CN103347016A - Attack defense method - Google Patents
Attack defense method Download PDFInfo
- Publication number
- CN103347016A CN103347016A CN2013102680448A CN201310268044A CN103347016A CN 103347016 A CN103347016 A CN 103347016A CN 2013102680448 A CN2013102680448 A CN 2013102680448A CN 201310268044 A CN201310268044 A CN 201310268044A CN 103347016 A CN103347016 A CN 103347016A
- Authority
- CN
- China
- Prior art keywords
- message
- tcp
- ack message
- client
- network security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses an attack defense method, and relates to the technical field of network security. When a network security device receives TCP SYN messages sent by a client side to a server, an agency function is started, TCP connecting requests are verified based on a cookie verification mechanism, a source IP address is marked to be a valid user if the successful verification is achieved, a first TCP connection is built between a network security device and the client side, a second TCP connection is built between an agency client side and the server, or the source IP address is marked to be an attack party. The network security device conducts judgment on the TCP connecting requests of the client side based on the cookie verification mechanism, and SYN Flood attacks can be effectively identified. After the verification is finished, interaction with all client sides are finished by the network security device in an agency mode, the server cannot be influenced, and therefore the server can be prevented from undergoing the SYN Flood attacks.
Description
Technical field
The present invention relates to the network security technology field, particularly a kind of defence method of attack.
Background technology
In network service, client and server are set up the standard procedure that TCP is connected: the first step, client sends one and comprises synchronously that (Synchronize, SYN) Biao Zhi TCP SYN message, sync message can indicate port that client uses and the initial sequence number of TCP connection; In second step, server returns a SYN/ACK message after receiving the TCP SYN message of client, and the request of expression client is accepted, and while TCP sequence number is added one, ACK and namely confirms (Acknowledgment); In the 3rd step, client is also returned an ACK confirmation message and is given server, and same TCP sequence number is added one, has just finished a TCP to this and has connected.Above connection procedure is called as three-way handshake in Transmission Control Protocol.When having Network Security Device between client and the server, TCP SYN message and ACK message that client sends can be transmitted to server via Network Security Device, and the SYN/ACK message that server sends equally also can be transmitted to client via Network Security Device.In the three-way handshake that TCP connects, suppose that a user crashes suddenly or go offline after server has sent the SYN message, server is the ACK message that can't receive client after sending the SYN/ACK response message so, in this case server generally understand retry (sending the SYN/ACK message again to client) and wait for a period of time after abandon this uncompleted connection, be called SYN Timeout during this period of time.
SYN Flood is current most popular DDoS(distributed denial of service attack) one of mode, be a kind of Transmission Control Protocol defective of utilizing, send a large amount of TCP connection requests of forging, thereby make by the attack pattern of attacker's resource exhaustion.If there is the assailant of a malice to simulate the situation of SYN Timeout in a large number, server will connect tabulation and the very many resources of consumption in order to safeguard one very large half, because half ten hundreds of connection, also can consume very many CPU time and internal memory even simply preserve and travel through, and server is wanted also constantly the IP in this tabulation to be carried out the SYN/ACK retry.If the TCP/IP stack of server is powerful inadequately, last result storehouse is often overflowed collapse; Even the system of server is enough powerful, server also will be busy with handling the TCP connection request that the assailant forges and the normal request of having no time to show interest in the client, and this moment, server lost response from normal client's viewpoint of measures.This situation just is known as: server has been subjected to SYN Flood and has attacked (being the SYN flood attack).
Existing TCP connected mode makes server can't effectively identify and defend SYN Flood to attack, and therefore, is necessary to propose a kind of server that effectively prevents and is subjected to the method that SYN Flood attacks.
Summary of the invention
(1) technical problem to be solved
The object of the present invention is to provide a kind of defence method of attack, can utilize Network Security Device effectively to identify SYN Flood and attack, avoid server to be subjected to SYN Flood and attack.
(2) technical scheme
In order to solve the problems of the technologies described above, the present invention proposes a kind of defence method of attack, said method comprising the steps of:
Network Security Device receives client when sending to the TCP SYN message of server, calculates the cookie value, and described cookie value is added in the SYN/ACK message, gives described client with the loopback of described SYN/ACK message then;
After described client receives described SYN/ACK message, send the ACK message to described Network Security Device;
After described Network Security Device receives described ACK message, utilize described cookie value that described ACK message is carried out verification, if verification succeeds, then the source IP address with described ACK message is labeled as validated user, described Network Security Device is set up a TCP with described client and is connected, and act on behalf of described client and set up the 2nd TCP with described server and be connected, otherwise the source IP address of described ACK message is labeled as the attacker.
Optionally, the described cookie of calculating value specifically comprises:
According to the TCP header message of described TCP SYN message, utilize cryptographic algorithm to calculate described cookie value.
Optionally, the TCP header message of described TCP SYN message comprise in source IP address, source port number and the local zone time any one or a plurality of.
Optionally, described cryptographic algorithm is the md5 algorithm.
Optionally, the described cookie of calculating value specifically comprises:
With preset value as described cookie value.
Optionally, described cookie value added in the SYN/ACK message specifically comprise:
Described cookie value is added to the sequence number in the TCP stem of described SYN/ACK message.
Optionally, utilizing described cookie value that described ACK message is carried out verification specifically comprises:
Sequence number in the TCP stem of described ACK message and described cookie value are carried out verification, if both match each other, then be judged to be verification succeeds.
Optionally, the source IP address of described ACK message be labeled as also comprise step after the attacker:
Abandon described ACK message;
Perhaps, described Network Security Device is set up a TCP with described client and is connected, and sets up the 2nd TCP with described server and be connected, and when described client sent request message to described server, described Network Security Device interception also abandoned the described request message.
Optionally, the source IP address of described ACK message be labeled as also comprise step after the validated user:
Add the source IP address of described ACK message to white list,
When described Network Security Device receives described client when sending to the request message of described server, judge that the IP address of described client is whether in described white list, if then the described request message is sent to described server.
Optionally, the source IP address of described ACK message be labeled as also comprise step after the attacker:
Add the source IP address of described ACK message to blacklist,
When described Network Security Device receives described client when sending to the request message of described server, the IP address of judging described client whether in described blacklist, if, then with the interception of described request message and abandon.
(3) beneficial effect
Compared with prior art, technical scheme of the present invention has following advantage:
Network Security Device calculates the cookie value and it is added in the SYN/ACK message and sends to client, behind the ACK message of receiving client, utilize this cookie value that the ACK message is carried out verification, because the assailant can't copy out same cookie value, Network Security Device can be judged the TCP connection request of client accordingly, attacks thereby effectively identify SYN Flood; Before finishing verification, all and acting on behalf of by Network Security Device alternately of client are finished, and attack even run into SYN Flood, and Network Security Device also can at first be identified and be shielded, can not impact server, attack thereby avoided server to be subjected to SYN Flood.
Description of drawings
Fig. 1 is a kind of flow chart of embodiment of the defence method of the attack that proposes of the present invention.
Fig. 2 is the system schematic in the embodiment of the invention 1.
Embodiment
Below in conjunction with drawings and Examples, the specific embodiment of the present invention is described in further detail.
Fig. 1 represents a kind of embodiment of the defence method of the attack that the present invention proposes, and said method comprising the steps of:
Network Security Device receives client when sending to the TCP SYN message of server, calculates the cookie value, and described cookie value is added in the SYN/ACK message, gives described client with the loopback of described SYN/ACK message then;
After described client receives described SYN/ACK message, send the ACK message to described Network Security Device;
After described Network Security Device receives described ACK message, utilize described cookie value that described ACK message is carried out verification, if verification succeeds, then the source IP address with described ACK message is labeled as validated user, described Network Security Device is set up a TCP with described client and is connected, and act on behalf of described client and set up the 2nd TCP with described server and be connected, otherwise the source IP address of described ACK message is labeled as the attacker.
In the technical scheme that the present invention proposes, Network Security Device calculates the cookie value and it is added in the SYN/ACK message and sends to client, behind the ACK message of receiving client, utilize this cookie value that the ACK message is carried out verification, because the assailant can't copy out same cookie value, Network Security Device can be judged the TCP connection request of client accordingly, attacks thereby effectively identify SYN Flood; Before finishing verification, all and acting on behalf of by Network Security Device alternately of client are finished, and attack even run into SYN Flood, and Network Security Device also can at first be identified and be shielded, can not impact server, attack thereby avoided server to be subjected to SYN Flood.
Network Security Device refers generally to network firewall equipment, in technical scheme of the present invention, Network Security Device need possess agent functionality, that is to say, it at first needs the role of acting server to set up a TCP with client to be connected, and secondly also needs the role of agent client to set up the 2nd TCP with server and is connected.
At first, client-requested is set up TCP with server and is connected, and need send the TCPSYN message to server.When Network Security Device is received this TCP SYN message, start agent functionality, to the SYN/ACK message of client loopback TCP three-way handshake, and in this SYN/ACK message, add the cookie information that generates according to certain rule.
Here the method that generates the cookie value can be dynamic encrypting method, also can be the static encryption method.Dynamic encrypting method can guarantee that the cookie value that generates has uniqueness and non-reproduction, such as, for the message in the TCP connection procedure, the TCP stem of message generally comprises information such as five-tuple and local zone time, for one or more being encrypted in the information such as the source IP address in the five-tuple, source port number and local zone time, generate the cookie value, can make the assailant can't copy out identical cookie value, thereby guarantee the reliability of TCP connection procedure.Can be directly that system is the built-in default value of static encryption method is as the cookie value, and this method can be saved the step of calculating, saves system resource.Here preferred embodiment be according to the TCP header message (referring to source IP address, source port number or local zone time especially) of TCP SYN message, to utilize cryptographic algorithm (as the md5 algorithm) to calculate the cookie value.
When adding to the cookie value in the SYN/ACK message, can adopt the mode that the cookie value is added to the sequence number in the TCP stem of SYN/ACK message.Like this, after receiving the SYN/ACK message that contains above-mentioned cookie value when client, the sequence number that can make new advances according to the calculating of the cookie value received, sequence number that this is the new TCP stem of adding the ACK message to then, and this ACK message sent to Network Security Device.
After Network Security Device is received the ACK message, check whether the entrained TCP header message of this message (namely confirming sequence number) and the cookie information that self generates can finish verification according to certain algorithm.If verification succeeds, then the source IP address with this ACK message is labeled as validated user, and set up a TCP with the client of the request of sending and be connected, act on behalf of described client then and set up the 2nd TCP with server and be connected, set up and adopt traditional three-way handshake mechanism just passable when the 2nd TCP connects; If the verification failure, then the source IP address with this ACK message is labeled as the attacker.
To source IP address or the client that is labeled as the attacker, can take two kinds of processing modes:
First kind is the ACK message that directly abandons its transmission, that is, refusal is set up TCP with it and is connected; Another kind is, Network Security Device is still set up a TCP with this client and is connected, and set up the 2nd TCP with server and be connected, but when this user end to server sends request message, the Network Security Device interception also abandons all request messages, that is, Network Security Device allows it to set up the TCP connection, but forbids that it utilizes the TCP connected reference server of setting up.If take first kind of processing mode, the assailant may repeat to send connection request after the first time, the TCP connection request was rejected, and Network Security Device needs a large amount of false connection request of reprocessing, thereby causes loss and the waste of resource; If take second kind of processing mode, the false connection request that Network Security Device needn't the reprocessing attacker then, all interception will be just passable as long as will be labeled as attacker's message, can make server avoid SYN Flood equally and attack.
In addition, after finishing the cookie verification, can also start black, function of white name list according to check results.ACK message to verification succeeds, its source IP address is put into white list, when Network Security Device receives client when sending to the request message of server, at first search the IP address of this client whether in white list, if then directly request message is transmitted to server, namely, in life cycle, the cookie verification is no longer done in follow-up new visit, is conducive to improve the speed of visit like this at the white list node; Perhaps, ACK message to the verification failure, its source IP address is added blacklist, when Network Security Device receives client when sending to the request message of server, the IP address of at first searching this client whether in blacklist, if, then directly this request message is tackled and abandoned, that is, in life cycle, forbid the visit that they are all at the blacklist node.
Below by specific embodiment, the whole implementation procedure of said method is elaborated.
Embodiment 1
Fig. 2 is the system schematic of embodiment 1.As shown in Figure 2, client and server are set up the process that TCP is connected and are:
The first step, client at first send out a TCP SYN message (be message a);
Second step, after Network Security Device receives message a, start agent functionality, and according to the local zone time in the TCP stem of message a, utilize the md5 cryptographic algorithm to calculate the cookie value, then described cookie value is filled to the sequence number in the TCP stem of SYN/ACK message (being message b), gives client with message b loopback again;
The 3rd step, after client receives message b, the sequence number that calculating makes new advances according to the cookie value received, sequence number that this is new adds the TCP stem of ACK message (being message c) to then, and message c is sent to Network Security Device;
The 4th step, after Network Security Device receives message c, whether the sequence number in the TCP stem of inspection message c and the cookie value that self generates can finish verification according to certain algorithm, and when finding verification succeeds, Network Security Device is labeled as validated user with the source IP address of message c;
The 5th step, Network Security Device is set up a TCP with client and is connected, and agent client is set up the 2nd TCP with server and is connected, set up and adopt traditional three-way handshake mechanism when the 2nd TCP connects, that is, Network Security Device sends a TCP SYN message (being message d), SYN/ACK message of server loopback (being message e) then to server, Network Security Device sends an ACK message (being message f) again, has so just set up the 2nd TCP and has connected.
Afterwards, client just can connect to be connected with the 2nd TCP server has been conducted interviews by a TCP.
Embodiment 2
First three step of embodiment 2 is identical with embodiment 1, and difference is:
The 4th step, after Network Security Device receives message c, whether the sequence number in the TCP stem of inspection message c and the cookie value that self generates can finish verification according to certain algorithm, when finding the verification failure, Network Security Device is labeled as the attacker with the source IP address of message c, and it is joined in the blacklist;
In the 5th step, Network Security Device is set up a TCP with client and is connected, and agent client is set up the 2nd TCP with server and is connected, the traditional three-way handshake mechanism of employing when setting up the 2nd TCP connection;
In the 6th step, when Network Security Device receives client when sending to the request message of server, whether the IP address of at first judging this client is in blacklist, when finding to be, then directly with this request message interception and abandon.
By above-mentioned steps, Network Security Device can effectively be tackled SYN Flood and attack, thereby avoids server under attack.
In sum, technical scheme of the present invention has following beneficial effect:
1, Network Security Device calculates the cookie value and it is added in the SYN/ACK message and sends to client, behind the ACK message of receiving client, utilize this cookie value that the ACK message is carried out verification, because the assailant can't copy out same cookie value, Network Security Device can be judged the TCP connection request of client accordingly, attack thereby effectively identify SYN Flood, therefore, forgery source IP is carried out SYN Flood attack have very high defence efficient;
2, before finishing verification, all and acting on behalf of by Network Security Device alternately of client are finished, and attack even run into SYN Flood, and Network Security Device also can at first be identified and be shielded, can not impact server, attack thereby avoided server to be subjected to SYN Flood;
3, technical scheme of the present invention has taken full advantage of the characteristic of TCP three-way handshake, and is minimum to the overhead that system brings.
The above only is preferred implementation of the present invention; should be pointed out that for the person of ordinary skill of the art, under the prerequisite that does not break away from the technology of the present invention principle; can also make some improvement and replacement, these improvement and replacement also should be considered as protection scope of the present invention.
Claims (10)
1. the defence method of an attack is characterized in that, said method comprising the steps of:
Network Security Device receives client when sending to the TCP SYN message of server, calculates the cookie value, and described cookie value is added in the SYN/ACK message, gives described client with the loopback of described SYN/ACK message then;
After described client receives described SYN/ACK message, send the ACK message to described Network Security Device;
After described Network Security Device receives described ACK message, utilize described cookie value that described ACK message is carried out verification, if verification succeeds, then the source IP address with described ACK message is labeled as validated user, described Network Security Device is set up a TCP with described client and is connected, and act on behalf of described client and set up the 2nd TCP with described server and be connected, otherwise the source IP address of described ACK message is labeled as the attacker.
2. method according to claim 1 is characterized in that, the described cookie of calculating value specifically comprises:
According to the TCP header message of described TCP SYN message, utilize cryptographic algorithm to calculate described cookie value.
3. method according to claim 2 is characterized in that, the TCP header message of described TCP SYN message comprise in source IP address, source port number and the local zone time any one or a plurality of.
4. method according to claim 2 is characterized in that, described cryptographic algorithm is the md5 algorithm.
5. method according to claim 1 is characterized in that, the described cookie of calculating value specifically comprises:
With preset value as described cookie value.
6. according to each described method of claim 1-5, it is characterized in that, described cookie value is added in the SYN/ACK message specifically comprise:
Described cookie value is added to the sequence number in the TCP stem of described SYN/ACK message.
7. method according to claim 6 is characterized in that, utilizes described cookie value that described ACK message is carried out verification and specifically comprises:
Sequence number in the TCP stem of described ACK message and described cookie value are carried out verification, if both match each other, then be judged to be verification succeeds.
8. according to each described method of claim 1-5, it is characterized in that, the source IP address of described ACK message is labeled as also comprises step after the attacker:
Abandon described ACK message;
Perhaps, described Network Security Device is set up a TCP with described client and is connected, and sets up the 2nd TCP with described server and be connected, and when described client sent request message to described server, described Network Security Device interception also abandoned the described request message.
9. method according to claim 1 is characterized in that, the source IP address of described ACK message is labeled as also comprise step after the validated user:
Add the source IP address of described ACK message to white list,
When described Network Security Device receives described client when sending to the request message of described server, judge that the IP address of described client is whether in described white list, if then the described request message is sent to described server.
10. method according to claim 1 is characterized in that, the source IP address of described ACK message is labeled as also comprise step after the attacker:
Add the source IP address of described ACK message to blacklist,
When described Network Security Device receives described client when sending to the request message of described server, the IP address of judging described client whether in described blacklist, if, then with the interception of described request message and abandon.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013102680448A CN103347016A (en) | 2013-06-28 | 2013-06-28 | Attack defense method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013102680448A CN103347016A (en) | 2013-06-28 | 2013-06-28 | Attack defense method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103347016A true CN103347016A (en) | 2013-10-09 |
Family
ID=49281790
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013102680448A Pending CN103347016A (en) | 2013-06-28 | 2013-06-28 | Attack defense method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103347016A (en) |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104079557A (en) * | 2014-05-22 | 2014-10-01 | 汉柏科技有限公司 | CC attack protection method and device |
| CN104184749A (en) * | 2014-09-15 | 2014-12-03 | 上海斐讯数据通信技术有限公司 | SDN network access method and system |
| CN104468544A (en) * | 2014-11-26 | 2015-03-25 | 上海斐讯数据通信技术有限公司 | Method for enhancing network communication security |
| CN104683293A (en) * | 2013-11-27 | 2015-06-03 | 杭州迪普科技有限公司 | SYN attack defense method based on logic device |
| CN105337959A (en) * | 2015-09-25 | 2016-02-17 | 网宿科技股份有限公司 | Network load anti-attack processing method and system and anti-attack server |
| CN105357180A (en) * | 2015-09-30 | 2016-02-24 | 华为技术有限公司 | Network system, attack message intercepting method, attack message intercepting apparatus, and device |
| CN105491016A (en) * | 2015-07-21 | 2016-04-13 | 成都理工大学 | Method for hiding network TCP port |
| CN106572132A (en) * | 2015-10-09 | 2017-04-19 | 中兴通讯股份有限公司 | Chain establishing distribution method, device and system |
| CN106598881A (en) * | 2016-12-20 | 2017-04-26 | 北京小米移动软件有限公司 | Page processing method and device |
| CN108512833A (en) * | 2018-03-09 | 2018-09-07 | 新华三技术有限公司 | A kind of security from attacks method and device |
| CN109150919A (en) * | 2018-10-31 | 2019-01-04 | 北京天融信网络安全技术有限公司 | A kind of method and the network equipment of network anti-attack |
| CN109413037A (en) * | 2018-09-12 | 2019-03-01 | 北京奇安信科技有限公司 | A kind of Modbus method for processing business and device |
| CN109587163A (en) * | 2018-12-27 | 2019-04-05 | 网宿科技股份有限公司 | Means of defence and device under a kind of DR mode |
| CN109818912A (en) * | 2017-11-22 | 2019-05-28 | 北京金山云网络技术有限公司 | Take precautions against method, apparatus, load-balancing device and the storage medium of extensive aggression |
| CN110099027A (en) * | 2018-01-29 | 2019-08-06 | 腾讯科技(深圳)有限公司 | Transmission method and device, storage medium, the electronic device of service message |
| CN110391902A (en) * | 2019-07-08 | 2019-10-29 | 新华三信息安全技术有限公司 | A kind of method and device of internet key exchange ike negotiation |
| CN111526126A (en) * | 2020-03-29 | 2020-08-11 | 杭州迪普科技股份有限公司 | Data security transmission method, data security device and system |
| CN111970308A (en) * | 2020-09-03 | 2020-11-20 | 杭州安恒信息技术股份有限公司 | Method, device and equipment for protecting SYN Flood attack |
| CN112242934A (en) * | 2019-07-16 | 2021-01-19 | 北京华耀科技有限公司 | RTT (round trip time) calculation method for TCP (Transmission control protocol) connection |
| CN114070878A (en) * | 2022-01-13 | 2022-02-18 | 阿里云计算有限公司 | Network connection processing method and device |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217547A (en) * | 2008-01-18 | 2008-07-09 | 南京邮电大学 | A flood request attaching filtering method based on the stateless of open source core |
| CN101282209A (en) * | 2008-05-13 | 2008-10-08 | 杭州华三通信技术有限公司 | Method and apparatus for preventing DNS request message from flooding attack |
| CN101436958A (en) * | 2007-11-16 | 2009-05-20 | 太极计算机股份有限公司 | Method for resisting abnegation service aggression |
| CN101599957A (en) * | 2009-06-04 | 2009-12-09 | 东软集团股份有限公司 | A kind of defence method of SYN flood attack and device |
| CN101771695A (en) * | 2010-01-07 | 2010-07-07 | 福建星网锐捷网络有限公司 | Transmission control protocol (TCP) connection processing method and system and synchronization (SYN) agent equipment |
| US20110131646A1 (en) * | 2009-12-02 | 2011-06-02 | Electronics And Telecommunications Research Institute | Apparatus and method for preventing network attacks, and packet transmission and reception processing apparatus and method using the same |
| US20110283359A1 (en) * | 2010-04-01 | 2011-11-17 | Matthew Browning Prince | Validating Visitor Internet-Based Security Threats |
| CN102291441A (en) * | 2011-08-02 | 2011-12-21 | 杭州迪普科技有限公司 | Method and security agent device for protecting against attack of synchronize (SYN) Flood |
| CN102780688A (en) * | 2012-04-26 | 2012-11-14 | 华为技术有限公司 | Method and device for preventing attack under transmission control protocol (TCP) |
-
2013
- 2013-06-28 CN CN2013102680448A patent/CN103347016A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101436958A (en) * | 2007-11-16 | 2009-05-20 | 太极计算机股份有限公司 | Method for resisting abnegation service aggression |
| CN101217547A (en) * | 2008-01-18 | 2008-07-09 | 南京邮电大学 | A flood request attaching filtering method based on the stateless of open source core |
| CN101282209A (en) * | 2008-05-13 | 2008-10-08 | 杭州华三通信技术有限公司 | Method and apparatus for preventing DNS request message from flooding attack |
| CN101599957A (en) * | 2009-06-04 | 2009-12-09 | 东软集团股份有限公司 | A kind of defence method of SYN flood attack and device |
| US20110131646A1 (en) * | 2009-12-02 | 2011-06-02 | Electronics And Telecommunications Research Institute | Apparatus and method for preventing network attacks, and packet transmission and reception processing apparatus and method using the same |
| CN101771695A (en) * | 2010-01-07 | 2010-07-07 | 福建星网锐捷网络有限公司 | Transmission control protocol (TCP) connection processing method and system and synchronization (SYN) agent equipment |
| US20110283359A1 (en) * | 2010-04-01 | 2011-11-17 | Matthew Browning Prince | Validating Visitor Internet-Based Security Threats |
| CN102291441A (en) * | 2011-08-02 | 2011-12-21 | 杭州迪普科技有限公司 | Method and security agent device for protecting against attack of synchronize (SYN) Flood |
| CN102780688A (en) * | 2012-04-26 | 2012-11-14 | 华为技术有限公司 | Method and device for preventing attack under transmission control protocol (TCP) |
Cited By (33)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104683293A (en) * | 2013-11-27 | 2015-06-03 | 杭州迪普科技有限公司 | SYN attack defense method based on logic device |
| CN104079557A (en) * | 2014-05-22 | 2014-10-01 | 汉柏科技有限公司 | CC attack protection method and device |
| CN104184749A (en) * | 2014-09-15 | 2014-12-03 | 上海斐讯数据通信技术有限公司 | SDN network access method and system |
| CN104184749B (en) * | 2014-09-15 | 2019-07-19 | 上海斐讯数据通信技术有限公司 | A kind of SDN network access method and system |
| CN104468544A (en) * | 2014-11-26 | 2015-03-25 | 上海斐讯数据通信技术有限公司 | Method for enhancing network communication security |
| CN105491016A (en) * | 2015-07-21 | 2016-04-13 | 成都理工大学 | Method for hiding network TCP port |
| CN105337959A (en) * | 2015-09-25 | 2016-02-17 | 网宿科技股份有限公司 | Network load anti-attack processing method and system and anti-attack server |
| CN105337959B (en) * | 2015-09-25 | 2018-12-21 | 网宿科技股份有限公司 | Network load anti-attack processing method and system and attack protection server |
| CN105357180B (en) * | 2015-09-30 | 2019-06-07 | 华为技术有限公司 | Network system, the hold-up interception method of attack message, device and equipment |
| CN105357180A (en) * | 2015-09-30 | 2016-02-24 | 华为技术有限公司 | Network system, attack message intercepting method, attack message intercepting apparatus, and device |
| CN106572132A (en) * | 2015-10-09 | 2017-04-19 | 中兴通讯股份有限公司 | Chain establishing distribution method, device and system |
| CN106572132B (en) * | 2015-10-09 | 2020-12-29 | 中兴通讯股份有限公司 | Method, device and system for distributing and building link |
| CN106598881A (en) * | 2016-12-20 | 2017-04-26 | 北京小米移动软件有限公司 | Page processing method and device |
| CN106598881B (en) * | 2016-12-20 | 2020-10-09 | 北京小米移动软件有限公司 | Page processing method and device |
| CN109818912A (en) * | 2017-11-22 | 2019-05-28 | 北京金山云网络技术有限公司 | Take precautions against method, apparatus, load-balancing device and the storage medium of extensive aggression |
| CN109818912B (en) * | 2017-11-22 | 2021-11-26 | 北京金山云网络技术有限公司 | Method and device for preventing flooding attack, load balancing equipment and storage medium |
| CN110099027A (en) * | 2018-01-29 | 2019-08-06 | 腾讯科技(深圳)有限公司 | Transmission method and device, storage medium, the electronic device of service message |
| CN110099027B (en) * | 2018-01-29 | 2021-09-28 | 腾讯科技(深圳)有限公司 | Service message transmission method and device, storage medium and electronic device |
| CN108512833B (en) * | 2018-03-09 | 2021-06-29 | 新华三技术有限公司 | Attack prevention method and device |
| CN108512833A (en) * | 2018-03-09 | 2018-09-07 | 新华三技术有限公司 | A kind of security from attacks method and device |
| CN109413037A (en) * | 2018-09-12 | 2019-03-01 | 北京奇安信科技有限公司 | A kind of Modbus method for processing business and device |
| CN109413037B (en) * | 2018-09-12 | 2021-11-16 | 奇安信科技集团股份有限公司 | Modbus service processing method and device |
| CN109150919A (en) * | 2018-10-31 | 2019-01-04 | 北京天融信网络安全技术有限公司 | A kind of method and the network equipment of network anti-attack |
| CN109150919B (en) * | 2018-10-31 | 2021-06-08 | 北京天融信网络安全技术有限公司 | Network attack prevention method and network equipment |
| CN109587163A (en) * | 2018-12-27 | 2019-04-05 | 网宿科技股份有限公司 | Means of defence and device under a kind of DR mode |
| CN110391902A (en) * | 2019-07-08 | 2019-10-29 | 新华三信息安全技术有限公司 | A kind of method and device of internet key exchange ike negotiation |
| CN112242934A (en) * | 2019-07-16 | 2021-01-19 | 北京华耀科技有限公司 | RTT (round trip time) calculation method for TCP (Transmission control protocol) connection |
| CN112242934B (en) * | 2019-07-16 | 2022-10-11 | 北京华耀科技有限公司 | RTT (round trip time) calculation method for TCP (Transmission control protocol) connection |
| CN111526126A (en) * | 2020-03-29 | 2020-08-11 | 杭州迪普科技股份有限公司 | Data security transmission method, data security device and system |
| CN111526126B (en) * | 2020-03-29 | 2022-11-01 | 杭州迪普科技股份有限公司 | Data security transmission method, data security device and system |
| CN111970308A (en) * | 2020-09-03 | 2020-11-20 | 杭州安恒信息技术股份有限公司 | Method, device and equipment for protecting SYN Flood attack |
| CN114070878A (en) * | 2022-01-13 | 2022-02-18 | 阿里云计算有限公司 | Network connection processing method and device |
| CN114070878B (en) * | 2022-01-13 | 2022-06-24 | 阿里云计算有限公司 | Network connection processing method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103347016A (en) | Attack defense method | |
| JP6858749B2 (en) | Devices and methods for establishing connections in load balancing systems | |
| US9356958B2 (en) | Apparatus and method for protecting communication pattern of network traffic | |
| KR100431231B1 (en) | Method and system for defeating tcp syn flooding attacks | |
| CN101436958B (en) | Method for resisting abnegation service aggression | |
| CN102291441B (en) | Method and security agent device for protecting against attack of synchronize (SYN) Flood | |
| WO2016006520A1 (en) | Detection device, detection method and detection program | |
| CN104468624A (en) | SDN controller, routing/switching device and network defending method | |
| US20120227088A1 (en) | Method for authenticating communication traffic, communication system and protective apparatus | |
| CN103916389A (en) | Method for preventing HttpFlood attack and firewall | |
| JP6435695B2 (en) | Controller and its attacker detection method | |
| Kim et al. | A simple and efficient replay attack prevention scheme for LoRaWAN | |
| Gilad et al. | Off-Path Attacking the Web. | |
| CN101594359A (en) | Defence synchronous flood attack method of transmission control protocol and transmission control protocol proxy | |
| CN110213224B (en) | Data packet asynchronous forwarding method and system, data processing system and consensus node terminal | |
| CN108881233A (en) | anti-attack processing method, device, equipment and storage medium | |
| Aishwarya et al. | Intrusion detection system-An efficient way to thwart against Dos/DDos attack in the cloud environment | |
| US10122755B2 (en) | Method and apparatus for detecting that an attacker has sent one or more messages to a receiver node | |
| CN105812318A (en) | Method, controller and system for preventing attack in network | |
| CN107800723A (en) | CC attack guarding methods and equipment | |
| Huang et al. | An authentication scheme to defend against UDP DrDoS attacks in 5G networks | |
| CN102231748A (en) | Method and device for verifying client | |
| Simpson | TCP cookie transactions (TCPCT) | |
| CN111490977B (en) | DAG block chain-based ARP spoofing attack prevention method and platform terminal | |
| Bani-Hani et al. | SYN flooding attacks and countermeasures: a survey |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20131009 |