CN109768966A - Icmp packet processing method and processing device based on terminal - Google Patents
Icmp packet processing method and processing device based on terminal Download PDFInfo
- Publication number
- CN109768966A CN109768966A CN201811542343.5A CN201811542343A CN109768966A CN 109768966 A CN109768966 A CN 109768966A CN 201811542343 A CN201811542343 A CN 201811542343A CN 109768966 A CN109768966 A CN 109768966A
- Authority
- CN
- China
- Prior art keywords
- field
- icmp packet
- value
- selected field
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The icmp packet processing method based on terminal that the invention discloses a kind of, this method comprises: obtaining the field value that at least one in the icmp packet selectes field after receiving icmp packet;The field value of verification at least one selected field;If it is determined that the field value of at least one selected field is unverified, then the icmp packet is abandoned.In the program, terminal directly verifies the icmp packet received, for unverified icmp packet, it is considered to carry out the icmp packet of network attack, directly abandon, so as to prevent in a manner of the network attack of icmp packet at the terminal, avoids terminal from being attacked, guarantee the Internet Security of user.
Description
Technical field
The present invention relates to field of communication technology, espespecially a kind of Internet Control Message Protocol (Internet based on terminal
Control Message Protocol, ICMP) protocol message processing method and device.
Background technique
ICMP is transmission control protocol (Transmission Control Protocol, TCP)/Internet protocol
One IP layer subprotocol of (Internet Protocol, IP) protocol suite, for transmitting control between IP terminal, router
Message.Control message refers to that network leads to the message for the networks such as whether obstructed, terminal is reachable, whether routing can be used itself, these controls
Although message processed does not transmit user data, play an important role for the transmitting of user data.The main function of ICMP
It can include: to confirm whether IP packet is successfully sent to destination address, the notice specific original that IP packet is discarded in transmission process
Cause, improvement network settings etc. allow terminal or router report error situation and provide the report in relation to abnormal conditions.ICMP report
Data of the text as IP packet, in addition the stem of IP packet, composition IP packet is sent, and receives the terminal or service of IP packet
Device can parse acquisition icmp packet first, then decompose the stem and data and the reason of learn specific generation later of icmp packet.
Exist in such a way that icmp packet is attacked in network attack, such as attacker can utilize ICMP redirection message
Routing is destroyed, and its eavesdropping capability is enhanced with this.In addition to router, terminal must obey ICMP redirection.If an equipment
Another equipment into network has sent an ICMP redirection message, this may cause other equipment to have a Zhang Wuxiao
Routing table.If an equipment disguises oneself as, router is intercepted and captured all to the IP of certain target networks or target complete network report
Text, material is thus formed eavesdroppings.
Currently, having many modes for server to defend the network attack of icmp packet, but without for eventually
Hold the network attack scheme to defend icmp packet.
Summary of the invention
The embodiment of the present invention provides a kind of icmp packet processing method and processing device based on terminal, to realize at the terminal
Defend the network attack of icmp packet.
According to embodiments of the present invention, a kind of icmp packet processing method based on terminal is provided, it applies in the terminal
In, which comprises
After receiving icmp packet, the field value that at least one in the icmp packet selectes field is obtained;
The field value of verification at least one selected field;
If it is determined that the field value of at least one selected field is unverified, then the icmp packet is abandoned.
Specifically, obtaining the field value that at least one in the icmp packet selectes field, specifically include:
Pre-set call back function is called to obtain the field value that at least one in the icmp packet selectes field.
Specifically, the field value of verification at least one selected field, specifically includes:
By the field value of at least one selected field compared with the standard value of corresponding selected field;
If the field value and the standard value of corresponding selected field of at least one selected field are all the same, it is determined that institute
It states at least one selected field and passes through verification.
Optionally, further includes:
If at least one described selected field, there are the marks of the field value of a selected field and corresponding selected field
Quasi- value is different, it is determined that at least one described selected field is unverified.
Optionally, further includes:
If it is determined that the field value of at least one selected field then continues with the icmp packet by verification.
According to embodiments of the present invention, a kind of icmp packet processing unit based on terminal is also provided, is applied in the terminal
In, described device includes:
Module is obtained, after receiving icmp packet, obtains the word that at least one in the icmp packet selectes field
Segment value;
Correction verification module, for verifying the field value of at least one selected field;
Discard module, for if it is determined that the field value of at least one selected field is unverified, then described in discarding
Icmp packet.
Optionally, the acquisition module, is specifically used for:
Pre-set call back function is called to obtain the field value that at least one in the icmp packet selectes field.
Specifically, the correction verification module, is specifically used for:
By the field value of at least one selected field compared with the standard value of corresponding selected field;
If the field value and the standard value of corresponding selected field of at least one selected field are all the same, it is determined that institute
It states at least one selected field and passes through verification.
Optionally, the correction verification module, is also used to:
If at least one described selected field, there are the marks of the field value of a selected field and corresponding selected field
Quasi- value is different, it is determined that at least one described selected field is unverified.
Optionally, further include processing module, be used for:
If it is determined that the field value of at least one selected field then continues with the icmp packet by verification.
The present invention has the beneficial effect that:
The embodiment of the present invention provides a kind of icmp packet processing method and processing device based on terminal, by receiving ICMP report
Wen Hou obtains the field value that at least one in the icmp packet selectes field;The word of verification at least one selected field
Segment value;If it is determined that the field value of at least one selected field is unverified, then the icmp packet is abandoned.The program
In, terminal directly verifies the icmp packet received, for unverified icmp packet, it is believed that is to carry out network
The icmp packet of attack directly abandons, so as to prevent to avoid terminal in a manner of the network attack of icmp packet at the terminal
It is attacked, guarantees the Internet Security of user.
Detailed description of the invention
Fig. 1 is a kind of flow chart of the icmp packet processing method based on terminal in the embodiment of the present invention;
Fig. 2 is a kind of structural schematic diagram of the icmp packet processing unit based on terminal in the embodiment of the present invention.
Specific embodiment
In order to realize the network attack for defending icmp packet at the terminal, the embodiment of the present invention provides a kind of based on terminal
Icmp packet processing method, using at the terminal.
React has client rendering and server end renders two ways, and the server end rendering of React can be very good
Shortening the page rendering time, promotes the response speed of the page, server end is first request data then rendering " visual " part, and
Client rendering is that the downloading of js code, load is waited to complete data retransmission request, rendering.That is: server end rendering is without waiting for js
Data retransmission request is completed in code downloading, and can return to substantial page.React jumps the backstage Shi Huixiang in routing
Server sends a routing and is directed toward, and background server is directed toward according to routing and is redirected to some page.
The present embodiment is to utilize the Netfilter/ of linux system on the basis of using React as front end frame
IPTables firewall system is filtered icmp packet, verification operation, to reach the mesh of the icmp packet of abandon non-effect
's.
Netfilter/IPTables is the Linux firewall system of a new generation after Linux2.4.x, is linux kernel
A subsystem.Netfilter uses modularized design, has good expandability.Its important tool module
IPTables is connected in the framework of the Netfilter of kernel state from the IPTables of User space, Netfilter and IP protocol stack
It is seamless to agree with, and allow user to be filtered message, address conversion, the operation such as processing.Netfilter mainly passes through
Table, chain implementation rule, logically, Netfilter are the containers of table, and table is the container of chain, and chain is the container of rule, most end form
The realization of paired data report processing rule.
Data are successively the process of " adding head " from top to bottom in the transmission process in protocol stack, one layer data of every arrival
The head of this layer can just be added;At the same time, receiving data side is exactly a process of " stripping head ", comes it from packet in network interface card receipts
Afterwards, the head that every layer is successively peelled off during toward the upper layer transfers of protocol stack, eventually arriving at user there is exactly uncorrected data.
Netfilter is the subsystem that Linux 2.4.x is introduced, its general, abstract frame as one provides a whole set of
Call back function administrative mechanism so that such as Packet Filtering, network address translation and based on protocol type connection tracking
Become possibility.
React program can execute the method in the present embodiment on startup, report to all ICMP for being sent to this terminal
Text is filtered checking treatment, for unverified icmp packet, it is believed that is the icmp packet for carrying out network attack, directly
It abandons, so as to prevent in a manner of the network attack of icmp packet at the terminal, terminal is avoided to be attacked, guarantee that user's is upper
Net safety.
The process of the above-mentioned icmp packet processing method based on terminal is as shown in Figure 1, specifically steps are as follows for execution:
S11: after receiving icmp packet, the field value of the selected field of at least one in icmp packet is obtained.
S12: the field value of at least one selected field is verified.
S13: if it is determined that the field value of at least one selected field is unverified, then icmp packet is abandoned.
If it is determined that the field value of at least one selected field then continues with icmp packet by verification.
In the program, terminal directly verifies the icmp packet received, for unverified icmp packet,
It is considered to carry out the icmp packet of network attack, directly abandons, so as to prevent to attack with the network of icmp packet at the terminal
Mode is hit, terminal is avoided to be attacked, guarantees the Internet Security of user.
Specifically, obtaining the field value of the selected field of at least one in icmp packet in above-mentioned S11, specifically include:
Pre-set call back function is called to obtain the field value of the selected field of at least one in icmp packet.
It, can be with call back function registered in advance (and can be described as " Hook Function ") since icmp packet is IP layers of message
It hides at IP layers.Call back function can be called to verify the icmp packet of each arrival, according to check results judgement be after
Continuous processing or discarding.
Specifically, verifying the field value of at least one selected field in above-mentioned S12, specifically include:
At least one is selected into the field value of field compared with the standard value of corresponding selected field;
If the field value and the standard value of corresponding selected field of at least one selected field are all the same, it is determined that at least one
A selected field passes through verification;
If at least one selected field, there are the standard values of the field value of a selected field and corresponding selected field
It is different, it is determined that at least one selected field is unverified.
Wherein, at least one above-mentioned selected field can be, but not limited to include one or more of following field:
The first, NF_ACCEPT continues normal transmission message.This return value tells Netfilter: up to the present,
The data packet or the received and message should be committed to next stage of network protocol stack.
Second, NF_DROP abandons the datagram, no longer transmits.
The third, NF_STOLEN takes over the message, and Netfilter is told " to forget about " message.The call back function will be from this
Start the processing to data packet, and Netfilter should abandon doing the data packet any processing.But this and unawareness
Taste the resource of the data packet be released.This data packet and its sk_buff data structure alone are still effective, only
It is the ownership that call back function obtains the data packet from Netfilter.
4th kind, NF_QUEUE is lined up the datagram.
5th kind, NF_REPEAT calls the call back function again, should use this value with caution, in order to avoid cause endless loop.
Standard value can be set for these fields, if having in these fields in icmp packet the field value of a field with
Its standard value is different, so that it may think that the icmp packet will carry out network attack, can directly abandon;If in icmp packet
The field value of these fields is corresponding with the standard value of corresponding field, so that it may think that the icmp packet is normal message,
It can continue to handle.
The invention also provides more scalabilities for program and server, while can effectively improve Server Security,
Reduce server O&M cost.
Based on the same inventive concept, the embodiment of the present invention provides a kind of icmp packet processing unit based on terminal, application
In the terminal, the structure of the device is as shown in Figure 2, comprising:
Module 21 is obtained, after receiving icmp packet, obtains the field of the selected field of at least one in icmp packet
Value;
Correction verification module 22, for verifying the field value of at least one selected field;
Discard module 23, for if it is determined that the field value of at least one selected field is unverified, then abandoning ICMP report
Text.
In the program, terminal directly verifies the icmp packet received, for unverified icmp packet,
It is considered to carry out the icmp packet of network attack, directly abandons, so as to prevent to attack with the network of icmp packet at the terminal
Mode is hit, terminal is avoided to be attacked, guarantees the Internet Security of user.
Optionally, module 21 is obtained, is specifically used for:
Pre-set call back function is called to obtain the field value of the selected field of at least one in icmp packet.
Specifically, correction verification module 22, is specifically used for:
At least one is selected into the field value of field compared with the standard value of corresponding selected field;
If the field value and the standard value of corresponding selected field of at least one selected field are all the same, it is determined that at least one
A selected field passes through verification.
Optionally, correction verification module 22 are also used to:
If at least one selected field, there are the standard values of the field value of a selected field and corresponding selected field
It is different, it is determined that at least one selected field is unverified.
Optionally, further include processing module, be used for:
If it is determined that the field value of at least one selected field then continues with icmp packet by verification.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Although alternative embodiment of the invention has been described, created once a person skilled in the art knows basic
Property concept, then additional changes and modifications may be made to these embodiments.So the following claims are intended to be interpreted as include can
It selects embodiment and falls into all change and modification of the scope of the invention.
Obviously, those skilled in the art can carry out various modification and variations without departing from this hair to the embodiment of the present invention
The spirit and scope of bright embodiment.In this way, if these modifications and variations of the embodiment of the present invention belong to the claims in the present invention
And its within the scope of equivalent technologies, then the present invention is also intended to include these modifications and variations.
Claims (10)
1. a kind of Internet Control Message Protocol icmp packet processing method based on terminal, is applied in the terminal, special
Sign is, which comprises
After receiving icmp packet, the field value that at least one in the icmp packet selectes field is obtained;
The field value of verification at least one selected field;
If it is determined that the field value of at least one selected field is unverified, then the icmp packet is abandoned.
2. the method as described in claim 1, which is characterized in that obtain the word that at least one in the icmp packet selectes field
Segment value specifically includes:
Pre-set call back function is called to obtain the field value that at least one in the icmp packet selectes field.
3. the method as described in claim 1, which is characterized in that the field value of verification at least one selected field, specifically
Include:
By the field value of at least one selected field compared with the standard value of corresponding selected field;
If the field value and the standard value of corresponding selected field of at least one selected field are all the same, it is determined that it is described extremely
A few selected field passes through verification.
4. method as claimed in claim 3, which is characterized in that further include:
If at least one described selected field, there are the standard values of the field value of a selected field and corresponding selected field
It is different, it is determined that at least one described selected field is unverified.
5. the method as described in claim 1-4 is any, which is characterized in that further include:
If it is determined that the field value of at least one selected field then continues with the icmp packet by verification.
6. a kind of icmp packet processing unit based on terminal, is applied in the terminal, which is characterized in that described device packet
It includes:
Module is obtained, after receiving icmp packet, obtains the field value that at least one in the icmp packet selectes field;
Correction verification module, for verifying the field value of at least one selected field;
Discard module, for if it is determined that the field value of at least one selected field is unverified, then abandoning the ICMP
Message.
7. device as claimed in claim 6, which is characterized in that the acquisition module is specifically used for:
Pre-set call back function is called to obtain the field value that at least one in the icmp packet selectes field.
8. device as claimed in claim 6, which is characterized in that the correction verification module is specifically used for:
By the field value of at least one selected field compared with the standard value of corresponding selected field;
If the field value and the standard value of corresponding selected field of at least one selected field are all the same, it is determined that it is described extremely
A few selected field passes through verification.
9. device as claimed in claim 8, which is characterized in that the correction verification module is also used to:
If at least one described selected field, there are the standard values of the field value of a selected field and corresponding selected field
It is different, it is determined that at least one described selected field is unverified.
10. the device as described in claim 6-9 is any, which is characterized in that further include processing module, be used for:
If it is determined that the field value of at least one selected field then continues with the icmp packet by verification.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811542343.5A CN109768966A (en) | 2018-12-17 | 2018-12-17 | Icmp packet processing method and processing device based on terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811542343.5A CN109768966A (en) | 2018-12-17 | 2018-12-17 | Icmp packet processing method and processing device based on terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109768966A true CN109768966A (en) | 2019-05-17 |
Family
ID=66451231
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811542343.5A Pending CN109768966A (en) | 2018-12-17 | 2018-12-17 | Icmp packet processing method and processing device based on terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109768966A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101783786A (en) * | 2009-01-19 | 2010-07-21 | 中兴通讯股份有限公司 | Method and device for filtering data packets |
| CN102014109A (en) * | 2009-09-08 | 2011-04-13 | 华为技术有限公司 | Flood attack prevention method and device |
| CN104506531A (en) * | 2014-12-19 | 2015-04-08 | 上海斐讯数据通信技术有限公司 | Security defending system and security defending method aiming at flow attack |
| CN106878308A (en) * | 2017-02-21 | 2017-06-20 | 济南浪潮高新科技投资发展有限公司 | A kind of icmp packet matching system and method |
-
2018
- 2018-12-17 CN CN201811542343.5A patent/CN109768966A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101783786A (en) * | 2009-01-19 | 2010-07-21 | 中兴通讯股份有限公司 | Method and device for filtering data packets |
| CN102014109A (en) * | 2009-09-08 | 2011-04-13 | 华为技术有限公司 | Flood attack prevention method and device |
| CN104506531A (en) * | 2014-12-19 | 2015-04-08 | 上海斐讯数据通信技术有限公司 | Security defending system and security defending method aiming at flow attack |
| CN106878308A (en) * | 2017-02-21 | 2017-06-20 | 济南浪潮高新科技投资发展有限公司 | A kind of icmp packet matching system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20180109557A1 (en) | SOFTWARE DEFINED NETWORK CAPABLE OF DETECTING DDoS ATTACKS USING ARTIFICIAL INTELLIGENCE AND CONTROLLER INCLUDED IN THE SAME | |
| CN104580168B (en) | A kind of processing method of Attacking Packets, apparatus and system | |
| CN104468624B (en) | SDN controllers, routing/exchanging equipment and network defense method | |
| CN1968074B (en) | Network flow/stream simulation method | |
| CN102291441B (en) | Method and security agent device for protecting against attack of synchronize (SYN) Flood | |
| CN105939348B (en) | MAC address authentication method and device | |
| CN107124402A (en) | A kind of method and apparatus of packet filtering | |
| CN106470136B (en) | Platform test method and platform test system | |
| CN103179100B (en) | A kind of method and apparatus preventing domain name system Tunnel Attack | |
| WO2009052452A2 (en) | Virtual dispersive routing | |
| CN105162883A (en) | Network load balancing processing system, methods and devices | |
| Gilad et al. | Off-path TCP injection attacks | |
| CN105812318B (en) | For preventing method, controller and the system of attack in a network | |
| US20160294848A1 (en) | Method for protection of automotive components in intravehicle communication system | |
| CN107547559A (en) | A kind of message processing method and device | |
| CN109587167A (en) | A kind of method and apparatus of Message processing | |
| WO2016177131A1 (en) | Method, apparatus, and system for preventing dos attacks | |
| CN107835145A (en) | The method and distributed system of a kind of anti-replay-attack | |
| WO2014075485A1 (en) | Processing method for network address translation technology, nat device and bng device | |
| CN108667829A (en) | A kind of means of defence of network attack, device and storage medium | |
| EP2648383B1 (en) | Method and device for data transmission | |
| CN106161461B (en) | A kind of processing method and processing device of ARP message | |
| CN105580323B (en) | Data packet is filtered by network filtering device | |
| CN107819888A (en) | A kind of method, apparatus and network element for distributing relay address | |
| CN104184729B (en) | A kind of message processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190517 |