | 2014-12-22 | 2018-05-01 | 北京卓越信通电子股份有限公司 | A kind of industry control method of realizing fireproof wall for supporting filtering Modbus Transmission Control Protocol |
| CN104539600A (en) * | 2014-12-22 | 2015-04-22 | 北京卓越信通电子股份有限公司 | Industrial control firewall implementing method for supporting filtering IEC 104 protocol |
| CN104519065A (en) * | 2014-12-22 | 2015-04-15 | 北京卓越信通电子股份有限公司 | Implementation method of industrial control firewall supporting Modbus TCP protocol filtering |
| CN105099821A (en) * | 2015-07-30 | 2015-11-25 | 北京奇虎科技有限公司 | Flow monitoring method and apparatus based on cloud virtual environment |
| CN105099821B (en) * | 2015-07-30 | 2020-05-12 | 奇安信科技集团股份有限公司 | Method and device for monitoring flow in virtual environment based on cloud |
| CN105117647A (en) * | 2015-08-18 | 2015-12-02 | 国家计算机网络与信息安全管理中心广东分中心 | Trojan behavior recovery method |
| CN105407106A (en) * | 2015-12-23 | 2016-03-16 | 北京奇虎科技有限公司 | Access control method and device |
| CN107342969A (en) * | 2016-05-03 | 2017-11-10 | 阿里巴巴集团控股有限公司 | System, the method and apparatus of message identification |
| CN107342969B (en) * | 2016-05-03 | 2021-04-20 | 阿里巴巴集团控股有限公司 | Message identification system, method and device |
| CN107786500A (en) * | 2016-08-25 | 2018-03-09 | 北京计算机技术及应用研究所 | Terminal security module centralized management system |
| CN112351014A (en) * | 2020-10-28 | 2021-02-09 | 武汉思普崚技术有限公司 | Firewall security policy compliance baseline management method and device between security domains |
| CN112351014B (en) * | 2020-10-28 | 2022-06-07 | 武汉思普崚技术有限公司 | Firewall security policy compliance baseline management method and device between security domains |
| CN112751839A (en) * | 2020-12-25 | 2021-05-04 | 江苏省未来网络创新研究院 | Anti-virus gateway processing acceleration strategy based on user traffic characteristics |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101052046A (en) | Anti-virus method and device for fire-proof wall | |
| CA2594020C (en) | Method, systems, and computer program products for implementing function-parallel network firewall | |
| US10735379B2 (en) | Hybrid hardware-software distributed threat analysis | |
| US7725938B2 (en) | Inline intrusion detection | |
| US20170250953A1 (en) | Hybrid hardware-software distributed threat analysis | |
| DE60308260T2 (en) | A method and apparatus for efficiently comparing responses to previously communicated requests by a network node | |
| US20130254766A1 (en) | Offloading packet processing for networking device virtualization | |
| CN1406351A (en) | System, device and method for rapid packet filtering and preocessing | |
| JP2004503146A (en) | How to prevent denial of service attacks | |
| CN1838592A (en) | Firewall method and system based on high-speed network data processing platform | |
| Fulp | An independent function-parallel firewall architecture for high-speed networks (short paper) | |
| CN101060521A (en) | Information packet filtering method and network firewall | |
| CN1708959A (en) | Method, router or switch for software and hardware packet flow forwarding | |
| CN1384639A (en) | Distributed dynamic network security protecting system | |
| CN1905555A (en) | Fire wall controlling system and method based on NGN service | |
| CN101051891A (en) | Method and device for safety strategy uniformly treatment in safety gateway | |
| CN112367278B (en) | Cloud gateway system based on programmable data switch and message processing method thereof | |
| US20020131364A1 (en) | Handling of data packets | |
| US8191132B1 (en) | Scalable transparent proxy | |
| CN100339845C (en) | Chain path layer location information filtering based on state detection | |
| CN1777148A (en) | Routing table next-hop IP address to MAC address analytic method | |
| CN1741473A (en) | A network data packet availability deciding method and system | |
| KR101275709B1 (en) | Packet processing system for network based data loss prevention capable of distributed processing depending on application protocol and method thereof | |
| CN1881938A (en) | Method and system for preventing and detecting proxy | |
| CN1848795A (en) | Method for realizing large data packet quick retransmission in real-time communication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20071010 |