CN103618723A - Method and device for preventing looped network protocol message from attacking device CPU - Google Patents
Method and device for preventing looped network protocol message from attacking device CPU Download PDFInfo
- Publication number
- CN103618723A CN103618723A CN201310642307.7A CN201310642307A CN103618723A CN 103618723 A CN103618723 A CN 103618723A CN 201310642307 A CN201310642307 A CN 201310642307A CN 103618723 A CN103618723 A CN 103618723A
- Authority
- CN
- China
- Prior art keywords
- looped network
- equipment
- network protocol
- characteristic value
- protocol massages
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a method and device for preventing a looped network protocol message from attacking a device CPU. The problems that when an existing looped network protocol message is prevented from attacking the device CPU, the normal operation of the looped network is affected and the abnormity of a looped network protocol is caused are solved. The method comprises that when one device detects that messages to be processed by the device are overspeed, random values for generating the characteristic values of the looped network protocol are generated and sent to each device in the looped network so that the hardware of each device can detect the received messages according to the newly generated characteristic values, and if the messages are not attacking messages, the messages are sent to the CPU to be processed. When the device detects that the looped network protocol messages to be processed by the device are overspeed, the looped network protocol characteristic values of each device in the looped network are started to be updated, the attacking messages can be filtered in time, and by means of the hardware judging method, the device CPU can be effectively prevented from being attacked by the looped network protocol messages.
Description
Technical field
The present invention relates to Industrial Ethernet technical field, relate in particular to a kind of method and device that prevents looped network protocol message aggression equipment CPU.
Background technology
In order to guarantee the fail safe of Industrial Ethernet, using the looped network agreement with the ability of switching fast to carry out the network planning is commonplace phenomenon.Looped network agreement is the guarantee of network proper communication, abnormal if looped network agreement occurs, and to the proper communication of whole network, will cause very large impact, and serious may cause network paralysis, so the fail safe of looped network agreement is very important to whole network.
In to the attack of looped network agreement, a kind of more serious attack is the CPU that counterfeit a large amount of looped network protocol massages impacts equipment in looped network.In this attack, assailant, by capturing the message in looped network, obtains the characteristic value of looped network agreement, the message of counterfeit this characteristic value, or directly by the message capturing, the port to equipment sends.Although the CPU of equipment can carry out the rational judgement of message, this attack method still can cause certain impact to the CPU of equipment in looped network.
In order to solve this impact, adopted following mode in the prior art:
In looped network, the CPU of every equipment detects the quantity of the looped network protocol massages receiving from each port, when receiving a large amount of looped network protocol massages from a certain port, by this port shutdown a period of time.But the method for this close port, will stop the proper communication of this port, affect the normal operation of looped network.
Or, can also be the quantity that the CPU of every equipment in looped network detects the looped network protocol massages receive from each port, when receiving a large amount of looped network protocol massages from a certain port, to this port, report the specific protocol message that CPU processes to carry out speed limit, thereby reduce the impact to CPU.But while adopting the method, if now there is this large amount of specific protocol messages to report CPU by this port, and this port is now by speed limit, and a lot of real these specific protocol messages will be submerged, and cause looped network protocol anomaly.
Summary of the invention
The embodiment of the present invention provides a kind of method and device that prevents looped network protocol message aggression equipment CPU, while preventing looped network protocol message aggression equipment CPU in order to solve prior art, affects the normal operation of looped network and causes the problem of looped network protocol anomaly.
The embodiment of the present invention provides a kind of method that prevents looped network protocol message aggression equipment CPU, and described method comprises:
Whether the looped network protocol massages that the first looped network equipment Inspection is processed through self exceeds the speed limit;
When hypervelocity being detected, generate for generating the random value of looped network protocol characteristic value, described random value is sent to other equipment in looped network;
And send to other equipment in looped network the announcement information that starts new characteristic value, the hardware of every equipment in looped network is detected looped network protocol massages according to the new characteristic value generating, and wherein said new characteristic value generates according to the cryptographic algorithm of preserving in the address information of described random value, type of message information, every equipment and every equipment.
The embodiment of the present invention provides a kind of device that prevents looped network protocol message aggression equipment CPU, and described device comprises:
Whether detection module, exceed the speed limit for detection of the looped network protocol massages of processing through self;
The first sending module, for when hypervelocity being detected, generates for generating the random value of looped network protocol characteristic value, and described random value is sent to other equipment in looped network;
The second sending module, for sending to other equipment of looped network the announcement information that starts new characteristic value, the hardware of every equipment in looped network is detected looped network protocol massages according to the new characteristic value generating, and wherein said new characteristic value generates according to the cryptographic algorithm of preserving in the address information of described random value, type of message information, every equipment and every equipment.
The embodiment of the present invention provides a kind of method and device that prevents looped network protocol message aggression equipment CPU, the method comprises: when the quantity of the looped network protocol massages that a certain equipment Inspection self in looped network is processed exceeds the speed limit, generate for generating the random value of looped network protocol characteristic value, and this random value is sent in every equipment in looped network, so that the hardware of every equipment in looped network is after the notice of the new characteristic value of the startup that receives this equipment transmission, adopt the new characteristic value of this generation to detect the looped network protocol massages receiving, while only having the non-attack message of this message of detection, just message being sent to CPU processes.Due in embodiments of the present invention when the looped network protocol massages hypervelocity of self processing being detected, start to upgrade the looped network protocol characteristic value in every equipment in looped network, thereby can filter out timely attack message, the method judging by hardware, can effectively prevent the attack of looped network protocol massages to equipment CPU.
Accompanying drawing explanation
A kind of process schematic diagram that prevents looped network protocol message aggression equipment CPU that Fig. 1 provides for the embodiment of the present invention;
Fig. 2 provide for the embodiment of the present invention this prevent a specific implementation process schematic diagram of looped network protocol message aggression equipment CPU;
Fig. 3 provide for the embodiment of the present invention this prevent another specific implementation process schematic diagram of looped network protocol message aggression equipment CPU;
The networking structure schematic diagram of each equipment in the looped network that Fig. 4 provides for the embodiment of the present invention;
Fig. 5 prevents the detailed implementation process of looped network protocol message aggression equipment CPU for what the embodiment of the present invention provided based on this of Fig. 4;
A kind of device that prevents looped network protocol message aggression equipment CPU that Fig. 6 provides for the embodiment of the present invention, structural representation.
Embodiment
The present invention, in order effectively to filter attack message, prevents the attack of looped network protocol massages to equipment CPU, guarantees the normal operation of looped network, and a kind of method and device that prevents looped network protocol message aggression equipment CPU is provided.
Below in conjunction with Figure of description, the present invention is described in detail.
A kind of process schematic diagram that prevents looped network protocol message aggression equipment CPU that Fig. 1 provides for the embodiment of the present invention, this process comprises the following steps:
S101: in looped network, the CPU of every equipment processes looped network protocol massages.
In looped network, every equipment all can carry out the processing of message, and wherein looped network protocol massages need to be processed via CPU.
S102: whether the looped network protocol massages that the first equipment Inspection is processed through self exceeds the speed limit, when hypervelocity being detected, carries out step S103, otherwise, proceed step S102.
Due to looped network protocol massages, the CPU via every equipment processes, and whether the looped network protocol massages that therefore detection module of every equipment can detect constantly through self CPU processing exceeds the speed limit.Wherein, this first equipment can be the arbitrary equipment in looped network, and this detection module is the intelligent cell with logic judgement, as FPGA etc.
S103: generate for generating the random value of looped network protocol characteristic value, described random value is sent to other equipment in looped network.
When the first equipment Inspection exceeds the speed limit to the looped network protocol massages of processing through self, generate a random value, this random value is for can be used for generating looped network protocol characteristic value.When this first equipment generates after this random value, at self loop port, arbitrarily select one, the central port by this selection sends to other equipment in looped network by this random value.
In order to guarantee that every equipment in looped network is all received to this random value, the first equipment can arrange timer, the timing length of this timer is determined according to this random value being sent to the time in every equipment in looped network, determined after the timing length of this timer, this first equipment judges whether in this timing length to receive by self another central port the random value that other equipment return, when receiving, determine that every equipment in looped network has received this random value, otherwise, in this looped network, resend this random value, until every equipment all receives this random value.
This first equipment, when sending this random value, can be carried at this random value in other information and send in embodiments of the present invention, for example, this random value is carried in message hypervelocity information and is sent, so that every equipment in looped network can be received this random value.
S104: and send to other equipment in looped network the announcement information that starts new characteristic value, the hardware of every equipment in looped network is detected looped network protocol massages according to the new characteristic value generating, and wherein said new characteristic value generates according to the cryptographic algorithm of preserving in the address information of described random value, type of message information, every equipment and every equipment.
When this random value being sent to after every equipment in looped network, can enable new characteristic value, therefore this first equipment sends to other equipment in looped network the announcement information of enabling new characteristic value by this central port subsequently, make every equipment in looped network according to the cryptographic algorithm of preserving in the address information of the random value receiving, type of message information, every equipment and every equipment, generate new characteristic value, this cryptographic algorithm of wherein preserving in every equipment is identical.
When every equipment has generated after new characteristic value, when carrying out the transmission of message, new characteristic value is carried in looped network protocol massages, and before the CPU of self processes looped network protocol massages, the hardware of every equipment judges pending looped network protocol massages according to this new characteristic value, when this pending non-attack message of looped network protocol massages of judgement, this looped network protocol massages is sent to CPU this message is processed, otherwise, this looped network protocol massages is abandoned.
Because the equipment in looped network is in embodiments of the present invention when the looped network protocol massages hypervelocity of self processing being detected, start to upgrade the looped network protocol characteristic value in every equipment in looped network, thereby can filter out timely attack message, the mode by hardware, looped network protocol massages being judged in addition, can effectively prevent the attack of looped network protocol massages to equipment CPU.
Concrete, in embodiments of the present invention owing to only having looped network protocol massages just can report CPU, via CPU, process, therefore every equipment can be by reporting the quantity of the looped network protocol massages of CPU processing, whether the looped network protocol massages that judgement is processed through CPU exceeds the speed limit, when hypervelocity, can think that this equipment has suffered the attack of looped network protocol massages.
In order effectively to prevent the attack of looped network protocol massages, by revising the characteristic value of looped network agreement, reach in embodiments of the present invention the object of the attack that prevents the equipment of attacking, this is because the characteristic value of looped network agreement is all upgraded in every equipment in looped network, and obtaining and identify this characteristic value, outside world equipment needs the regular hour, therefore can effectively identify to a certain extent attack message and abandon, thereby effectively prevent to a certain extent looped network protocol message aggression equipment CPU.
In embodiments of the present invention because the cryptographic algorithm of every equipment preservation in looped network is identical, when having generated after new characteristic value according to this cryptographic algorithm, after packet capturing, crack this cryptographic algorithm, raising this programme prevents the fail safe of looped network protocol message aggression equipment CPU, the looped network protocol massages hypervelocity that the first equipment Inspection self is processed, and notify every equipment in looped network to generate after new characteristic value, described the first looped network equipment sends to other equipment in looped network the announcement information that upgrades cryptographic algorithm, making every renewal of the equipment in looped network is same new cryptographic algorithm.In addition, when upgrading this cryptographic algorithm, also can be according to the cycle of setting, regularly, by a certain equipment, to other equipment, send the lastest imformation of cryptographic algorithm, wherein carry the identification information of cryptographic algorithm to be updated, or the order of the cryptographic algorithm of preserving in every equipment is identical, when equipment receives after the announcement information that upgrades cryptographic algorithm, according to the order of the cryptographic algorithm of preserving, upgrade successively.For example in every equipment in looped network, preserve in order the first cryptographic algorithm, the second cryptographic algorithm, the 3rd cryptographic algorithm and the 4th cryptographic algorithm, if current, need generating feature value, thereby the first cryptographic algorithm of every equipment use is encrypted generation to random value.When equipment receives after the announcement information that upgrades cryptographic algorithm, if need generating feature value after every equipment in looped network, according to the second cryptographic algorithm, generate, if receive again afterwards the announcement information that upgrades cryptographic algorithm, if need generating feature value, according to the 3rd cryptographic algorithm, generate, afterwards the like.
Fail safe for further new characteristic value, when the looped network protocol massages of the first equipment Inspection self processing exceeds the speed limit, when transmission is used for generating the random value of looped network protocol characteristic value, together send local cryptographic algorithm code corresponding to cryptographic algorithm of preserving, every equipment in looped network is according to this cryptographic algorithm code receiving, in the cryptographic algorithm of preserving in this locality, find the cryptographic algorithm that this cryptographic algorithm code is corresponding, thereby can guarantee that every equipment adopts identical cryptographic algorithm, can guarantee that again the cryptographic algorithm adopting when every sub-eigenvalue switches is different.
The characteristic value of every equipment in embodiments of the present invention, according to the cryptographic algorithm of preserving in the random value receiving, type of message information, the address information of equipment that sends this message and every equipment, generate, the algorithm of preserving in the random value that wherein every equipment receives and every equipment is all identical, type of message based on different, because the address information of every equipment is different, therefore every equipment message based on same type, the characteristic value of generation is different.After every equipment generating feature value, this characteristic value is carried in looped network protocol massages and is sent.Wherein, the information of equipment can be the IP address information of equipment in embodiments of the present invention, or the mac address information of equipment etc.
In looped network, each equipment has generated after new characteristic value, and this characteristic value is write to hardware, and hardware, according to this characteristic value, judges whether each looped network protocol massages that needs CPU to process is attack message, and this process comprises afterwards:
The hardware of described the first equipment receives after pending looped network protocol massages, identifies the characteristic value of carrying in this looped network protocol massages;
According to the cryptographic algorithm of described characteristic value, the address information that sends the equipment of this message, type of message information and preservation, determine the random value that this looped network protocol massages is corresponding;
Judge that whether this random value is identical with the random value of this locality preservation;
When determining when identical, this looped network protocol massages is sent to CPU this message is processed, otherwise, described looped network protocol massages is abandoned.
Wherein, this hardware can be the hardware such as exchange chip in embodiments of the present invention.
Concrete, in the invention process because every equipment in looped network is when generating this characteristic value, according to the random value receiving, type of message information, the address information of equipment and the cryptographic algorithm of preservation generate, when the hardware of equipment receives after looped network protocol massages, identify the characteristic value of carrying in this looped network protocol massages, according to the inverse process of the generative process of this characteristic value, according to this characteristic value, send the address information of the equipment of this message, type of message information, and this cryptographic algorithm of preserving, determine the random value that generates this characteristic value, thereby judge whether this looped network protocol massages is attack message, because while only having this definite random value identical with the local random value of preserving, this looped network protocol massages is non-attack message.
Fig. 2 provide for the embodiment of the present invention this prevent a specific implementation process schematic diagram of looped network protocol message aggression equipment CPU, this process comprises the following steps:
S201: in looped network, the CPU of every equipment processes looped network protocol massages.
S202: whether the looped network protocol massages that the first equipment Inspection is processed through self exceeds the speed limit, when hypervelocity being detected, carries out step S203, otherwise, proceed step S202.
S203: generate for generating the random value of looped network protocol characteristic value, described random value is sent to other equipment in looped network, this random value is write to hardware and make other equipment that this random value is write to hardware.
S204: send to other equipment in looped network the announcement information that starts new characteristic value, wherein said new characteristic value generates according to the cryptographic algorithm of preserving in the address information of described random value, type of message information, every equipment and every equipment.
S205: the hardware that receives the equipment of looped network protocol massages in this looped network, identify the characteristic value of carrying in this looped network protocol massages, according to the cryptographic algorithm of described characteristic value, the address information that sends the equipment of this message, type of message information and preservation, determine the random value that this looped network protocol massages is corresponding.
S206: judge that whether this random value is identical with the random value of this locality preservation, when judgement is identical, carry out step S207, otherwise, carry out step S208.
S207: the hardware of this equipment sends to CPU by this looped network protocol massages this message is processed.
S208: the hardware of this equipment confirms that this looped network protocol massages is attack message, abandons this looped network protocol massages.
The hardware of the equipment in the above embodiment of the present invention in looped network receives after looped network protocol massages, according to the characteristic value of carrying in this looped network protocol massages, and the generative process of this characteristic value, can determine the random value that generates this characteristic value, by this random value and the local random value of preserving relatively after, can determine whether this looped network protocol massages is attack message, thereby can judge whether that according to definite result this looped network protocol massages is sent to CPU to be processed.
In order effectively to improve the recognition speed of attack message, when the hardware of equipment is according to the characteristic value of carrying in message, determine after the random value that generates this characteristic value, for fear of the looped network protocol massages that carries this characteristic value sending for this transmitting apparatus at every turn, carry out above-mentioned calculating, also comprise in embodiments of the present invention: when definite non-attack message of this looped network protocol massages, and after this message is processed, the hardware of described the first equipment is preserved the characteristic value of this looped network protocol massages in this locality, send the address information of equipment and the corresponding relation of type of message information of this message.
After definite can the processing the looped network protocol massages receiving by CPU of hardware of equipment, according to the discriminating to characteristic value in this looped network protocol massages, the characteristic value of this looped network protocol massages, the address information of equipment that sends this message and the corresponding relation of type of message information have been preserved.When the hardware of this equipment receives pending looped network protocol massages again, after the characteristic value of carrying in this looped network protocol massages of identification, described method also comprises:
The hardware of described the first equipment judges whether this locality preserves described characteristic value;
When described characteristic value is preserved in this locality, according to this characteristic value, the address information of equipment that sends this message and the corresponding relation of type of message information preserved, and the information of carrying in this pending looped network protocol massages, judge whether this looped network protocol massages is attack message;
When definite this looped network protocol massages is attack message, this looped network protocol massages is abandoned, otherwise, this looped network protocol massages is sent to CPU this message is processed.
Pass through said process, characteristic value, the address information of equipment that sends this message and the corresponding relation of type of message information of this looped network protocol massages that the hardware of every equipment can be preserved self constantly carry out perfect, and along with this corresponding relation in the hardware of every equipment is constantly perfect, the CPU of equipment can obviously be improved the processing speed of looped network protocol massages, thereby improve the treatment effeciency of whole looped network to looped network protocol massages.
Fig. 3 provide for the embodiment of the present invention this prevent another specific implementation process schematic diagram of looped network protocol message aggression equipment CPU, this process comprises the following steps:
S301: in looped network, the CPU of every equipment processes looped network protocol massages.
S302: whether the looped network protocol massages that the first equipment Inspection is processed through self exceeds the speed limit, when hypervelocity being detected, carries out step S303, otherwise, proceed step S302.
S303: generate for generating the random value of looped network protocol characteristic value and writing hardware, described random value is sent to other equipment in looped network, make other equipment also this random value be write to hardware.
S304: send to other equipment in looped network the announcement information that starts new characteristic value, wherein said new characteristic value generates according to the cryptographic algorithm of preserving in the address information of described random value, type of message information, every equipment and every equipment.
S305: receive the hardware of the equipment of looped network protocol massages in this looped network, identify the characteristic value of carrying in this looped network protocol massages, judge whether this locality preserves described characteristic value, when this characteristic value of the local preservation of judgement, carry out step S306, otherwise, carry out step S307.
S306: according to this characteristic value, the address information of equipment that sends this message and the corresponding relation of type of message information preserved, and the information of carrying in this pending looped network protocol massages, judge whether this looped network protocol massages is attack message, when definite this looped network protocol massages is attack message, this looped network protocol massages is abandoned, otherwise, this looped network protocol massages is sent to CPU and processes.
S307: according to the cryptographic algorithm of described characteristic value, the address information that sends the equipment of this message, type of message information and preservation, determine the random value that this looped network protocol massages is corresponding.
S308: judge that whether this random value is identical with the random value of this locality preservation, when judgement is identical, carry out step S309, otherwise, carry out step S310.
S309: this looped network protocol massages is sent to CPU and process, preserve the characteristic value of this looped network protocol massages, the address information of equipment that sends this message and the corresponding relation of type of message information in this locality.
S310: the hardware of this equipment confirms that this looped network protocol massages is attack message, abandons this looped network protocol massages.
Concrete, in embodiments of the present invention, when the hardware identification of equipment is after the characteristic value of carrying in looped network protocol massages, the characteristic value of this looped network protocol massages is preserved in definite this locality, while sending the address information of equipment of this message and the corresponding relation of type of message information, search the corresponding relation at this characteristic value place, whether the type of determining this looped network protocol massages is identical with the type of message information in this corresponding relation, and whether the address information of the transmitting apparatus of this looped network protocol massages of judgement transmission is identical with the address information of this transmitting apparatus in this corresponding relation, when all identical, this looped network protocol massages is sent to CPU to be processed, otherwise, confirm that this looped network protocol massages is attack message, abandon this looped network protocol massages.
With a specific embodiment, the embodiment of the present invention is described in detail below.
In the looped network that Fig. 4 provides for the embodiment of the present invention, the networking structure schematic diagram of each equipment, comprises device A, equipment B, equipment C and equipment D at this looped network, between equipment, according to the annexation between Fig. 4, connects.After each device start, start to detect the looped network protocol massages of processing through self and whether exceed the speed limit.When device A detects the looped network protocol massages hypervelocity of self processing, device A selects first ring port to send message hypervelocity information to connected equipment B, wherein in this message hypervelocity information, carry the random value for generating feature value, and, in order to guarantee that this random value can send in each equipment in looped network, device A starts first timer.
When equipment B receives by a central port after the message hypervelocity information of device A transmission, extract the random value carrying in this message hypervelocity information, and message hypervelocity information is sent to the equipment C being connected with its another central port, same, when equipment C receives after this message hypervelocity information, carry out the operation identical with equipment B, the equipment D that receives afterwards the message hypervelocity information of equipment C transmission carries out operation same as described above, and after having extracted random value, this message hypervelocity information is sent to device A.
Device A receives after this message hypervelocity information, judge current whether in the timing length of this first timer, if in the timing length of this first timer, device A is closed this first timer, otherwise, device A sends this message hypervelocity information by first ring port again, in this message hypervelocity information, carry random value, and restart first timer, the random value wherein carrying in this message hypervelocity information, can be identical with the random value that carried in message hypervelocity information last time, also can be different.This device A repeats aforesaid operations, until receive the message hypervelocity information that equipment D returns in the timing length of first timer.
In the timing length of device A at first timer, receive after the message hypervelocity information that equipment D returns, by central port, to other equipment, send the announcement information that starts new characteristic value, wherein device A is when sending this announcement information, can send by arbitrary central port, also can by each central port, send simultaneously, and in order to guarantee that each equipment can receive this announcement information, device A, after sending this announcement information, starts second timer.Device A is according to this random value, every kind of type of message information, the IP address of self or the cryptographic algorithm of mac address information and preservation, generate the new characteristic value of looped network agreement, and this characteristic value is write to hardware, now device A can receive the looped network protocol massages of new and old characteristic value.
Equipment B receives the announcement information of the new characteristic value of startup that this device A sends, because device A is the equipment that sends random value before, therefore equipment B can be carried out the computational process of follow-up characteristic value, and the announcement information that this is started to new characteristic value sends to equipment C.Equipment B is according to the random value receiving before, and the type information of every kind of message, self IP address or mac address information, and the cryptographic algorithm of preserving, generate new characteristic value.
Equipment C carries out the process identical with the said equipment B, and the announcement information that this is started to new characteristic value sends to equipment D, and the operation of equipment D execution is identical with the said equipment B, equipment C, and the announcement information that this is started to new characteristic value sends to device A.
Device A judges whether to receive in the timing length of second timer the announcement information that this starts new characteristic value, while receiving the announcement information that this starts new characteristic value in the timing length of device A at second timer, second timer is closed, while receiving the announcement information that this starts new characteristic value in the timing length at this second timer not, resend the announcement information that this enables new characteristic value, and restart second timer, until every equipment in looped network all receives the announcement information that this enables new characteristic value.
Every equipment in looped network receives after this announcement information that starts new characteristic value, and every equipment in looped network writes hardware by the random value receiving before.Device A sends looped network protocol characteristic value finishing switching information to every equipment in looped network, and starts the 3rd timer, and the characteristic value of the looped network protocol massages that self is sent, is revised as the new characteristic value according to this random value calculative determination.
Equipment B receives the looped network protocol characteristic value finishing switching information that this device A sends, equipment B sends to equipment C by this looped network protocol characteristic value finishing switching information, and according to self characteristic value definite according to random value before, the characteristic value of the looped network protocol massages that self is sent, is revised as the new characteristic value according to this random value calculative determination.
Equipment C carries out identical operation with equipment D and the said equipment B, and, equipment D sends to device A by this looped network protocol characteristic value finishing switching information, device A judges whether to receive in the timing length of the 3rd timer the looped network protocol characteristic value finishing switching information that this returns, while receiving in the timing length at the 3rd timer, close the 3rd timer, otherwise, resend this looped network protocol characteristic value finishing switching information, and reopen the 3rd timer, until every equipment in looped network all receives this looped network protocol characteristic value finishing switching information, thereby enable this new characteristic value.
In looped network, every equipment is enabled after new characteristic value, when receiving, the hardware of equipment need to report after the looped network protocol massages that CPU processes, identify the characteristic value of carrying in this looped network protocol massages, the cryptographic algorithm of preserving according to self, send IP address information and this type of message information of the equipment of this message, determine the random value that this looped network protocol massages is corresponding, the random value whether described random value that judgement is determined is preserved with this locality is identical, when determining when identical, this looped network protocol massages is sent to CPU to be processed, otherwise, confirm that this looped network protocol massages is attack message, described looped network protocol massages is abandoned.
Fig. 5 prevents the detailed implementation process of looped network protocol message aggression equipment CPU for what the embodiment of the present invention provided based on this of Fig. 4, and this process comprises the following steps:
S501: after each device start, start to detect the looped network protocol massages of processing by self and whether exceed the speed limit.
S502: when device A detects the looped network protocol massages hypervelocity of processing through self, device A selects first ring port to send message hypervelocity information to connected equipment B, wherein in this message hypervelocity information, carry the random value for generating feature value, and start first timer.
S503: device A judges the current message hypervelocity information that equipment D returns that whether receives in the timing length of this first timer, when judgment result is that while being, closes first timer, carries out step S504, otherwise, carry out step S502.
S504: device A sends the announcement information that starts new characteristic value to equipment B, start second timer.
Device A, according to this random value, every kind of type of message information, the IP address of self or the cryptographic algorithm of mac address information and preservation, generates the new characteristic value of looped network agreement, and this characteristic value is write to hardware.
S505: device A judges whether to receive in the timing length of second timer that equipment D returns that this starts the announcement information of new characteristic value, when judgment result is that while being, closes second timer, carries out step S506, otherwise, carry out step S504.
S506: device A sends looped network protocol characteristic value finishing switching information to every equipment in looped network, and starts the 3rd timer, makes every equipment that this random value is write to hardware.The characteristic value of the looped network protocol massages that self is sent, is revised as the new characteristic value according to this random value calculative determination.
S507: device A judges whether to receive in the timing length of the 3rd timer the looped network protocol characteristic value finishing switching information that this returns, when judgment result is that while being, closes the 3rd timer, carries out step S508, otherwise, carry out step S506.
S508: the hardware of device A is according to the looped network protocol massages that reports CPU to process, identify the characteristic value of carrying in this looped network protocol massages, according to the cryptographic algorithm of described characteristic value, the address information that sends the equipment of this message, type of message information and preservation, determine the random value that this looped network protocol massages is corresponding.
S509: judge that whether this random value is identical with the random value of this locality preservation, when judgement is identical, carry out step S510, otherwise, carry out step S511.
S510: this hardware sends to CPU by this looped network protocol massages and processes.
S511: this hardware confirms that this looped network protocol massages is attack message, abandons this looped network protocol massages.
Due in embodiments of the present invention when the looped network protocol massages hypervelocity that CPU processes being detected, start to upgrade the looped network protocol characteristic value in every equipment in looped network, thereby can filter out timely attack message, prevent the attack of looped network protocol massages to equipment CPU.
A kind of device that prevents looped network protocol message aggression equipment CPU that Fig. 6 provides for the embodiment of the present invention, structural representation, described device comprises:
Whether detection module 61, exceed the speed limit for detection of the looped network protocol massages of processing through self;
The first sending module 62, for when hypervelocity being detected, generates for generating the random value of looped network protocol characteristic value, and described random value is sent to other equipment in looped network;
The second sending module 63, for sending to other equipment of looped network the announcement information that starts new characteristic value, the hardware of every equipment in looped network is detected looped network protocol massages according to the new characteristic value generating, and wherein said new characteristic value generates according to the cryptographic algorithm of preserving in the address information of described random value, type of message information, every equipment and every equipment.
Described device also comprises:
Judging treatmenting module 66, for judging that whether this random value is identical with the random value of this locality preservation; When determining when identical, this looped network protocol massages is sent to CPU this message is processed, otherwise, described looped network protocol massages is abandoned.
Concrete, this identification module 64, confirmation module 65 and judging treatmenting module 66 can be positioned at the inside of this hardware of looped network equipment.
Described device comprises:
Described judging treatmenting module 66, also for judging whether this locality preserves described characteristic value; When described characteristic value is preserved in this locality, according to this characteristic value, the address information of equipment that sends this message and the corresponding relation of type of message information preserved, and the information of carrying in this pending looped network protocol massages, judge whether this looped network protocol massages is attack message; When definite this looped network protocol massages is attack message, this looped network protocol massages is abandoned, otherwise, this looped network protocol massages is sent to CPU this message is processed.
Described the first sending module 62, also sends for other equipment to looped network the announcement information that upgrades cryptographic algorithm, and making every renewal of the equipment in looped network is same new cryptographic algorithm.
The embodiment of the present invention provides a kind of method and device that prevents looped network protocol message aggression equipment CPU, the method comprises: when the quantity of the looped network protocol massages that a certain equipment Inspection self in looped network is processed exceeds the speed limit, generate for generating the random value of looped network protocol characteristic value, and this random value is sent in every equipment in looped network, so that the hardware of every equipment in looped network is after the notice of the new characteristic value of the startup that receives this equipment transmission, adopt the new characteristic value of this generation to detect the looped network protocol massages receiving, while only having the non-attack message of this message of detection, just message being sent to CPU processes.Due in embodiments of the present invention when the looped network protocol massages hypervelocity of self processing being detected, start to upgrade the looped network protocol characteristic value in every equipment in looped network, thereby can filter out timely attack message, the method judging by hardware, can effectively prevent the attack of looped network protocol massages to equipment CPU.
Those skilled in the art should understand, the application's embodiment can be provided as method, system or computer program.Therefore, the application can adopt complete hardware implementation example, implement software example or in conjunction with the form of the embodiment of software and hardware aspect completely.And the application can adopt the form that wherein includes the upper computer program of implementing of computer-usable storage medium (including but not limited to magnetic disc store, CD-ROM, optical memory etc.) of computer usable program code one or more.
The application is with reference to describing according to flow chart and/or the block diagram of the method for the embodiment of the present application, equipment (system) and computer program.Should understand can be in computer program instructions realization flow figure and/or block diagram each flow process and/or the flow process in square frame and flow chart and/or block diagram and/or the combination of square frame.Can provide these computer program instructions to the processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device to produce a machine, the instruction of carrying out by the processor of computer or other programmable data processing device is produced for realizing the device in the function of flow process of flow chart or a plurality of flow process and/or square frame of block diagram or a plurality of square frame appointments.
These computer program instructions also can be stored in energy vectoring computer or the computer-readable memory of other programmable data processing device with ad hoc fashion work, the instruction that makes to be stored in this computer-readable memory produces the manufacture that comprises command device, and this command device is realized the function of appointment in flow process of flow chart or a plurality of flow process and/or square frame of block diagram or a plurality of square frame.
These computer program instructions also can be loaded in computer or other programmable data processing device, make to carry out sequence of operations step to produce computer implemented processing on computer or other programmable devices, thereby the instruction of carrying out is provided for realizing the step of the function of appointment in flow process of flow chart or a plurality of flow process and/or square frame of block diagram or a plurality of square frame on computer or other programmable devices.
Although described the application's preferred embodiment, once those skilled in the art obtain the basic creative concept of cicada, can make other change and modification to these embodiment.So claims are intended to all changes and the modification that are interpreted as comprising preferred embodiment and fall into the application's scope.
Obviously, those skilled in the art can carry out various changes and modification and the spirit and scope that do not depart from the application to the application.Like this, if within these of the application are revised and modification belongs to the scope of the application's claim and equivalent technologies thereof, the application is also intended to comprise these changes and modification interior.
Claims (10)
1. a method that prevents looped network protocol message aggression equipment CPU, is characterized in that, described method comprises:
Whether the looped network protocol massages that the first equipment Inspection is processed through self exceeds the speed limit;
When hypervelocity being detected, generate for generating the random value of looped network protocol characteristic value, described random value is sent to other equipment in looped network;
And send to other equipment in looped network the announcement information that starts new characteristic value, the hardware of every equipment in looped network is detected looped network protocol massages according to the new characteristic value generating, and wherein said new characteristic value generates according to the cryptographic algorithm of preserving in the address information of described random value, type of message information, every equipment and every equipment.
2. the method for claim 1, is characterized in that, described when looped network protocol massages hypervelocity that the first equipment Inspection is processed to self CPU, described method also comprises:
The first equipment generates for generating random value and the cryptographic algorithm code of looped network protocol characteristic value, and described random value and cryptographic algorithm code are sent to other equipment in looped network;
And send to other equipment in looped network the announcement information that starts new characteristic value, the hardware of every equipment in looped network is detected looped network protocol massages according to the new characteristic value generating, and wherein said new characteristic value generates according to the address information of described random value, type of message information, every equipment and cryptographic algorithm corresponding to described cryptographic algorithm code.
3. the method for claim 1, is characterized in that, described method also comprises:
The hardware of described the first equipment receives after pending looped network protocol massages, identifies the characteristic value of carrying in this looped network protocol massages;
According to the cryptographic algorithm of described characteristic value, the address information that sends the equipment of this message, type of message information and preservation, determine the random value that this looped network protocol massages is corresponding;
Judge that whether this random value is identical with the random value of this locality preservation, wherein, writes hardware by this random value;
When determining when identical, this looped network protocol massages is sent to CPU this message is processed, otherwise, described looped network protocol massages is abandoned.
4. method as claimed in claim 3, is characterized in that, described this looped network protocol massages is processed after, described method also comprises:
The hardware of described the first equipment is preserved the characteristic value of this looped network protocol massages, the address information of equipment that sends this message and the corresponding relation of type of message information in this locality.
5. method as claimed in claim 4, is characterized in that, after the characteristic value of carrying in this looped network protocol massages of described identification, described method also comprises:
The hardware of described the first equipment judges whether this locality preserves described characteristic value;
When described characteristic value is preserved in this locality, according to this characteristic value, the address information of equipment that sends this message and the corresponding relation of type of message information preserved, and the information of carrying in this pending looped network protocol massages, judge whether this looped network protocol massages is attack message;
When definite this looped network protocol massages is attack message, this looped network protocol massages is abandoned, otherwise, this looped network protocol massages is sent to CPU this message is processed.
6. a device that prevents looped network protocol message aggression equipment CPU, is characterized in that, described device comprises:
Whether detection module, exceed the speed limit for detection of the looped network protocol massages of processing through self;
The first sending module, for when hypervelocity being detected, generates for generating the random value of looped network protocol characteristic value, and described random value is sent to other equipment in looped network;
The second sending module, for sending to other equipment of looped network the announcement information that starts new characteristic value, the hardware of every equipment in looped network is detected looped network protocol massages according to the new characteristic value generating, and wherein said new characteristic value generates according to the cryptographic algorithm of preserving in the address information of described random value, type of message information, every equipment and every equipment.
7. device as claimed in claim 6, is characterized in that, described device also comprises:
The first sending module, for when hypervelocity being detected, generates for generating random value and the cryptographic algorithm code of looped network protocol characteristic value, and described random value and cryptographic algorithm code are sent to other equipment in looped network;
The first sending module, for sending to other equipment of looped network the announcement information that starts new characteristic value, the hardware of every equipment in looped network is detected looped network protocol massages according to the new characteristic value generating, and wherein said new characteristic value generates according to the address information of described random value, type of message information, every equipment and cryptographic algorithm corresponding to described cryptographic algorithm code.
8. device as claimed in claim 6, is characterized in that, described device also comprises:
Identification module, for receiving after pending looped network protocol massages, identifies the characteristic value of carrying in this looped network protocol massages;
Determination module, for according to the cryptographic algorithm of described characteristic value, the address information that sends the equipment of this message, type of message information and preservation, determines the random value that this looped network protocol massages is corresponding, and wherein this random value writes hardware;
Judging treatmenting module, for judging that whether this random value is identical with the random value of this locality preservation; When determining when identical, this looped network protocol massages is sent to CPU this message is processed, otherwise, described looped network protocol massages is abandoned.
9. device as claimed in claim 8, is characterized in that, described device comprises:
Memory module, for preserving the characteristic value of this looped network protocol massages, the address information of equipment that sends this message and the corresponding relation of type of message information in this locality.
10. device as claimed in claim 9, is characterized in that, described judging treatmenting module, also for judging whether this locality preserves described characteristic value; When described characteristic value is preserved in this locality, according to this characteristic value, the address information of equipment that sends this message and the corresponding relation of type of message information preserved, and the information of carrying in this pending looped network protocol massages, judge whether this looped network protocol massages is attack message; When definite this looped network protocol massages is attack message, this looped network protocol massages is abandoned, otherwise, this looped network protocol massages is sent to CPU this message is processed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310642307.7A CN103618723B (en) | 2013-12-03 | 2013-12-03 | Prevent the method and device of looped network protocol message from attacking device CPU |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310642307.7A CN103618723B (en) | 2013-12-03 | 2013-12-03 | Prevent the method and device of looped network protocol message from attacking device CPU |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103618723A true CN103618723A (en) | 2014-03-05 |
| CN103618723B CN103618723B (en) | 2016-08-31 |
Family
ID=50169427
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310642307.7A Active CN103618723B (en) | 2013-12-03 | 2013-12-03 | Prevent the method and device of looped network protocol message from attacking device CPU |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103618723B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015081499A1 (en) * | 2013-12-03 | 2015-06-11 | 北京东土科技股份有限公司 | Method and device for preventing ring network protocol messages from attacking cpu of device |
| WO2017148093A1 (en) * | 2016-03-03 | 2017-09-08 | 中兴通讯股份有限公司 | Node device and ring network switching method |
| CN110545291A (en) * | 2019-09-29 | 2019-12-06 | 东软集团股份有限公司 | defense method for attack message, multi-core forwarding system and related products |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040215976A1 (en) * | 2003-04-22 | 2004-10-28 | Jain Hemant Kumar | Method and apparatus for rate based denial of service attack detection and prevention |
| CN101030912A (en) * | 2007-04-06 | 2007-09-05 | 华为技术有限公司 | Fast ring network method against attack based on RRPP, apparatus and system |
| CN101562614A (en) * | 2009-05-26 | 2009-10-21 | 北京星网锐捷网络技术有限公司 | Method, system and exchange equipment for preventing attacks in Ethernet ring network |
| CN102447711A (en) * | 2012-01-18 | 2012-05-09 | 中兴通讯股份有限公司 | Method and device for sending protocol messages |
-
2013
- 2013-12-03 CN CN201310642307.7A patent/CN103618723B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040215976A1 (en) * | 2003-04-22 | 2004-10-28 | Jain Hemant Kumar | Method and apparatus for rate based denial of service attack detection and prevention |
| CN101030912A (en) * | 2007-04-06 | 2007-09-05 | 华为技术有限公司 | Fast ring network method against attack based on RRPP, apparatus and system |
| CN101562614A (en) * | 2009-05-26 | 2009-10-21 | 北京星网锐捷网络技术有限公司 | Method, system and exchange equipment for preventing attacks in Ethernet ring network |
| CN102447711A (en) * | 2012-01-18 | 2012-05-09 | 中兴通讯股份有限公司 | Method and device for sending protocol messages |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2015081499A1 (en) * | 2013-12-03 | 2015-06-11 | 北京东土科技股份有限公司 | Method and device for preventing ring network protocol messages from attacking cpu of device |
| WO2017148093A1 (en) * | 2016-03-03 | 2017-09-08 | 中兴通讯股份有限公司 | Node device and ring network switching method |
| CN110545291A (en) * | 2019-09-29 | 2019-12-06 | 东软集团股份有限公司 | defense method for attack message, multi-core forwarding system and related products |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103618723B (en) | 2016-08-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104052730B (en) | The intrusion detection of intelligent computer physics and system of defense and method for industrial control system | |
| EP4080368A1 (en) | Alarm information generation method and apparatus, electronic device, and storage medium | |
| US10986107B2 (en) | Systems and methods for detecting anomalous software on a programmable logic controller | |
| Robles-Durazno et al. | PLC memory attack detection and response in a clean water supply system | |
| CN110825040B (en) | Process control attack detection method and device for industrial control system | |
| CN105468441A (en) | Processing method and apparatus for task process | |
| CN104394150B (en) | A kind of realization system and method for the mimicry security network infrastructure based on hardware reconstruction | |
| CN110178137B (en) | Data determination device, data determination method, and computer-readable storage medium | |
| US20200314130A1 (en) | Attack detection device, attack detection method, and computer readable medium | |
| CN113746810B (en) | Network attack inducing method, device, equipment and storage medium | |
| CN103618723A (en) | Method and device for preventing looped network protocol message from attacking device CPU | |
| CN104317764A (en) | Real-time control method for asynchronous messages of 1553B bus | |
| CN104717212A (en) | Protection method and system for cloud virtual network security | |
| CN106790041B (en) | Internet protocol IP credit database generation method and device | |
| CN105678164A (en) | Method and device for detecting malicious software | |
| CN105577669A (en) | Method and device for identifying false source attack | |
| RU2014148333A (en) | METHODS FOR ADAPTIVE CONTROLLED LIGHTING BASED ON TRANSPORT FLOW IN EXTERIOR LIGHTING NETWORKS | |
| CN107911229B (en) | Running state change reminding method and device, electronic equipment and storage medium | |
| CN104881307A (en) | Method and device for realizing downloading | |
| CN113965406A (en) | Network blocking method, device, electronic device and storage medium | |
| CN103093529B (en) | The method of dynamic refresh data | |
| CN103067197A (en) | Method of internet gateway device dynamic loop test and protection and static loop test | |
| CN102404715A (en) | Method for resisting worm virus of mobile phone based on friendly worm | |
| CN115421859B (en) | Dynamic loading method and device for configuration file, computer equipment and storage medium | |
| CN113901464A (en) | Artificial intelligence safety architecture system and method based on service arrangement and related equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |