CN103561025B - Method, device and system for detecting DOS attack prevention capacity - Google Patents
Method, device and system for detecting DOS attack prevention capacity Download PDFInfo
- Publication number
- CN103561025B CN103561025B CN201310536103.5A CN201310536103A CN103561025B CN 103561025 B CN103561025 B CN 103561025B CN 201310536103 A CN201310536103 A CN 201310536103A CN 103561025 B CN103561025 B CN 103561025B
- Authority
- CN
- China
- Prior art keywords
- gateway device
- measured
- public network
- main frame
- network main
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 6
- 230000002265 prevention Effects 0.000 title abstract 5
- 230000004044 response Effects 0.000 claims abstract description 36
- 230000006870 function Effects 0.000 claims description 16
- 238000001514 detection method Methods 0.000 claims description 12
- 230000005540 biological transmission Effects 0.000 claims description 7
- 241001269238 Data Species 0.000 description 5
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Abstract
The invention provides a method, device and system for detecting DOS attack prevention capacity. The method includes the steps that when a network attack instrument sends a large number of malicious data packets to to-be-detected gateway equipment forbidden for using a ping prevention function, an intranet host connected with the to-be-detected gateway equipment periodically sends ping commands to a public network host through the to-be-detected gateway equipment, and the intranet host judges whether the to-be-detected gateway equipment has the DOS attack prevention capacity or not according to response information sent back by the public network host, and therefore the problem that it is difficult to judge whether gateway equipment has DOS attack prevention capacity or not in the prior art is solved.
Description
Technical field
The present invention relates to field of computer technology, more particularly to a kind of anti-dos attack ability detection method, device and it is
System.
Background technology
In prior art, Denial of Service attack(Denial of Service, DOS)Mainly by network attack instrument to
Network continuously transmits substantial amounts of prior data bank, to consume use time, power system capacity or the network bandwidth etc. of router cpu
Internet resources, reduce network service performance.For example, network attack instrument continuously transmits substantial amounts of prior data bank to gateway device,
To consume the bandwidth of gateway device so that the intranet host of gateway device connection is difficult to normal online.
At present, existing in prior art can defend the gateway device of dos attack, but be difficult to gateway in prior art
Whether equipment possesses anti-dos attack ability is detected so that when user selects gateway device, it is difficult to whether understand gateway device
Possesses anti-dos attack ability.
The content of the invention
The present invention provides a kind of anti-dos attack ability detection method, device and system, for solving prior art in be difficult to
Judge whether gateway device possesses the problem of anti-dos attack ability.
The first aspect of the invention is to provide a kind of anti-dos attack ability detection method, including:
It is described to treat when network attack instrument sends a large amount of prior data banks to the gateway device to be measured for disabling anti-ping functions
The intranet host for surveying gateway device connection periodically sends ping orders by the gateway device to be measured to public network main frame;
The intranet host judges whether the gateway device to be measured has according to the response message that the public network main frame is returned
Standby anti-dos attack ability.
Another aspect of the present invention provides a kind of anti-dos attack energy force checking device, including:
Sending module, for sending a large amount of malice numbers to the gateway device to be measured for disabling anti-ping functions in network attack instrument
During according to bag, ping orders are periodically sent to public network main frame by the gateway device to be measured;
Judge module, the response message for being returned according to the public network main frame judges whether the gateway device to be measured has
Standby anti-dos attack ability.
Another aspect of the invention provides a kind of anti-dos attack energy force detection system, including:Network attack instrument, it is to be measured
Gateway device, public network main frame, and above-mentioned anti-dos attack energy force checking device.
In the present invention, when network attack instrument sends a large amount of prior data banks to the gateway device to be measured for disabling anti-ping functions
When, the intranet host of gateway device connection to be measured periodically sends ping orders by gateway device to be measured to public network main frame,
And the response message returned according to public network main frame judges whether gateway device to be measured possesses anti-dos attack ability, so that with
When family selects gateway device, will appreciate that whether gateway device possesses anti-dos attack ability, improve the experience of user.
Description of the drawings
The flow chart of anti-dos attack ability detection method one embodiment that Fig. 1 is provided for the present invention;
The structural representation of intranet host one embodiment that Fig. 2 is provided for the present invention;
The structural representation of anti-dos attack energy force detection system one embodiment that Fig. 3 is provided for the present invention.
Specific embodiment
To make purpose, technical scheme and the advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention
In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is
The a part of embodiment of the present invention, rather than the embodiment of whole.Based on the embodiment in the present invention, those of ordinary skill in the art
The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
The flow chart of anti-dos attack ability detection method one embodiment that Fig. 1 is provided for the present invention, as shown in figure 1, bag
Include:
101st, it is to be measured when network attack instrument is to the gateway device to be measured transmission a large amount of prior data banks for disabling anti-ping functions
The intranet host of gateway device connection periodically sends ping orders by gateway device to be measured to public network main frame.
The executive agent of the anti-dos attack ability detection method that the present invention is provided is specifically as follows intranet host, interior host
Machine can be to be connected with gateway device, and the terminals such as computer, the computer of network are accessed by gateway device.
Specifically, network attack instrument to the gateway device to be measured for disabling anti-ping functions send a large amount of prior data banks it
Before, network attack instrument, public network main frame, gateway device to be measured can first pass through router and be noted in public network server respectively
Volume, obtains public network IP address;Network attack instrument sends ping orders by router to gateway device to be measured, according to gateway to be measured
The response that equipment is returned judges whether the router between network attack instrument and gateway device to be measured is reachable, i.e. network attack instrument is
It is no packet to be sent to gateway device to be measured by the router;Network attack instrument treats survey grid using port scan instrument
The public network IP address of pass equipment is scanned, and obtains the open port list in the public network IP address of gateway device to be measured.
Corresponding, network attack instrument to the gateway device to be measured for disabling anti-ping functions sends a large amount of prior data banks, tool
Body can be:Network attack instrument to the open port of the gateway device to be measured for disabling anti-ping functions sends a large amount of malicious datas
Bag, treats survey gateway device and is attacked.
102nd, intranet host judges whether gateway device to be measured possesses anti-DOS and attack according to the response message that public network main frame is returned
Hit ability.
Specifically, when network attack instrument sends a large amount of prior data banks to the gateway device to be measured for disabling anti-ping functions,
The bandwidth of gateway device to be measured is consumed, when causing the intranet host of gateway device connection to be measured to be difficult to normally access network, if treating
Survey gateway device and possess anti-DOS abilities, then gateway device to be measured is received after substantial amounts of prior data bank, in obtaining packet
The source IP address of carrying, when the quantity of the packet from same source IP address exceedes default amount threshold, treats survey grid
The source IP address is added blacklist by pass equipment, no longer receives the packet from the source IP address so that gateway device to be measured
The intranet host of connection can normally access network.Therefore, step 102 is specifically as follows:When intranet host is default first
When the response message of public network main frame return is not received in time threshold, intranet host determines that gateway device to be measured is under attack,
Intranet host is difficult to normally access network;After gateway device to be measured is under attack, if receiving in default second time threshold
To the response message that public network main frame is returned, then illustrate that intranet host can normally access network, intranet host determines gateway to be measured
Equipment possesses anti-dos attack ability.
After gateway device to be measured is under attack, if intranet host does not also receive public network in default second time threshold
The response command that main frame is returned, then illustrate that intranet host is still difficult to normally access network, then intranet host determines gateway to be measured
Equipment does not possess anti-dos attack ability.
In addition, in order to exclude because intranet host does not receive in time the sound that public network main frame is returned caused by normal jam situation
The scene of information is answered, before step 101, can also be included:Intranet host to public network main frame sends ping orders;Intranet host root
The response message returned according to public network main frame determines being capable of transmission data between intranet host and public network main frame.
Specifically, intranet host can periodically send ping orders to public network main frame, if intranet host being capable of the cycle
Property receive public network main frame return response message, then being capable of transmission data, i.e. Intranet between intranet host and public network main frame
Main frame can normally access network.
In the present embodiment, when network attack instrument sends a large amount of malicious datas to the gateway device to be measured for disabling anti-ping functions
Bao Shi, the intranet host of gateway device connection to be measured periodically sends ping lives by gateway device to be measured to public network main frame
Order, and the response message returned according to public network main frame judges whether gateway device to be measured possesses anti-dos attack ability, so that
When user selects gateway device, will appreciate that whether gateway device possesses anti-dos attack ability, improve the experience of user.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above-mentioned each method embodiment can lead to
Cross the related hardware of programmed instruction to complete.Aforesaid program can be stored in a computer read/write memory medium.The journey
Sequence upon execution, performs the step of including above-mentioned each method embodiment;And aforesaid storage medium includes:ROM, RAM, magnetic disc or
Person's CD etc. is various can be with the medium of store program codes.
The structural representation of intranet host one embodiment that Fig. 2 is provided for the present invention, the intranet host in the present embodiment
For anti-dos attack energy force checking device, as shown in Fig. 2 including:
Sending module 21, for sending a large amount of malice to the gateway device to be measured for disabling anti-ping functions in network attack instrument
During packet, ping orders are periodically sent to public network main frame by gateway device to be measured;
Judge module 22, it is anti-that the response message for being returned according to public network main frame judges whether gateway device to be measured possesses
Dos attack ability.
Specifically, when network attack instrument sends a large amount of prior data banks to the gateway device to be measured for disabling anti-ping functions,
The bandwidth of gateway device to be measured is consumed, when causing the intranet host of gateway device connection to be measured to be difficult to normally access network, if treating
Survey gateway device and possess anti-DOS abilities, then gateway device to be measured is received after substantial amounts of prior data bank, in obtaining packet
The source IP address of carrying, when the quantity of the packet from same source IP address exceedes default amount threshold, treats survey grid
The source IP address is added blacklist by pass equipment, no longer receives the packet from the source IP address so that gateway device to be measured
The intranet host of connection can normally access network.
Therefore, further, judge module 22 specifically for,
When the response message of public network main frame return is not received in default very first time threshold value, determine that gateway to be measured sets
It is standby under attack;
After gateway device to be measured is under attack, if receiving the sound of public network main frame return in default second time threshold
Answer information, it is determined that gateway device to be measured possesses anti-dos attack ability;
After gateway device to be measured is under attack, if not receiving the return of public network main frame in default second time threshold
Response message, it is determined that gateway device to be measured does not possess anti-dos attack ability.
Yet further, in order to exclude due to caused by normal jam situation intranet host in time receive public network main frame return
The scene of the response message returned, sending module 21 is additionally operable to, in sending module 21 by gateway device to be measured to public network main frame week
Phase property ground is sent before ping orders, and to public network main frame ping orders are sent;
Judge module 22 is additionally operable to, and is determined between intranet host and public network main frame according to the response message that public network main frame is returned
Being capable of transmission data.
In the present embodiment, when network attack instrument sends a large amount of malicious datas to the gateway device to be measured for disabling anti-ping functions
Bao Shi, the intranet host of gateway device connection to be measured periodically sends ping lives by gateway device to be measured to public network main frame
Order, and the response message returned according to public network main frame judges whether gateway device to be measured possesses anti-dos attack ability, so that
When user selects gateway device, will appreciate that whether gateway device possesses anti-dos attack ability, improve the experience of user.
The structural representation of anti-dos attack energy force detection system one embodiment that Fig. 3 is provided for the present invention, such as Fig. 3 institutes
Show, including:Network attack instrument 31, gateway device to be measured 32, public network main frame 33, and intranet host 34.It is interior in the present embodiment
Host's machine 34 is anti-dos attack energy force checking device.
Wherein, network attack instrument 31 is used to send a large amount of malicious datas to the gateway device to be measured 32 for disabling anti-ping functions
Bag;The intranet host 34 of the connection of gateway device to be measured 32 is periodically sent by gateway device to be measured 32 to public network main frame 33
Ping orders;It is anti-that intranet host 34 judges whether gateway device to be measured 32 possesses according to the response message that public network main frame 33 is returned
Dos attack ability.
Further, intranet host 34 in default very first time threshold value specifically for not receiving public network main frame 33
During the response message of return, determine that gateway device to be measured 32 is under attack;
After gateway device to be measured 32 is under attack, if receive public network main frame 33 in default second time threshold returning
Response message, it is determined that gateway device to be measured 32 possesses anti-dos attack ability;
After gateway device to be measured 32 is under attack, if not receiving public network main frame 33 in default second time threshold
The response message of return, it is determined that gateway device to be measured 32 does not possess anti-dos attack ability.
Yet further, in order to exclude due to caused by normal jam situation intranet host in time receive public network main frame return
The scene of the response message returned, intranet host 34 is additionally operable to, in intranet host 34 by gateway device to be measured 32 to public network main frame
33 periodically send before ping orders, and to public network main frame 33 ping orders are sent;According to the response that public network main frame 33 is returned
Information determines being capable of transmission data between intranet host 34 and public network main frame 33.
In the present embodiment, when network attack instrument sends a large amount of malicious datas to the gateway device to be measured for disabling anti-ping functions
Bao Shi, the intranet host of gateway device connection to be measured periodically sends ping lives by gateway device to be measured to public network main frame
Order, and the response message returned according to public network main frame judges whether gateway device to be measured possesses anti-dos attack ability, so that
When user selects gateway device, will appreciate that whether gateway device possesses anti-dos attack ability, improve the experience of user.
Finally it should be noted that:Various embodiments above only to illustrate technical scheme, rather than a limitation;To the greatest extent
Pipe has been described in detail with reference to foregoing embodiments to the present invention, it will be understood by those within the art that:Its according to
So the technical scheme described in foregoing embodiments can be modified, either which part or all technical characteristic are entered
Row equivalent;And these modifications or replacement, do not make the essence disengaging various embodiments of the present invention technology of appropriate technical solution
The scope of scheme.
Claims (5)
1. a kind of anti-dos attack ability detection method, it is characterised in that include:
It is described to treat survey grid when network attack instrument sends a large amount of prior data banks to the gateway device to be measured for disabling anti-ping functions
The intranet host of pass equipment connection periodically sends ping orders by the gateway device to be measured to public network main frame;
The intranet host judges whether the gateway device to be measured possesses anti-according to the response message that the public network main frame is returned
Dos attack ability;
The intranet host judges whether the gateway device to be measured possesses anti-according to the response message that the public network main frame is returned
Dos attack ability, including:
When the response message that the public network main frame is returned is not received in default very first time threshold value, the intranet host is true
The fixed gateway device to be measured is under attack;
After the gateway device to be measured is under attack, if the public network main frame is received in default second time threshold returning
Response message, then the intranet host determine that the gateway device to be measured possesses anti-dos attack ability;
After the intranet host determines that the gateway device to be measured is under attack, also include:
If the response message that the public network main frame is returned is not received in default second time threshold, the intranet host
Determine that the gateway device to be measured does not possess anti-dos attack ability.
2. method according to claim 1, it is characterised in that the intranet host of the gateway device connection to be measured passes through institute
State gateway device to be measured periodically to send before ping orders to public network main frame, also include:
The intranet host to the public network main frame sends ping orders;
The intranet host determines the intranet host with the public network main frame according to the response message that the public network main frame is returned
Between being capable of transmission data.
3. a kind of anti-dos attack energy force checking device, it is characterised in that include:
Sending module, for sending a large amount of prior data banks to the gateway device to be measured for disabling anti-ping functions in network attack instrument
When, ping orders are periodically sent to public network main frame by the gateway device to be measured;
Judge module, the response message for being returned according to the public network main frame judges whether the gateway device to be measured possesses anti-
Dos attack ability;
The judge module specifically for,
When the response message that the public network main frame is returned is not received in default very first time threshold value, it is determined that described treat survey grid
Pass equipment is under attack;
After the gateway device to be measured is under attack, if the public network main frame is received in default second time threshold returning
Response message, it is determined that the gateway device to be measured possesses anti-dos attack ability;
After the judge module determines that the gateway device to be measured is under attack, the judge module is additionally operable to,
When the response message that the public network main frame is returned is not received in default second time threshold, it is determined that described treat survey grid
Pass equipment does not possess anti-dos attack ability.
4. device according to claim 3, it is characterised in that the sending module is additionally operable to is logical in the sending module
Cross the gateway device to be measured periodically to send before ping orders to public network main frame, to the public network main frame ping lives are sent
Order;
The judge module is additionally operable to, and determines intranet host with the public network master according to the response message that the public network main frame is returned
Being capable of transmission data between machine.
5. a kind of anti-dos attack energy force detection system, including:Network attack instrument, gateway device to be measured, public network main frame, Yi Jiru
Anti- dos attack energy force checking device described in claim 3 or 4.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310536103.5A CN103561025B (en) | 2013-11-01 | 2013-11-01 | Method, device and system for detecting DOS attack prevention capacity |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310536103.5A CN103561025B (en) | 2013-11-01 | 2013-11-01 | Method, device and system for detecting DOS attack prevention capacity |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103561025A CN103561025A (en) | 2014-02-05 |
CN103561025B true CN103561025B (en) | 2017-04-12 |
Family
ID=50015175
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310536103.5A Active CN103561025B (en) | 2013-11-01 | 2013-11-01 | Method, device and system for detecting DOS attack prevention capacity |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103561025B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107370636B (en) * | 2016-05-12 | 2021-01-29 | 华为技术有限公司 | Link state determination method and device |
CN106302412A (en) * | 2016-08-05 | 2017-01-04 | 江苏君立华域信息安全技术有限公司 | A kind of intelligent checking system for the test of information system crushing resistance and detection method |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008060009A1 (en) * | 2006-11-13 | 2008-05-22 | Samsung Sds Co., Ltd. | Method for preventing denial of service attacks using transmission control protocol state transition |
CN101594269A (en) * | 2009-06-29 | 2009-12-02 | 成都市华为赛门铁克科技有限公司 | A kind of detection method of unusual connection, device and gateway device |
CN101796774A (en) * | 2007-09-03 | 2010-08-04 | 朗讯科技公司 | Method and system for checking automatically connectivity status of an IP link on IP network |
CN102457489A (en) * | 2010-10-26 | 2012-05-16 | 中国民航大学 | Attacking, detecting and defending module for LDoS (Low-rate Denial of Service) |
CN102891829A (en) * | 2011-07-18 | 2013-01-23 | 航天信息股份有限公司 | Method and system for detecting and defending distributed denial of service attack |
-
2013
- 2013-11-01 CN CN201310536103.5A patent/CN103561025B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008060009A1 (en) * | 2006-11-13 | 2008-05-22 | Samsung Sds Co., Ltd. | Method for preventing denial of service attacks using transmission control protocol state transition |
CN101796774A (en) * | 2007-09-03 | 2010-08-04 | 朗讯科技公司 | Method and system for checking automatically connectivity status of an IP link on IP network |
CN101594269A (en) * | 2009-06-29 | 2009-12-02 | 成都市华为赛门铁克科技有限公司 | A kind of detection method of unusual connection, device and gateway device |
CN102457489A (en) * | 2010-10-26 | 2012-05-16 | 中国民航大学 | Attacking, detecting and defending module for LDoS (Low-rate Denial of Service) |
CN102891829A (en) * | 2011-07-18 | 2013-01-23 | 航天信息股份有限公司 | Method and system for detecting and defending distributed denial of service attack |
Non-Patent Citations (1)
Title |
---|
"层次化的主机抗DoS攻击能力测试方法";苏朋,陈性元等;《计算机工程与设计》;20080516;第29卷(第9期);第2190页右栏第2段-第2191页右栏第6段,表2-5,图2 * |
Also Published As
Publication number | Publication date |
---|---|
CN103561025A (en) | 2014-02-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10530799B1 (en) | Non-harmful insertion of data mimicking computer network attacks | |
KR102301407B1 (en) | IOT Security Services | |
CN105491054B (en) | Judgment method, hold-up interception method and the device of malicious access | |
CN103607385B (en) | Method and apparatus for security detection based on browser | |
CN103780430B (en) | The method and apparatus for monitoring the network equipment | |
CN104333562B (en) | Data pack transmission method and device | |
CN101505247A (en) | Detection method and apparatus for number of shared access hosts | |
CN102592089B (en) | Detection method and detection device for webpage redirection skip loophole | |
CN107666473A (en) | The method and controller of a kind of attack detecting | |
US10581902B1 (en) | Methods for mitigating distributed denial of service attacks and devices thereof | |
CN108040039A (en) | A kind of method, apparatus, equipment and system for identifying attack source information | |
CN107682470A (en) | The method and device of public network IP availability in a kind of detection nat address pool | |
CN110401644A (en) | A kind of attack guarding method and device | |
CN103561025B (en) | Method, device and system for detecting DOS attack prevention capacity | |
CN103024798A (en) | Method and device for testing access point (AP) performance | |
CN102098285B (en) | Method and device for preventing phishing attacks | |
CN106790299A (en) | A kind of wireless attack defence method and device applied in wireless access point AP | |
CN105812324B (en) | The method, apparatus and system of IDC information security management | |
CN109040344A (en) | A kind of NAT penetrating method, device, equipment and storage medium | |
CN109005181A (en) | A kind of detection method, system and the associated component of DNS amplification attack | |
CN107493234B (en) | Message processing method and device based on virtual network bridge | |
CN102917360A (en) | Device and method for detecting Zigbee protocol vulnerabilities | |
CN106230601A (en) | A kind of exchange of token method and system of the embedded webpage of client | |
CN103197981B (en) | Storage space method for early warning and system | |
CN109190376A (en) | A kind of Web page wooden horse detecting method, system and electronic equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |