CN102195887A - Message processing method, device and network security equipment - Google Patents
Message processing method, device and network security equipment Download PDFInfo
- Publication number
- CN102195887A CN102195887A CN2011101443319A CN201110144331A CN102195887A CN 102195887 A CN102195887 A CN 102195887A CN 2011101443319 A CN2011101443319 A CN 2011101443319A CN 201110144331 A CN201110144331 A CN 201110144331A CN 102195887 A CN102195887 A CN 102195887A
- Authority
- CN
- China
- Prior art keywords
- session stream
- list item
- session
- stream
- index
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 19
- 238000000034 method Methods 0.000 claims abstract description 33
- 238000011084 recovery Methods 0.000 claims abstract description 33
- 238000012545 processing Methods 0.000 claims abstract description 18
- 238000012550 audit Methods 0.000 claims description 25
- 230000008569 process Effects 0.000 claims description 19
- 238000012217 deletion Methods 0.000 claims description 3
- 230000037430 deletion Effects 0.000 claims description 3
- 238000012795 verification Methods 0.000 abstract 3
- 230000006870 function Effects 0.000 description 6
- 230000009897 systematic effect Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 3
- 239000000284 extract Substances 0.000 description 3
- 238000012552 review Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000032683 aging Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000000979 retarding effect Effects 0.000 description 1
- 238000011282 treatment Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a message processing method, device and network security equipment, wherein the method comprises the steps of: when a first message of a session flow is received, establishing a session flow table entry for the session flow and adding the index of the session flow table entry to a universal flow hash table; performing policy matching and verification on the session flow in order to judge whether the session flow is legal or illegal; and when the session flow is illegal, adding the index of the session flow table entry to a recovery auxiliary table and updating the policy matching and verification results of the illegal session flow to the session flow table entry. The device comprises an establishment module, a verification module and an addition module. The network security equipment comprises the message processing device above. According to the method and the device, the depletion of the resource of flow table entry when the number of attack flows is larger is avoided, and simultaneously, high system performances are maintained.
Description
Technical field
The present invention relates to the communication technology, relate in particular to a kind of message processing method, device and Network Security Device.
Background technology
In Network Security Device, generally adopt session stream mode tracking technique to realize to the monitoring management through the communication flows of equipment, so that specific untrusted communication flows is identified and blocked.Under this session stream mode tracking technique framework, the processing procedure of a message is: for the first message of session stream, set up a new session stream list item, and add in the stream table; This session stream is carried out strategy matching and audit, and processing policy is updated in the session stream list item.For non-first message, in the stream table, there has been the information of this session stream, then directly search the stream table, obtain processing policy and the execution of this session stream.In above-mentioned message processing procedure, security strategy may be numerous, and then the speed of strategy matching and audit is relative very slow, and only have the first message of session stream just to need strategy matching and the audit of complete, so can obtain higher message repeating speed.Yet, (assailant is by initiating a large amount of illegal links when equipment is subjected to the flood attack of malice, the hardware resource of consumption network safety means and server, thereby reach the purpose of attack) time, even attack stream is blocked by security strategy, but because retarding ageing, the attack stream that is in blocking state still can take stream table resource, then make normal session stream can not set up the stream list item, cause network to interrupt.
In the prior art, in order to address the above problem, for the first message of session stream, then first implementation strategy coupling and review operations are by just allowing to create the stream list item after the audit, for the session stream of audit failure, then directly abandon this message, do not allow to create the stream list item.
Yet, need in the prior art message of attack stream is carried out complete strategy matching and review process, when the attack stream number is big, causes systematic function to descend, thereby influence overall system throughput.
Summary of the invention
The invention provides a kind of message processing method, device and Network Security Device, avoid when the attack stream number is big, exhausting stream list item resource, can keep higher systematic function simultaneously, improve the total system throughput.
The invention provides a kind of message processing method, comprising:
When receiving the first message of session stream, for described session stream creates session stream list item, and the index of described session stream list item is added in the general wandering tabulation;
Described session stream is carried out strategy matching and audit processing, is legitimate conversation stream or invalid session stream to judge described session stream;
When described session stream flowed for invalid session, the index that described session is flowed list item added in the recovery supplementary table, and strategy matching and the auditing result of described invalid session stream is updated in the described session stream list item.
The invention provides a kind of message process device, comprising:
Creation module is used for when receiving the first message of session stream, for described session stream creates session stream list item, and the index of described session stream list item is added in the general wandering tabulation;
Auditing module is used for described session stream is carried out strategy matching and audit processing, is legitimate conversation stream or invalid session stream to judge described session stream;
Add module, be used for when described session stream flows for invalid session, the index that described session is flowed list item adds in the recovery supplementary table, and strategy matching and the auditing result of described invalid session stream is updated in the described session stream list item.
The invention provides a kind of Network Security Device, comprise above-mentioned message process device.
Message processing method provided by the invention, device and Network Security Device, by the newly-increased supplementary table that reclaims, when receiving the first message of session stream, create session stream list item for this session stream earlier, the index of this session stream list item is added in the general wandering tabulation, when knowing that by strategy matching and audit processing this session stream flows for invalid session, also the index with this session stream list item adds in the recovery supplementary table; Present embodiment is preserved the index information of the session stream list item of invalid session stream by reclaiming supplementary table, use when nervous in order to follow-up resource, avoided when the attack stream number is big, exhausting stream list item resource, can keep higher systematic function simultaneously, improved the total system throughput.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do one to the accompanying drawing of required use in embodiment or the description of the Prior Art below introduces simply, apparently, accompanying drawing in describing below is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the flow chart of message processing method embodiment one of the present invention;
Fig. 2 is the flow chart of message processing method embodiment two of the present invention;
Fig. 3 is the two hash table structural representations among the message processing method embodiment two of the present invention;
Fig. 4 is the structural representation of message process device embodiment one of the present invention;
Fig. 5 is the structural representation of message process device embodiment two of the present invention.
Embodiment
For the purpose, technical scheme and the advantage that make the embodiment of the invention clearer, below in conjunction with the accompanying drawing in the embodiment of the invention, technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
Fig. 1 is the flow chart of message processing method embodiment one of the present invention, and as shown in Figure 1, present embodiment provides a kind of message processing method, can specifically comprise the steps:
In the present embodiment, when creating a session stream, can when receiving the first message of this session stream, be this session stream establishment session stream list item, and the index of this session stream list item is added in the general wandering tabulation.Session stream herein is for data connection end to end, at transmission control protocol (Transport Control Protocol; Hereinafter to be referred as: TCP)/the IP agreement in, use five-tuple information to discern a stream usually, five-tuple information comprises source IP address, purpose IP address, protocol number, TCP/ User Datagram Protocol (User Datagram Protocol; Hereinafter to be referred as: UDP) source port number and TCP/UDP destination slogan.Traditional equipment uses a hash table to manage numerous session stream usually, and store each session stream processing policy (as blocking-up, by or other additional treatments operations), hash table (Hash table, also claim Hash table) be the data structure that directly conducts interviews according to key value (Key value), promptly a position visits record in the table by key value is mapped to, to accelerate searching speed, usually claim that this data structure is " a session stream mode Track Table ", below can abbreviate " stream table " as.This step is added this session stream list item in the general wandering tabulation to set up a new session stream list item for session stream after, and the index that is specially this session stream list item adds in the general wandering tabulation.In this step when creating session stream, specifically create earlier session stream list item, carry out again the audit of session stream, then when the first message of session stream arrives, no matter it is legitimate conversation stream or invalid session stream, be it and create corresponding session stream list item, and the index that list item is flowed in session is added in the general wandering tabulation.
Particularly, except general wandering tabulation, also be provided with one and reclaim supplementary table in the present embodiment, this reclaims the index information that supplementary table is used for the session stream list item of preservation invalid session stream.Above-mentioned steps 101 in the present embodiment can specifically comprise the steps: to judge in the current idle list item pond whether have idle list item resource when receiving the first message of session stream; If when having idle list item resource in the current idle list item pond, adopting this free time list item resource is that session stream creates session stream list item; If when not having idle list item resource in the current idle list item pond, from reclaim supplementary table, reclaim a session stream list item resource; Adopt the session stream list item resource that reclaims to create session stream list item for this session stream.
More specifically, when the list item resource is flowed in the session of present embodiment in reclaiming supplementary table, specifically can obtain and wait to delete session stream table item index, this is waited to delete session stream table item index deletes from general wandering tabulation and recovery supplementary table simultaneously, be recovered in the idle list item pond with session stream list item resource, use in order to the establishment of new session stream with this session stream table item index correspondence.Particularly, this session stream table item index to be deleted can be specially the session stream table item index that adds the earliest in the described recovery supplementary table.
After creating session stream list item for session stream, this session stream is carried out strategy matching process with audit, to judge that this session stream is as legitimate conversation stream or invalid session stream.Present embodiment is by setting up earlier session stream list item, implementation strategy coupling and audit are processed again, and when the first message of session stream arrives, carry out said process, then can avoid non-first message to session stream to carry out the operation such as redundant strategy matching and audit processings and the defective of the message processing speed reduction that causes.
Step 103, when session stream flowed for invalid session, the index that session is flowed list item added in the recovery supplementary table, and strategy matching and the auditing result of invalid session stream is updated in the session stream list item.
Process by above-mentioned strategy matching and audit, when definite session stream flows for invalid session, the index that the session that creates for this session stream in the step 101 is flowed list item adds in the recovery supplementary table, be general wandering tabulation and the index information that reclaims the session stream list item that has all added invalid session stream in the supplementary table, and strategy matching and the auditing result of invalid session stream be updated in the session stream list item, directly extract use in order to the subsequent packet of this session stream.
Further, the message processing method that present embodiment provides can also comprise the steps: when described session stream flows for legitimate conversation, the strategy matching and the auditing result of described legitimate conversation stream are updated in the described session stream list item, and the subsequent packet that flows in order to this session directly extracts use.
Present embodiment provides a kind of message processing method, by the newly-increased supplementary table that reclaims, when receiving the first message of session stream, create session stream list item for this session stream earlier, the index of this session stream list item is added in the general wandering tabulation, when knowing that by strategy matching and audit processing this session stream flows for invalid session, also the index with this session stream list item adds in the recovery supplementary table; Present embodiment is preserved the index information of the session stream list item of invalid session stream by reclaiming supplementary table, use when nervous in order to follow-up resource, avoided when the attack stream number is big, exhausting stream list item resource, can keep higher systematic function simultaneously, improved the total system throughput.
Fig. 2 is the flow chart of message processing method embodiment two of the present invention, and as shown in Figure 2, present embodiment provides a kind of message processing method, can specifically comprise the steps:
In the present embodiment, when receiving the first message of session stream, for this session stream creates session stream list item, then judge earlier in the current idle list item pond whether have idle list item resource, to attempt to obtain idle list item resource.If when having idle list item resource in the current idle list item pond, then execution in step 202, if when not having idle list item resource in the current idle list item pond, then execution in step 204.
Step 202, adopting described idle list item resource is that described session stream creates session stream list item.
When having idle list item resource in the idle list item pond, then can directly to adopt this free time list item resource be that this session stream is created session stream list item to present embodiment.
After creating session stream list item, can distribute an index for this session stream list item, and the index of this session stream list item is added in the general wandering tabulation for session stream.
Step 204 reclaims session stream list item resource from reclaim supplementary table.
Do not have idle list item resource in idle list item pond, when namely current no idle list item can be used, present embodiment reclaimed session stream list item resource from the recovery supplementary table that arranges, and this reclaims supplementary table for the index information of the session stream list item of preserving invalid session stream.Be specifically as follows the index that from reclaim supplementary table, obtains the session stream list item that adds at first in this recovery supplementary table, because reclaiming the index of the session stream list item of the invalid session stream of preserving in the supplementary table also is kept in the general wandering tabulation simultaneously, then this step is deleted simultaneously general wandering tabulation and is reclaimed in the supplementary table this and add at first the index that list item is flowed in session in this recoverys supplementary table to, specifically the session stream list item that this index is corresponding is recovered in the idle list item pond, and the session that this index is corresponding stream list item executive termination operation, namely no longer this session stream list item is participated in the follow-up operations such as package forward.
Step 205, adopting the session stream list item resource that reclaims is that described session stream creates session stream list item.
After the recovery of finishing session stream list item resource, it is that session stream in the step 201 creates session stream list item that present embodiment can adopt the session stream list item resource of recovery.Present embodiment reclaims supplementary table by setting up, and the session that is judged to be invalid session stream is flowed the index of list item and preserves, and can index all invalid session stream by this recovery supplementary table, and the invalid session stream in the present embodiment can comprise attack stream.When stream table resource is nervous, can it be discharged huge profit usefulness, preferentially to satisfy the needs of normal legitimate conversation stream by this recovery supplementary table being recycled stream list item resource wherein.
After the establishment of finishing the session stream list item of session stream, this session stream is carried out strategy matching to present embodiment and audit is processed, and whether to judge this session stream as legitimate conversation stream, if so, then execution in step 207, otherwise execution in step 208.Present embodiment is by only carrying out complete session stream list item foundation and strategy matching and review operations to session stream when the first message of session stream arrives, then avoided all messages all to carry out the time waste that strategy matching and audit bring.
Step 207, strategy matching and auditing result that this legitimate conversation is flowed are updated in session stream list item corresponding to this legitimate conversation stream.
By audit, when session stream flowed for legitimate conversation, then strategy matching that this legitimate conversation is flowed and auditing result were updated in the corresponding session stream list item of this legitimate conversation stream, and the subsequent packet that flows in order to this session directly extracts use.
Step 208, the index that this session is flowed list item adds in the recovery supplementary table.
By audit, when session stream flows for invalid session, the index that then session of this session stream is flowed list item adds in the recovery supplementary table, owing to when setting up before session stream list item, it has been added in the general wandering tabulation, therefore this moment is in general wandering tabulation with reclaim the index information of the session stream list item of all preserving invalid session stream in the supplementary table, then can be from two tables all can index and find the session stream list item of invalid session stream.Fig. 3 is the two hash table structural representations among the message processing method embodiment two of the present invention, as shown in Figure 3, the index information of the session stream list item of legitimate conversation stream is kept in the general wandering tabulation in the present embodiment, and the index information of the session stream list item of invalid session stream is kept at general wandering tabulation and reclaims in the supplementary table.
After the index that the session of invalid session stream is flowed list item adds general wandering tabulation to and reclaims in the supplementary table, with strategy matching and the auditing result of this invalid session stream, also be updated to session corresponding to this invalid session stream and flow in the list item.
Present embodiment provides a kind of message processing method, by the newly-increased supplementary table that reclaims, when receiving the first message of session stream, create session stream list item for this session stream earlier, the index of this session stream list item is added in the general wandering tabulation, when knowing that by strategy matching and audit processing this session stream flows for invalid session, also the index with this session stream list item adds in the recovery supplementary table; Present embodiment is preserved the index information of the session stream list item of invalid session stream by reclaiming supplementary table, from reclaim supplementary table, reclaim when nervous in order to follow-up resource and use corresponding stream list item resource, avoided when the attack stream number is big, exhausting stream list item resource, simultaneously can keep higher systematic function, improve the total system throughput.
Those of ordinary skills can manage to handle and separate: all or part of step that realizes said method embodiment can be finished by the relevant hardware of program command, aforesaid program can be stored in the computer read/write memory medium, this program is carried out the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
Fig. 4 is the structural representation of message process device embodiment one of the present invention, and as shown in Figure 4, present embodiment provides a kind of message process device, can specifically carry out each step among the said method embodiment one, repeats no more herein.The message process device that present embodiment provides can comprise creation module 401, auditing module 402 and add module 403.Wherein, creation module 401 is used for when receiving the first message of session stream, for described session stream creates session stream list item, and the index of described session stream list item is added in the general wandering tabulation.Auditing module 402 is used for described session stream is carried out strategy matching and audit processing, is legitimate conversation stream or invalid session stream to judge described session stream.Add module 403 and be used for when described session stream flows for invalid session, the index that described session is flowed list item adds in the recovery supplementary table, and strategy matching and the auditing result of described invalid session stream is updated in the described session stream list item.
Fig. 5 is the structural representation of message process device embodiment two of the present invention, and as shown in Figure 5, present embodiment provides a kind of message process device, can specifically carry out each step among the said method embodiment two, repeats no more herein.The message process device that present embodiment provides is on above-mentioned basis shown in Figure 4, and creation module 401 can specifically comprise judging unit 411, first creating unit 421, reclaim the unit 431 and second creating unit 441.Wherein, judging unit 411 is used for judging in the current idle list item pond whether have idle list item resource when receiving the first message of session stream.When if there is idle list item resource in first creating unit 421 for described current idle list item pond, adopting described idle list item resource is that described session stream creates session stream list item, and the index of described session stream list item is added in the general wandering tabulation.When if there is not idle list item resource in recovery unit 431 for described current idle list item pond, from reclaim supplementary table, reclaim session stream list item resource.It is that described session stream creates session stream list item that second creating unit 441 is used for adopting the session stream list item resource that reclaims, and the index of described session stream list item is added in the general wandering tabulation.
More specifically, recovery unit 431 can specifically comprise and obtains subelement 4311, deletion subelement 4312 and reclaim subelement 4313.Wherein, obtain that subelement 4311 is used for, from reclaim supplementary table, obtain and wait to delete session stream table item index when if there is not idle list item resource in described current idle list item pond.Deletion subelement 4312 is used for deleting the session stream table item index described to be deleted of described general wandering tabulation and described recovery supplementary table.Reclaiming subelement 4313 is used for the session stream list item resource of described session stream table item index correspondence is recovered to idle list item pond.
Particularly, obtain described that subelement 4311 obtains and wait to delete session stream table item index for adding the session stream table item index in the described recovery supplementary table the earliest.
Further, the message process device that present embodiment provides can also comprise update module 404, and update module 404 is used for when described session stream flows for legitimate conversation, and strategy matching and auditing result that described legitimate conversation is flowed are updated in the described session stream list item.
Present embodiment provides a kind of message process device, by the newly-increased supplementary table that reclaims, when receiving the first message of session stream, create session stream list item for this session stream earlier, the index of this session stream list item is added in the general wandering tabulation, when knowing that by strategy matching and audit processing this session stream flows for invalid session, also the index with this session stream list item adds in the recovery supplementary table; Present embodiment is preserved the index information of the session stream list item of invalid session stream by reclaiming supplementary table, from reclaim supplementary table, reclaim when nervous in order to follow-up resource and use corresponding stream list item resource, avoided when the attack stream number is big, exhausting stream list item resource, simultaneously can keep higher systematic function, improve the total system throughput.
Present embodiment also provides a kind of Network Security Device, such as products such as fire walls, can specifically comprise the message process device in above-described embodiment.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (11)
1. a message processing method is characterized in that, comprising:
When receiving the first message of session stream, for described session stream creates session stream list item, and the index of described session stream list item is added in the general wandering tabulation;
Described session stream is carried out strategy matching and audit processing, is legitimate conversation stream or invalid session stream to judge described session stream;
When described session stream flowed for invalid session, the index that described session is flowed list item added in the recovery supplementary table, and strategy matching and the auditing result of described invalid session stream is updated in the described session stream list item.
2. method according to claim 1 is characterized in that, and is described when receiving the first message of session stream, creates session stream list item for described session stream and comprises:
When receiving the first message of session stream, judge in the current idle list item pond whether have idle list item resource;
If when having idle list item resource in the described current idle list item pond, adopting described idle list item resource is that described session stream creates session stream list item;
If when not having idle list item resource in the described current idle list item pond, from reclaim supplementary table, reclaim session stream list item resource;
Adopting the session stream list item resource that reclaims is that described session stream is created session stream list item.
3. method according to claim 2 is characterized in that, the described session stream list item resource that reclaims from reclaim supplementary table comprises:
From reclaim supplementary table, obtain session stream table item index to be deleted;
Delete the session stream table item index described to be deleted in described general wandering tabulation and the described recovery supplementary table;
The session stream list item resource that described session stream table item index is corresponding is recovered in the idle list item pond.
4. method according to claim 3 is characterized in that, described session stream table item index to be deleted is for adding the earliest the session stream table item index in the described recovery supplementary table.
5. method according to claim 1 is characterized in that, also comprises:
When described session stream flowed for legitimate conversation, strategy matching and auditing result that described legitimate conversation is flowed were updated in the described session stream list item.
6. a message process device is characterized in that, comprising:
Creation module is used for when receiving the first message of session stream, for described session stream creates session stream list item, and the index of described session stream list item is added in the general wandering tabulation;
Auditing module is used for described session stream is carried out strategy matching and audit processing, is legitimate conversation stream or invalid session stream to judge described session stream;
Add module, be used for when described session stream flows for invalid session, the index that described session is flowed list item adds in the recovery supplementary table, and strategy matching and the auditing result of described invalid session stream is updated in the described session stream list item.
7. device according to claim 6 is characterized in that, described creation module comprises:
Judging unit is used for judging in the current idle list item pond whether have idle list item resource when receiving the first message of session stream;
First creating unit is if when being used for described current idle list item pond and having idle list item resource, adopting described idle list item resource is that described session stream creates session stream list item, and the index of described session stream list item is added in the general wandering tabulation;
Recovery unit is if when being used for described current idle list item pond and not having idle list item resource, reclaim session stream list item resource from reclaim supplementary table;
Second creating unit, being used for adopting the session stream list item resource that reclaims is that described session stream creates session stream list item, and the index of described session stream list item is added in the general wandering tabulation.
8. device according to claim 7 is characterized in that, described recovery unit comprises:
Obtain subelement, be used for from reclaim supplementary table, obtaining and waiting to delete session stream table item index when if there is not idle list item resource in described current idle list item pond;
The deletion subelement is for the session stream table item index described to be deleted of deleting described general wandering tabulation and described recovery supplementary table;
Reclaim subelement, be used for the session stream list item resource of described session stream table item index correspondence is recovered to idle list item pond.
9. device according to claim 8 is characterized in that, describedly obtains described that subelement obtains and waits to delete session stream table item index for adding the session stream table item index in the described recovery supplementary table the earliest.
10. device according to claim 6 is characterized in that, also comprises:
Update module is used for when described session stream flows for legitimate conversation, and strategy matching and auditing result that described legitimate conversation is flowed are updated in the described session stream list item.
11. a Network Security Device is characterized in that, comprises each described message process device among the aforesaid right requirement 6-10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110144331.9A CN102195887B (en) | 2011-05-31 | 2011-05-31 | Message processing method, device and network security equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110144331.9A CN102195887B (en) | 2011-05-31 | 2011-05-31 | Message processing method, device and network security equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102195887A true CN102195887A (en) | 2011-09-21 |
| CN102195887B CN102195887B (en) | 2014-03-12 |
Family
ID=44603295
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110144331.9A Expired - Fee Related CN102195887B (en) | 2011-05-31 | 2011-05-31 | Message processing method, device and network security equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102195887B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103490937A (en) * | 2013-10-12 | 2014-01-01 | 北京奇虎科技有限公司 | Method and device for filtering monitoring data |
| CN103746918A (en) * | 2014-01-06 | 2014-04-23 | 深圳市星盾网络技术有限公司 | Message forwarding system and message forwarding method |
| WO2015074451A1 (en) * | 2013-11-22 | 2015-05-28 | 华为技术有限公司 | Malicious attack detection method and apparatus |
| CN109600375A (en) * | 2018-12-13 | 2019-04-09 | 锐捷网络股份有限公司 | Message tracing method, device, electronic equipment and storage medium |
| CN113114574A (en) * | 2021-03-30 | 2021-07-13 | 杭州迪普科技股份有限公司 | Message forwarding method and device |
| CN114244625A (en) * | 2021-12-30 | 2022-03-25 | 山东安控信息科技有限公司 | Method and system for rapidly forwarding message of physical isolation equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003067810A1 (en) * | 2002-02-08 | 2003-08-14 | Netscreen Technologies, Inc. | Multi-method gateway-based network security systems and methods |
| CN101340275A (en) * | 2008-08-27 | 2009-01-07 | 深圳华为通信技术有限公司 | Data card, data processing and transmitting method |
| CN101370019A (en) * | 2008-09-26 | 2009-02-18 | 北京星网锐捷网络技术有限公司 | Method and switchboard for preventing packet cheating attack of address analysis protocol |
-
2011
- 2011-05-31 CN CN201110144331.9A patent/CN102195887B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003067810A1 (en) * | 2002-02-08 | 2003-08-14 | Netscreen Technologies, Inc. | Multi-method gateway-based network security systems and methods |
| CN101340275A (en) * | 2008-08-27 | 2009-01-07 | 深圳华为通信技术有限公司 | Data card, data processing and transmitting method |
| CN101370019A (en) * | 2008-09-26 | 2009-02-18 | 北京星网锐捷网络技术有限公司 | Method and switchboard for preventing packet cheating attack of address analysis protocol |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103490937A (en) * | 2013-10-12 | 2014-01-01 | 北京奇虎科技有限公司 | Method and device for filtering monitoring data |
| CN103490937B (en) * | 2013-10-12 | 2017-02-01 | 北京奇虎科技有限公司 | Method and device for filtering monitoring data |
| WO2015074451A1 (en) * | 2013-11-22 | 2015-05-28 | 华为技术有限公司 | Malicious attack detection method and apparatus |
| US10313375B2 (en) | 2013-11-22 | 2019-06-04 | Huawei Technologies Co., Ltd | Method and apparatus for malicious attack detection in an SDN network |
| US11637845B2 (en) | 2013-11-22 | 2023-04-25 | Huawei Technologies Co., Ltd. | Method and apparatus for malicious attack detection in a software defined network (SDN) |
| CN103746918A (en) * | 2014-01-06 | 2014-04-23 | 深圳市星盾网络技术有限公司 | Message forwarding system and message forwarding method |
| CN109600375A (en) * | 2018-12-13 | 2019-04-09 | 锐捷网络股份有限公司 | Message tracing method, device, electronic equipment and storage medium |
| CN109600375B (en) * | 2018-12-13 | 2021-07-16 | 锐捷网络股份有限公司 | Message tracking method and device, electronic equipment and storage medium |
| CN113114574A (en) * | 2021-03-30 | 2021-07-13 | 杭州迪普科技股份有限公司 | Message forwarding method and device |
| CN113114574B (en) * | 2021-03-30 | 2023-04-25 | 杭州迪普科技股份有限公司 | Message forwarding method and device |
| CN114244625A (en) * | 2021-12-30 | 2022-03-25 | 山东安控信息科技有限公司 | Method and system for rapidly forwarding message of physical isolation equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102195887B (en) | 2014-03-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10929538B2 (en) | Network security protection method and apparatus | |
| CN102195887B (en) | Message processing method, device and network security equipment | |
| US8561188B1 (en) | Command and control channel detection with query string signature | |
| US20110099631A1 (en) | Distributed Packet Flow Inspection and Processing | |
| CN101009660B (en) | Universal method and device for processing the match of the segmented message mode | |
| CN101605136B (en) | A method and an apparatus for Internet protocol security IPSec processing to packets | |
| CN101534248B (en) | Deep packet identification method, system and business board | |
| CN106685827A (en) | Downlink message forwarding method and AP device | |
| KR101200906B1 (en) | High Performance System and Method for Blocking Harmful Sites Access on the basis of Network | |
| CN115225734A (en) | Message processing method and network equipment | |
| TW201424315A (en) | Use of primary and secondary connection tables | |
| CN111064750A (en) | Network message control method and device of data center | |
| EP2321934A1 (en) | Distributed packet flow inspection and processing | |
| CN101582880B (en) | Method and system for filtering messages based on audited object | |
| US9374308B2 (en) | Openflow switch mode transition processing | |
| CN113067861A (en) | Distributed extensible access control authorization system and method based on block chain | |
| CN115665055A (en) | Message processing method and device | |
| CN111107142A (en) | Service access method and device | |
| CN102156646B (en) | Feature library upgrading method and device thereof | |
| CN1822565A (en) | Network with MAC table overflow protection | |
| CN114978563A (en) | Method and device for blocking IP address | |
| CN112099867A (en) | APP identification framework supporting online dynamic update | |
| US11797486B2 (en) | File de-duplication for a distributed database | |
| US12032527B2 (en) | File de-duplication for a distributed database | |
| US11829261B2 (en) | Providing a logical data isolation with intermittent connectivity |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20140312 |