CN106789861A - A kind of message processing method and device - Google Patents
A kind of message processing method and device Download PDFInfo
- Publication number
- CN106789861A CN106789861A CN201610139144.4A CN201610139144A CN106789861A CN 106789861 A CN106789861 A CN 106789861A CN 201610139144 A CN201610139144 A CN 201610139144A CN 106789861 A CN106789861 A CN 106789861A
- Authority
- CN
- China
- Prior art keywords
- server
- response message
- message
- feedback
- received
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
The embodiment of the invention discloses a kind of message processing method and device, the method includes:Access controller multicast is used to inquire about the query message of the server that can provide client required service, and receives the inquiry response message of the server feedback that can provide client required service;When the quantity of inquiry response message of the server feedback is received in preset time period more than predetermined threshold value, these inquiry response messages are cached, and send the first probe messages to the server, if receiving the first detection response message of the server feedback, then determine that the server does not have under attack, to the inquiry response message normal process for caching;If not receiving the first detection response message of the server feedback, it is determined that the server is subject to attacks, the inquiry response message that will be cached is deleted.So as to avoid because server it is under attack when, the situation of equipment paralysis caused by the access controller a large amount of response messages for the treatment of.
Description
Technical field
The present invention relates to radio network technique field, more particularly to a kind of message processing method and device.
Background technology
Bonjour agreements, also referred to as zero configuration networking protocol, can automatically find service on IP network etc..
Bonjour agreements only define multicast domain name (mDNS) protocol massages propagation clothes how are used in VLAN
Business information, mDNS protocol massages are forwarded if necessary to travelling across VLAN, then must in a network dispose one and turn
Hair equipment, referred to as Bonjour gateways.
In a kind of wireless network scenario, Bonjour gateways are configured on access controller AC, Bonjour
Gateway is receiving the inquiry for inquiring about the server that can provide client required service of client multicast
After message, first inquire about in local service the Resources list whether have the server that client required service can be provided:
If it has, the facility information of respective server is then sent to the client, if it is not, according to configuration
Service vlan list multicast inquiry message;The server that client required service can be provided can be for this
Query message feedback response message, the response message forwarding of the server feedback that Bonjour gateways will be received
The client is given, and the facility information of the server carried in the response message is stored in local service money
Source list.
But in actual applications, if server is under attack, receiving looking into for Bonjour gateway multicasts
After asking message, server will send substantial amounts of response message to Bonjour gateways, due to Bonjour gateways
The legitimacy of response message cannot be judged, each response message can only be processed, this just holds
AC paralysis where being easily caused Bonjour gateways.
The content of the invention
The purpose of the embodiment of the present invention is to provide a kind of message processing method and device, it is to avoid because server is received
When attacking, access controller receives the situation of equipment paralysis caused by a large amount of response messages.
To reach above-mentioned purpose, the embodiment of the invention discloses a kind of message processing method, methods described application
In access controller, methods described includes:
Multicast is used to inquire about the query message of the server that can provide client required service, and reception can
The inquiry response message of the server feedback of client required service is provided;
Judge whether the quantity of the inquiry response message received in the first preset time period exceedes predetermined threshold value;
If it is, the inquiry response message that caching is received, and send described for souning out to the server
The first probe messages whether server is attacked;
Judge interior the first detection response message for whether receiving the server feedback of the second preset time period;
If it is, determining that the server is not attacked, the inquiry response message to receiving is processed;
If not, determining that the server is attacked, the inquiry response message of caching is deleted.
Optionally, methods described can also include:
When the first detection response message of the server feedback is not received in the second preset time period, will
The address information of the server is added in blacklist.
Optionally, methods described can also include:
When the first detection response message of the server feedback is not received in the second preset time period, press
According to predetermined period, sent for souning out whether the server recovers normal second detection to the server
Message;
It is the message for second probe messages response in the response message for receiving the server feedback
When, determine that the server recovers normal, the address information of the server is deleted from the blacklist,
And stop sending the second probe messages to the server;
It is the non-report for second probe messages response in the response message for receiving the server feedback
Wen Shi, determines that the server does not recover normal, the response message that deletion is received.
Optionally, methods described can also include:
It is defeated when the first detection response message of the server feedback is not received in the second preset time period
Go out warning information.
Optionally, methods described can also include:
When the first detection response message of the server feedback is received in the second preset time period, output
Upgrade the upgrade tip information of the access controller.
To reach above-mentioned purpose, the embodiment of the invention also discloses a kind of message process device, described device should
For access controller, described device includes:
First receiver module, for multicast inquiry message, and receives the clothes that can provide client required service
The inquiry response message of business device feedback, wherein, the query message can be provided needed for client for inquiry
The server of service;
First judge module, the quantity of the inquiry response message for judging to be received in the first preset time period
Whether predetermined threshold value is exceeded, if it is, the first sending module of triggering;
First sending module, uses for caching the inquiry response message for receiving, and being sent to the server
In the first probe messages whether the exploration server is attacked;
Second judge module, for judging whether the server feedback is received in the second preset time period
First detection response message, if it is, determining that the server is not attacked, triggers processing module, if
It is no, determine that the server is attacked, trigger the first removing module;
Processing module, for processing the inquiry response message for receiving;
First removing module, the inquiry response message for deleting caching.
Optionally, described device can also include:
Add module, it is described for judging not received in the second preset time period in second judge module
During the first detection response message of server feedback, the address information of the server is added in blacklist.
Optionally, described device can also include:
Second sending module, for judging not received in the second preset time period in second judge module
During the first detection response message of the server feedback, according to predetermined period, sent to the server and used
Whether recover normal second probe messages in the exploration server;
3rd judge module, whether the response message for judging to receive the server feedback is for institute
The message of the second probe messages response is stated, if it is, determining that the server recovers normal, triggering second is deleted
Except module, if not, determining that the server does not recover normal, the 3rd removing module is triggered;
Second removing module, for the address information of the server to be deleted from the blacklist, and
Stop sending the second probe messages to the server;
3rd removing module, for deleting the response message for receiving.
Optionally, described device can also include:
3rd sending module, for judging not received in the second preset time period in second judge module
During the first detection response message of the server feedback, outputting alarm information.
Optionally, described device can also include:
4th sending module, for judging to receive institute in the second preset time period in second judge module
When stating the first detection response message of server feedback, the upgrade tip letter of the output upgrading access controller
Breath.
As seen from the above technical solution, using the embodiment of the present invention, access controller multicast can for inquiry
The query message of the server of client required service is provided, and reception can provide client required service
The inquiry response message of server feedback;When the inquiry that the server feedback is received in preset time period rings
When answering the quantity of message to exceed predetermined threshold value, these inquiry response messages are cached, and to the server
The first probe messages are sent, if receiving the first detection response message of the server feedback, it is determined that should
Server does not have under attack, to the inquiry response message normal process for caching;If not receiving the service
First detection response message of device feedback, it is determined that the server is subject to attacks, the inquiry response that will be cached
Message is deleted.So as to avoid because server it is under attack when, the access controller a large amount of response messages for the treatment of are led
The situation of the equipment paralysis of cause.
Certainly, implementing any product of the invention or method must be not necessarily required to while reaching above-described institute
There is advantage.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to implementing
Example or the accompanying drawing to be used needed for description of the prior art are briefly described, it should be apparent that, describe below
In accompanying drawing be only some embodiments of the present invention, for those of ordinary skill in the art, do not paying
On the premise of going out creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is the first schematic flow sheet of message processing method provided in an embodiment of the present invention;
Fig. 2 is second schematic flow sheet of message processing method provided in an embodiment of the present invention;
Fig. 3 is the first structural representation of message process device provided in an embodiment of the present invention;
Fig. 4 is second structural representation of message process device provided in an embodiment of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clearly
Chu, it is fully described by, it is clear that described embodiment is only a part of embodiment of the invention, rather than
Whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art are not making creation
Property work under the premise of the every other embodiment that is obtained, belong to the scope of protection of the invention.
In order to solve prior art problem, a kind of message processing method and device are the embodiment of the invention provides,
Access controller is applied to, Bonjour gateways are configured with access controller AC (Access Controller).
A kind of message processing method provided in an embodiment of the present invention is described in detail first below.
Fig. 1 is the first schematic flow sheet of message processing method provided in an embodiment of the present invention, including:
S101:Multicast is used to inquire about the query message of the server that can provide client required service, and connects
Receipts can provide the inquiry response message of the server feedback of client required service.
In actual applications, above-mentioned query message can receive client (that is, wireless client) for AC
The query message for inquiring about the server that can provide client required service for sending and the local clothes of inquiry
When not having to provide the server of client required service in business the Resources list, AC is according to the service for configuring
The query message of vlan list multicast.In the present invention, client required service can be print service,
Video service etc.;Correspondingly, using the teaching of the invention it is possible to provide the server of client required service refer to provide print service,
The equipment of Video service etc., for example, printer, Apple TV etc..
Above-mentioned query message can also be AC periodically to query message (this of multicast in the network where itself
Query message is that AC is directed to known service institute multicast) so that itself is according to the server feedback for receiving
The facility information of the server carried in inquiry response message, updates local service the Resources list.
S102:Judge whether the quantity of the inquiry response message received in the first preset time period exceedes to preset
Threshold value, if it is, performing S103.
First preset time period and predetermined threshold value can set according to the actual requirements, specifically, predetermined threshold value can
Set respectively with for every server, in actual applications, different servers can be directed to and set different
Threshold value, naturally it is also possible to for Servers-all set identical threshold value.
S103:The inquiry response message that caching is received, and sent for souning out the clothes to the server
The first probe messages whether business device is attacked.
In actual applications, one or more can be carried in the message content of the first probe messages needs to be somebody's turn to do
The problem that server is answered, such as, what etc. the model or title of the server are.
S104:Judge interior the first probe response for whether receiving the server feedback of the second preset time period
Message, if it is, S106 is performed, if not, performing S105.
In this step, some problems can be carried in the message content of the first probe messages, response report is judged
Whether the answer for the problem carried in text correct, if correctly, the response message be for this
First detection response message of one probe messages.
S105:Determine that the server is attacked, delete the inquiry response message of caching.
S106:Determine that the server is not attacked, the inquiry response message to receiving is processed.
In illustrated embodiment of the present invention, AC multicast inquiry messages, the query message can be provided for inquiry
The server of client required service, it is assumed that server A can provide client required service, server A
To the AC feedback query response messages.
Assuming that the first preset time period is set as 3 minutes, the predetermined threshold value for server A is set as 6.
If the AC received the inquiry response message of more than 6 of server A transmission in 3 minutes,
Then explanation server A may be subject to attacks.In this case, these inquiry response messages are not carried out first
Treatment, but first it is cached, and sent for souning out whether server A is attacked to server A
The first probe messages.
Second preset time period can determine according to the actual requirements, can be identical or not with the first preset time period
Together.Assuming that the second preset time period is also 3 minutes.
The AC was judged in 3 minutes, if receive server A for first probe messages feedback
First detection response message.
As set forth above, it is possible to according to the problem carried in message content, judge whether the AC receives server
First detection response messages of the A for first probe messages feedback.
If the first detection that server A was not received in 3 minutes for first probe messages feedback rings
Answer message, it is determined that server A is attacked, delete the inquiry response message of caching.
If the first detection that server A was have received in 3 minutes for first probe messages feedback rings
Answer message, it is determined that server A is not attacked, the inquiry response message to receiving is processed.Specifically
, treatment inquiry response message is prior art, be will not be described here.
In actual applications, the first probe response of server feedback is not received in the second preset time period
During message, can be with outputting alarm information.
If AC does not receive the first detection response message of the server feedback in the second preset time period,
Then illustrate that the server is subject to attacks, now outputting alarm information, to remind administrative staff, make to be attacked
The server for hitting is restored as early as possible.
In actual applications, the first detection that the server feedback is received in the second preset time period rings
When answering message, the upgrade tip information of upgrading AC can be exported.
If receiving the first detection response message of the server feedback in the preset time periods of AC second, say
Although the quantity of the inquiry response message that bright AC is received exceeded predetermined threshold value, but server and is not affected by attacking
Hit.In this case, illustrate that predetermined threshold value may set low, or the AC needs to upgrade, and now should
AC exports the upgrade tip information of the AC that upgrades, to remind administrative staff to improve predetermined threshold value or AC is entered
Row updating operation.
Using embodiment illustrated in fig. 1 of the present invention, access controller multicast can provide client institute for inquiry
The query message of the server that need to be serviced, and receive the server feedback that client required service can be provided
Inquiry response message;When the quantity of the inquiry response message that the server feedback is received in preset time period
During more than predetermined threshold value, these inquiry response messages are cached, and first is sent to the server and detected
Message, if receiving the first detection response message of the server feedback, it is determined that the server is not received
To attack, to the inquiry response message normal process for caching;If not receiving the first of the server feedback
Detection response message, it is determined that the server is subject to attacks, the inquiry response message that will be cached is deleted.From
And avoid because server it is under attack when, equipment paralysis caused by the access controller a large amount of response messages for the treatment of
Situation.
Fig. 2 is second schematic flow sheet of radio switch-in method provided in an embodiment of the present invention, Fig. 2 of the present invention
Illustrated embodiment after S105, increases following steps on the basis of embodiment illustrated in fig. 1:
S107:The address information of the server is added in blacklist.
In actual applications, address above mentioned information can be IP address or MAC Address of server etc..
S108:According to predetermined period, sent for souning out whether the server recovers just to the server
The second normal probe messages.
S109:Whether the response message that judgement receives the server feedback is to be rung for the second probe messages
The message answered, if it is, S110 is performed, if not, performing S111.
As set forth above, it is possible to according to the problem carried in message content, judge that the AC receives server feedback
Response message whether be for the second probe messages response message.
S110:Determine that the server recovers normal, the address information of the server is deleted from blacklist
Remove, and stop sending the second probe messages to the server.
S111:Determine that the server does not recover normal, the response message that deletion is received.
Also illustrated with above-mentioned example, it is assumed that AC did not received server A for first in 3 minutes
First detection response message of probe messages feedback, illustrates that server A is subject to attacks, and AC deletes caching
After inquiry response message, the address information of server A is added in blacklist.
In illustrated embodiment of the present invention, it has been determined that server A is under attack, by the address of server A
After information adds blacklist, continue to be sent for souning out whether server A recovers normal the to server A
Two probe messages.If the response message for receiving server A feedback is for the response of the second probe messages
During message, determine that server A recovers normal, the address information of server A is deleted from blacklist, and
And stop sending the second probe messages to server A;If the response message for receiving server A feedback is
The non-message for being directed to the response of the second probe messages, determines that server A does not recover normal, the clothes that deletion is received
The response message of business device A feedbacks.
Predetermined period can set according to actual demand, it is assumed that the predetermined period is 1 hour, then the AC is per small
When to server A send the second probe messages.
In actual applications, second probe messages can be identical with the first probe messages, is taken in message content
The problem of server answer, such as, the model or title of the server are needed with one or more
It is what etc..In this case, if server A recovers normal, sent to the AC and be directed to second
The response message of probe messages, the message content of the response message includes answer regarding to the issue above.Cause
This, can according to the message content of response message, judge receive server feedback response message whether be
For the response message of the second probe messages.
In actual applications, second probe messages can also be identical with the query message in above-mentioned steps S101.
If message receiving server A feedback, being responded for the second probe messages, illustrates service
Device A recovers normal.In this case, the address information of server A is deleted from blacklist, and is stopped
Only the second probe messages are sent to server A.
If message not receiving server A feedback, being responded for the second probe messages, illustrates clothes
Business device A does not recover normal.In this case, the response message of the server A feedback for receiving is deleted.
Using embodiment illustrated in fig. 2 of the present invention, the of server feedback is not received in the second preset time period
During one detection response message, determine that server is under attack, the address information of server added into blacklist,
And according to predetermined period, sent for souning out whether the server recovers normal second detection report to server
Text, if server does not recover normal, deletes the response message that the server for receiving sends;If
Server recovers normal, the address information of the server is deleted from blacklist, and stop to the service
Device sends the second probe messages.Both avoided because server is under attack, access controller receives a large amount of sound
The situation of equipment paralysis caused by message is answered, when in turn ensure that server recovers normal, access controller can be with
Server proper communication.
Corresponding with above-mentioned embodiment of the method, the embodiment of the present invention also provides a kind of message process device.
Fig. 3 is the first structural representation of message process device provided in an embodiment of the present invention, including:
First receiver module 201, for multicast inquiry message, and reception can provide client required service
The inquiry response message of server feedback, wherein, the query message can provide client institute for inquiry
The server that need to be serviced;
First judge module 202, the number of the inquiry response message for judging to be received in the first preset time period
Whether amount exceedes predetermined threshold value, if it is, the first sending module 203 of triggering;
First sending module 203, for caching the inquiry response message for receiving, and sends to the server
For souning out the first the probe messages whether server is attacked;
Second judge module 204, for judging whether the server feedback is received in the second preset time period
The first detection response message, if it is, triggering processing module 206, if not, triggering the first removing module
205;
Processing module 206, for processing the inquiry response message for receiving;
First removing module 205, the inquiry response message for deleting caching.
In illustrated embodiment of the present invention, can also include:3rd sending module (not shown), is used for
When the first detection response message of the server feedback is not received in the second preset time period, output is accused
Alert information.
In illustrated embodiment of the present invention, can also include:4th sending module (not shown), is used for
When the first detection response message of the server feedback is received in the second preset time period, output upgrading
The upgrade tip information of AC.
Using embodiment illustrated in fig. 3 of the present invention, access controller multicast can provide client institute for inquiry
The query message of the server that need to be serviced, and receive the server feedback that client required service can be provided
Inquiry response message;When the quantity of the inquiry response message that the server feedback is received in preset time period
During more than predetermined threshold value, these inquiry response messages are cached, and first is sent to the server and detected
Message, if receiving the first detection response message of the server feedback, it is determined that the server is not received
To attack, to the inquiry response message normal process for caching;If not receiving the first of the server feedback
Detection response message, it is determined that the server is subject to attacks, the inquiry response message that will be cached is deleted.From
And avoid because server it is under attack when, equipment paralysis caused by the access controller a large amount of response messages for the treatment of
Situation.
Fig. 4 is second structural representation of message process device provided in an embodiment of the present invention, Fig. 4 of the present invention
Illustrated embodiment can also include on the basis of embodiment illustrated in fig. 3:
Add module 207, for judging not receiving institute in the second preset time period in the second judge module 204
When stating the first detection response message of server feedback, the address information of the server is added to blacklist
In.
Second sending module 208, for judging not received in the second preset time period in the second judge module 204
To the server feedback the first detection response message when, according to predetermined period, sent to the server
For souning out whether the server recovers normal second probe messages;
3rd judge module 209, for judge receive the server feedback response message whether be for
The message of the second probe messages response, if it is, determine that the server recovers normal, triggering second
Removing module 210, if not, determining that the server does not recover normal, triggers the 3rd removing module 211;
Second removing module 210, for the address information of the server to be deleted from the blacklist, and
And stop sending the second probe messages to the server;
3rd removing module 211, for deleting the response message for receiving.
Using embodiment illustrated in fig. 4 of the present invention, server feedback is not received in the second preset time period
During the first detection response message, determine that server is under attack, the address information of server added into blacklist,
And according to predetermined period, sent for souning out whether the server recovers normal second detection report to server
Text, if server does not recover normal, deletes the response message that the server for receiving sends;If
Server recovers normal, the address information of the server is deleted from blacklist, and stop to the service
Device sends the second probe messages.Both avoided because server is under attack, access controller receives a large amount of sound
The situation of equipment paralysis caused by message is answered, when in turn ensure that server recovers normal, access controller can be with
Server proper communication.
It should be noted that herein, such as first and second or the like relational terms be used merely to by
One entity or operation make a distinction with another entity or operation, and not necessarily require or imply these
There is any this actual relation or order between entity or operation.And, term " including ", "comprising"
Or any other variant thereof is intended to cover non-exclusive inclusion, so that a series of mistake including key elements
Journey, method, article or equipment not only include those key elements, but also other including being not expressly set out
Key element, or it is this process, method, article or the intrinsic key element of equipment also to include.Do not having
In the case of more limitations, the key element limited by sentence "including a ...", it is not excluded that wanted including described
Also there is other identical element in process, method, article or the equipment of element.
Each embodiment in this specification is described by the way of correlation, identical phase between each embodiment
As part mutually referring to what each embodiment was stressed is the difference with other embodiment.
For especially for device embodiment, because it is substantially similar to embodiment of the method, so the comparing of description
Simply, the relevent part can refer to the partial explaination of embodiments of method.
One of ordinary skill in the art will appreciate that realizing all or part of step in above method implementation method
Program be can be by instruct the hardware of correlation to complete, described program can be stored in computer-readable
In taking storage medium, storage medium designated herein, such as:ROM/RAM, magnetic disc, CD etc..
Presently preferred embodiments of the present invention is the foregoing is only, is not intended to limit the scope of the present invention.
All any modification, equivalent substitution and improvements made within the spirit and principles in the present invention etc., are all contained in
In protection scope of the present invention.
Claims (10)
1. a kind of message processing method, it is characterised in that methods described is applied to access controller, the side
Method includes:
Multicast is used to inquire about the query message of the server that can provide client required service, and reception can
The inquiry response message of the server feedback of client required service is provided;
Judge whether the quantity of the inquiry response message received in the first preset time period exceedes predetermined threshold value;
If it is, the inquiry response message that caching is received, and send described for souning out to the server
The first probe messages whether server is attacked;
Judge interior the first detection response message for whether receiving the server feedback of the second preset time period;
If it is, determining that the server is not attacked, the inquiry response message to receiving is processed;
If not, determining that the server is attacked, the inquiry response message of caching is deleted.
2. method according to claim 1, it is characterised in that methods described also includes:
When the first detection response message of the server feedback is not received in the second preset time period, will
The address information of the server is added in blacklist.
3. method according to claim 2, it is characterised in that methods described also includes:
When the first detection response message of the server feedback is not received in the second preset time period, press
According to predetermined period, sent for souning out whether the server recovers normal second detection to the server
Message;
It is the message for second probe messages response in the response message for receiving the server feedback
When, determine that the server recovers normal, the address information of the server is deleted from the blacklist,
And stop sending the second probe messages to the server;
It is the non-report for second probe messages response in the response message for receiving the server feedback
Wen Shi, determines that the server does not recover normal, the response message that deletion is received.
4. method according to claim 1, it is characterised in that methods described also includes:
It is defeated when the first detection response message of the server feedback is not received in the second preset time period
Go out warning information.
5. method according to claim 1, it is characterised in that methods described also includes:
When the first detection response message of the server feedback is received in the second preset time period, output
Upgrade the upgrade tip information of the access controller.
6. a kind of message process device, it is characterised in that described device is applied to access controller, the dress
Put including:
First receiver module, for multicast inquiry message, and receives the clothes that can provide client required service
The inquiry response message of business device feedback, wherein, the query message can be provided needed for client for inquiry
The server of service;
First judge module, the quantity of the inquiry response message for judging to be received in the first preset time period
Whether predetermined threshold value is exceeded, if it is, the first sending module of triggering;
First sending module, uses for caching the inquiry response message for receiving, and being sent to the server
In the first probe messages whether the exploration server is attacked;
Second judge module, for judging whether the server feedback is received in the second preset time period
First detection response message, if it is, determining that the server is not attacked, triggers processing module, if
It is no, determine that the server is attacked, trigger the first removing module;
Processing module, for processing the inquiry response message for receiving;
First removing module, the inquiry response message for deleting caching.
7. device according to claim 6, it is characterised in that described device also includes:
Add module, it is described for judging not received in the second preset time period in second judge module
During the first detection response message of server feedback, the address information of the server is added in blacklist.
8. device according to claim 7, it is characterised in that described device also includes:
Second sending module, for judging not received in the second preset time period in second judge module
During the first detection response message of the server feedback, according to predetermined period, sent to the server and used
Whether recover normal second probe messages in the exploration server;
3rd judge module, whether the response message for judging to receive the server feedback is for institute
The message of the second probe messages response is stated, if it is, determining that the server recovers normal, triggering second is deleted
Except module, if not, determining that the server does not recover normal, the 3rd removing module is triggered;
Second removing module, for the address information of the server to be deleted from the blacklist, and
Stop sending the second probe messages to the server;
3rd removing module, for deleting the response message for receiving.
9. device according to claim 6, it is characterised in that described device also includes:
3rd sending module, for judging not received in the second preset time period in second judge module
During the first detection response message of the server feedback, outputting alarm information.
10. device according to claim 6, it is characterised in that described device also includes:
4th sending module, for judging to receive institute in the second preset time period in second judge module
When stating the first detection response message of server feedback, the upgrade tip letter of the output upgrading access controller
Breath.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610139144.4A CN106789861A (en) | 2016-03-11 | 2016-03-11 | A kind of message processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610139144.4A CN106789861A (en) | 2016-03-11 | 2016-03-11 | A kind of message processing method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106789861A true CN106789861A (en) | 2017-05-31 |
Family
ID=58972143
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610139144.4A Pending CN106789861A (en) | 2016-03-11 | 2016-03-11 | A kind of message processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106789861A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107590180A (en) * | 2017-08-01 | 2018-01-16 | 佛山市深研信息技术有限公司 | A kind of monitoring and reminding method and device of big data |
| CN108984553A (en) * | 2017-06-01 | 2018-12-11 | 北京京东尚科信息技术有限公司 | Caching method and device |
| CN109194638A (en) * | 2018-08-23 | 2019-01-11 | 新华三技术有限公司合肥分公司 | Message processing method, device, switching equipment and computer readable storage medium |
| CN114513549A (en) * | 2022-02-18 | 2022-05-17 | 新华三技术有限公司 | Communication method and device |
-
2016
- 2016-03-11 CN CN201610139144.4A patent/CN106789861A/en active Pending
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108984553A (en) * | 2017-06-01 | 2018-12-11 | 北京京东尚科信息技术有限公司 | Caching method and device |
| CN108984553B (en) * | 2017-06-01 | 2022-02-01 | 北京京东尚科信息技术有限公司 | Caching method and device |
| CN107590180A (en) * | 2017-08-01 | 2018-01-16 | 佛山市深研信息技术有限公司 | A kind of monitoring and reminding method and device of big data |
| CN109194638A (en) * | 2018-08-23 | 2019-01-11 | 新华三技术有限公司合肥分公司 | Message processing method, device, switching equipment and computer readable storage medium |
| CN109194638B (en) * | 2018-08-23 | 2021-04-06 | 新华三技术有限公司合肥分公司 | Message processing method, device, switching equipment and computer readable storage medium |
| CN114513549A (en) * | 2022-02-18 | 2022-05-17 | 新华三技术有限公司 | Communication method and device |
| CN114513549B (en) * | 2022-02-18 | 2023-09-15 | 新华三技术有限公司 | Communication method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7546348B2 (en) | Message handling with selective user participation | |
| Lad et al. | PHAS: A Prefix Hijack Alert System. | |
| US8849921B2 (en) | Method and apparatus for creating predictive filters for messages | |
| US9384471B2 (en) | Spam reporting and management in a communication network | |
| EP2502398B1 (en) | Detecting malicious behaviour on a network | |
| CN106789861A (en) | A kind of message processing method and device | |
| US7647376B1 (en) | SPAM report generation system and method | |
| JP2006521635A5 (en) | ||
| CN101355524A (en) | Method, system, server and terminal for processing information | |
| JP4179300B2 (en) | Network management method and apparatus, and management program | |
| CN108028835B (en) | Automatic configuration server and server execution method | |
| JP2005259141A (en) | Method and device for reducing e-mail spam and virus distribution in communication network by authenticating e-mail message source | |
| US7908328B1 (en) | Identification of email forwarders | |
| KR101589160B1 (en) | A communication device | |
| CN100442706C (en) | Method for making maintaining node labels to match with media visiting controlled addresses | |
| US8655957B2 (en) | System and method for confirming that the origin of an electronic mail message is valid | |
| US11689928B2 (en) | Detecting unauthorized access to a wireless network | |
| CN110611683A (en) | Method and system for alarming attack source | |
| CN104683500B (en) | A kind of safe list item generation method and device | |
| US20080059588A1 (en) | Method and System for Providing Notification of Nefarious Remote Control of a Data Processing System | |
| CN101686223B (en) | Feedback method of content filtering and device | |
| EP1839417B1 (en) | A mobile network security system | |
| CN112367355A (en) | Trust level issuing method and device | |
| Schäfer | Detection of compromised email accounts used for spamming in correlation with origin-destination delivery notification extracted from metadata | |
| Casparsen et al. | Closing the security gaps in some/ip through implementation of a host-based intrusion detection system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170531 |
|
| RJ01 | Rejection of invention patent application after publication |