CN109905397A - A kind of method and intranet server for establishing data connection - Google Patents
A kind of method and intranet server for establishing data connection Download PDFInfo
- Publication number
- CN109905397A CN109905397A CN201910183506.3A CN201910183506A CN109905397A CN 109905397 A CN109905397 A CN 109905397A CN 201910183506 A CN201910183506 A CN 201910183506A CN 109905397 A CN109905397 A CN 109905397A
- Authority
- CN
- China
- Prior art keywords
- server
- transparent transmission
- intranet
- client
- intranet server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of methods for establishing data connection, applied to the system of defense of ddos attack, system of defense includes that the addressable destination server of outer net and destination server establish multiple intranet servers of communication connection and establish the transparent transmission server of communication connection with multiple intranet servers;Defence method includes: the TCP connection request for the access target server that intranet server obtains transparent transmission server transparent transmission, and TCP connection request is issued by client;When intranet server response TCP connection request completes three-way handshake with client, the access data of the client of transparent transmission server transparent transmission are obtained, and send destination server for access data.The invention also discloses a kind of intranet server, the present invention enhances the number of nodes of defence using intranet server as defence machine, prevents influence of the ddos attack to destination server, and save defence cost.
Description
Technical field
The present invention relates to Internet technical field more particularly to a kind of methods and intranet server for establishing data connection.
Background technique
The harm of distributed denial of service (Distributed Denial of Service, DDoS) attack is to service
Device creates five-tuple and causes destination server to paralyse to waste memory in semi-connection state.Existing defending DDoS (Distributed Denial of Service) is attacked
The method hit usually increases the system of defense of ddos attack, defends higher cost.
Summary of the invention
The main purpose of the present invention is to provide the methods and intranet server of establishing data connection, it is intended to solve DDoS and attack
The technical issues of defence higher cost hit.
To achieve the above object, the method provided by the invention for establishing data connection, the defence system applied to ddos attack
System, the system of defense include the addressable destination server of outer net, with the destination server establish the multiple of communication connection
Intranet server and the transparent transmission server that communication connection is established with multiple intranet servers;The defence method includes:
The TCP connection that the intranet server obtains the access destination server of the transparent transmission server transparent transmission is asked
It asks, the TCP connection request is issued by client;
When the intranet server, which responds the TCP connection request, completes three-way handshake with the client, institute is obtained
The access data of the client of transparent transmission server transparent transmission are stated, and send the destination server for the access data.
Further, the method also includes:
When the intranet server and the client are unable to complete three-way handshake, the intranet server enters waiting
State.
Further, the intranet server obtains the access destination server of the transparent transmission server transparent transmission
After TCP connection request further include:
The intranet server responds the TCP connection request, creates five-tuple and passes through the transparent transmission server to institute
It states client and replys the first response message;
The intranet server detects whether to receive by the second response message of the transparent transmission server transparent transmission, wherein
Produced by second response message, first response message as described in the client end response;
If the intranet server receives second response message, the intranet server and the client are completed
Three-way handshake.
Further, the method also includes:
If the intranet server does not receive second response message, the intranet server enters wait state;
If the intranet server enters wait state, the intranet server is detected whether to receive and be taken by the transparent transmission
Second response message of business device transparent transmission.
Further, the intranet server obtains the access destination server of the transparent transmission server transparent transmission
Before TCP connection request further include:
The intranet server detects current state, and the state includes normal operating condition and abnormal operating condition;
When the intranet server is in normal operating condition, the intranet server is sent out according to the preset time interval
Send heartbeat message to the transparent transmission server, so that the transparent transmission server is based on TCP connection described in the heartbeat message transparent transmission
It requests to the intranet server.
Further, the intranet server obtains the access destination server of the transparent transmission server transparent transmission
Before TCP connection request further include:
The intranet server sends connection request to the transparent transmission server, is communicated with establishing with the transparent transmission server
Connection.
Further, it sends the access data to after the destination server further include:
The intranet server obtains the access result that the destination server is sent;
The intranet server sends the client by the transparent transmission server for the access result.
To achieve the above object, the present invention further provides a kind of intranet server, the intranet server includes storage
Device and processor are stored with the computer-readable program that can be run on the processor, the computer on the memory
Readable program realizes above-mentioned method when being executed by the processor.
To achieve the above object, the present invention further provides a kind of methods for establishing data connection, are applied to ddos attack
System of defense, the system of defense include the addressable destination server of outer net, with the destination server establish communication connect
Multiple intranet servers for connecing and the transparent transmission server that communication connection is established with multiple intranet servers;The method packet
It includes:
The TCP connection that the transparent transmission server transparent transmission accesses the destination server is requested to the Intranet service, described
TCP connection request is issued by client;
The intranet server responds the TCP connection request and completes three-way handshake with the client;
When the intranet server and the client complete three-way handshake, the intranet server obtains the transparent transmission
The access data of the client of server transparent transmission, and the destination server is sent by the access data.
Further, the method also includes:
The transparent transmission server receives the heartbeat message that the intranet server is sent, and is selected according to the heartbeat message
The intranet server is requested out with TCP connection described in transparent transmission.
The request of TCP connection that client issues is sent transparent transmission server by the present invention, by transparent transmission server by TCP connection
Request passes through intranet server, when intranet server responds TCP connection request with client completion three-way handshake, Intranet service
Device obtains the access data of the client of transparent transmission server transparent transmission, and sends destination server for access data.Work as client
Access when being ddos attack, intranet server establishes semi-connection state by transparent transmission server and client, thus by Intranet
Server enhances the number of nodes of defence as defence machine, prevents influence of the ddos attack to destination server, and save
Defend cost.
Detailed description of the invention
Fig. 1 is the method flow diagram for establishing data connection that first embodiment of the invention provides;
Fig. 2 is the running environment figure for the method for establishing data connection that first embodiment of the invention provides;
Fig. 3 is the method flow diagram for establishing data connection that second embodiment of the invention provides;
Fig. 4 is the method flow diagram for establishing data connection that third embodiment of the invention provides;
Fig. 5 is the method flow diagram for establishing data connection that fifth embodiment of the invention provides;
Fig. 6 is the method flow diagram for establishing data connection that sixth embodiment of the invention provides;
Fig. 7 is the method flow diagram for establishing data connection that seventh embodiment of the invention provides;
Fig. 8 is the schematic diagram for the intranet server that one embodiment of the invention provides;
Fig. 9 is the method flow diagram for establishing data connection that eighth embodiment of the invention provides.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that described herein, specific examples are only used to explain the present invention, not
For limiting the present invention.Based on the embodiments of the present invention, those of ordinary skill in the art are not before making creative work
Every other embodiment obtained is put, shall fall within the protection scope of the present invention.
The description and claims of this application and term " first ", " second ", " third ", " in above-mentioned attached drawing
Four " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should be understood that using in this way
Data be interchangeable under appropriate circumstances, so that the embodiments described herein can be in addition to illustrating herein or describing
Sequence other than appearance is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that covering is non-exclusive
Include, for example, the process, method, system, product or equipment for containing a series of steps or units are not necessarily limited to clearly arrange
Those of out step or unit, but may include be not clearly listed or it is solid for these process, methods, product or equipment
The other step or units having.
It should be noted that the description for being related to " first ", " second " etc. in the present invention is used for description purposes only, and cannot
It is interpreted as its relative importance of indication or suggestion or implicitly indicates the quantity of indicated technical characteristic.Define as a result, " the
One ", the feature of " second " can explicitly or implicitly include at least one of the features.In addition, the skill between each embodiment
Art scheme can be combined with each other, but must be based on can be realized by those of ordinary skill in the art, when technical solution
Will be understood that the combination of this technical solution is not present in conjunction with there is conflicting or cannot achieve when, also not the present invention claims
Protection scope within.
Referring to Figures 1 and 2, Fig. 1 is the method flow diagram for establishing data connection that first embodiment of the invention provides, Fig. 2
For the running environment figure of the defence method, this method is applied to the system of defense of ddos attack.The system of defense includes that outer net can
The destination server 1 of access and destination server 1 are established multiple intranet servers 2 of communication connection and are taken with multiple Intranets
Business device 2 establishes the transparent transmission server 3 of communication connection, and transparent transmission server 3 is sent for transparent transmission client 4 and intranet server 2
Data.Client 4 can be PC (Personal Computer, PC), be also possible to smart phone, tablet computer, the palm
The terminal devices such as upper computer, portable computer.
When intranet server 2 executes following methods, the pressure of ddos attack is distributed in intranet server 2, to increase
The strong number of nodes of defence, prevents influence of the ddos attack to server, and save defence cost.
In one embodiment, this method comprises:
S10, the intranet server obtain the TCP connection of the access destination server of the transparent transmission server transparent transmission
Request, the TCP connection request are issued by client.
Specifically, due to client can not directly with intranet server communication connection, need by transparent transmission server with it is interior
Network server communication connection.Client issues TCP connection and requests to give transparent transmission server, and transparent transmission server requests TCP connection saturating
It is transmitted to intranet server, TCP connection request is first time handshake request.
S20 is obtained when the intranet server, which responds the TCP connection request, completes three-way handshake with the client
The access data of the client of the transparent transmission server transparent transmission are taken, and send the destination service for the access data
Device.
In one embodiment, intranet server responds first time handshake request, creates five-tuple, replys and answers for the first time
Message is answered, if client is the access of normal flow, client replys second of response message, to complete with intranet server
Three-way handshake.After completing three-way handshake, client sends access data and gives transparent transmission server, and it is saturating that transparent transmission server will access data
It is transmitted to intranet server, intranet server is sent to destination server for data are accessed, and completes client to destination server
Access.
The method provided in this embodiment for establishing data connection, the TCP connection that client is sent are requested by transparent transmission server
Intranet server is passed through, when completing three-way handshake with intranet server, access number that intranet server sends client
According to being sent to destination server.When client is ddos attack, after client sends TCP connection request, with intranet server
In semi-connection state, when an intranet server is paralysed, transparent transmission server is to another intranet server transparent transmission client
TCP connection request and access data, thus will not influence destination server to access data processing, ddos attack is formed
Effective defence, and defend at low cost.
Referring to Fig. 3, Fig. 3 is the method flow diagram for establishing data connection that second embodiment of the invention provides, this method packet
It includes:
S11, the intranet server obtain the TCP connection of the access destination server of the transparent transmission server transparent transmission
Request, the TCP connection request are issued by client.
S21, when the intranet server is unable to complete three-way handshake with the client, the intranet server enters
Wait state.
Specifically, illustrate that client is ddos attack when intranet server and client are unable to complete three-way handshake, it is interior
Network server enters wait state.Even if current intranet server is since ddos attack causes to paralyse, other intranet servers
Still the TCP connection request and access data that can handle client, not will cause the influence to destination server.
The method provided by the above embodiment for establishing data connection, when client be ddos attack when, intranet server into
Enter wait state, not will cause the influence to destination server, so as to effectively defend the ddos attack to destination server.
In one embodiment, the TCP that intranet server obtains the access target server of transparent transmission server transparent transmission connects
Before connecing request further include:
Intranet server sends connection request to transparent transmission server, to establish communication connection with transparent transmission server, to wait
The data of transparent transmission server transparent transmission.
As shown in figure 4, intranet server obtains saturating in the method for establishing data connection that third embodiment of the invention provides
Before the TCP connection request for passing the access target server of server transparent transmission further include:
S12, the intranet server detect current state, and the state includes normal operating condition and misoperation shape
State.
Specific normal operating condition is that intranet server can be with the state of normal response and transmission data, misoperation shape
State is the state that intranet server is in paralysis.
S22, when the intranet server is in normal operating condition, the intranet server is according between the preset time
Every transmission heartbeat message to the transparent transmission server, so that the transparent transmission server is based on TCP described in the heartbeat message transparent transmission
Connection request gives the intranet server.
In one embodiment, intranet server is established heartbeat with transparent transmission server and is connect, and intranet server is every pre-
If the time sends heartbeat message to transparent transmission server.Transparent transmission server is established according to the intranet server for sending heartbeat message can be with
The list for carrying out the intranet server of data processing, when transparent transmission server receives TCP connection request or access data, from
An intranet server is arbitrarily selected to carry out data penetration transmission in list.In transparent transmission server is not received by within a preset time
The heartbeat message that network server is sent then illustrates that current intranet server is in abnormality, and transparent transmission server is by abnormality
Intranet server removed from list.
The method provided in this embodiment for establishing data connection is sent according to the preset time interval by intranet server
Heartbeat message gives transparent transmission server, requests so that transparent transmission server is based on heartbeat message transparent transmission TCP connection to intranet server, with
Guarantee normal communication, to guarantee the normal access to destination server.
Referring to Fig. 5, Fig. 5 is the flow chart for the method for establishing data connection that fifth embodiment of the invention provides, and is applied to
The system of defense of ddos attack.The system of defense includes destination server 1, with destination server 1 establishes the multiple of communication connection
Intranet server 2 and the transparent transmission server 3 that communication connection is established with multiple intranet servers 2, transparent transmission server 3 are used for transparent transmission
The data that client 4 and intranet server 2 are sent.This method comprises:
S13, client 4 send TCP connection and request to transparent transmission server 3.
S23,3 transparent transmission TCP connection of transparent transmission server are requested to intranet server 2.
S33, intranet server 2 respond TCP connection request, create five-tuple, reply the first response message and give transparent transmission service
Device 3, and monitor whether to receive the second response message.
S43,3 the first response message of transparent transmission of transparent transmission server is to client 4.
S53, client 4 respond the first response message, generate the second response message to transparent transmission server 3.
S63,3 the second response message of transparent transmission of transparent transmission server is to intranet server 2.
S73, client 4 send access data to transparent transmission server 3.
S83,3 transparent transmission of transparent transmission server access data to intranet server 2.
S93, intranet server 2 are sent to destination server 1 for data are accessed.
In above-described embodiment, by the access data of intranet server creation five-tuple and forwarding client, when client is
When ddos attack, attack pressure is shared in intranet server, destination server only handles access data, so as to save
The memory of destination server.
Referring to Fig. 6, Fig. 6 is the flow chart for establishing data connection that sixth embodiment of the invention provides, this method and the 5th
The difference of embodiment is that this method will be after it will access data and be sent to destination server further include:
S14, the intranet server obtain the access result that the destination server is sent.
S24, the intranet server send the client by the transparent transmission server for the access result.
In the present embodiment, after destination server processing access data, access result is sent to intranet server, Intranet clothes
Business device passes through transparent transmission server again and is sent to client for result is accessed, and completes data access.
Referring to Fig. 7, Fig. 7 is the flow chart for the method for establishing data connection that seventh embodiment of the invention provides, the defence
System include destination server 1, with destination server 1 establish communication connection multiple intranet servers 2 and with multiple Intranets
Server 2 establishes the transparent transmission server 3 of communication connection, and transparent transmission server 3 is sent for transparent transmission client 4 and intranet server 2
Data.This method comprises:
S15, client 4 send TCP connection and request to transparent transmission server 3.
S25,3 transparent transmission TCP connection of transparent transmission server are requested to intranet server 2.
S35, intranet server 2 respond TCP connection request, create five-tuple, reply the first response message and give transparent transmission service
Device 3, and monitor whether to receive the second response message.
S45,3 the first response message of transparent transmission of transparent transmission server is to client 4.
S55, if institute's intranet server does not receive the second response message, intranet server enters wait state, continues to supervise
It surveys and whether receives the second response message.
In the present embodiment, after client sends TCP connection request, five-tuple is created by intranet server, to save
The EMS memory occupation of destination server.If current intranet server does not receive the second response message, at current intranet server
In wait state and continue to monitor whether to receive the second response message, it, only can be to current interior when client is ddos attack
Network server impacts, and the access data of other clients still can be sent to destination service by other intranet servers
Device, so as to effectively prevent influence of the ddos attack to destination server.
Referring to Fig. 8, Fig. 8 is 2 schematic diagram of intranet server that one embodiment of the invention provides, which can be with
Including memory 11, processor 12 and bus 13.
Wherein, memory 11 include at least a type of readable storage medium storing program for executing, the readable storage medium storing program for executing include flash memory,
Hard disk, multimedia card, card-type memory (for example, SD or DX memory etc.), magnetic storage, disk, CD etc..Memory 11
It can be the internal storage unit of intranet server 2, such as the hard disk of the intranet server 2 in some embodiments.Memory
11 be also possible to be equipped on the External memory equipment of intranet server 2, such as intranet server 2 in further embodiments insert
Connect formula hard disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, flash memory
Block (Flash Card) etc..Further, memory 11 can also both including intranet server 2 internal storage unit and also including
External memory equipment.Memory 11 can be not only used for the application software and Various types of data that storage is installed on intranet server 2, example
Such as code of computer-readable program 01 can be also used for temporarily storing the data that has exported or will export.
Processor 12 can be in some embodiments a central processing unit (Central Processing Unit,
CPU), controller, microcontroller, microprocessor or other data processing chips, the program for being stored in run memory 11
Code or processing data, such as execute computer-readable program 01 etc..
The bus 13 can be Peripheral Component Interconnect standard (peripheral component interconnect, abbreviation
PCI) bus or expanding the industrial standard structure (extended industry standard architecture, abbreviation EISA)
Bus etc..The bus can be divided into address bus, data/address bus, control bus etc..For convenient for indicating, in Fig. 8 only with one slightly
Line indicates, it is not intended that an only bus or a type of bus.
Further, intranet server 2 can also include network interface 14, and network interface 14 optionally may include wired
Interface and/or wireless interface (such as WI-FI interface, blue tooth interface), commonly used in being set in the intranet server 2 with other electronics
Communication connection is established between standby.
Optionally, intranet server 2 can also include user interface, user interface may include display (Display),
Input unit such as keyboard (Keyboard), optional user interface can also include standard wireline interface and wireless interface.It can
Selection of land, in some embodiments, display can be light-emitting diode display, liquid crystal display, touch-control liquid crystal display and OLED
(Organic Light-Emitting Diode, Organic Light Emitting Diode) touches device etc..Wherein, display can also be appropriate
Referred to as display screen or display unit, for being shown in the information handled in intranet server 2 and for showing visual use
Family interface.
Fig. 8 illustrates only the intranet server 2 with component 11-14 and computer-readable program 01, art technology
Personnel may include less than illustrating it is understood that the structure shown in Fig. 8 does not constitute the restriction to intranet server 2
Perhaps more components perhaps combine certain components or different component layouts.
As shown in figure 9, the method for establishing data connection that eighth embodiment of the invention provides, applied to the anti-of ddos attack
Imperial system, the system of defense include the addressable destination server 1 of outer net, with destination server 1 establish the multiple of communication connection
Intranet server 2 and the transparent transmission server 3 that communication connection is established with multiple intranet servers 2.This method comprises:
S16, the TCP connection that the transparent transmission server transparent transmission accesses the destination server are requested to the Intranet service,
The TCP connection request is issued by client;
S26, the intranet server respond the TCP connection request and complete three-way handshake with the client;
S36, when the intranet server and client completion three-way handshake, described in the intranet server acquisition
The access data of the client of transparent transmission server transparent transmission, and the destination server is sent by the access data.
Further, the method also includes:
The transparent transmission server receives the heartbeat message that the intranet server is sent, and is selected according to the heartbeat message
The intranet server is requested out with TCP connection described in transparent transmission.
In the above-described embodiments, can come wholly or partly by software, hardware, firmware or any combination thereof real
It is existing.When implemented in software, it can entirely or partly realize in the form of a computer program product.
The computer program product includes one or more computer instructions.Load and execute on computers the meter
When calculation machine program instruction, entirely or partly generate according to process or function described in the embodiment of the present invention.The computer can
To be general purpose computer, special purpose computer, computer network or other programmable devices.The computer instruction can be deposited
Storage in a computer-readable storage medium, or from a computer readable storage medium to another computer readable storage medium
Transmission, for example, the computer instruction can pass through wired (example from a web-site, computer, server or data center
Such as coaxial cable, optical fiber, Digital Subscriber Line (DSL)) or wireless (such as infrared, wireless, microwave) mode to another website
Website, computer, server or data center are transmitted.The computer readable storage medium can be computer and can deposit
Any usable medium of storage either includes that the data storages such as one or more usable mediums integrated server, data center are set
It is standby.The usable medium can be magnetic medium, (for example, floppy disk, hard disk, tape), optical medium (for example, DVD) or partly lead
Body medium (such as solid state hard disk Solid State Disk (SSD)) etc.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of server and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed system, server and method, it can
To realize by another way.For example, server example described above is only schematical, for example, the list
Member division, only a kind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or
Component can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point is shown
The mutual coupling, direct-coupling or communication connection shown or discussed can be through some interfaces, between device or unit
Coupling or communication connection are connect, can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product
When, it can store in a computer readable storage medium.Based on this understanding, the technical solution of the application is substantially
The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words
It embodies, which is stored in a storage medium, including some instructions are used so that a computer
Equipment (can be personal computer, server or the network equipment etc.) executes the complete of each embodiment the method for the application
Portion or part steps.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only
Memory), random access memory (RAM, Random Access Memory), magnetic or disk etc. are various can store journey
The medium of sequence code.
It should be noted that the serial number of the above embodiments of the invention is only for description, do not represent the advantages or disadvantages of the embodiments.And
The terms "include", "comprise" herein or any other variant thereof is intended to cover non-exclusive inclusion, so that packet
Process, device, article or the method for including a series of elements not only include those elements, but also including being not explicitly listed
Other element, or further include for this process, device, article or the intrinsic element of method.Do not limiting more
In the case where, the element that is limited by sentence "including a ...", it is not excluded that including process, device, the article of the element
Or there is also other identical elements in method.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills
Art field, is included within the scope of the present invention.
Claims (10)
1. a kind of method for establishing data connection, which is characterized in that applied to the system of defense of ddos attack, the system of defense
Including the addressable destination server of outer net, with the destination server establish communication connection multiple intranet servers and with
Multiple intranet servers establish the transparent transmission server of communication connection;The defence method includes:
The intranet server obtains the TCP connection request of the access destination server of the transparent transmission server transparent transmission, institute
TCP connection request is stated to be issued by client;
When the intranet server, which responds the TCP connection request, completes three-way handshake with the client, obtain described
The access data of the client of server transparent transmission are passed, and send the destination server for the access data.
2. the method as described in claim 1, which is characterized in that the method also includes:
When the intranet server and the client are unable to complete three-way handshake, the intranet server enters waiting shape
State.
3. the method as described in claim 1, which is characterized in that the intranet server obtains the transparent transmission server transparent transmission
After the TCP connection request for accessing the destination server further include:
The intranet server responds the TCP connection request, creates five-tuple and passes through the transparent transmission server to the visitor
Reply the first response message in family end;
The intranet server detects whether to receive by the second response message of the transparent transmission server transparent transmission, wherein described
Produced by second response message, first response message as described in the client end response;
If the intranet server receives second response message, the intranet server and the client are completed three times
It shakes hands.
4. method as claimed in claim 3, which is characterized in that the method also includes:
If the intranet server does not receive second response message, the intranet server enters wait state;
If the intranet server enters wait state, the intranet server detects whether to receive by the transparent transmission server
Second response message of transparent transmission.
5. the method as described in claim 1, which is characterized in that the intranet server obtains the transparent transmission server transparent transmission
Before the TCP connection request for accessing the destination server further include:
The intranet server detects current state, and the state includes normal operating condition and abnormal operating condition;
When the intranet server is in normal operating condition, the intranet server sends the heart according to the preset time interval
Hop-information gives the transparent transmission server, so that the transparent transmission server is based on the request of TCP connection described in the heartbeat message transparent transmission
To the intranet server.
6. the method as described in claim 1, which is characterized in that the intranet server obtains the transparent transmission server transparent transmission
Before the TCP connection request for accessing the destination server further include:
The intranet server sends connection request to the transparent transmission server, is connected with establishing communication with the transparent transmission server
It connects.
7. the method as described in claim 1, which is characterized in that send the access data to after the destination server
Further include:
The intranet server obtains the access result that the destination server is sent;
The intranet server sends the client by the transparent transmission server for the access result.
8. a kind of intranet server, which is characterized in that the intranet server includes memory and processor, on the memory
It is stored with the computer-readable program that can be run on the processor, the computer-readable program is executed by the processor
Shi Shixian the method according to claim 1 to 7.
9. a kind of method for establishing data connection, which is characterized in that applied to the system of defense of ddos attack, the system of defense
Including the addressable destination server of outer net, with the destination server establish communication connection multiple intranet servers and with
Multiple intranet servers establish the transparent transmission server of communication connection;The described method includes:
The TCP connection that the transparent transmission server transparent transmission accesses the destination server is requested to the Intranet service, and the TCP connects
Request is connect to be issued by client;
The intranet server responds the TCP connection request and completes three-way handshake with the client;
When the intranet server and the client complete three-way handshake, the intranet server obtains the transparent transmission service
The access data of the client of device transparent transmission, and the destination server is sent by the access data.
10. method as claimed in claim 9, which is characterized in that the method also includes:
The transparent transmission server receives the heartbeat message that the intranet server is sent, and selects institute according to the heartbeat message
Intranet server is stated to request with TCP connection described in transparent transmission.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910183506.3A CN109905397A (en) | 2019-03-12 | 2019-03-12 | A kind of method and intranet server for establishing data connection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910183506.3A CN109905397A (en) | 2019-03-12 | 2019-03-12 | A kind of method and intranet server for establishing data connection |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109905397A true CN109905397A (en) | 2019-06-18 |
Family
ID=66946928
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910183506.3A Pending CN109905397A (en) | 2019-03-12 | 2019-03-12 | A kind of method and intranet server for establishing data connection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109905397A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112398847A (en) * | 2020-11-12 | 2021-02-23 | 华侨大学 | Intranet penetration method and system based on TCP Socket and improved heartbeat mechanism |
| CN113342845A (en) * | 2021-06-23 | 2021-09-03 | 乐刷科技有限公司 | Data synchronization method, computer device and readable storage medium |
| CN114598749A (en) * | 2020-12-17 | 2022-06-07 | 国网信息通信产业集团有限公司 | Service access method and device |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1510872A (en) * | 2002-12-24 | 2004-07-07 | 中联绿盟信息技术(北京)有限公司 | Method for opposing refuse service attack with DNS and applied agency combination |
| CN101834875A (en) * | 2010-05-27 | 2010-09-15 | 华为技术有限公司 | Method, device and system for defending DDoS (Distributed Denial of Service) attacks |
| CN101997673A (en) * | 2009-08-17 | 2011-03-30 | 成都市华为赛门铁克科技有限公司 | Network agent implementation method and device |
| CN103442224A (en) * | 2013-09-09 | 2013-12-11 | 杭州巨峰科技有限公司 | NAT penetration-based video monitoring access strategy and realization method |
| US8819821B2 (en) * | 2007-05-25 | 2014-08-26 | New Jersey Institute Of Technology | Proactive test-based differentiation method and system to mitigate low rate DoS attacks |
| CN106603588A (en) * | 2015-10-14 | 2017-04-26 | 北京国双科技有限公司 | Processing method and device for server node |
| US9749354B1 (en) * | 2015-02-16 | 2017-08-29 | Amazon Technologies, Inc. | Establishing and transferring connections |
| CN107770189A (en) * | 2017-10-30 | 2018-03-06 | 湖北三新文化传媒有限公司 | Reverse proxy method, system, proxy server and storage medium |
-
2019
- 2019-03-12 CN CN201910183506.3A patent/CN109905397A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1510872A (en) * | 2002-12-24 | 2004-07-07 | 中联绿盟信息技术(北京)有限公司 | Method for opposing refuse service attack with DNS and applied agency combination |
| US8819821B2 (en) * | 2007-05-25 | 2014-08-26 | New Jersey Institute Of Technology | Proactive test-based differentiation method and system to mitigate low rate DoS attacks |
| CN101997673A (en) * | 2009-08-17 | 2011-03-30 | 成都市华为赛门铁克科技有限公司 | Network agent implementation method and device |
| CN101834875A (en) * | 2010-05-27 | 2010-09-15 | 华为技术有限公司 | Method, device and system for defending DDoS (Distributed Denial of Service) attacks |
| CN103442224A (en) * | 2013-09-09 | 2013-12-11 | 杭州巨峰科技有限公司 | NAT penetration-based video monitoring access strategy and realization method |
| US9749354B1 (en) * | 2015-02-16 | 2017-08-29 | Amazon Technologies, Inc. | Establishing and transferring connections |
| CN106603588A (en) * | 2015-10-14 | 2017-04-26 | 北京国双科技有限公司 | Processing method and device for server node |
| CN107770189A (en) * | 2017-10-30 | 2018-03-06 | 湖北三新文化传媒有限公司 | Reverse proxy method, system, proxy server and storage medium |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112398847A (en) * | 2020-11-12 | 2021-02-23 | 华侨大学 | Intranet penetration method and system based on TCP Socket and improved heartbeat mechanism |
| CN112398847B (en) * | 2020-11-12 | 2022-11-01 | 华侨大学 | Intranet penetration method and system based on TCP Socket and improved heartbeat mechanism |
| CN114598749A (en) * | 2020-12-17 | 2022-06-07 | 国网信息通信产业集团有限公司 | Service access method and device |
| CN114598749B (en) * | 2020-12-17 | 2024-01-09 | 国网信息通信产业集团有限公司 | Service access method and device |
| CN113342845A (en) * | 2021-06-23 | 2021-09-03 | 乐刷科技有限公司 | Data synchronization method, computer device and readable storage medium |
| CN113342845B (en) * | 2021-06-23 | 2024-02-20 | 乐刷科技有限公司 | Data synchronization method, computer device and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109905397A (en) | A kind of method and intranet server for establishing data connection | |
| CN109787859A (en) | Intelligent speed-limiting method, apparatus and storage medium based on network congestion detection | |
| US10109079B2 (en) | Method and apparatus for processing tab in graphical interface | |
| CN109981415A (en) | Condition judgement method, electronic equipment, system and medium | |
| CN109634915A (en) | File dispositions method, Cloud Server, system and storage medium | |
| US20240001237A1 (en) | Method and apparatus for sending information, transferring resource in game, medium and device | |
| CN105550051A (en) | Asynchronous processing method and device of business request | |
| CN109951562A (en) | NAT penetrating method and system, electronic equipment and storage medium | |
| CN103023906A (en) | Method and system aiming at remote procedure calling conventions to perform status tracking | |
| CN109922156A (en) | A kind of data communications method and its relevant device | |
| CN105357250B (en) | A kind of data operation system | |
| CN110278278A (en) | A kind of data transmission method, system, device and computer media | |
| CN105868244A (en) | Link mark based webpage display method, mobile terminal and intelligent terminal | |
| CN109547449A (en) | A kind of safety detection method and relevant apparatus | |
| CN110417789B (en) | Server connection method, electronic device, system and medium | |
| CN110473097A (en) | Transaction monitoring method, terminal and computer readable storage medium | |
| CN109462527A (en) | Network congestion analysis method, device and storage medium | |
| CN110149371A (en) | Equipment connection method, device and terminal device | |
| CN109857579A (en) | A kind of data processing method and relevant apparatus | |
| CN106302519A (en) | The method of a kind of internet security management and terminal | |
| CN109885729A (en) | A kind of method, apparatus and system showing data | |
| CN109740342A (en) | Obtain method, system, computer installation and storage medium that shell executes permission | |
| CN103036895B (en) | A kind of status tracking method and system | |
| CN109614180A (en) | Webpage deployment method, electronic equipment, system and storage medium | |
| CN102902593B (en) | Agreement distributing and processing system based on caching mechanism |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190618 |