CN101188612A - A blacklist real time management method and device - Google Patents
A blacklist real time management method and device Download PDFInfo
- Publication number
- CN101188612A CN101188612A CNA200710179077XA CN200710179077A CN101188612A CN 101188612 A CN101188612 A CN 101188612A CN A200710179077X A CNA200710179077X A CN A200710179077XA CN 200710179077 A CN200710179077 A CN 200710179077A CN 101188612 A CN101188612 A CN 101188612A
- Authority
- CN
- China
- Prior art keywords
- blacklist
- message
- information
- list item
- real time
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for real-time blacklist management and the device thereof, wherein, the method comprise the following steps: step one, a transmission module sends detected message information with attack signature to a blacklist management module, and discards the message; step two, the blacklist management module searches all the blacklist list items in the blacklist, deletes aged blacklist list items, and adds the information into the blacklist list items. The invention adopts a module optimization treatment mode, obtains technical and security progresses, and truly achieves the effect of the real-time blacklist management. No information interaction exists between the modules, therefore the designs in the modules are required to be compactor and more logical, thereby the real time and the stability of the blacklist management are better, and the security of a communication system is higher.
Description
Technical field
The present invention relates to the network security technology in data communication field, particularly relate to a kind of method and device thereof of blacklist real time management.
Background technology
In communication products, blacklist is a kind of mode of filtering according to the source IP address of message and further feature information.The topmost characteristic of blacklist is to add the wherein list item of definition of (dynamically generating) and deletion (regularly aging) automatically, and this is the function that most of communication products all have.This function is obtained by administration module on the one hand needs newly-increased blacklist list item information, and administration module is passed to information module with this information more then, and last information module adds processing; On the other hand, administration module checked to existing blacklist list item at first that before information module transmission information if find to have aging list item, then the announcement information module is deleted these list items.In addition, blacklist administration module manual configuration, modification and deletion at any time as required.Yet, even these blacklist management are adopted the real time communication interface to add automatically between module and are deleted, when manual configuration, modification and deletion, the capital exists real-time not high, communication complexity and reliability are low between the module, thereby directly cause security of communication system to reduce, this has proposed stern challenge to the data communication products as the filtration of turnover network.
Summary of the invention
Technical problem to be solved by this invention is to provide a kind of method and device thereof of blacklist real time management, the low and defective of the communication system security reduction that causes of the blacklist management real-time that is used for overcoming the prior art data communication products.
To achieve these goals, the invention provides a kind of method of blacklist real time management, be used for the device of blacklist real time management, it is characterized in that, this method comprises:
Step 2, described blacklist administration module are searched all the blacklist list items in the blacklist, delete aging blacklist list item, and described information is added described blacklist list item.
The method of described blacklist real time management, wherein, in the described step 1, described information comprises source IP address information, characteristic information.
The method of described blacklist real time management wherein, before the described step 1, further comprises: open fire compartment wall on router, configuration trusted area and insincere zone, and the step of the message aggression mode that configuration need detect on described insincere zone.
The method of described blacklist real time management wherein, in the described step 1, further comprises: when described blacklist was managed automatically, described forwarding module carried out the step of blacklist filtration treatment to described message; If described information is not in described blacklist list item, then described message is legal message, described message is carried out the zone detect, otherwise abandon described message.
The method of described blacklist real time management, wherein, in the described step 1, described described message is carried out the step that detects in the zone specifically:
Described forwarding module judges according to the arrival frequency or the contained head feature information of described message whether described message is the message with attack signature, if obtain described information; Otherwise enter normal forwarding process and transmit described message.
The method of described blacklist real time management, wherein, in the described step 2, further comprise: when described blacklist is carried out manual administration, described blacklist administration module is behind the aging blacklist list item of deletion, the step that described information and remaining blacklist list item are mated, specifically:
When matching way for configuration and when not mating, described information is added described blacklist list item; Or
When matching way is configuration and coupling, point out described information to exist; Or
When matching way is deletion and coupling, delete described information; Or
When matching way for deletion and when not mating, point out described information not exist.
The method of described blacklist real time management, wherein, in the described step 2, further comprise: described blacklist administration module joins described information in the described blacklist list item in the ageing time of determining according to the parameter that sets in advance, and when described parameter is not set, described information is joined step in the described blacklist list item in the acquiescence ageing time.
The method of described blacklist real time management, wherein, in the described step 2, further comprise: described blacklist administration module is according to the attack type of the contained described message of head feature information acquisition of described message, and handles the step of corresponding network attack according to described attack type; And/or, according to described forwarding module to the result of described message obtain message by with the step that abandons counting; And/or, export the step of described information in the daily record mode.
To achieve these goals, the present invention also provides a kind of device of blacklist real time management, the communication system that is used for portable terminal, router, external network, an interface of described router is connected to described portable terminal by switching equipment, another interface is connected to described external network, it is characterized in that this device also comprises:
Forwarding module is arranged on the described router, is used for detected information with message of attack signature is sent to described router, and abandons described message;
The blacklist administration module is arranged on the described router, is used to receive the information that described forwarding module sends, and searches all the blacklist list items in the blacklist, deletes aging blacklist list item, and described information is added described blacklist list item.
The device of described blacklist real time management, wherein, this device also comprises:
The area configurations module is arranged on the described router, is used to dispose trusted area and insincere zone, and the message aggression mode that configuration need detect on described insincere zone.
Useful technique effect of the present invention:
Compared with prior art, there is not information interaction between the module of the present invention, both reduced communication complexity, the blacklist real time management method that improves security of communication system has again adopted module optimization process mode, therefore obtain the progress on technology and the safety, really reached the effect of blacklist real time management.Do not have information interaction between the module, this requires the design in the module compact more, and logicality is stronger, makes that blacklist management real-time and stability are better, and communication system security is higher.
Owing to do not have information interaction between the module of the present invention, both reduced communication complexity, improve the included step of blacklist real time management method of security of communication system again, thereby have stable performance, real-time height, advantage such as safe and reliable.
Describe the present invention below in conjunction with the drawings and specific embodiments, but not as a limitation of the invention.
Description of drawings
Fig. 1 is Intranet user is got involved Internet by the router with firewall functionality a networking schematic diagram;
Fig. 2 is a blacklist real time management apparatus structure schematic diagram of the present invention;
Fig. 3 is the automatic management process schematic diagram of blacklist of the present invention;
Fig. 4 is a blacklist manual administration schematic flow sheet of the present invention.
Embodiment
Below in conjunction with the drawings and specific embodiments technical scheme of the present invention is made further more detailed description.
As shown in Figure 1, be Intranet user is got involved Internet by the router with firewall functionality networking schematic diagram.It is some etc. that hardware components in networking among this figure relation comprises that main frame more than one, hub or switch, one have router, the ordinary router more than, hundred/gigabit interface board and a twisted-pair feeder of firewall functionality.
In Fig. 1, Intranet 10 includes but not limited to following equipment: host PC 1, PC2, switch 30 and the router R1 with firewall functionality.
Host PC 1 and PC2 are connected to the interface 1 of router R1 by switch 30, and are connected to outer net 20 from the interface 2 of router R1, and outer net 20 is an external network, can be the Internet net.
Router R1 major function includes but not limited to following function: fire compartment wall, blacklist, zone detection, network address translation NAT (Network Address Translation) and access control list ACL (AccessControl List).Wherein opening firewall functionality is the precondition that realizes blacklist and regional measuring ability, and blacklist can filter message according to network actual conditions and configuration needs, and will have the message information adding blacklist list item of aggressiveness or viral source; The surveyed area function is come identification according to the arrival frequency of a certain message or head feature information, and whether it has the message of aggressiveness or viral source, and the message information that will have aggressiveness or a viral source is passed to the blacklist administration module; Network address translation function makes when Intranet user and Internet user exchange visits exchanges the IP address of private network and the IP address of public network; Access list feature is mainly used in the conversion between the above-mentioned network address.
The main configuration of router R1 on interface 1 includes but not limited to following configuration: be tied to regional A and the network address converting attribute that sets into direction.
The main configuration of router R1 on interface 2 includes but not limited to following configuration: be tied to area B and the network address converting attribute that sets out direction.
Because message always passes in and out from interface, and interface is bundled on the zone, safe coefficient according to the zone determines whether that needs carry out the zone and detect again, and only flowing through needs the message of surveyed area just to carry out the zone detection, so the zoning helps dwindling the scope of detection.
1, the treatment step of software section is as follows:
The 1st step: arranging access control list ACL on router R1 is applied to the dynamic network address transition.
ip?access-list?extended?100
rule?1?permit?0?192.168.88.0?0.0.0.255?any
The 2nd step: on router R1, start firewall functionality, blacklist function and configuring area measuring ability and scanning (screen) group.
firewall
blacklist?enable
zone?1
zone?2
screen?zxr
The 3rd step: on router R1, enable the network address translation nat feature and dispose the dynamic network address translation rule.
A3) enable the NAT module
ip?nat?start
B3) dynamic network address translation rule is applied to Intranet user visit Internet
ip?nat?pool?zte?10.40.88.10?10.40.88.20?prefix_length?24
ip?nat?inside?source?list?100?pool?zte
The 4th step: configuration of IP address and network address translation NAT attribute on interface 1 and interface 2.
A4) interface 1;
ip?address?192.168.88.1?255.255.255.0
ip?nat?inside
B4) interface 2
ip?address?10.40.88.1255.255.255.0
ip?nat?outside
The 5th step: configuration detection is attacked or viral message mode in screen group zxr, and attack or viral message mode can define as required, and the zone can not detect the message of undefined attack pattern or Virus Type.
ip?spoofing
icmp?flood?blacklist-timeout?10
The 6th step: binding interface name and scanning (screen) group on zone1 and zone2, only flowing through needs the message of surveyed area just to carry out the zone detection, supposes that from the message that Intranet 10 is sent be safe, does not need to carry out the zone and detects.
a6)zone?1
interface-bind?fei_1/2
b6)zone?2
interface-bind?fei_1/1
screen-bind?zxr
2, send message to Intranet user from Internet
The 1st step: message arrives interface 2 (interface is called fei_1/1) from interface 3, at first extracts header information, and then through the blacklist inspection, if known invalid packet, then Direct Filtration is fallen; Otherwise enter
The 2nd step;
The 2nd step: message if inspection is not passed through, then entered for the 3rd step through anti-virus and attack protection inspection; Otherwise entered for the 4th step;
The 3rd step: the source IP address and other characteristic information that at first obtain message are passed to the blacklist administration module and are abandoned this message, trigger the blacklist burin-in process then, generate new blacklist list item at last, and flow process finishes;
The 4th step: message is sent from interface 1 according to purpose IP address through after the network address translation, finally arrives Intranet user, and flow process finishes.
3, send message to Internet from Intranet user
The 1st step: message arrives interface 1 (interface is called fei_1/2) from Intranet user, because the message that hypothesis is sent from Intranet 10 is safe, does not detect so do not need to carry out the zone.If the blacklist inspection is not passed through, then directly abandon this message, flow process finishes; Otherwise entered for the 2nd step;
The 2nd step: according to purpose IP address, message need be sent from interface 2, and interface 1 and interface 2 satisfy the condition of network address translation.Through after the network address translation, message is sent from interface 2, arrives Internet, and flow process finishes.
As shown in Figure 2, it is blacklist real time management apparatus structure schematic diagram of the present invention, this device 22 is used for the communication system 200 of portable terminal 50, router four 0, outer net (external network) 20, an interface of router four 0 is connected to portable terminal 50 by switching equipment 30, and another interface is connected to outer net 20.This device 20 comprises: be arranged at forwarding module 401 and blacklist administration module 402 on the router four 0.
This device 22 also comprises area configurations module 403, is arranged on the router four 0, is used to dispose trusted area and insincere zone, and the message aggression mode that configuration need detect on insincere zone.
When forwarding module 401 detects when having aggressive message, at first, the source IP address of message and further feature information are sent to blacklist administration module 402, and with this packet loss, then, 402 pairs of all blacklist list items of blacklist administration module are searched, with aging list item deletion, then, blacklist administration module 402 adds the blacklist list item with the source IP address and the further feature information of message, the new ageing time of blacklist list item and the relating to parameters that sets in advance of adding adopts the acquiescence ageing time when not being provided with.
When user's manual configuration or deletion blacklist list item, at first, source IP address and further feature information are sent to blacklist administration module 402; Then, 402 pairs of all blacklist list items of blacklist administration module are searched, with aging list item deletion; Then, blacklist administration module 402 mates source IP address and further feature information and all blacklist list items successively:
I1) if configuration operation and coupling not then add the blacklist list item with source IP address and further feature information;
I2) if configuration operation and coupling then point out this blacklist list item to exist;
I3) if deletion action and coupling are then deleted this blacklist list item;
I4) if deletion action and not the coupling, then point out this blacklist list item not exist.
Further, blacklist administration module 402 changes into corresponding attack type according to the header information that forwarding module 401 detects attack message, has known to be convenient to the fault location type behind the attack type and to solve the network attack problem effectively;
Further, blacklist administration module 402 utilizes blacklist to check the result of message, the passing through and abandon counting of explicit message, be convenient to add up the external network safe performance indexes, high more by number with the ratio that abandons number, illustrate that the external network fail safe is high more, on the contrary low more;
Further, blacklist administration module 402 is exported attack message information in the daily record mode, and the demonstration external network is attacked frequent degree and attacked the period;
Further, when blacklist administration module 402 is operated in triggerless, make blacklist regularly delete aging list item, reach real intellectuality and real-time management.
The process of blacklist real time management of the present invention comprises:
1), on router four 0, open firewall functionality, need carry out the blacklist inspection when this function has determined message through router four 0, determine message to be added the blacklist list item automatically, determine that the blacklist list item has the characteristic of automatic aging with attack signature; When closing this function, before all blacklist information will be cleared;
2), configuration trusted area and insincere zone on router four 0, and the interface and the non-safe interface that will connect outer net 20 join in the insincere zone; The purpose of dividing zones of different is in order to dwindle the scope that blacklist is checked, only to check insincere zone; The fail safe of interface is not absolute, can at any time any interface be joined insincere zone;
3), configuration needs the message aggression mode of detection on insincere zone, and the parameter of inspection is set; The message aggression mode can dispose according to different applicable cases, if do not dispose, then can not carry out attack detecting; Be provided with and check that parameter has determined the strict degree of message audit, if be not provided with, then adopts default value;
4), satisfy the message that adds the blacklist condition if exist, then the source IP address of this message and further feature information are sent to blacklist administration module 402,402 pairs of all blacklist list items of blacklist administration module are searched, with aging list item deletion, blacklist administration module 402 adds the blacklist list item with the source IP address and the further feature information of message, and the ageing time that newly adds the blacklist list item can adopt parameter or the default value that sets in advance, and subsequent packet is produced filtration; Otherwise then transmit according to normal flow process;
5), if directly the blacklist list item is operated, then need the source IP address and the further feature information of adding or delete are sent to blacklist administration module 402,402 pairs of all blacklist list items of blacklist administration module are searched, with aging list item deletion, then with blacklist in all list items mate, when not matching the list item that needs interpolation, directly add, the ageing time that newly adds the blacklist list item can adopt configuration parameter or default value, and subsequent packet is produced filtration; When matching the list item that needs deletion, directly delete, and subsequent packet is not had filtration; Otherwise provide the information of operation failure.
The blacklist management of data communication products of the present invention has hard real time, does not have information interaction between forwarding module 401, the blacklist administration module 402, has both reduced communication complexity, has improved security of communication system simultaneously again.
As shown in Figure 3, be the automatic management process schematic diagram of blacklist of the present invention.This flow process specifically comprises:
Step S301, message filters through blacklist;
In this step, if the source IP address of message and further feature information then are legal message not in the blacklist list item; Otherwise be invalid packet.Blacklist only allows legal message to pass through, and legal message turns to step S302, and illegal message directly is dropped.
Step S302, message detects through the zone;
In this step, surveyed area comes identification according to the arrival frequency of a certain message or head feature information, and whether it has the message of aggressiveness or viral source, attacks or the condition of viral source message if satisfy, and then turns to step S303; Otherwise message enters normal forwarding process.
Step S303 obtains the message source IP address and other characteristic information is passed to blacklist administration module 402, and abandons this message, turns to step S304.
Step S304, the blacklist burin-in process;
In this step, blacklist is divided into and triggers aging and regularly aging dual mode, only provides the aging mode that triggers among this figure, all can start burin-in process to any operation of blacklist administration module 402, and the blacklist list item after aging turns to step S305 with deleted; When blacklist administration module 402 not being operated in a period of time, timer starts burin-in process, and the blacklist list item after wearing out is with deleted.
Step S305 generates new blacklist list item;
In this step, because filter through blacklist the front, the known message with aggressiveness or viral source is all directly abandoned, and the unknown message with aggressiveness or viral source all is the list item that does not have in the blacklist, get final product so directly add, so far, 402 processing of blacklist administration module finish.
As shown in Figure 4, be blacklist manual administration schematic flow sheet of the present invention.In conjunction with Fig. 2, this flow process specifically comprises:
Step S401, the operation of blacklist list item;
In this step, to router four 0 input source IP address and other characteristic information, source IP address information is essential option by portable terminal 50, and further feature information is option, if configuration operation then turns to step S402; Otherwise be deletion action, turn to step S406.
Step S402 extracts source IP address and other characteristic information and passes to blacklist administration module 402, turns to step S403.
Step S403, the blacklist burin-in process;
In this step, the configuration operation of blacklist administration module 402 starts burin-in process, and the blacklist list item after wearing out turns to step S404 with deleted.
Step S404, the blacklist list item is searched;
In this step, if configuration information has been present in the blacklist list item, then point out this blacklist list item to exist, so far, 402 processing of blacklist administration module finish; Otherwise turn to step S405.
Step S405 generates new blacklist list item, and so far, 402 processing of blacklist administration module finish.
Step S406 extracts source IP address and other characteristic information and passes to blacklist administration module 402, turns to step S407.
Step S407, the blacklist burin-in process;
In this step, the deletion action of blacklist administration module 402 starts burin-in process, and the blacklist list item after wearing out turns to step S408 with deleted.
Step S408, the blacklist list item is searched;
In this step,, then turn to step S409 if deletion information has been present in the blacklist list item; Otherwise point out this blacklist list item not exist, so far, 402 processing of blacklist administration module finish.
Step S409 deletes this blacklist list item, and so far, 402 processing of blacklist administration module finish;
The present invention optimizes the blacklist management process mainly by the innovation on the software engineering, with blacklist management real-time and the raising communication system security that strengthens data communication products.
The present invention is by improving existing method for managing black list and optimizing, making does not have information interaction between the blacklist administration module, both reduced communication complexity, and simultaneously improved security of communication system again, thereby the present invention has stable performance, real-time height, advantage such as safe and reliable.The present invention solves blacklist management real-time that how to strengthen data communication products that exists in the prior art and the problem that improves communication system security, has realized the automatic interpolation of blacklist list item and aging, manual configuration, modification and deletion.
Certainly; the present invention also can have other various embodiments; under the situation that does not deviate from spirit of the present invention and essence thereof; those of ordinary skill in the art work as can make various corresponding changes and distortion according to the present invention, but these corresponding changes and distortion all should belong to the protection range of the appended claim of the present invention.
Claims (10)
1. the method for a blacklist real time management is used for the device of blacklist real time management, it is characterized in that this method comprises:
Step 1, forwarding module sends to the blacklist administration module with detected information with message of attack signature, and abandons described message;
Step 2, described blacklist administration module are searched all the blacklist list items in the blacklist, delete aging blacklist list item, and described information is added described blacklist list item.
2. the method for blacklist real time management according to claim 1 is characterized in that, in the described step 1, described information comprises source IP address information, characteristic information.
3. the method for blacklist real time management according to claim 1 and 2, it is characterized in that, before the described step 1, further comprise: on router, open fire compartment wall, configuration trusted area and insincere zone, and the step of the message aggression mode that configuration need detect on described insincere zone.
4. the method for blacklist real time management according to claim 3 is characterized in that, in the described step 1, further comprises: when described blacklist was managed automatically, described forwarding module carried out the step of blacklist filtration treatment to described message; If described information is not in described blacklist list item, then described message is legal message, described message is carried out the zone detect, otherwise abandon described message.
5. the method for blacklist real time management according to claim 4 is characterized in that, in the described step 1, described described message is carried out the step that detects in the zone specifically:
Described forwarding module judges according to the arrival frequency or the contained head feature information of described message whether described message is the message with attack signature, if obtain described information; Otherwise enter normal forwarding process and transmit described message.
6. the method for blacklist real time management according to claim 3, it is characterized in that, in the described step 2, further comprise: when described blacklist is carried out manual administration, described blacklist administration module is behind the aging blacklist list item of deletion, the step that described information and remaining blacklist list item are mated, specifically:
When matching way for configuration and when not mating, described information is added described blacklist list item; Or
When matching way is configuration and coupling, point out described information to exist; Or
When matching way is deletion and coupling, delete described information; Or
When matching way for deletion and when not mating, point out described information not exist.
7. according to the method for claim 1,2,4,5 or 6 described blacklist real time managements, it is characterized in that, in the described step 2, further comprise: described blacklist administration module joins described information in the described blacklist list item in the ageing time of determining according to the parameter that sets in advance, and when described parameter is not set, described information is joined step in the described blacklist list item in the acquiescence ageing time.
8. according to the method for claim 1,2,4,5 or 6 described blacklist real time managements, it is characterized in that, in the described step 2, further comprise: described blacklist administration module is according to the attack type of the contained described message of head feature information acquisition of described message, and handles the step of corresponding network attack according to described attack type; And/or, according to described forwarding module to the result of described message obtain message by with the step that abandons counting; And/or, export the step of described information in the daily record mode.
9. the device of a blacklist real time management, the communication system that is used for portable terminal, router, external network, an interface of described router is connected to described portable terminal by switching equipment, and another interface is connected to described external network, it is characterized in that this device also comprises:
Forwarding module is arranged on the described router, is used for detected information with message of attack signature is sent to described router, and abandons described message;
The blacklist administration module is arranged on the described router, is used to receive the information that described forwarding module sends, and searches all the blacklist list items in the blacklist, deletes aging blacklist list item, and described information is added described blacklist list item.
10. the device of blacklist real time management according to claim 9 is characterized in that, this device also comprises:
The area configurations module is arranged on the described router, is used to dispose trusted area and insincere zone, and the message aggression mode that configuration need detect on described insincere zone.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA200710179077XA CN101188612A (en) | 2007-12-10 | 2007-12-10 | A blacklist real time management method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA200710179077XA CN101188612A (en) | 2007-12-10 | 2007-12-10 | A blacklist real time management method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101188612A true CN101188612A (en) | 2008-05-28 |
Family
ID=39480801
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA200710179077XA Pending CN101188612A (en) | 2007-12-10 | 2007-12-10 | A blacklist real time management method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101188612A (en) |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103561001A (en) * | 2013-10-21 | 2014-02-05 | 华为技术有限公司 | Safety protection method and routing device |
| CN104065534A (en) * | 2014-06-30 | 2014-09-24 | 上海斐讯数据通信技术有限公司 | Test system and test method for router blacklist adding by mobile terminal |
| CN104270364A (en) * | 2014-09-30 | 2015-01-07 | 杭州华三通信技术有限公司 | Message processing method and device for hypertext transfer protocol |
| CN105681353A (en) * | 2016-03-22 | 2016-06-15 | 浙江宇视科技有限公司 | Method and device of defending port scanning invasion |
| CN105721406A (en) * | 2014-12-05 | 2016-06-29 | 中国移动通信集团广东有限公司 | Method and device for obtaining IP black list |
| CN106021520A (en) * | 2016-05-24 | 2016-10-12 | 重庆通畅无忧信息技术有限公司 | Blacklist storage and search method for user cards |
| CN106130962A (en) * | 2016-06-13 | 2016-11-16 | 浙江宇视科技有限公司 | A kind of message processing method and device |
| CN106131063A (en) * | 2016-08-23 | 2016-11-16 | 杭州华三通信技术有限公司 | A kind of network security processing method and device |
| CN106254353A (en) * | 2016-08-05 | 2016-12-21 | 杭州迪普科技有限公司 | The update method of IPS strategy and device |
| CN107113228A (en) * | 2014-11-19 | 2017-08-29 | 日本电信电话株式会社 | Control device, border router, control method and control program |
| CN107948195A (en) * | 2017-12-25 | 2018-04-20 | 杭州迪普科技股份有限公司 | A kind of method and device of protection Modbus attacks |
| CN109561109A (en) * | 2019-01-16 | 2019-04-02 | 新华三技术有限公司 | A kind of message processing method and device |
| CN109714313A (en) * | 2018-11-20 | 2019-05-03 | 远江盛邦(北京)网络安全科技股份有限公司 | The method of anti-crawler |
| CN110932940A (en) * | 2019-12-10 | 2020-03-27 | 北京奇艺世纪科技有限公司 | Source address translation service monitoring method and device |
| CN112219381A (en) * | 2018-06-01 | 2021-01-12 | 诺基亚技术有限公司 | Method for data analysis-based message filtering in edge nodes |
| CN113711820A (en) * | 2021-08-10 | 2021-11-30 | 秦刚 | Ancient and famous tree management and protection system and method |
-
2007
- 2007-12-10 CN CNA200710179077XA patent/CN101188612A/en active Pending
Cited By (28)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103561001A (en) * | 2013-10-21 | 2014-02-05 | 华为技术有限公司 | Safety protection method and routing device |
| CN104065534A (en) * | 2014-06-30 | 2014-09-24 | 上海斐讯数据通信技术有限公司 | Test system and test method for router blacklist adding by mobile terminal |
| CN104270364A (en) * | 2014-09-30 | 2015-01-07 | 杭州华三通信技术有限公司 | Message processing method and device for hypertext transfer protocol |
| CN104270364B (en) * | 2014-09-30 | 2018-01-12 | 新华三技术有限公司 | A kind of Hypertext Transfer Protocol message treating method and apparatus |
| CN107113228A (en) * | 2014-11-19 | 2017-08-29 | 日本电信电话株式会社 | Control device, border router, control method and control program |
| US10652211B2 (en) | 2014-11-19 | 2020-05-12 | Nippon Telegraph And Telephone Corporation | Control device, border router, control method, and control program |
| CN107113228B (en) * | 2014-11-19 | 2020-07-31 | 日本电信电话株式会社 | Control device, border router, control method, and computer-readable storage medium |
| CN105721406A (en) * | 2014-12-05 | 2016-06-29 | 中国移动通信集团广东有限公司 | Method and device for obtaining IP black list |
| CN105681353A (en) * | 2016-03-22 | 2016-06-15 | 浙江宇视科技有限公司 | Method and device of defending port scanning invasion |
| CN105681353B (en) * | 2016-03-22 | 2019-06-11 | 浙江宇视科技有限公司 | Defend the method and device of port scan invasion |
| CN106021520A (en) * | 2016-05-24 | 2016-10-12 | 重庆通畅无忧信息技术有限公司 | Blacklist storage and search method for user cards |
| CN106021520B (en) * | 2016-05-24 | 2020-02-07 | 重庆通畅无忧信息技术有限公司 | Method for storing and inquiring blacklist of user card |
| CN106130962A (en) * | 2016-06-13 | 2016-11-16 | 浙江宇视科技有限公司 | A kind of message processing method and device |
| CN106130962B (en) * | 2016-06-13 | 2020-01-14 | 浙江宇视科技有限公司 | Message processing method and device |
| CN106254353A (en) * | 2016-08-05 | 2016-12-21 | 杭州迪普科技有限公司 | The update method of IPS strategy and device |
| CN106131063B (en) * | 2016-08-23 | 2019-05-31 | 新华三技术有限公司 | A kind of network security processing method and device |
| CN106131063A (en) * | 2016-08-23 | 2016-11-16 | 杭州华三通信技术有限公司 | A kind of network security processing method and device |
| CN107948195A (en) * | 2017-12-25 | 2018-04-20 | 杭州迪普科技股份有限公司 | A kind of method and device of protection Modbus attacks |
| CN107948195B (en) * | 2017-12-25 | 2020-12-04 | 杭州迪普科技股份有限公司 | Method and device for protecting Modbus attack |
| CN112219381A (en) * | 2018-06-01 | 2021-01-12 | 诺基亚技术有限公司 | Method for data analysis-based message filtering in edge nodes |
| CN112219381B (en) * | 2018-06-01 | 2023-09-05 | 诺基亚技术有限公司 | Method and apparatus for message filtering based on data analysis |
| US11985111B2 (en) | 2018-06-01 | 2024-05-14 | Nokia Technologies Oy | Method for message filtering in an edge node based on data analytics |
| CN109714313A (en) * | 2018-11-20 | 2019-05-03 | 远江盛邦(北京)网络安全科技股份有限公司 | The method of anti-crawler |
| CN109561109A (en) * | 2019-01-16 | 2019-04-02 | 新华三技术有限公司 | A kind of message processing method and device |
| CN110932940A (en) * | 2019-12-10 | 2020-03-27 | 北京奇艺世纪科技有限公司 | Source address translation service monitoring method and device |
| CN110932940B (en) * | 2019-12-10 | 2021-08-06 | 北京奇艺世纪科技有限公司 | Source address translation service monitoring method and device |
| CN113711820A (en) * | 2021-08-10 | 2021-11-30 | 秦刚 | Ancient and famous tree management and protection system and method |
| CN113711820B (en) * | 2021-08-10 | 2023-12-15 | 厦门源森园林景观股份有限公司 | Ancient tree name wood management protection system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101188612A (en) | A blacklist real time management method and device | |
| CN101227467B (en) | Apparatus for managing black list | |
| CN100471172C (en) | Method for implementing black sheet | |
| CN101741862B (en) | System and method for detecting IRC bot network based on data packet sequence characteristics | |
| US7114182B2 (en) | Statistical methods for detecting TCP SYN flood attacks | |
| CN101656634B (en) | Intrusion detection method based on IPv6 network environment | |
| CN101060493B (en) | A method of private network user access the server in a private network through domain name | |
| CN101631026A (en) | Method and device for defending against denial-of-service attacks | |
| CN104767752A (en) | Distributed network isolating system and method | |
| CN107135187A (en) | Preventing control method, the apparatus and system of network attack | |
| CN101431449A (en) | Network flux cleaning system | |
| CN104158767B (en) | A kind of network admittance device and method | |
| CN103685279B (en) | Based on adaptive network port fast scanning method | |
| CN104702584A (en) | Modbus communication access control method based on rule self-learning | |
| CN102571469A (en) | Attack detecting method and device | |
| CN106453376B (en) | A kind of stateless scanning filter method based on TCP packet feature | |
| CN109327426A (en) | A kind of firewall attack defense method | |
| CN101378395A (en) | Method and apparatus for preventing reject access aggression | |
| CN102882828A (en) | Information safe transmission control method between inside network and outside network and gateway thereof | |
| CN107222462A (en) | A kind of LAN internals attack being automatically positioned of source, partition method | |
| CN109587156A (en) | Abnormal network access connection identification and blocking-up method, system, medium and equipment | |
| CN111818077A (en) | Industrial control mixed honeypot system based on SDN technology | |
| CN112787911A (en) | Internet of things equipment integration gateway and system | |
| CN105429944A (en) | ARP attack automatic identification adjusting method and router | |
| CN103051743B (en) | A kind of DNS system of defense based on distributed hierarchy and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20080528 |