CN101296182A - Data transmission control method and data transmission control device - Google Patents
Data transmission control method and data transmission control device Download PDFInfo
- Publication number
- CN101296182A CN101296182A CNA2008100977228A CN200810097722A CN101296182A CN 101296182 A CN101296182 A CN 101296182A CN A2008100977228 A CNA2008100977228 A CN A2008100977228A CN 200810097722 A CN200810097722 A CN 200810097722A CN 101296182 A CN101296182 A CN 101296182A
- Authority
- CN
- China
- Prior art keywords
- main frame
- data message
- address
- described main
- filtercondition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the invention discloses a data transmission control method and a data transmission control device, which is used for improving reliability of a blacklist filtration technology and lowering misjudgment rate. The method of the embodiment of the invention comprises the following steps that: a data message carrying an address of a host sent by the host is received; whether the host meets a filtering condition or not is judged according to the data message; if so, whether the address of the host is in a credible address list or not is judged; if so, the data message is responded and corresponding operation is carried out. The embodiment of the invention also provides the data transmission control device. The embodiment of the invention can effectively improve the reliability of the blacklist filtration technology and lower the misjudgment rate.
Description
Technical field
The present invention relates to communication field, relate in particular to a kind of data transfer control method and data transfer controller.
Background technology
Along with the continuous expansion of broad application of Internet and the Internet interaction data, the problem that the security guarantee of customer data has become the user to be paid close attention to.Therefore more and more enterprises and personal user bring into use safety products such as fire compartment wall, protect own normal rights and interests by anti-virus and anti-attack ability that these products possess.
The power of the safety means of different levels and corresponding anti-attack ability thereof has determined its application scenarios difference, and this also provides very large selection space for the user.Though the high, normal, basic class of safety means all has a profuse product, has used a lot of similar even identical attack protection strategy and means in the extended familys of safety means product.The blacklist filtering technique is wherein a kind of, and this technology is the very high class risk prevention instrumentses of safety means frequency of utilization such as fire compartment wall.
This technology is meant the source internet protocol (IP according to message; Internet Protocol) address a kind of mode of filtering; because the zone that blacklist need mate is very simple; therefore the very filtration of the realization message of high speed; thereby the message of effectively particular ip address being sent shielding has realized defencive function.When a certain IP address of host continues that purpose IP address sent unusual message flow, the safety means that mediate can identify abnormal flow and judge that this address is attack, with being about to the blacklist that this IP address adds safety means itself, and this follow-up flow in IP address filtered, abnormal operations etc. also might cause adding blacklist, so the range of application of blacklist is very extensive.
In the prior art, the mode that the blacklist filtering technique is realized mainly is to add and deletion by safety means are dynamic, for example when a certain certain destination host of IP address of host trial connection, and can't provide the right user check information, then after this IP address of host is attempted several times, safety means pipe off this IP address, and the message that this IP address is sent is filtered afterwards.
But, because safety means may need to be serviced in running, and because the restriction of region, the network management personnel possibly can't adopt the mode of local login, and can adopt the mode of Telnet that safety means are safeguarded, but if the network management personnel is because human error causes continuously several times logon error (for example password input by mistake etc.), then the IP address of the distance host that the network management personnel adopted will be piped off by these safety means, and follow-up network management personnel can't safeguard safety means by this main frame once more, thereby causes that the safety means running status is unknowable over a period to come, uncontrollable.
Summary of the invention
The embodiment of the invention provides a kind of data transfer control method and data transfer controller, can improve the reliability of blacklist filtering technique, reduces the erroneous judgement probability.
The data transfer control method that the embodiment of the invention provides comprises: receive the data message that main frame sends, carry the host address of described main frame in the described data message; Judge that according to described data message whether described main frame satisfies a filtercondition,, judge described host address whether in a credible address list if satisfy, if, then respond described data message, carry out operation accordingly.
The data transfer controller that the embodiment of the invention provides comprises: the message receiving element, be used to receive the data message that main frame sends, and carry the host address of described main frame in the described data message; Filter verification unit, be used for judging according to described data message whether described main frame satisfies a filtercondition; Access control unit, whether the host address that is used for judging the main frame that satisfies described filtercondition is at a credible address list; Performance element is used to respond the data message that the main frame that satisfies condition sends, and carries out and handles operation, and to be host address judge main frame in described credible address list through described access control unit with the described main frame that satisfies condition.
As can be seen from the above technical solutions, the embodiment of the invention has the following advantages:
In the embodiment of the invention, after judging that according to data message described main frame satisfies a filtercondition, need to judge again the host address that whether comprises described main frame in the credible address list that presets, when comprising the host address of described main frame in the credible address list, then do not abandon the data message that described main frame sends, and respond this data message, and according to the corresponding operation of this data message execution, so the host address of believable main frame can be put into credible address list, even make these main frames abnormal conditions occur, safety means can not blacklist it yet, therefore can guarantee that these main frames can safeguard safety means, so reduced the erroneous judgement probability, improved the reliability of blacklist filtering technique.
Description of drawings
Fig. 1 is the data transfer control method first embodiment flow chart in the embodiment of the invention;
Fig. 2 is the data transfer control method second embodiment flow chart in the embodiment of the invention;
Fig. 3 is a data transfer controller embodiment schematic diagram in the embodiment of the invention.
Embodiment
The embodiment of the invention provides a kind of data transfer control method and data transfer controller, is used to improve the reliability of blacklist filtering technique, reduces the erroneous judgement probability.
In the present embodiment, after judging that according to data message described main frame satisfies a filtercondition, need to judge again the host address that whether comprises described main frame in the credible address list that presets, when comprising the host address of described main frame in the credible address list, then do not abandon the data message that described main frame sends, and respond this data message, and according to the corresponding operation of this data message execution, so the host address of believable main frame can be put into credible address list, even make these main frames abnormal conditions occur, safety means can not blacklist it yet, therefore can guarantee that these main frames can safeguard safety means, so reduced the erroneous judgement probability, improved the reliability of blacklist filtering technique.
Below in conjunction with Figure of description the data transfer control method embodiment in the embodiment of the invention is described, see also Fig. 1, data transfer control method first embodiment comprises in the embodiment of the invention:
101, receive the data message that main frame sends;
In the present embodiment, the data message that safety means send by system interface reception sources main frame, this data message can mail to destination host, receive by the safety means interception, also can be directly to mail to safety means to be used for safety means are carried out attended operation, carry the host address of source host in this data message, need to prove, address in the present embodiment can (IP, InternetProtocol) address also can be media interviews control (MAC for Internet protocol, MediaAccess Control) address, can also be the address of other types perhaps, not limit herein, be that example describes with the IP address among the following embodiment.
To the safety means request of sending datagram safety means being maintained as example with source host in present embodiment and the subsequent embodiment describes, then in the data message except the IP address that comprises source host, also include user's check information that source host sends, be specifically as follows user name and password.
102, judge whether main frame satisfies filtercondition, if then execution in step 103, if not, then execution in step 105;
Particularly, safety means get access to after the data message of source host transmission, judge according to this data message whether this source host satisfies filtercondition, in the practical application, can determine in the following ways whether source host satisfies filtercondition:
User's check information errors number that A, source host provide reaches preset value:
Particularly, safety means authenticate the user's check information that comprises in the described data message, if authentification failure then writes down the number of times to the data message authentification failure of described main frame transmission;
Whether the number of times of judging described authentification failure reaches the threshold value that presets, if reach, judges that then described main frame satisfies the filtercondition that presets.
In the practical application, concrete threshold value can be set according to the height of level of security, the level of security height, then threshold value can be provided with lower, level of security is low, then threshold value can be provided with than higher, be assumed to be 3 times, if the data message that safety means receive from a certain source host, and the user's check information that is comprised in data message accumulative total errors number reaches 3 times, and then safety means judge that this source host may be illegal host, promptly can't provide correct user name and password, but attempt access security equipment time and again, so determine that this source host satisfies filtercondition.
B, if carry connection request in the described data message, the number of times of the connection request that receives from described main frame of safety records then;
Whether the number of times of the connection request that judgement received from described main frame in the time of presetting reaches the threshold value that presets, if reach, judges that then described main frame satisfies the filtercondition that presets.
In the practical application, in the data message that source host sends if include connection request, the number of times of the connection request that receives from this source host of safety means record accumulative total then, whether the number of times of judging in a certain period time cycle the connection request that receives from this source host afterwards surpasses threshold value, if surpass, determine that then this source host satisfies filtercondition, thereby because tending at short notice to initiate a large amount of connection requests to safety means or other main frames, some illegal host make network paralysis or main frame lose response, therefore can be with the number of times of connection request as judging one of condition that main frame is whether illegal.
The above-mentioned situation that only meets filtercondition with two example explanations is understandable that, according to the difference of practical application, the mode whether specifically definite certain main frame satisfies filtercondition also has other approach, does not do qualification herein.
103, judge the host address that whether comprises main frame in the credible address list, if then execution in step 105, if not, then execution in step 104;
When main frame satisfies filtercondition, promptly tentatively think in the time of to filter the data message that this main frame sends, for preventing erroneous judgement, then need to judge the IP address that whether comprises this source host in the credible address list that presets this locality, this credible address list can be safeguarded by the network management personnel, include some believable network addresss in this tabulation, this tabulation is used for indication: even the data message that the main frame of these network addresss sends exists abnormal conditions (for example to send a large amount of connection requests in the short time, or the input error of user's check information reaches preset value), these main frames are not filtered yet, promptly these main frames are not added in the blacklist.
Need to prove, in actual applications, this credible address list can be Access Control List (ACL) (ACL, Access Control List), also can be the tabulation that is used for recording address of other types, the data in this tabulation can be added according to actual conditions or deleted by the network management personnel.
104, abandon the data message that described main frame sends, and process ends;
If the IP address of source host is not comprised in the credible address list, determine that then this source host is an illegal host, and do not belong to special case situation (being credible address), so this source host is added blacklist, promptly abandon the data message that this source host sends.
After this source host is added blacklist, can also monitor the data message of this source host, be tending towards normally then it to be deleted from blacklist if judge the data message of its transmission, idiographic flow is a prior art, repeats no more herein.
105, carry out corresponding the processing according to this data message.
If source host does not satisfy filtercondition, promptly this source host is not to be illegal host, or this source host tentatively is defined as illegal host, but its address belongs to credible address list, then directly respond this data message, and handle accordingly according to the data message that this source host sends, for example the source host request of sending datagram is safeguarded safety means, then safety means carry out relevant maintaining operation according to this data message, and detailed process is not done qualification.
In the said process, because before source host is added blacklist, earlier judge whether the IP address of this source host belongs to credible address list, if belong to, then it is not added blacklist, still the data message of its transmission is handled accordingly, therefore can be avoided effectively believable main frame is added blacklist, thereby can improve the reliability of blacklist filtering technique.
In the foregoing description, because concrete credible address list can upgrade according to network management personnel's demand, the IP address that then might appearance itself be placed in the main frame in the blacklist is described this situation below by the situation that the network management personnel adds credible address list:
See also Fig. 2, data transfer control method second embodiment comprises in the embodiment of the invention:
201, receive the data message that main frame sends;
In the present embodiment, the data message that safety means send by system interface reception sources main frame, this data message can mail to destination host, receive by the safety means interception, also can be directly to mail to safety means to be used for safety means are carried out attended operation, carry the host address of source host in this data message, need to prove, address in the present embodiment can be the IP address, it also can be MAC Address, can also be the address of other types perhaps, not limit herein, be that example describes with the IP address among the following embodiment.
To the safety means request of sending datagram safety means being maintained as example with source host in present embodiment and the subsequent embodiment describes, then in the data message except the IP address that comprises source host, also include user's check information that source host sends, be specifically as follows user name and password.
202, judge the host address that whether comprises main frame in the blacklist list, if comprise, then execution in step 204, if do not comprise, then execution in step 203;
After safety means receive the data message of source host transmission, judge whether the IP address of this source host lists in the blacklist.
203, judge whether main frame satisfies filtercondition, if then execution in step 204, if not, then execution in step 206;
If the IP address of this source host is not listed in the blacklist, then safety means judge according to this data message whether this source host satisfies filtercondition, in the practical application, can determine in the following ways whether source host satisfies filtercondition:
User's check information errors number that A, source host provide reaches preset value:
Particularly, safety means authenticate the user's check information that comprises in the described data message, if authentification failure then writes down the number of times to the data message authentification failure of described main frame transmission;
Whether the number of times of judging described authentification failure reaches the threshold value that presets, if reach, judges that then described main frame satisfies the filtercondition that presets.
In the practical application, concrete threshold value can be set according to the height of level of security, the level of security height, then threshold value can be provided with lower, level of security is low, then threshold value can be provided with than higher, be assumed to be 3 times, if the data message that safety means receive from a certain source host, and the user's check information that is comprised in data message accumulative total errors number reaches 3 times, and then safety means judge that this source host may be illegal host, promptly can't provide correct user name and password, but attempt access security equipment time and again, so determine that this source host satisfies filtercondition.
B, if carry connection request in the described data message, the number of times of the connection request that receives from described main frame of safety records then;
Whether the number of times of the connection request that judgement received from described main frame in the time of presetting reaches the threshold value that presets, if reach, judges that then described main frame satisfies the filtercondition that presets.
In the practical application, in the data message that source host sends if include connection request, the number of times of the connection request that receives from this source host of safety means record accumulative total then, whether the number of times of judging in a certain period time cycle the connection request that receives from this source host afterwards surpasses threshold value, if surpass, determine that then this source host satisfies filtercondition, thereby because tending at short notice to initiate a large amount of connection requests to safety means or other main frames, some illegal host make network paralysis or main frame lose response, therefore can be with the number of times of connection request as judging one of condition that main frame is whether illegal.
The above-mentioned situation that only meets filtercondition with two example explanations is understandable that, according to the difference of practical application, the mode whether specifically definite certain main frame satisfies filtercondition also has other approach, does not do qualification herein.
204, judge the host address that whether comprises main frame in the credible address list, if then execution in step 206, if not, then execution in step 205;
When main frame satisfies filtercondition, or when main frame is listed in the blacklist, promptly tentatively think in the time of to filter the data message that this main frame sends, for preventing erroneous judgement, then need to judge the IP address that whether comprises this source host in the credible address list that presets this locality, this credible address list can be safeguarded by the network management personnel, include some believable network addresss in this tabulation, this tabulation is used for indication: even the data message that the main frame of these network addresss sends exists abnormal conditions (for example to send a large amount of connection requests in the short time, or the input error of user's check information reaches preset value), these main frames are not filtered yet, promptly these main frames are not added in the blacklist.
Need to prove, in actual applications, this credible address list can be Access Control List (ACL) (ACL, Access Control List), also can be the tabulation that is used for recording address of other types, the data in this tabulation can be added according to actual conditions or deleted by the network management personnel.
205, abandon the data message that described main frame sends, and process ends;
If the IP address of source host is not comprised in the credible address list, determine that then this source host is an illegal host, and do not belong to special case situation (being credible address), so this source host is added blacklist, promptly abandon the data message that this source host sends.
After this source host is added blacklist, can also monitor the data message of this source host, be tending towards normally then it to be deleted from blacklist if judge the data message of its transmission, idiographic flow is a prior art, repeats no more herein.
206, carry out corresponding the processing according to this data message.
If source host is not listed in the blacklist, or source host does not satisfy filtercondition, or this source host tentatively is defined as illegal host, but its address belongs to credible address list, then directly respond this data message, and handle accordingly according to the data message that this source host sends, for example the source host request of sending datagram is safeguarded safety means, then safety means carry out relevant maintaining operation according to this data message, and detailed process is not done qualification.
In the said process, if certain main frame is placed in the blacklist, but the network management personnel is added into its address in the credible address list, then safety means do not abandon the data message of the follow-up transmission of this main frame, and handle accordingly according to these data messages, therefore the main frame that can make mistake be added into blacklist still can send datagram safety means are safeguarded, thereby can improve the reliability of blacklist filtering technique.
See also Fig. 3, the data transfer controller embodiment in the embodiment of the invention comprises:
Message receiving element 301 is used to receive the data message that main frame sends, and carries the host address of described main frame in the described data message;
Filter verification unit 302, be used for judging according to described data message whether described main frame satisfies a filtercondition;
Access control unit 303, whether the host address that is used for judging the main frame that satisfies described filtercondition is at a credible address list;
Performance element 304 is used to respond the data message that the main frame that satisfies condition sends, and carries out and handles operation, and the described main frame that satisfies condition is the main frame that the address is judged in described credible address list through described access control unit 303.
Data transfer controller in the present embodiment can further include:
Exception processing unit 306 is used for abandoning the data message that described main frame sends when described access control unit 303 judges that the credible address list that presets does not comprise the host address of described main frame.
Data transfer controller in the present embodiment can further include:
Blacklist verification unit 305, be used for judging whether the blacklist address list that presets comprises the host address of described main frame, if comprise, then indicate described access control unit 303 to carry out and judge the step that whether comprises the host address of described main frame in the credible address list that presets.
Above-mentioned address is the IP address, or MAC Address, and above-mentioned described credible address list is ACL.
In the present embodiment, after judging that according to data message described main frame satisfies the filtercondition that presets, need to judge again the host address that whether comprises described main frame in the credible address list that presets, when comprising the host address of described main frame in the credible address list, then do not abandon the data message that described main frame sends, and carry out corresponding operation according to this data message, so the host address of believable main frame can be put into credible address list, even make these main frames abnormal conditions occur, safety means can not blacklist it yet, therefore can guarantee that these main frames can safeguard safety means, so reduced the erroneous judgement probability, improved the reliability of blacklist filtering technique.
One of ordinary skill in the art will appreciate that all or part of step that realizes in the foregoing description method is to instruct relevant hardware to finish by program, described program can be stored in a kind of computer-readable recording medium, this program comprises the steps: when carrying out
Receive the data message that main frame sends, carry the host address of described main frame in the described data message;
Judge according to described data message whether described main frame satisfies a filtercondition, if satisfy,
Judge described address whether in a credible address list, if,
Then respond described data message, carry out operation accordingly.
The above-mentioned storage medium of mentioning can be a read-only memory, disk or CD etc.
More than a kind of data transfer control method provided by the present invention and data transfer controller are described in detail, for one of ordinary skill in the art, thought according to the embodiment of the invention, part in specific embodiments and applications all can change, in sum, this description should not be construed as limitation of the present invention.
Claims (12)
1, a kind of data transfer control method is characterized in that, comprising:
Receive the data message that main frame sends, carry the host address of described main frame in the described data message;
Judge according to described data message whether described main frame satisfies a filtercondition, if satisfy,
Judge described host address whether in a credible address list, if,
Then respond described data message, carry out operation accordingly.
2, method according to claim 1 is characterized in that, describedly judges that according to data message the step whether described main frame satisfies a filtercondition comprises:
The user's check information that comprises in the described data message is authenticated, and record is to the number of times of the data message authentification failure of described main frame transmission;
Whether the number of times of judging described authentification failure reaches a threshold value, if reach, determines that then described main frame satisfies the filtercondition that presets.
3, method according to claim 1 is characterized in that, describedly judges that according to data message the step whether described main frame satisfies a filtercondition comprises:
Carry connection request in the described data message, the number of times of the connection request that record receives from described main frame;
Whether the number of times of the connection request that judgement received from described main frame in the time of presetting reaches a threshold value, if reach, determines that then described main frame satisfies the filtercondition that presets.
4, according to each described method in the claim 1 to 3, it is characterized in that, comprise after the step of the data message that described reception main frame sends:
Judge the host address that whether comprises described main frame in the blacklist address list, if comprise, then
Judge the host address that whether comprises described main frame in the described credible address list that presets, if do not comprise, then abandon the data message that described main frame sends, if comprise, then
Respond described data message, carry out operation accordingly.
According to each described method in the claim 1 to 3, it is characterized in that 5, described host address is an internet-ip address, or media interviews control MAC Address;
Described credible address list is an access control list ACL.
6, a kind of data transfer control method is characterized in that, comprising:
Receive the data message that main frame sends, carry the host address of described main frame in the described data message;
Judge according to described data message whether described main frame satisfies a filtercondition, if satisfy,
Judge described host address whether in a credible address list, if not,
Then abandon the data message that described main frame sends.
7, method according to claim 6 is characterized in that, describedly judges that according to data message the step whether described main frame satisfies a filtercondition comprises:
The user's check information that comprises in the described data message is authenticated, and record is to the number of times of the data message authentification failure of described main frame transmission;
Whether the number of times of judging described authentification failure reaches a threshold value, if reach, determines that then described main frame satisfies the filtercondition that presets.
8, method according to claim 6 is characterized in that, describedly judges that according to data message the step whether described main frame satisfies a filtercondition comprises:
Carry connection request in the described data message, the number of times of the connection request that record receives from described main frame;
Whether the number of times of the connection request that judgement received from described main frame in the time of presetting reaches a threshold value, if reach, determines that then described main frame satisfies the filtercondition that presets.
9, a kind of data transfer controller is characterized in that, comprising:
The message receiving element is used to receive the data message that main frame sends, and carries the host address of described main frame in the described data message;
Filter verification unit, be used for judging according to described data message whether described main frame satisfies a filtercondition;
Access control unit, whether the host address that is used for judging the main frame that satisfies described filtercondition is at a credible address list;
Performance element is used to respond the data message that the main frame that satisfies condition sends, and carries out and handles operation, and to be host address judge main frame in described credible address list through described access control unit with the described main frame that satisfies condition.
10, data transfer controller according to claim 9 is characterized in that, described data transfer controller also comprises:
Exception processing unit is used for abandoning the data message that described main frame sends when described access control unit judges that the credible address list that presets does not comprise the host address of described main frame.
11, data transmission device according to claim 9 is characterized in that, described data transfer controller also comprises:
The blacklist verification unit, be used for judging whether the blacklist address list that presets comprises the host address of described main frame, if comprise, then indicate described access control unit to carry out and judge the step that whether comprises the host address of described main frame in the credible address list that presets.
According to each described data transfer controller in the claim 9 to 11, it is characterized in that 12, described host address is an internet-ip address, or media interviews control MAC Address;
Described credible address list is an access control list ACL.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008100977228A CN101296182A (en) | 2008-05-20 | 2008-05-20 | Data transmission control method and data transmission control device |
| PCT/CN2009/071654 WO2009140889A1 (en) | 2008-05-20 | 2009-05-06 | Data transmission control method and data transmission control apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008100977228A CN101296182A (en) | 2008-05-20 | 2008-05-20 | Data transmission control method and data transmission control device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101296182A true CN101296182A (en) | 2008-10-29 |
Family
ID=40066201
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2008100977228A Pending CN101296182A (en) | 2008-05-20 | 2008-05-20 | Data transmission control method and data transmission control device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101296182A (en) |
| WO (1) | WO2009140889A1 (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009140889A1 (en) * | 2008-05-20 | 2009-11-26 | 成都市华为赛门铁克科技有限公司 | Data transmission control method and data transmission control apparatus |
| CN102624725A (en) * | 2012-03-07 | 2012-08-01 | 深圳市共进电子股份有限公司 | Security protection method for PIN (Personal Identification Number) code access mode |
| CN101771686B (en) * | 2009-12-31 | 2012-10-10 | 卓望数码技术(深圳)有限公司 | Communication method and network adapter |
| CN103166784A (en) * | 2011-12-14 | 2013-06-19 | 中兴通讯股份有限公司 | Method and device for retraining simple network management protocol (SNMP) message impact |
| CN104184746A (en) * | 2014-09-12 | 2014-12-03 | 网神信息技术(北京)股份有限公司 | Method and device for processing data through gateway |
| CN104660563A (en) * | 2013-11-21 | 2015-05-27 | 中国移动通信集团公司 | Method, equipment and system for processing active detection response |
| CN104836694A (en) * | 2014-02-11 | 2015-08-12 | 中国移动通信集团河北有限公司 | Method and device for monitoring network |
| CN105812181A (en) * | 2016-03-10 | 2016-07-27 | 同济大学 | Distributed communication system maintenance method facing to high-speed maglev transportation simulation |
| CN106875660A (en) * | 2015-12-11 | 2017-06-20 | 华为技术有限公司 | For the method and collector of meter equipment communication |
| CN106899967A (en) * | 2015-12-21 | 2017-06-27 | 北京奇虎科技有限公司 | WiFi cipher safe protecting methods and device |
| CN108337222A (en) * | 2017-11-28 | 2018-07-27 | 中国电子科技集团公司电子科学研究院 | Distinguish open-ended method, equipment and the readable storage medium storing program for executing for accessing terminal identity |
| CN109561109A (en) * | 2019-01-16 | 2019-04-02 | 新华三技术有限公司 | A kind of message processing method and device |
| CN109947081A (en) * | 2019-03-25 | 2019-06-28 | 钛马信息网络技术有限公司 | Net connection control method for vehicle and device |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113328984B (en) * | 2020-08-08 | 2022-08-23 | 北京圆心科技集团股份有限公司 | Data processing method and data processing system based on big data and Internet of things communication |
| CN112087440A (en) * | 2020-09-02 | 2020-12-15 | 上海英恒电子有限公司 | Message transmission method and device, electronic equipment and storage medium |
| CN114488204B (en) * | 2022-04-06 | 2022-06-21 | 长沙金维信息技术有限公司 | Beidou RDSS content-based state anomaly monitoring method and system and storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101019405B (en) * | 2005-01-28 | 2011-09-28 | 美国博通公司 | Method and system for mitigating denial of service in a communication network |
| CN100471172C (en) * | 2006-03-04 | 2009-03-18 | 华为技术有限公司 | Method for implementing black sheet |
| CN100586106C (en) * | 2007-05-22 | 2010-01-27 | 华为技术有限公司 | Message processing method, system and equipment |
| CN101296182A (en) * | 2008-05-20 | 2008-10-29 | 华为技术有限公司 | Data transmission control method and data transmission control device |
-
2008
- 2008-05-20 CN CNA2008100977228A patent/CN101296182A/en active Pending
-
2009
- 2009-05-06 WO PCT/CN2009/071654 patent/WO2009140889A1/en active Application Filing
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009140889A1 (en) * | 2008-05-20 | 2009-11-26 | 成都市华为赛门铁克科技有限公司 | Data transmission control method and data transmission control apparatus |
| CN101771686B (en) * | 2009-12-31 | 2012-10-10 | 卓望数码技术(深圳)有限公司 | Communication method and network adapter |
| CN103166784A (en) * | 2011-12-14 | 2013-06-19 | 中兴通讯股份有限公司 | Method and device for retraining simple network management protocol (SNMP) message impact |
| CN102624725A (en) * | 2012-03-07 | 2012-08-01 | 深圳市共进电子股份有限公司 | Security protection method for PIN (Personal Identification Number) code access mode |
| CN102624725B (en) * | 2012-03-07 | 2016-04-20 | 深圳市共进电子股份有限公司 | A kind of method for security protection of PIN code access way |
| CN104660563A (en) * | 2013-11-21 | 2015-05-27 | 中国移动通信集团公司 | Method, equipment and system for processing active detection response |
| CN104660563B (en) * | 2013-11-21 | 2018-05-04 | 中国移动通信集团公司 | A kind of processing method, equipment and the system of active probe response |
| CN104836694B (en) * | 2014-02-11 | 2019-05-10 | 中国移动通信集团河北有限公司 | Method for monitoring network and device |
| CN104836694A (en) * | 2014-02-11 | 2015-08-12 | 中国移动通信集团河北有限公司 | Method and device for monitoring network |
| CN104184746A (en) * | 2014-09-12 | 2014-12-03 | 网神信息技术(北京)股份有限公司 | Method and device for processing data through gateway |
| CN104184746B (en) * | 2014-09-12 | 2019-12-31 | 网神信息技术(北京)股份有限公司 | Method and device for processing data by gateway |
| CN106875660A (en) * | 2015-12-11 | 2017-06-20 | 华为技术有限公司 | For the method and collector of meter equipment communication |
| CN106899967A (en) * | 2015-12-21 | 2017-06-27 | 北京奇虎科技有限公司 | WiFi cipher safe protecting methods and device |
| CN105812181B (en) * | 2016-03-10 | 2019-08-02 | 同济大学 | A kind of distributed communication system maintaining method towards high speed Maglev emulation |
| CN105812181A (en) * | 2016-03-10 | 2016-07-27 | 同济大学 | Distributed communication system maintenance method facing to high-speed maglev transportation simulation |
| CN108337222A (en) * | 2017-11-28 | 2018-07-27 | 中国电子科技集团公司电子科学研究院 | Distinguish open-ended method, equipment and the readable storage medium storing program for executing for accessing terminal identity |
| CN108337222B (en) * | 2017-11-28 | 2022-02-25 | 中国电子科技集团公司电子科学研究院 | Port opening method and device for distinguishing access terminal identity and readable storage medium |
| CN109561109A (en) * | 2019-01-16 | 2019-04-02 | 新华三技术有限公司 | A kind of message processing method and device |
| CN109947081A (en) * | 2019-03-25 | 2019-06-28 | 钛马信息网络技术有限公司 | Net connection control method for vehicle and device |
| CN109947081B (en) * | 2019-03-25 | 2020-12-01 | 钛马信息网络技术有限公司 | Internet vehicle control method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2009140889A1 (en) | 2009-11-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101296182A (en) | Data transmission control method and data transmission control device | |
| TWI627553B (en) | Detection of advanced persistent threat attack on a private computer network | |
| US11201883B2 (en) | System, method, and apparatus for data loss prevention | |
| US20120005724A1 (en) | Method and system for protecting private enterprise resources in a cloud computing environment | |
| KR101977731B1 (en) | Apparatus and method for detecting anomaly in a controller system | |
| US20120117654A1 (en) | Methods and systems for managing a potential security threat to a network | |
| WO2005031528A2 (en) | Method of and system for enterprise information asset protection through insider attack specification, monitoring and mitigation | |
| CN101345743A (en) | Method and system for preventing network attack by utilizing address analysis protocol | |
| CN107566359A (en) | A kind of intelligent fire-proofing wall system and means of defence | |
| US9185122B2 (en) | Methods and systems for managing security in a network | |
| CN110191102B (en) | Illegal external connection comprehensive monitoring system and method thereof | |
| EP2790354A1 (en) | Security management system having multiple relay servers, and security management method | |
| CN105162763B (en) | Communication data processing method and device | |
| CN103441926A (en) | Security gateway system of numerically-controlled machine tool network | |
| EP1720315B1 (en) | Network management and administration by monitoring network traffic and vulnerability scanning | |
| CN101340275B (en) | Data card, data processing and transmitting method | |
| KR101881061B1 (en) | 2-way communication apparatus capable of changing communication mode and method thereof | |
| CN102882728A (en) | Notification method and device of flow abnormality reasons and network device | |
| EP3018878B1 (en) | Firewall based prevention of the malicious information flows in smart home | |
| CN108111503A (en) | Based on the information safety protection host machine for accessing limitation | |
| JP3808663B2 (en) | Computer network system and access control method thereof | |
| KR100432167B1 (en) | Hidden-type intrusion detection and blocking control system and control method thereof | |
| KR100657851B1 (en) | Method and system for managing network resource | |
| KR100447896B1 (en) | network security system based on black-board, and method for as the same | |
| JP3446891B2 (en) | Monitoring system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: CHENGDU CITY HUAWEI SAIMENTEKE SCIENCE CO., LTD. Free format text: FORMER OWNER: HUAWEI TECHNOLOGY CO., LTD. Effective date: 20090424 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20090424 Address after: Qingshui River District, Chengdu high tech Zone, Sichuan Province, China: 611731 Applicant after: Chengdu Huawei Symantec Technologies Co., Ltd. Address before: Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Province, China: 518129 Applicant before: Huawei Technologies Co., Ltd. |
|
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20081029 |