CN101588246A - 防范分布式阻断服务DDoS攻击的方法、网络设备和网络系统 - Google Patents
防范分布式阻断服务DDoS攻击的方法、网络设备和网络系统 Download PDFInfo
- Publication number
- CN101588246A CN101588246A CNA2008100673769A CN200810067376A CN101588246A CN 101588246 A CN101588246 A CN 101588246A CN A2008100673769 A CNA2008100673769 A CN A2008100673769A CN 200810067376 A CN200810067376 A CN 200810067376A CN 101588246 A CN101588246 A CN 101588246A
- Authority
- CN
- China
- Prior art keywords
- network
- equipment
- server
- data flow
- ddos
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/141—Denial of service attacks against endpoints in a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
Abstract
Description
Claims (10)
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2008100673769A CN101588246B (zh) | 2008-05-23 | 2008-05-23 | 防范分布式阻断服务DDoS攻击的方法、网络设备和网络系统 |
PCT/CN2009/071274 WO2009140878A1 (zh) | 2008-05-23 | 2009-04-15 | 防范分布式阻断服务DDoS攻击的方法、网络设备和网络系统 |
EP09749421A EP2257024B1 (en) | 2008-05-23 | 2009-04-15 | Method, network apparatus and network system for defending distributed denial of service ddos attack |
ES09749421T ES2396027T3 (es) | 2008-05-23 | 2009-04-15 | Método, dispositivo de red y sistema de red para defenderse de un ataque de denegación distribuida de servicios |
US12/908,679 US20110035801A1 (en) | 2008-05-23 | 2010-10-20 | Method, network device, and network system for defending distributed denial of service attack |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2008100673769A CN101588246B (zh) | 2008-05-23 | 2008-05-23 | 防范分布式阻断服务DDoS攻击的方法、网络设备和网络系统 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101588246A true CN101588246A (zh) | 2009-11-25 |
CN101588246B CN101588246B (zh) | 2012-01-04 |
Family
ID=41339761
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2008100673769A Active CN101588246B (zh) | 2008-05-23 | 2008-05-23 | 防范分布式阻断服务DDoS攻击的方法、网络设备和网络系统 |
Country Status (5)
Country | Link |
---|---|
US (1) | US20110035801A1 (zh) |
EP (1) | EP2257024B1 (zh) |
CN (1) | CN101588246B (zh) |
ES (1) | ES2396027T3 (zh) |
WO (1) | WO2009140878A1 (zh) |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101834875A (zh) * | 2010-05-27 | 2010-09-15 | 华为技术有限公司 | 防御DDoS攻击的方法、装置和系统 |
CN101924764A (zh) * | 2010-08-09 | 2010-12-22 | 中国电信股份有限公司 | 基于二级联动机制的大规模DDoS攻击防御系统及方法 |
CN102164135A (zh) * | 2011-04-14 | 2011-08-24 | 上海红神信息技术有限公司 | 前置可重构DDoS攻击防御装置及方法 |
CN102263788A (zh) * | 2011-07-14 | 2011-11-30 | 百度在线网络技术(北京)有限公司 | 一种用于防御指向多业务系统的DDoS攻击的方法与设备 |
WO2012075866A1 (zh) * | 2010-12-07 | 2012-06-14 | 成都市华为赛门铁克科技有限公司 | 云系统分布式拒绝服务攻击防护方法以及装置和系统 |
CN103179136A (zh) * | 2013-04-22 | 2013-06-26 | 南京铱迅信息技术有限公司 | 防御动态网站中饱和分布式拒绝服务攻击的方法和系统 |
CN103401796A (zh) * | 2013-07-09 | 2013-11-20 | 北京百度网讯科技有限公司 | 网络流量清洗系统及方法 |
CN103916387A (zh) * | 2014-03-18 | 2014-07-09 | 汉柏科技有限公司 | 一种防护ddos攻击的方法及系统 |
CN104158803A (zh) * | 2014-08-01 | 2014-11-19 | 国家电网公司 | 一种针对DDoS攻击的模块化防护检测方法及系统 |
WO2015062295A1 (zh) * | 2013-10-30 | 2015-05-07 | 中兴通讯股份有限公司 | 流量清洗方法、装置和计算机存储介质 |
CN105262737A (zh) * | 2015-09-24 | 2016-01-20 | 西安电子科技大学 | 一种基于跳通道模式的抵御ddos攻击的方法 |
CN105306411A (zh) * | 2014-06-11 | 2016-02-03 | 腾讯科技(深圳)有限公司 | 数据包处理方法和装置 |
CN107171867A (zh) * | 2017-06-30 | 2017-09-15 | 环球智达科技(北京)有限公司 | DDoS攻击的防护系统 |
CN107968785A (zh) * | 2017-12-03 | 2018-04-27 | 浙江工商大学 | 一种SDN数据中心中防御DDoS攻击的方法 |
CN112929369A (zh) * | 2021-02-07 | 2021-06-08 | 辽宁科技大学 | 一种分布式实时DDoS攻击检测方法 |
CN113630398A (zh) * | 2021-07-28 | 2021-11-09 | 上海纽盾科技股份有限公司 | 网络安全中的联合防攻击方法、客户端及系统 |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8966622B2 (en) * | 2010-12-29 | 2015-02-24 | Amazon Technologies, Inc. | Techniques for protecting against denial of service attacks near the source |
CN102238047B (zh) * | 2011-07-15 | 2013-10-16 | 山东大学 | 基于Web通信群体外联行为的拒绝服务攻击检测方法 |
US8978138B2 (en) | 2013-03-15 | 2015-03-10 | Mehdi Mahvi | TCP validation via systematic transmission regulation and regeneration |
US9197362B2 (en) | 2013-03-15 | 2015-11-24 | Mehdi Mahvi | Global state synchronization for securely managed asymmetric network communication |
US9148440B2 (en) | 2013-11-25 | 2015-09-29 | Imperva, Inc. | Coordinated detection and differentiation of denial of service attacks |
CN105049441B (zh) * | 2015-08-07 | 2019-01-01 | 杭州数梦工场科技有限公司 | 防止链路型DDoS攻击的实现方法和系统 |
RU172615U1 (ru) * | 2017-03-13 | 2017-07-14 | Ярослав Викторович Тарасов | Устройство выявления низкоинтенсивных атак "отказ в обслуживании" |
CN110875908B (zh) * | 2018-08-31 | 2022-12-13 | 阿里巴巴集团控股有限公司 | 一种防御分布式拒绝服务攻击的方法及设备 |
CN109347814A (zh) * | 2018-10-05 | 2019-02-15 | 李斌 | 一种基于Kubernetes构建的容器云安全防护方法与系统 |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7146637B2 (en) * | 2001-06-29 | 2006-12-05 | International Business Machines Corporation | User registry adapter framework |
US7028179B2 (en) * | 2001-07-03 | 2006-04-11 | Intel Corporation | Apparatus and method for secure, automated response to distributed denial of service attacks |
US7107619B2 (en) * | 2001-08-31 | 2006-09-12 | International Business Machines Corporation | System and method for the detection of and reaction to denial of service attacks |
US20040148520A1 (en) * | 2003-01-29 | 2004-07-29 | Rajesh Talpade | Mitigating denial of service attacks |
US7404210B2 (en) * | 2003-08-25 | 2008-07-22 | Lucent Technologies Inc. | Method and apparatus for defending against distributed denial of service attacks on TCP servers by TCP stateless hogs |
US7219228B2 (en) * | 2003-08-25 | 2007-05-15 | Lucent Technologies Inc. | Method and apparatus for defending against SYN packet bandwidth attacks on TCP servers |
US20050249214A1 (en) * | 2004-05-07 | 2005-11-10 | Tao Peng | System and process for managing network traffic |
US20050278779A1 (en) * | 2004-05-25 | 2005-12-15 | Lucent Technologies Inc. | System and method for identifying the source of a denial-of-service attack |
CN100370757C (zh) * | 2004-07-09 | 2008-02-20 | 国际商业机器公司 | 识别网络内分布式拒绝服务攻击和防御攻击的方法和系统 |
JP2006067078A (ja) * | 2004-08-25 | 2006-03-09 | Nippon Telegr & Teleph Corp <Ntt> | ネットワークシステムおよび攻撃防御方法 |
US7478429B2 (en) * | 2004-10-01 | 2009-01-13 | Prolexic Technologies, Inc. | Network overload detection and mitigation system and method |
US8089871B2 (en) * | 2005-03-25 | 2012-01-03 | At&T Intellectual Property Ii, L.P. | Method and apparatus for traffic control of dynamic denial of service attacks within a communications network |
US20070130619A1 (en) * | 2005-12-06 | 2007-06-07 | Sprint Communications Company L.P. | Distributed denial of service (DDoS) network-based detection |
US8248946B2 (en) * | 2006-06-06 | 2012-08-21 | Polytechnic Institute of New York Unversity | Providing a high-speed defense against distributed denial of service (DDoS) attacks |
US20090013404A1 (en) * | 2007-07-05 | 2009-01-08 | Alcatel Lucent | Distributed defence against DDoS attacks |
-
2008
- 2008-05-23 CN CN2008100673769A patent/CN101588246B/zh active Active
-
2009
- 2009-04-15 ES ES09749421T patent/ES2396027T3/es active Active
- 2009-04-15 WO PCT/CN2009/071274 patent/WO2009140878A1/zh active Application Filing
- 2009-04-15 EP EP09749421A patent/EP2257024B1/en active Active
-
2010
- 2010-10-20 US US12/908,679 patent/US20110035801A1/en not_active Abandoned
Cited By (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101834875B (zh) * | 2010-05-27 | 2012-08-22 | 华为技术有限公司 | 防御DDoS攻击的方法、装置和系统 |
CN101834875A (zh) * | 2010-05-27 | 2010-09-15 | 华为技术有限公司 | 防御DDoS攻击的方法、装置和系统 |
CN101924764A (zh) * | 2010-08-09 | 2010-12-22 | 中国电信股份有限公司 | 基于二级联动机制的大规模DDoS攻击防御系统及方法 |
CN101924764B (zh) * | 2010-08-09 | 2013-04-10 | 中国电信股份有限公司 | 基于二级联动机制的大规模DDoS攻击防御系统及方法 |
US8886927B2 (en) | 2010-12-07 | 2014-11-11 | Huawei Technologies Co., Ltd. | Method, apparatus and system for preventing DDoS attacks in cloud system |
WO2012075866A1 (zh) * | 2010-12-07 | 2012-06-14 | 成都市华为赛门铁克科技有限公司 | 云系统分布式拒绝服务攻击防护方法以及装置和系统 |
CN102164135A (zh) * | 2011-04-14 | 2011-08-24 | 上海红神信息技术有限公司 | 前置可重构DDoS攻击防御装置及方法 |
CN102164135B (zh) * | 2011-04-14 | 2014-02-19 | 上海红神信息技术有限公司 | 前置可重构DDoS攻击防御装置及方法 |
CN102263788B (zh) * | 2011-07-14 | 2014-06-04 | 百度在线网络技术(北京)有限公司 | 一种用于防御指向多业务系统的DDoS攻击的方法与设备 |
CN102263788A (zh) * | 2011-07-14 | 2011-11-30 | 百度在线网络技术(北京)有限公司 | 一种用于防御指向多业务系统的DDoS攻击的方法与设备 |
CN103179136B (zh) * | 2013-04-22 | 2016-01-20 | 南京铱迅信息技术股份有限公司 | 防御动态网站中饱和分布式拒绝服务攻击的方法和系统 |
CN103179136A (zh) * | 2013-04-22 | 2013-06-26 | 南京铱迅信息技术有限公司 | 防御动态网站中饱和分布式拒绝服务攻击的方法和系统 |
CN103401796A (zh) * | 2013-07-09 | 2013-11-20 | 北京百度网讯科技有限公司 | 网络流量清洗系统及方法 |
CN103401796B (zh) * | 2013-07-09 | 2016-05-25 | 北京百度网讯科技有限公司 | 网络流量清洗系统及方法 |
WO2015062295A1 (zh) * | 2013-10-30 | 2015-05-07 | 中兴通讯股份有限公司 | 流量清洗方法、装置和计算机存储介质 |
CN103916387A (zh) * | 2014-03-18 | 2014-07-09 | 汉柏科技有限公司 | 一种防护ddos攻击的方法及系统 |
CN103916387B (zh) * | 2014-03-18 | 2017-06-06 | 汉柏科技有限公司 | 一种防护ddos攻击的方法及系统 |
CN105306411A (zh) * | 2014-06-11 | 2016-02-03 | 腾讯科技(深圳)有限公司 | 数据包处理方法和装置 |
CN104158803A (zh) * | 2014-08-01 | 2014-11-19 | 国家电网公司 | 一种针对DDoS攻击的模块化防护检测方法及系统 |
CN105262737A (zh) * | 2015-09-24 | 2016-01-20 | 西安电子科技大学 | 一种基于跳通道模式的抵御ddos攻击的方法 |
CN105262737B (zh) * | 2015-09-24 | 2018-09-11 | 西安电子科技大学 | 一种基于跳通道模式的抵御ddos攻击的方法 |
CN107171867A (zh) * | 2017-06-30 | 2017-09-15 | 环球智达科技(北京)有限公司 | DDoS攻击的防护系统 |
CN107968785A (zh) * | 2017-12-03 | 2018-04-27 | 浙江工商大学 | 一种SDN数据中心中防御DDoS攻击的方法 |
CN112929369A (zh) * | 2021-02-07 | 2021-06-08 | 辽宁科技大学 | 一种分布式实时DDoS攻击检测方法 |
CN113630398A (zh) * | 2021-07-28 | 2021-11-09 | 上海纽盾科技股份有限公司 | 网络安全中的联合防攻击方法、客户端及系统 |
Also Published As
Publication number | Publication date |
---|---|
EP2257024A1 (en) | 2010-12-01 |
ES2396027T3 (es) | 2013-02-18 |
CN101588246B (zh) | 2012-01-04 |
US20110035801A1 (en) | 2011-02-10 |
WO2009140878A1 (zh) | 2009-11-26 |
EP2257024A4 (en) | 2011-08-24 |
EP2257024B1 (en) | 2012-11-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101588246B (zh) | 防范分布式阻断服务DDoS攻击的方法、网络设备和网络系统 | |
WO2017148263A1 (zh) | 网络攻击的防控方法、装置及系统 | |
JP4545647B2 (ja) | 攻撃検知・防御システム | |
KR100877664B1 (ko) | 어택 검출 방법, 어택 검출 장치, 데이터 통신 네트워크, 컴퓨터 판독 가능 기록 매체 및 침입 검출 애플리케이션의 전개 방법 | |
CN102487339B (zh) | 一种网络设备攻击防范方法及装置 | |
CN100448201C (zh) | 网络管理器snmp陷阱抑制 | |
CN101447996B (zh) | 分布式拒绝服务攻击防护方法、系统及设备 | |
EP1722535A2 (en) | Method and apparatus for identifying and disabling worms in communication networks | |
CN106357685A (zh) | 一种防御分布式拒绝服务攻击的方法及装置 | |
CN103023924A (zh) | 基于内容分发网络的云分发平台的DDoS攻击防护方法和系统 | |
CN1725709A (zh) | 网络设备与入侵检测系统联动的方法 | |
CN110636086B (zh) | 网络防护测试方法及装置 | |
CN101150586A (zh) | Cc攻击防范方法及装置 | |
CN104796423B (zh) | Arp双向主动防御方法 | |
Signorini et al. | Advise: anomaly detection tool for blockchain systems | |
CN105791027A (zh) | 一种工业网络异常中断的检测方法 | |
Xiao et al. | A novel approach to detecting DDoS attacks at an early stage | |
CN202231744U (zh) | 基于isp网络的拒绝攻击防御系统 | |
CN107018116B (zh) | 监控网络流量的方法、装置及服务器 | |
CN106101088A (zh) | 清洗设备、检测设备、路由设备和防范dns攻击的方法 | |
CN106953830B (zh) | Dns安全防护方法、装置及dns | |
CN110198298A (zh) | 一种信息处理方法、装置及存储介质 | |
Singh et al. | Denial of service attack: analysis of network traffic anormaly using queuing theory | |
CN210444303U (zh) | 网络防护测试系统 | |
Hooper | An intelligent detection and response strategy to false positives and network attacks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C56 | Change in the name or address of the patentee |
Owner name: HUAWEI DIGITAL TECHNOLOGY (CHENGDU) CO., LTD. Free format text: FORMER NAME: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES CO., LTD. |
|
CP01 | Change in the name or title of a patent holder |
Address after: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River Patentee after: HUAWEI DIGITAL TECHNOLOGIES (CHENG DU) Co.,Ltd. Address before: 611731 Chengdu high tech Zone, Sichuan, West Park, Qingshui River Patentee before: CHENGDU HUAWEI SYMANTEC TECHNOLOGIES Co.,Ltd. |
|
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20221013 Address after: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Patentee after: HUAWEI TECHNOLOGIES Co.,Ltd. Address before: 611731 Qingshui River District, Chengdu hi tech Zone, Sichuan, China Patentee before: HUAWEI DIGITAL TECHNOLOGIES (CHENG DU) Co.,Ltd. |