CN110120956A - Message processing method and device based on virtual firewall - Google Patents

Message processing method and device based on virtual firewall Download PDF

Info

Publication number
CN110120956A
CN110120956A CN201910453607.8A CN201910453607A CN110120956A CN 110120956 A CN110120956 A CN 110120956A CN 201910453607 A CN201910453607 A CN 201910453607A CN 110120956 A CN110120956 A CN 110120956A
Authority
CN
China
Prior art keywords
virtual firewall
session
mark
clear text
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910453607.8A
Other languages
Chinese (zh)
Other versions
CN110120956B (en
Inventor
孟相玉
张代生
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou DPTech Technologies Co Ltd
Original Assignee
Hangzhou DPTech Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou DPTech Technologies Co Ltd filed Critical Hangzhou DPTech Technologies Co Ltd
Priority to CN201910453607.8A priority Critical patent/CN110120956B/en
Publication of CN110120956A publication Critical patent/CN110120956A/en
Application granted granted Critical
Publication of CN110120956B publication Critical patent/CN110120956B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/146Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]

Abstract

The application is applied in virtual firewall for a kind of message processing method and device based on virtual firewall, which comprises obtains the five-tuple information and virtual firewall mark that the clear text received carries;Five-tuple information and virtual firewall mark are searched in conversational list;If not finding, it is determined that after the forwarding information of clear text, determine that virtual firewall identifies whether corresponding virtual firewall reaches corresponding newly-built session rate-valve value;If it is determined that virtual firewall, which identifies corresponding virtual firewall, reaches newly-built session rate-valve value, carrying discarding mark and the first session corresponding with five-tuple information, virtual firewall mark, forwarding information are then established in conversational list, abandon the message progress discard processing for identifying and being used to indicate to the first session of subsequent match;Abandon clear text.Using embodiments herein, the newly-built session rate for influencing each virtual firewall can be substantially reduced, the overall performance of firewall is promoted.

Description

Message processing method and device based on virtual firewall
Technical field
This application involves network communication technology field, be specifically designed a kind of message processing method based on virtual firewall and Device.
Background technique
Firewall is the barrier of network security, and end-filtration can be helped to fall some unsafe factors, can be with maximum journey Degree improves the safety of terminal.Virtual firewall is that a firewall is logically divided into multiple virtual firewalls, often A virtual firewall can be seen as a completely self-contained firewall, possess independent system resource, administrator, safe plan Summary, user authentication data library etc..But if created in virtual firewall, session rate is excessive certainly will to influence other virtual fire prevention The normal transmission of message in wall, it is default newly-built when reaching therefore, it is necessary to carry out newly-built session rate limit for virtual firewall Dropping packets when session rate.
Currently, the message processing method based on virtual firewall is, after receiving clear text, obtains clear text and take The five-tuple information and virtual firewall of band identify;Five-tuple information and virtual firewall mark are searched in conversational list, if looking into It finds, then identifies corresponding session according to five-tuple information and virtual firewall and send clear text, if not finding, really Determine the forwarding information of clear text, then determines that virtual firewall identifies whether corresponding virtual firewall reaches newly-built session Rate-valve value;If it is determined that virtual firewall, which identifies corresponding virtual firewall, reaches newly-built session rate-valve value, then abandon wait locate Manage message;If virtual firewall identifies the not up to newly-built session rate-valve value of corresponding virtual firewall, establishes and believe with forwarding Breath, five-tuple information and virtual firewall identify corresponding session, send clear text.
In the above method, when abandoning clear text, need to abide by transmission control protocol (Transmission Control Protocol, TCP)/Internet protocol (Internet Protocol, IP) standard, not due to clear text It mixes conversational list, before explanation and does not set up session, clear text is numbered for establishing the TCP synchronizing sequence of TCP connection (Synchronize Sequence Numbers, SYN) message is attempted at this point, will do it and at most retransmit three times, if weighed three times The response that server is not all received after passing all, which can just send TCP and restart (Reset, RST) message, closes the connection.Assuming that anti- For the newly-built session rate-valve value of wall with flues to be 1,000,000 per second, which has divided three virtual firewalls, virtual firewall mark Knowing is respectively VFW-ID1, VFW-ID2, VFW-ID3, and the newly-built session rate-valve value for configuring three virtual firewalls is 20 respectively Ten thousand is per second, 200,000 per second, 200,000 per second, when to reach 400,000 per second for the newly-built session rate in VFW-ID3, then firewall is new Build session rate include VFW-ID1 it is 200,000 per second, VFW-ID2 200,000 per second, VFW-ID3 200,000 per second, more than VFW- Retransmit when the packet loss of the newly-built session rate-valve value (400,000 per second subtract 200,000 per second) of ID3 is exactly 600,000 per second three times, Amount to 1,200,000 per second, this greatly exceeds the newly-built session rate-valve values of firewall, to will affect each virtual firewall Newly-built session rate, reduces the overall performance of firewall.
Summary of the invention
In view of this, the application provides a kind of message processing method and device based on virtual firewall, to solve correlation The newly-built session rate that will affect each virtual firewall present in technology, the problem of reducing the overall performance of firewall.
Specifically, the application is achieved by the following technical solution:
A kind of message processing method based on virtual firewall is applied in virtual firewall, which comprises
Obtain the five-tuple information and virtual firewall mark that the clear text received carries;
The five-tuple information and virtual firewall mark are searched in conversational list;
If not finding the five-tuple information and virtual firewall mark in the conversational list, it is determined that described After the forwarding information of clear text, determine that the virtual firewall identifies whether corresponding virtual firewall reaches corresponding new Build session rate-valve value;
If it is determined that the virtual firewall, which identifies corresponding virtual firewall, reaches the newly-built session rate-valve value, then exist It establishes to carry in the conversational list and abandons mark and believe with the five-tuple information, virtual firewall mark, the forwarding Corresponding first session is ceased, the message that the discarding mark is used to indicate the first session described in subsequent match carries out at discarding Reason;
Abandon the clear text.
A kind of message process device based on virtual firewall is applied in virtual firewall, and described device includes:
Module is obtained, for obtaining the five-tuple information and virtual firewall mark that the clear text received carries;
Searching module, for searching the five-tuple information and virtual firewall mark in conversational list;
Determining module, if for not finding the five-tuple information and the virtual firewall mark in the conversational list Know, it is determined that after the forwarding information of the clear text, determine that the virtual firewall identifies corresponding virtual firewall and is It is no to reach corresponding newly-built session rate-valve value;
Module is established, for if it is determined that the virtual firewall, which identifies corresponding virtual firewall, reaches the newly-built session Rate-valve value, then in the conversational list establish carry abandon mark and with the five-tuple information, the virtual firewall mark Know, corresponding first session of the forwarding information, the report for abandoning mark and being used to indicate the first session described in subsequent match Text carries out discard processing;
Discard module, for abandoning the clear text.
By the above technical solution provided by the present application as it can be seen that if not finding the clear text received in conversational list The five-tuple information and virtual firewall of carrying identify, and do not set up corresponding session before illustrating, which is to be used for The TCP SYN message of TCP connection is established, virtual firewall identifies corresponding virtual firewall and reaches newly-built session speed if also determining Rate threshold value is then established in conversational list and carries discarding mark and identify with five-tuple information, virtual firewall, forwarding information pair The first session answered, discarding mark, which is used to indicate, carries out discard processing to the message of the first session of subsequent match, due to TCP SYN message will do it to be retransmitted three times, is lost establishing in corresponding session to be added to based on the TCP SYN message received for the first time After non-paying bid is known, re-transmissions not will do it for the TCP SYN message of subsequent arrival, directly discarding, relative to the relevant technologies, when When the newly-built session rate that virtual firewall identifies corresponding virtual firewall is more than its corresponding newly-built session threshold value, for TCP SYN message is directly abandoned without being retransmitted three times, influences the newly-built of each virtual firewall so as to substantially reduce Session rate promotes the overall performance of firewall.
Detailed description of the invention
Fig. 1 is a kind of flow chart of message processing method based on virtual firewall shown in the application;
Fig. 2 is a kind of flow chart of preferred embodiment shown in the application;
Fig. 3 is a kind of structural schematic diagram of message process device based on virtual firewall shown in the application.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they be only with it is such as appended The example of the consistent device and method of some aspects be described in detail in claims, the application.
It is only to be not intended to be limiting the application merely for for the purpose of describing particular embodiments in term used in this application. It is also intended in the application and the "an" of singular used in the attached claims, " " and "the" including most shapes Formula, unless the context clearly indicates other meaning.It is also understood that term "and/or" used herein refers to and includes One or more associated any or all of project listed may combine.
It will be appreciated that though various information, but this may be described using term first, second, third, etc. in the application A little information should not necessarily be limited by these terms.These terms are only used to for same type of information being distinguished from each other out.For example, not departing from In the case where the application range, the first information can also be referred to as the second information, and similarly, the second information can also be referred to as One information.Depending on context, word as used in this " if " can be construed to " ... when " or " when ... When " or " in response to determination ".
To solve the above-mentioned problems, the embodiment of the invention provides a kind of message processing method based on virtual firewall, The newly-built session rate for influencing each virtual firewall can be substantially reduced, the overall performance of firewall is promoted.Referring to Figure 1, Fig. 1 is a kind of flow chart of message processing method based on virtual firewall shown in the application, is applied in virtual firewall, Virtual firewall can be set between server and terminal, it is ensured that the network security of terminal.
S11: the five-tuple information and virtual firewall mark that the clear text received carries are obtained.
S12: five-tuple information and virtual firewall mark are searched in conversational list.
If not finding five-tuple information and virtual firewall mark in conversational list, executes S13: determining report to be processed After the forwarding information of text, determine that virtual firewall identifies whether corresponding virtual firewall reaches corresponding newly-built session rate threshold Value.
After determining the forwarding information of clear text, if virtual firewall supports network address translation (Network Address Translation, NAT) and filtering function, NAT conversion can also be carried out and match the processing of security strategy.
S14: if it is determined that virtual firewall, which identifies corresponding virtual firewall, reaches newly-built session rate-valve value, then in session It establishes to carry in table and abandons mark and the first session corresponding with five-tuple information, virtual firewall mark, forwarding information, lose Non-paying bid, which is known to be used to indicate, carries out discard processing to the message of the first session of subsequent match;
S15: clear text is abandoned.
By the above technical solution provided by the present application as it can be seen that if not finding the clear text received in conversational list The five-tuple information and virtual firewall of carrying identify, and do not set up corresponding session before illustrating, which is for establishing TCP The TCP SYN message of connection, if also determining, virtual firewall identifies corresponding virtual firewall and reaches newly-built session rate-valve value, It then establishes to carry in conversational list and abandons mark and identified with five-tuple information, virtual firewall, forwarding information corresponding first Session, discarding mark, which is used to indicate, carries out discard processing to the message of the first session of subsequent match, due to TCP SYN message meeting Retransmitted three times, established in corresponding session based on the TCP SYN message received for the first time be added to discarding mark after, Re-transmission not will do it for the TCP SYN message of subsequent arrival, directly abandon, relative to the relevant technologies, when virtual fire prevention When the newly-built session rate that wall identifies corresponding virtual firewall is more than its corresponding newly-built session threshold value, TCP SYN is reported Text is directly abandoned without being retransmitted three times, so as to substantially reduce the newly-built session rate for influencing each virtual firewall, Promote the overall performance of firewall.
A kind of optional embodiment, in the above method after S13, further includes:
If it is determined that virtual firewall identifies the not up to newly-built session rate-valve value of corresponding virtual firewall, then in conversational list Middle foundation the second session corresponding with five-tuple information, virtual firewall mark, forwarding information, and send clear text.
Due to not finding five-tuple information and virtual firewall mark in conversational list, and determine virtual firewall mark Know the not up to newly-built session rate-valve value of corresponding virtual firewall, illustrates that the corresponding virtual firewall of virtual firewall mark can To continue normally to forward, corresponding session can be established in conversational list, carry identical five in order to subsequent convenient for forwarding The forward process of the message of tuple information and virtual firewall mark, and send clear text.
Fig. 2 is referred to, Fig. 2 is a kind of optional embodiment, on the basis of method as shown in Figure 1 further include:
If finding five-tuple information and virtual firewall mark in conversational list, executes S16: determining five-tuple information Identify whether corresponding third session carries discarding mark with virtual firewall.
If it is determined that third session, which carries, abandons mark, then S17 is executed: report to be processed is handled according to the type of clear text Text.
If third session does not carry discarding mark, S18 is executed: clear text is sent according to third session.
It is same that carrying was received if finding five-tuple information and virtual firewall mark in conversational list, between explanation The message of five-tuple information and virtual firewall mark, it is also necessary to further determine that five-tuple information and virtual firewall mark pair Whether the session answered carries discarding mark, if not carrying discarding mark, illustrates that the clear text is normal data message, directly It receives and sends;Mark is abandoned if carrying, illustrates that the clear text is the subsequent TCP SYN message or TCP retransmitted RST message, therefore, it is necessary to be handled according to type of message.
Specifically, handling clear text according to the type of clear text in above-mentioned S17, implementation is specifically included:
Determine the type of clear text;
If it is determined that the type of clear text is TCP SYN message, then clear text is abandoned;
If it is determined that the type of clear text is TCP RST message, then the session of aging third and clear text is abandoned.
If it is determined that the type of clear text is TCP SYN message, explanation is the TCP of second or third re-transmission SYN message is directly abandoned without sending;If it is determined that the type of clear text is TCP RST message, then illustrate Finish to retransmit three times, mission existing for third session has been completed, therefore with the session of aging third and can abandon report to be processed Text.
Fig. 3 is referred to, Fig. 3 is a kind of structural representation of message process device based on virtual firewall shown in the application Figure is applied in virtual firewall, which includes:
Module 31 is obtained, for obtaining the five-tuple information and virtual firewall mark that the clear text received carries Know;
Searching module 32, for searching five-tuple information and virtual firewall mark in conversational list;
Determining module 33, if for not finding five-tuple information and virtual firewall mark in conversational list, it is determined that After the forwarding information of clear text, determine that virtual firewall identifies whether corresponding virtual firewall reaches corresponding newly-built meeting Talk about rate-valve value;
Module 34 is established, for if it is determined that virtual firewall, which identifies corresponding virtual firewall, reaches newly-built session rate threshold Value, then in conversational list establish carry abandon mark and with five-tuple information, virtual firewall mark, forwarding information it is corresponding First session abandons the message progress discard processing for identifying and being used to indicate to the first session of subsequent match;
Discard module 35, for abandoning clear text.
By the above technical solution provided by the present application as it can be seen that if not finding the clear text received in conversational list The five-tuple information and virtual firewall of carrying identify, and do not set up corresponding session before illustrating, which is for establishing TCP The TCP SYN message of connection, if also determining, virtual firewall identifies corresponding virtual firewall and reaches newly-built session rate-valve value, It then establishes to carry in conversational list and abandons mark and identified with five-tuple information, virtual firewall, forwarding information corresponding first Session, discarding mark, which is used to indicate, carries out discard processing to the message of the first session of subsequent match, due to TCP SYN message meeting Retransmitted three times, established in corresponding session based on the TCP SYN message received for the first time be added to discarding mark after, Re-transmission not will do it for the TCP SYN message of subsequent arrival, directly abandon, relative to the relevant technologies, when virtual fire prevention When the newly-built session rate that wall identifies corresponding virtual firewall is more than its corresponding newly-built session threshold value, TCP SYN is reported Text is directly abandoned without being retransmitted three times, so as to substantially reduce the newly-built session rate for influencing each virtual firewall, Promote the overall performance of firewall.
Optionally, above-mentioned apparatus further includes the first sending module, in which:
Module is established, is also used to if it is determined that virtual firewall identifies the not up to newly-built session rate of corresponding virtual firewall Threshold value then establishes the second session corresponding with five-tuple information, virtual firewall mark, forwarding information in conversational list;
First sending module, for sending clear text.
Optional, above-mentioned apparatus further includes processing module, is used for:
If finding five-tuple information and virtual firewall mark in conversational list, it is determined that five-tuple information is prevented with virtual Wall with flues identifies whether corresponding third session carries discarding mark;
If it is determined that third session, which carries, abandons mark, then clear text is handled according to the type of clear text.
Specifically, above-mentioned processing module, for being specifically used for according to the type of clear text processing clear text:
Determine the type of clear text;
If it is determined that the type of clear text is transmission control protocol TCP synchronizing sequence number SYN message, then abandon wait locate Manage message;
If it is determined that the type of clear text is that TCP restarts RST message, then the session of aging third and report to be processed is abandoned Text.
Optionally, above-mentioned apparatus further includes the second sending module, is used for:
If third session does not carry discarding mark, clear text is sent according to third session.
For device embodiment, since it corresponds essentially to embodiment of the method, so related place is referring to method reality Apply the part explanation of example.The apparatus embodiments described above are merely exemplary, wherein described be used as separation unit The unit of explanation may or may not be physically separated, and component shown as a unit can be or can also be with It is not physical unit, it can it is in one place, or may be distributed over multiple network units.It can be according to actual The purpose for needing to select some or all of the modules therein to realize application scheme.Those of ordinary skill in the art are not paying Out in the case where creative work, it can understand and implement.
The foregoing is merely the preferred embodiments of the application, not to limit the application, all essences in the application Within mind and principle, any modification, equivalent substitution, improvement and etc. done be should be included within the scope of the application protection.

Claims (10)

1. a kind of message processing method based on virtual firewall is applied in virtual firewall, which is characterized in that the method Include:
Obtain the five-tuple information and virtual firewall mark that the clear text received carries;
The five-tuple information and virtual firewall mark are searched in conversational list;
If not finding the five-tuple information and virtual firewall mark in the conversational list, it is determined that described wait locate After the forwarding information for managing message, determine that the virtual firewall identifies whether corresponding virtual firewall reaches corresponding newly-built meeting Talk about rate-valve value;
If it is determined that the virtual firewall, which identifies corresponding virtual firewall, reaches the newly-built session rate-valve value, then described It establishes to carry in conversational list and abandons mark and identified with the five-tuple information, the virtual firewall, the forwarding information pair The first session answered, the message progress discard processing for abandoning mark and being used to indicate the first session described in subsequent match;
Abandon the clear text.
2. the method according to claim 1, wherein the method also includes:
If it is determined that the virtual firewall, which identifies corresponding virtual firewall, is not up to the newly-built session rate-valve value, then in institute It states and establishes the second session corresponding with the five-tuple information, virtual firewall mark, the forwarding information in conversational list, And send the clear text.
3. method according to claim 1 or 2, which is characterized in that the method also includes:
If finding the five-tuple information and virtual firewall mark in the conversational list, it is determined that the five-tuple Information and the virtual firewall identify whether corresponding third session carries the discarding mark;
If it is determined that the third session carries the discarding mark, then handled according to the type of the clear text described wait locate Manage message.
4. according to the method described in claim 3, it is characterized in that, being handled according to the type of the clear text described wait locate Message is managed, is specifically included:
Determine the type of the clear text;
If it is determined that the type of the clear text is transmission control protocol TCP synchronizing sequence number SYN message, then described in discarding Clear text;
If it is determined that the type of the clear text is that TCP restarts RST message, then third session described in aging and abandon it is described to Handle message.
5. according to the method described in claim 3, it is characterized in that, the method also includes:
If the third session does not carry the discarding mark, the clear text is sent according to the third session.
6. a kind of message process device based on virtual firewall is applied in virtual firewall, which is characterized in that described device Include:
Module is obtained, for obtaining the five-tuple information and virtual firewall mark that the clear text received carries;
Searching module, for searching the five-tuple information and virtual firewall mark in conversational list;
Determining module, if for not finding the five-tuple information and virtual firewall mark in the conversational list, After the forwarding information for then determining the clear text, determine that the virtual firewall identifies whether corresponding virtual firewall reaches To corresponding newly-built session rate-valve value;
Module is established, for if it is determined that the virtual firewall, which identifies corresponding virtual firewall, reaches the newly-built session rate Threshold value, then establish carrying discarding mark in the conversational list and identified with the five-tuple information, the virtual firewall, Corresponding first session of the forwarding information, it is described abandon mark be used to indicate the message of the first session described in subsequent match into Row discard processing;
Discard module, for abandoning the clear text.
7. device according to claim 6, which is characterized in that described device further includes the first sending module, in which:
It is described to establish module, it is also used to if it is determined that the virtual firewall, which identifies corresponding virtual firewall, is not up to described create Session rate-valve value is then established in the conversational list and the five-tuple information, virtual firewall mark, the forwarding Corresponding second session of information;
First sending module, for sending the clear text.
8. device according to claim 6 or 7, which is characterized in that described device further includes processing module, is used for:
If finding the five-tuple information and virtual firewall mark in the conversational list, it is determined that the five-tuple Information and the virtual firewall identify whether corresponding third session carries the discarding mark;
If it is determined that the third session carries the discarding mark, then handled according to the type of the clear text described wait locate Manage message.
9. device according to claim 8, which is characterized in that the processing module, for according to the clear text Type handle the clear text, be specifically used for:
Determine the type of the clear text;
If it is determined that the type of the clear text is transmission control protocol TCP synchronizing sequence number SYN message, then described in discarding Clear text;
If it is determined that the type of the clear text is that TCP restarts RST message, then third session described in aging and abandon it is described to Handle message.
10. device according to claim 8, which is characterized in that described device further includes the second sending module, is used for:
If the third session does not carry the discarding mark, the clear text is sent according to the third session.
CN201910453607.8A 2019-05-28 2019-05-28 Message processing method and device based on virtual firewall Active CN110120956B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910453607.8A CN110120956B (en) 2019-05-28 2019-05-28 Message processing method and device based on virtual firewall

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910453607.8A CN110120956B (en) 2019-05-28 2019-05-28 Message processing method and device based on virtual firewall

Publications (2)

Publication Number Publication Date
CN110120956A true CN110120956A (en) 2019-08-13
CN110120956B CN110120956B (en) 2021-06-29

Family

ID=67523550

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910453607.8A Active CN110120956B (en) 2019-05-28 2019-05-28 Message processing method and device based on virtual firewall

Country Status (1)

Country Link
CN (1) CN110120956B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112532620A (en) * 2020-11-26 2021-03-19 杭州迪普信息技术有限公司 Session table control method and device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103095665A (en) * 2011-11-07 2013-05-08 中兴通讯股份有限公司 Method and device of improving firewall processing performance
US20150295998A1 (en) * 2006-06-30 2015-10-15 Centurylink Intellectual Property Llc System and Method for Selecting a Content Delivery Network
US20160381077A1 (en) * 2014-11-04 2016-12-29 Patternex, Inc. Method and apparatus for identifying and detecting threats to an enterprise or e-commerce system
CN106878460A (en) * 2017-03-24 2017-06-20 腾讯科技(深圳)有限公司 Communication processing method and device
CN107888500A (en) * 2017-11-03 2018-04-06 东软集团股份有限公司 Message forwarding method and device, storage medium, electronic equipment
CN107995233A (en) * 2016-10-26 2018-05-04 阿里巴巴集团控股有限公司 Establish the method for connection and corresponding equipment
CN109327426A (en) * 2018-01-11 2019-02-12 白令海 A kind of firewall attack defense method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150295998A1 (en) * 2006-06-30 2015-10-15 Centurylink Intellectual Property Llc System and Method for Selecting a Content Delivery Network
CN103095665A (en) * 2011-11-07 2013-05-08 中兴通讯股份有限公司 Method and device of improving firewall processing performance
US20160381077A1 (en) * 2014-11-04 2016-12-29 Patternex, Inc. Method and apparatus for identifying and detecting threats to an enterprise or e-commerce system
CN107995233A (en) * 2016-10-26 2018-05-04 阿里巴巴集团控股有限公司 Establish the method for connection and corresponding equipment
CN106878460A (en) * 2017-03-24 2017-06-20 腾讯科技(深圳)有限公司 Communication processing method and device
CN107888500A (en) * 2017-11-03 2018-04-06 东软集团股份有限公司 Message forwarding method and device, storage medium, electronic equipment
CN109327426A (en) * 2018-01-11 2019-02-12 白令海 A kind of firewall attack defense method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112532620A (en) * 2020-11-26 2021-03-19 杭州迪普信息技术有限公司 Session table control method and device

Also Published As

Publication number Publication date
CN110120956B (en) 2021-06-29

Similar Documents

Publication Publication Date Title
US7107609B2 (en) Stateful packet forwarding in a firewall cluster
CN107948076B (en) Method and device for forwarding message
US10027781B2 (en) TCP link configuration method, apparatus, and device
EP2136526A1 (en) Method, device for identifying service flows and method, system for protecting against a denial of service attack
US10027496B2 (en) Method for distributing identifiers of multicast sources
EP2991292A1 (en) Network collaborative defense method, device and system
EP2692095B1 (en) Method, apparatus and computer program product for updating load balancer configuration data
WO2015066648A1 (en) Firewall packet blocking test without using a network
EP2741463A1 (en) Data packet transmission method
CN110266678B (en) Security attack detection method and device, computer equipment and storage medium
CN106101161B (en) It is a kind of for handle forge TCP data packet method and system
CN102014110A (en) Method for authenticating communication flows, communication system and protective device
CN101594359A (en) Defence synchronous flood attack method of transmission control protocol and transmission control protocol proxy
US9641485B1 (en) System and method for out-of-band network firewall
CN100420197C (en) Method for guarding against attack realized for networked devices
US7564848B2 (en) Method for the establishing of connections in a communication system
US10129163B2 (en) Methods and apparatus for preventing head of line blocking for RTP over TCP
CN110120956A (en) Message processing method and device based on virtual firewall
US20110078283A1 (en) Service providing system, filtering device, filtering method and method of confirming message
US10250635B2 (en) Defending against DoS attacks over RDMA connections
EP3618396A1 (en) Protection method and system for http flood attack
US20170187814A1 (en) Managing apparatus and managing method for network traffic
KR20130022089A (en) Method for releasing tcp connections against distributed denial of service attacks and apparatus for the same
JP4542053B2 (en) Packet relay apparatus, packet relay method, and packet relay program
US9455911B1 (en) In-band centralized control with connection-oriented control protocols

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant