CN106899419A - A kind of method for realizing abnormality processing, device and request end - Google Patents
A kind of method for realizing abnormality processing, device and request end Download PDFInfo
- Publication number
- CN106899419A CN106899419A CN201510955150.2A CN201510955150A CN106899419A CN 106899419 A CN106899419 A CN 106899419A CN 201510955150 A CN201510955150 A CN 201510955150A CN 106899419 A CN106899419 A CN 106899419A
- Authority
- CN
- China
- Prior art keywords
- invalid packet
- invalid
- message
- abnormal
- packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/069—Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of method and device for realizing abnormality processing, including:Invalid packet to each determination carries out corresponding abnormality processing respectively.The inventive method carries out abnormality processing by invalid packet, it is to avoid the problem for only carrying out discard processing and producing;Further, abnormal return information is transmitted, relevant treatment can be carried out to corresponding message, improve the performance of industrial automation network;Send transmission control protocol _ replacements connection (TCP_RST) to report, it is to avoid repeatedly send the network resources waste for causing.
Description
Technical field
The present invention relates to industrial automation, espespecially a kind of method for realizing abnormality processing, device and please
Ask end.
Background technology
Ethernet industrial protocol (EtherNet/IP) is the protocol architecture for being adapted to industrial environment application, and it is
By open device network supply of material ACSA (Open Device Net Vendors Association, letter
Claim ODVA) and control international (Control Net International) the two big industrial network tissue of net common
The newcomer of release.EtherNet/IP is specific to the network of industrial automation application, is widely used in
The industrial control fields such as tobacco, electric power, automobile, it can support that a large amount of scenes set in wide region
Standby connection.Different from source/destination communication pattern, EtherNet/IP uses production/consumption mode, and it permits
Perhaps the node on network accesses the data in same source simultaneously;In production/consumption mode, data are allocated
One unique mark, each data source is disposably transmitted data on network, the choosing of other nodes
The reading of selecting property these data, so as to improve the communication efficiency of system.Because EtherNet/IP agreements are same
When support Ethernet and network communication protocol (TCP/IP) protocol suite, therefore it is nearly all support both
The data that the invalid packet that the network equipment of agreement can be instructed by forging industry control is obtained in network, make
Into information leakage, or even industrial equipment is damaged, influence industrial production.
In order to avoid information leakage and ensure industrial production, industrial fireproof wall as filter, by branch
The deep analysis to EtherNet/IP agreements are held, being defined as illegal message to parsing abandons;It is common
The industrial fireproof wall course of work include:Peel off message and analyze message format whether close rule, length whether
It is correct etc.;When mistake occur in message format or length etc., judge that message is invalid packet, carry out at discarding
Reason;During the errorless situation such as message format, length, the Ethernet/IP and universal industrial of message are extracted
Agreement (CIP) is instructed, and further determines that whether message closes according to the decision rule of white list or blacklist
Method, and then to being judged as that legal message is carried out by treatment, the message to being judged as illegal is abandoned
Treatment.By the treatment of industrial fireproof wall, the security performance of industrial automation network is improved.
Although industrial fireproof wall carries out discard processing to being defined as illegal message and can improve industrial automation
The security of network;But when the message to not meeting the requirements such as form, length is abandoned, request end exists
In the case of not knowing that message is confirmed as illegally, it will constantly retransmit, after disconnecting after time-out
Can stop;Request end cannot timely to message form, length etc. correct;If invalid packet
It is the processing mode that then industrial fireproof wall is only abandoned in order to carry out malicious attack, does not carry out timely
Disconnecting treatment, will cause occur a large amount of situations for connecting refusal service in the short time, and influence industry is certainly
The performance of dynamicization network.
The content of the invention
In order to solve the above-mentioned technical problem, the present invention provide a kind of method for realizing abnormality processing, device and
Request end, can be while industrial automation network security be ensured, to invalid packet
Reason, improves network performance.
In order to reach the object of the invention, the invention provides a kind of method for realizing abnormality processing, including:
Invalid packet to each determination carries out corresponding abnormality processing respectively.
Alternatively, carrying out abnormality processing includes:
The corresponding exception return information of invalid packet of each determination is generated respectively, sends each abnormal return information
To the request end for sending invalid packet;And/or,
To the invalid packet of each determination, transmission control protocol _ replacement connection TCP_RST messages are sent respectively
To the request end for sending the invalid packet, to disconnect the connection with the request end.
Alternatively, abnormal return information is generated to specifically include:To each invalid packet,
The Ethernet industrial protocol Ethernet/IP headings of the invalid packet are copied, institute is added it to
After stating the abnormal acknowledgement transmissions control protocol TCP header for replying message;
The abnormal species coding of the invalid packet, modification are determined according to default abnormal mapping code information
The mode field of response message TCP header is the described abnormal species coding for determining;
The other parts that the exception is replied message are filled according to industrial equipment response form.
Alternatively, abnormal mapping code information includes:
First abnormal species coding corresponds to the invalid packet that Envelope command is invalid or does not support;
Second abnormal species coding corresponds to invalid packet of the receiving terminal low memory to process;
3rd abnormal species coding is corresponding to data form or the invalid packet of error in data;
4th abnormal species coding corresponds to that data subject for ridicule is invalid or the non-existent invalid packet of data subject for ridicule;
5th abnormal species coding is corresponding to the invalid invalid packet of message length.
Optionally, the method also includes:
The corresponding abnormal species coding of the invalid packet of determination is carried out into log recording.
On the other hand, the application also provides a kind of method for realizing abnormality processing, including:
Request end determines the species of invalid packet according to the abnormal return information for receiving;
Invalid packet is modified according to the default invalid packet species repaired instruction and determine, is laid equal stress on
Newly send revised message.
Alternatively, presetting reparation instruction includes:
When the invalid packet for error in data message, if error in data be data interval not normal
In interval, then using the common factor of the data interval and normal interval as the data interval corrected;If data
Mistake is the border-crossing error of monodrome, then delete the monodrome;
When the invalid packet is the invalid message of data subject for ridicule, it is effective to correct invalid session handle
Session handle;
When the invalid packet is the invalid message of message length, if the number in Ethernet/IP headings
Mismatched according to length and message real data area, change the data length in the Ethernet/IP headings
It is real data section length.
Alternatively, the method also includes:
Corresponding invalid packet is replied message by the external command for receiving to the exception to be modified.
Alternatively, the method also includes:
Operation log recording will be carried out to the amendment content of the invalid packet.
Another further aspect, the application also provides a kind of device for realizing abnormality processing, at least including processing unit,
Processing unit, corresponding abnormality processing is carried out for the invalid packet to each determination respectively.
Alternatively, processing unit specifically for,
The corresponding exception return information of invalid packet of each determination is generated respectively, sends each abnormal return information
To the request end for sending invalid packet;And/or,
To the invalid packet of each determination, transmission control protocol _ replacement connection TCP_RST messages are sent respectively
To the request end for sending the invalid packet, to disconnect the connection with the request end.
Alternatively, processing unit specifically for,
The Ethernet/IP headings of the invalid packet are copied, the exception is added it to and is replied message
Acknowledgement transmissions control protocol TCP header after;Determined according to default abnormal mapping code information described non-
The abnormal species coding of method message, the mode field for changing response message TCP header is the exception for determining
Species is encoded;The other parts that the exception is replied message are filled according to industrial equipment response form;
Send abnormal return information to the request end for sending the invalid packet;And/or,
TCP_RST messages to the request end for sending invalid packet are sent, to disconnect and send invalid packet
Request end connection.
Alternatively, the device also includes logging unit, for the corresponding institute of invalid packet that will be determined
Stating abnormal species coding carries out log recording.
Further aspect, the application also provides a kind of request end for realizing abnormality processing, including:Determining unit
With amendment retransmission unit;Wherein,
Determining unit, the species for determining invalid packet according to the abnormal return information for receiving;
Amendment retransmission unit, for according to it is default repair instruction and determine invalid packet species to illegal
Message is modified, and resends revised message.
Optionally, amendment retransmission unit is additionally operable to, and abnormal the reply is disappeared by the external command for receiving
Corresponding invalid packet is ceased to be modified.
Optionally, the request end also includes operation note unit, for by the amendment to the invalid packet
Content carries out operation log recording.
Compared with prior art, technical scheme includes:Invalid packet to each determination is carried out respectively
Corresponding abnormality processing.The inventive method carries out abnormality processing by invalid packet, it is to avoid only carry out
Discard processing and the problem that produces;Further, abnormal return information is transmitted, can be to corresponding
Message carries out relevant treatment, improves the performance of industrial automation network;Send transmission control protocol _ replacement
Connection (TCP_RST) report, it is to avoid repeatedly send the network resources waste for causing.
Brief description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes of the application
Point, schematic description and description of the invention is used to explain the present invention, does not constitute to of the invention
Improper restriction.In the accompanying drawings:
Fig. 1 is the flow chart of the method that the present invention realizes abnormality processing;
Fig. 2 is the flow chart of another method for realizing abnormality processing of the present invention;
Fig. 3 is the structure journey figure of the device that the present invention realizes abnormality processing;
Fig. 4 is the structure journey figure of the request end that the present invention realizes abnormality processing.
Specific embodiment
To make the object, technical solutions and advantages of the present invention become more apparent, below in conjunction with accompanying drawing
Embodiments of the invention are described in detail.It should be noted that in the case where not conflicting, this Shen
Please in embodiment and the feature in embodiment can mutually be combined.
Fig. 1 is the flow chart of the method that the present invention realizes abnormality processing;As shown in figure 1, including:
Step 100, the invalid packet to each determination carry out corresponding abnormality processing respectively;
It should be noted that invalid packet of the present invention can be the invalid packet that filter filtering determines;
For example, by filter determine the non-existent invalid packet of data subject for ridicule, receiving terminal low memory with
The invalid illegal report of the invalid packet for the treatment of, the invalid packet of data form or error in data, data subject for ridicule
Text, Envelope command be invalid or the invalid packet do not supported etc., and the species of invalid packet can be according to related mistake
Filter definition carries out increase adjustment.
Carrying out abnormality processing includes:
The corresponding exception return information of invalid packet of each determination is generated respectively, sends each abnormal return information
To the request end for sending invalid packet;And/or,
To the invalid packet of each determination, transmission control protocol _ replacement connection (TCP_RST) is sent respectively
Message to the request end for sending the invalid packet, to disconnect the connection with the request end.
It should be noted that the present invention can enter to the exception handling procedure of invalid packet with by invalid packet
Row discard processing is combined, it is not necessary to which those skilled in the art carry out creative work.
Preferably, abnormal return information is generated to specifically include:To each invalid packet,
Ethernet industrial protocol (Ethernet/IP) heading of invalid packet is copied, is added it to different
After acknowledgement transmissions control protocol (TCP) head for often replying message;
The abnormal species coding of invalid packet is determined according to default abnormal mapping code information, response is changed
The mode field of message TCP header is the abnormal species coding for determining;
The abnormal other parts for replying message are filled according to industrial equipment response form.
It should be noted that Ethernet/IP messages are that 24 bytes are added behind TCP header
Ethernet/IP headings and related data, table 1 are the primary structure of Ethernet/IP messages, work as judgement
Ethernet/IP messages are that " state " can be entered in the message of abnormal return information for invalid packet
Row modification, makes it carry significant value, the different value correspondence that the present invention passes through abnormal mapping code information
Different invalid packets, realizes the abnormal reply based on EtherNet/IP agreements.Should according to industrial equipment
Answer form and the abnormal other parts for replying message are filled with conventional techniques hand for those skilled in the art
Section, for example, replys message response (ACK) default value is revised as into 1, source address and destination address
Modification etc..
Table 1
Specifically, abnormal mapping code information includes:
First abnormal species coding corresponds to the invalid packet that Envelope command is invalid or does not support;
Second abnormal species coding corresponds to invalid packet of the receiving terminal low memory to process;
3rd abnormal species coding is corresponding to data form or the invalid packet of error in data;
4th abnormal species coding corresponds to that data subject for ridicule is invalid or the non-existent invalid packet of data subject for ridicule;
5th abnormal species coding is corresponding to the invalid invalid packet of message length.
It should be noted that the present invention can carry out abnormal species coding by four mode fields of byte
Record, span (0x0 can be used to represent normal) from 0x1 to 0xFFFF, by abnormal reply
The length field of information is changed to 0, represents no data field.Can be so as to by the value of 0x1 to 0xFFFF
In the self-defined expansion of invalid packet difference abnormal conditions.Table 2 is the abnormal mapping code letter in present invention part
The content of breath, the abnormal species coding for the treatment of, and abnormal species encodes corresponding implication, and table 2 is not also directed to
Brief introduction is carried out with the usage scenario of exception species coding, has been easy to manage the classification of invalid packet species
Solution.
The inventive method also includes step 101:
Step 101, the corresponding abnormal species coding of the invalid packet of determination is carried out into log recording.
It should be noted that in view of processing procedure of the present invention is connected with filter, can be by fire wall
Daily record carries out log recording.
Table 2
The inventive method carries out abnormality processing by invalid packet, it is to avoid only carries out discard processing and produces
Raw problem;Further, abnormal return information is transmitted, correlation can be carried out to corresponding message
Treatment, improves the performance of industrial automation network;Send transmission control protocol _ replacement connection
(TCP_RST) report, it is to avoid repeatedly send the network resources waste for causing.
Fig. 2 is the flow chart of another method for realizing abnormality processing of the present invention, as shown in Fig. 2 including:
Step 200, request end determine the species of invalid packet according to the abnormal return information for receiving;
Step 201, the invalid packet species for instructing and determining according to default reparation are carried out to invalid packet
Amendment, and resend revised message.
In this step, default reparation instruction includes:
When invalid packet for error in data message, if error in data be data interval not in normal interval
It is interior, then using the common factor of the data interval and normal interval as the data interval corrected;If error in data
It is the border-crossing error of monodrome, then deletes the monodrome;
When invalid packet is the invalid message of data subject for ridicule, it is effective session to correct invalid session handle
Handle;
When invalid packet is the invalid message of message length, if the data in Ethernet/IP headings are long
Degree is mismatched with message real data area, and the data length in modification Ethernet/IP headings is actual number
According to section length.
It should be noted that the invalid session handle of amendment can be by this area for effective session handle
Technical staff is modified setting according to the difference of invalid session handle and effective session handle.
The inventive method also includes:
Corresponding invalid packet is replied message by the external command for receiving to exception to be modified.
The inventive method also includes:
Operation log recording will be carried out to the amendment content of invalid packet.
It should be noted that because makeover process is carried out in request end, therefore operation log recording can add
It is added in the Operation Log of request end.
Fig. 3 is the structure journey figure of the device that the present invention realizes abnormality processing, as shown in figure 3, at least including
Processing unit,
Processing unit, corresponding abnormality processing is carried out for the invalid packet to each determination respectively.
It should be noted that apparatus of the present invention can be arranged in filter, or as self-contained unit with
Filter is attached, and realization is mutually connected with the treatment of industrial fireproof wall;Specific setting does not need ability
Field technique personnel carry out creative work, in addition, apparatus of the present invention are in communication with each other with request end may be constructed
For the system of abnormality processing.
Processing unit specifically for,
The corresponding exception return information of invalid packet of each determination is generated respectively, sends each abnormal return information
To the request end for sending invalid packet;And/or,
To the invalid packet of each determination, transmission control protocol _ replacement connection TCP_RST messages are sent respectively
To the request end for sending the invalid packet, to disconnect the connection with the request end.
Processing unit specifically for,
The Ethernet/IP headings of invalid packet are copied, the abnormal response for replying message is added it to and is passed
After transport control protocol view TCP header;The exception of invalid packet is determined according to default abnormal mapping code information
Species is encoded, and the mode field for changing response message TCP header is the abnormal species coding for determining;According to work
Industry equipment response form is filled to the abnormal other parts for replying message;Send abnormal return information extremely
Send the request end of invalid packet;And/or,
TCP_RST messages to the request end for sending invalid packet are sent, to disconnect and send invalid packet
Request end connection.
Apparatus of the present invention also include logging unit, the corresponding abnormal kind of the invalid packet for that will determine
Class coding carries out log recording.
Fig. 4 is the structure journey figure of the request end that the present invention realizes abnormality processing, as shown in figure 4, including:
Determining unit and amendment retransmission unit;Wherein,
Determining unit, the species for determining invalid packet according to the abnormal return information for receiving;
Amendment retransmission unit, for according to it is default repair instruction and determine invalid packet species to illegal
Message is modified, and resends revised message.
Amendment retransmission unit is additionally operable to, and exception is replied message by the external command for receiving corresponding illegal
Message is modified.
Request end of the present invention also includes operation note unit, for will be carried out to the amendment content of invalid packet
Operation log recording.
Although disclosed herein implementation method as above, described content is only to readily appreciate the present invention
And the implementation method for using, it is not limited to the present invention.Technology people in any art of the present invention
Member, do not depart from disclosed herein spirit and scope on the premise of, can be in the form implemented and thin
Any modification and change, but scope of patent protection of the invention are carried out on section, still must be with appended right
The scope that claim is defined is defined.
Claims (16)
1. a kind of method for realizing abnormality processing, it is characterised in that including:
Invalid packet to each determination carries out corresponding abnormality processing respectively.
2. method according to claim 1, it is characterised in that the abnormality processing that carries out includes:
The corresponding exception return information of invalid packet of each determination is generated respectively, sends each abnormal return information
To the request end for sending invalid packet;And/or,
To the invalid packet of each determination, transmission control protocol _ replacement connection TCP_RST messages are sent respectively
To the request end for sending the invalid packet, to disconnect the connection with the request end.
3. method according to claim 2, it is characterised in that the generation exception return information tool
Body includes:To each invalid packet,
The Ethernet industrial protocol Ethernet/IP headings of the invalid packet are copied, institute is added it to
After stating the abnormal acknowledgement transmissions control protocol TCP header for replying message;
The abnormal species coding of the invalid packet, modification are determined according to default abnormal mapping code information
The mode field of response message TCP header is the described abnormal species coding for determining;
The other parts that the exception is replied message are filled according to industrial equipment response form.
4. method according to claim 3, it is characterised in that the abnormal mapping code packet
Include:
First abnormal species coding corresponds to the invalid packet that Envelope command is invalid or does not support;
Second abnormal species coding corresponds to invalid packet of the receiving terminal low memory to process;
3rd abnormal species coding is corresponding to data form or the invalid packet of error in data;
4th abnormal species coding corresponds to that data subject for ridicule is invalid or the non-existent invalid packet of data subject for ridicule;
5th abnormal species coding is corresponding to the invalid invalid packet of message length.
5. the method according to claim 3 or 4, it is characterised in that the method also includes:
The corresponding abnormal species coding of the invalid packet of determination is carried out into log recording.
6. a kind of method for realizing abnormality processing, it is characterised in that including:
Request end determines the species of invalid packet according to the abnormal return information for receiving;
Invalid packet is modified according to the default invalid packet species repaired instruction and determine, is laid equal stress on
Newly send revised message.
7. method according to claim 6, it is characterised in that the default reparation instruction includes:
When the invalid packet for error in data message, if error in data be data interval not normal
In interval, then using the common factor of the data interval and normal interval as the data interval corrected;If data
Mistake is the border-crossing error of monodrome, then delete the monodrome;
When the invalid packet is the invalid message of data subject for ridicule, it is effective to correct invalid session handle
Session handle;
When the invalid packet is the invalid message of message length, if the number in Ethernet/IP headings
Mismatched according to length and message real data area, change the data length in the Ethernet/IP headings
It is real data section length.
8. method according to claim 6, it is characterised in that the method also includes:
Corresponding invalid packet is replied message by the external command for receiving to the exception to be modified.
9. the method according to claim 6,7 or 8, it is characterised in that the method also includes:
Operation log recording will be carried out to the amendment content of the invalid packet.
10. a kind of device for realizing abnormality processing, it is characterised in that at least including processing unit,
Processing unit, corresponding abnormality processing is carried out for the invalid packet to each determination respectively.
11. devices according to claim 10, it is characterised in that the processing unit specifically for,
The corresponding exception return information of invalid packet of each determination is generated respectively, sends each abnormal return information
To the request end for sending invalid packet;And/or,
To the invalid packet of each determination, transmission control protocol _ replacement connection TCP_RST messages are sent respectively
To the request end for sending the invalid packet, to disconnect the connection with the request end.
12. devices according to claim 10, it is characterised in that the processing unit specifically for,
The Ethernet/IP headings of the invalid packet are copied, the exception is added it to and is replied message
Acknowledgement transmissions control protocol TCP header after;Determined according to default abnormal mapping code information described non-
The abnormal species coding of method message, the mode field for changing response message TCP header is the exception for determining
Species is encoded;The other parts that the exception is replied message are filled according to industrial equipment response form;
Send abnormal return information to the request end for sending the invalid packet;And/or,
TCP_RST messages to the request end for sending invalid packet are sent, to disconnect and send invalid packet
Request end connection.
13. devices according to claim 12, it is characterised in that the device also includes log recording
Unit, for the corresponding abnormal species coding of the invalid packet of determination to be carried out into log recording.
A kind of 14. request ends for realizing abnormality processing, it is characterised in that including:Determining unit and amendment
Retransmission unit;Wherein,
Determining unit, the species for determining invalid packet according to the abnormal return information for receiving;
Amendment retransmission unit, for according to it is default repair instruction and determine invalid packet species to illegal
Message is modified, and resends revised message.
15. request ends according to claim 14, it is characterised in that the amendment retransmission unit is also
For replying message corresponding invalid packet to the exception by the external command for receiving and being modified.
16. request end according to claims 14 or 15, it is characterised in that also wrap the request end
Operation note unit is included, for operation log recording will to be carried out to the amendment content of the invalid packet.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510955150.2A CN106899419B (en) | 2015-12-17 | 2015-12-17 | Method, device and request terminal for realizing exception handling |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510955150.2A CN106899419B (en) | 2015-12-17 | 2015-12-17 | Method, device and request terminal for realizing exception handling |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106899419A true CN106899419A (en) | 2017-06-27 |
| CN106899419B CN106899419B (en) | 2020-11-10 |
Family
ID=59189604
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510955150.2A Active CN106899419B (en) | 2015-12-17 | 2015-12-17 | Method, device and request terminal for realizing exception handling |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106899419B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109413037A (en) * | 2018-09-12 | 2019-03-01 | 北京奇安信科技有限公司 | A kind of Modbus method for processing business and device |
| CN109922085A (en) * | 2019-04-11 | 2019-06-21 | 江苏亨通工控安全研究院有限公司 | A kind of security protection system and method based on CIP agreement in PLC |
| CN109995557A (en) * | 2017-12-29 | 2019-07-09 | 中国移动通信集团陕西有限公司 | Communication method and device |
| CN109995556A (en) * | 2017-12-29 | 2019-07-09 | 中国移动通信集团公司 | A kind of message format method for correcting and device |
| CN110620779A (en) * | 2019-09-26 | 2019-12-27 | 中国电子科技网络信息安全有限公司 | Industrial control protocol instruction level protection method based on error code response |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1983955A (en) * | 2006-05-09 | 2007-06-20 | 华为技术有限公司 | Method and system for monitoring illegal message |
| CN101309179A (en) * | 2007-05-18 | 2008-11-19 | 北京启明星辰信息技术有限公司 | Real-time flux abnormity detection method on basis of host activity and communication pattern analysis |
| CN101937372A (en) * | 2010-08-30 | 2011-01-05 | 北京数码大方科技有限公司 | Exception processing method and device |
| CN102637214A (en) * | 2012-04-28 | 2012-08-15 | 中国工商银行股份有限公司 | Method and system for synchronizing general data among database services |
| CN103001819A (en) * | 2011-09-19 | 2013-03-27 | 盛科网络(苏州)有限公司 | Method and system for processing OAM (operation, administration and maintenance) detecting results in MPLS-TP (multiple protocol label switching-transmission parameter) network |
| CN103200129A (en) * | 2013-04-05 | 2013-07-10 | 张小云 | Mirroring method and device of unusual messages |
| CN104670031A (en) * | 2013-11-29 | 2015-06-03 | 国家电网公司 | Device and method for monitoring batteries of electric vehicle |
-
2015
- 2015-12-17 CN CN201510955150.2A patent/CN106899419B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1983955A (en) * | 2006-05-09 | 2007-06-20 | 华为技术有限公司 | Method and system for monitoring illegal message |
| CN101309179A (en) * | 2007-05-18 | 2008-11-19 | 北京启明星辰信息技术有限公司 | Real-time flux abnormity detection method on basis of host activity and communication pattern analysis |
| CN101937372A (en) * | 2010-08-30 | 2011-01-05 | 北京数码大方科技有限公司 | Exception processing method and device |
| CN103001819A (en) * | 2011-09-19 | 2013-03-27 | 盛科网络(苏州)有限公司 | Method and system for processing OAM (operation, administration and maintenance) detecting results in MPLS-TP (multiple protocol label switching-transmission parameter) network |
| CN102637214A (en) * | 2012-04-28 | 2012-08-15 | 中国工商银行股份有限公司 | Method and system for synchronizing general data among database services |
| CN103200129A (en) * | 2013-04-05 | 2013-07-10 | 张小云 | Mirroring method and device of unusual messages |
| CN104670031A (en) * | 2013-11-29 | 2015-06-03 | 国家电网公司 | Device and method for monitoring batteries of electric vehicle |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109995557A (en) * | 2017-12-29 | 2019-07-09 | 中国移动通信集团陕西有限公司 | Communication method and device |
| CN109995556A (en) * | 2017-12-29 | 2019-07-09 | 中国移动通信集团公司 | A kind of message format method for correcting and device |
| CN109413037A (en) * | 2018-09-12 | 2019-03-01 | 北京奇安信科技有限公司 | A kind of Modbus method for processing business and device |
| CN109413037B (en) * | 2018-09-12 | 2021-11-16 | 奇安信科技集团股份有限公司 | Modbus service processing method and device |
| CN109922085A (en) * | 2019-04-11 | 2019-06-21 | 江苏亨通工控安全研究院有限公司 | A kind of security protection system and method based on CIP agreement in PLC |
| CN110620779A (en) * | 2019-09-26 | 2019-12-27 | 中国电子科技网络信息安全有限公司 | Industrial control protocol instruction level protection method based on error code response |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106899419B (en) | 2020-11-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106899419A (en) | A kind of method for realizing abnormality processing, device and request end | |
| US7672306B2 (en) | Method for secure reliable point to multi-point bi-directional communications | |
| US8332532B2 (en) | Connectivity over stateful firewalls | |
| US9521120B2 (en) | Method for securely transmitting control data from a secure network | |
| CN103310669B (en) | A kind of data transmission method for interactive teaching and system | |
| CN101834783B (en) | Method and device for forwarding messages and network equipment | |
| CN101222443B (en) | Method and network appliance for processing packet | |
| CN106330414A (en) | Message transmission method and device | |
| US6182149B1 (en) | System for managing dynamic processing resources in a network | |
| US20130148671A1 (en) | Method of transporting data from sending node to destination node | |
| US20110243138A1 (en) | System for controlling path maximum transmission unit by detecting repetitional ip packet fragmentation and method thereof | |
| CN104202322A (en) | OpenFlow exchanger message security monitor and control method based on OpenFlow protocol | |
| US20110038369A1 (en) | Communication method and apparatus based on user datagram protocol | |
| JP2006074132A (en) | Multicast communication method and gateway device | |
| EP2157727A1 (en) | Path connection | |
| CN100454900C (en) | Method and system for quick responding IP banding message | |
| CN100353711C (en) | Communication system, communication apparatus, operation control method, and program | |
| CN109167774B (en) | Data message and data stream safety mutual access method on firewall | |
| WO2020243249A1 (en) | Covertly storing a payload of data within a network | |
| US8064335B2 (en) | Communication monitoring method, communication monitoring system, management system, and external device | |
| CN104270307A (en) | Establishing method and device for BGP neighborhood | |
| CN107483231A (en) | A kind of multi-protocol data transport network layer and transport layer monitoring reliability method | |
| CN105812275A (en) | Stream-based TAP (test access point) implementation method | |
| CN111464569A (en) | Ethernet data transmission method adopting custom protocol | |
| CN106789208B (en) | A kind of network forensics facility network tube model based on the reversed through-transmission technique of UDT |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |