CN111835735A - Anti-attack method, device, equipment and machine readable storage medium - Google Patents
Anti-attack method, device, equipment and machine readable storage medium Download PDFInfo
- Publication number
- CN111835735A CN111835735A CN202010603331.XA CN202010603331A CN111835735A CN 111835735 A CN111835735 A CN 111835735A CN 202010603331 A CN202010603331 A CN 202010603331A CN 111835735 A CN111835735 A CN 111835735A
- Authority
- CN
- China
- Prior art keywords
- arp
- message
- response
- arp table
- table entry
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 230000004044 response Effects 0.000 claims abstract description 61
- 230000032683 aging Effects 0.000 claims abstract description 21
- 238000004806 packaging method and process Methods 0.000 claims abstract description 5
- 230000000977 initiatory effect Effects 0.000 claims description 9
- 230000002431 foraging effect Effects 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 11
- 238000004590 computer program Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 101100289995 Caenorhabditis elegans mac-1 gene Proteins 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
Abstract
The present disclosure provides an anti-attack method, apparatus, device and machine-readable storage medium, the method comprising: receiving a TCP SYN message sent by opposite-end equipment; establishing an ARP table entry according to a received TCP SYN message, and packaging and sending an ACK message response according to the ARP table entry; and aging the ARP table entry corresponding to the ACK message response which is not responded. According to the technical scheme, an ACK message response is initiated to the terminal corresponding to the generated ARP table item, if the response is not obtained, the TCP SYN message corresponding to the ARP table item is considered to be a SYN attack message, and the ARP table item is aged, so that the phenomenon that the ARP table cannot work normally due to SYN attack is avoided.
Description
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to an anti-attack method, apparatus, device, and machine-readable storage medium.
Background
TCP (Transmission Control Protocol) is a connection-oriented, reliable transport layer communication Protocol based on a byte stream. TCP is intended to accommodate layered protocol hierarchies that support multiple network applications. Reliable communication services are provided by means of TCP between pairs of processes in host computers connected to different but interconnected computer communication networks. TCP assumes that it can obtain simple, possibly unreliable, datagram service from lower level protocols.
ARP (Address Resolution Protocol) is a TCP/IP Protocol that obtains a physical Address from an IP Address. When the host sends information, the ARP request containing the target IP address is broadcasted to all the hosts on the local area network, and the return message is received, so that the physical address of the target is determined; after receiving the return message, the IP address and the physical address are stored in the local ARP cache and are kept for a certain time, and the ARP cache is directly inquired when the next request is made so as to save resources. The address resolution protocol is established on the basis that all hosts trust each other in the network, the hosts on the local area network can independently send ARP response messages, and other hosts can not detect the authenticity of the messages and can record the messages into the ARP cache of the local hosts when receiving the response messages.
SYN (synchronization Sequence Numbers) is a handshake signal used by TCP/IP to establish a connection. When a normal TCP network connection is established between the client and the server, the client first sends out a SYN message, the server indicates that it has received this message using a SYN + ACK reply, and finally the client responds with an ACK message. Such that a reliable TCP connection can be established between the client and the server and data can be transferred between the client and the server.
The flow of the user accessing the internet is transmitted to the gateway router ROUTE through the switch and then to the external network, and the return flow of the internet is not transmitted. The equipment has no problem under the condition of normal user access, but if someone carries out TCP SYN attack in the local area network at this time, the SYN message polls and transforms a source IP address, the equipment initiates an ARP request message to a source address of the SYN message after receiving the SYN message, and the attacking terminal responds to the ARP at this time, under the condition, the gateway router can fully learn ARP list items quickly, the aging time of general ARP is longer, so that the ARP response received by the ARP request initiated by normal new service cannot generate list items, the service is influenced, and actually, the half connection caused by TCP SYN attack can be aged quickly under the condition.
Disclosure of Invention
In view of the above, the present disclosure provides an anti-attack method, an anti-attack apparatus, an electronic device, and a machine-readable storage medium, so as to solve the problem that the ARP table cannot work normally due to the SYN attack.
The specific technical scheme is as follows:
the present disclosure provides an anti-attack method, applied to a network device, the method including: receiving a TCP SYN message sent by opposite-end equipment; establishing an ARP table entry according to a received TCP SYN message, and packaging and sending an ACK message response according to the ARP table entry; and aging the ARP table entry corresponding to the ACK message response which is not responded.
As a technical solution, the establishing an ARP entry according to a received TCP SYN packet includes: and generating a corresponding short connection session according to the received TCP SYN message, initiating an ARP request according to the source IP address of the TCP SYN message, and generating an ARP table entry according to a corresponding ARP request response.
As a technical solution, the ARP entry includes an entry type field, and the values of the entry type fields of the ARP entries corresponding to the ACK packet response not responded and the ACK packet response responded are different.
As a technical solution, if a message responding to the ACK message response is received, the entry type field of the corresponding ARP entry is updated.
The present disclosure also provides an anti-attack apparatus, which is applied to a network device, and the apparatus includes: the receiving module is used for receiving a TCP SYN message sent by opposite-end equipment; the processing module establishes an ARP table item according to the received TCP SYN message, and encapsulates and sends an ACK message response according to the ARP table item; and the aging module is used for aging the ARP table entry corresponding to the ACK message response which is not responded.
As a technical solution, the establishing an ARP entry according to a received TCP SYN packet includes: and generating a corresponding short connection session according to the received TCP SYN message, initiating an ARP request according to the source IP address of the TCP SYN message, and generating an ARP table entry according to a corresponding ARP request response.
As a technical solution, the ARP entry includes an entry type field, and the values of the entry type fields of the ARP entries corresponding to the ACK packet response not responded and the ACK packet response responded are different.
As a technical solution, if a message responding to the ACK message response is received, the entry type field of the corresponding ARP entry is updated.
The present disclosure also provides an electronic device, including a processor and a machine-readable storage medium, where the machine-readable storage medium stores machine-executable instructions capable of being executed by the processor, and the processor executes the machine-executable instructions to implement the foregoing anti-attack method.
The present disclosure also provides a machine-readable storage medium having stored thereon machine-executable instructions that, when invoked and executed by a processor, cause the processor to implement the foregoing anti-attack method.
The technical scheme provided by the disclosure at least brings the following beneficial effects:
and initiating an ACK message response to the terminal corresponding to the generated ARP table item, if the response is not obtained, considering that the TCP SYN message corresponding to the ARP table item is a SYN attack message, and aging the ARP table item, thereby avoiding that the ARP table can not work normally due to SYN attack.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments of the present disclosure or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present disclosure, and other drawings can be obtained by those skilled in the art according to the drawings of the embodiments of the present disclosure.
FIG. 1 is a flow chart of an attack prevention method in one embodiment of the present disclosure;
FIG. 2 is a block diagram of an attack-prevention-device in one embodiment of the present disclosure;
fig. 3 is a hardware configuration diagram of an electronic device in an embodiment of the present disclosure.
Detailed Description
The terminology used in the embodiments of the present disclosure is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. As used in this disclosure and the claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein is meant to encompass any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information in the embodiments of the present disclosure, such information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present disclosure. Depending on the context, moreover, the word "if" as used may be interpreted as "at … …" or "when … …" or "in response to a determination".
The flow of the user accessing the internet is transmitted to the gateway router ROUTE through the switch and then to the external network, and the return flow of the internet is not transmitted. The equipment has no problem under the condition of normal user access, but if someone carries out TCP SYN attack in the local area network at this time, the SYN message polls and transforms a source IP address, the equipment initiates an ARP request message to a source address of the SYN message after receiving the SYN message, and the attacking terminal responds to the ARP at this time, under the condition, the gateway router can fully learn ARP list items quickly, the aging time of general ARP is longer, so that the ARP response received by the ARP request initiated by normal new service cannot generate list items, the service is influenced, and actually, the half connection caused by TCP SYN attack can be aged quickly under the condition. The current TCP SYN attack prevention can only delay the speed of filling the table entry of the ARP table, but can not solve the problem.
In view of the above, the present disclosure provides an anti-attack method, an anti-attack apparatus, an electronic device, and a machine-readable storage medium, so as to solve the problem that the ARP table cannot work normally due to the SYN attack.
The specific technical scheme is as follows.
The present disclosure provides an anti-attack method, applied to a network device, the method including: receiving a TCP SYN message sent by opposite-end equipment; establishing an ARP table entry according to a received TCP SYN message, and packaging and sending an ACK message response according to the ARP table entry; and aging the ARP table entry corresponding to the ACK message response which is not responded.
Specifically, as shown in fig. 1, the method comprises the following steps:
step S11, receiving a TCP SYN message sent by the peer device.
Step S12, according to the received TCP SYN message, establishing ARP list item, and according to the ARP list item, packaging and sending ACK message response.
And step S13, aging the ARP list item corresponding to the ACK message response which is not responded.
And initiating an ACK message response to the terminal corresponding to the generated ARP table item, if the response is not obtained, considering that the TCP SYN message corresponding to the ARP table item is a SYN attack message, and aging the ARP table item, thereby avoiding that the ARP table can not work normally due to SYN attack.
In this embodiment, the opposite-end device is defaulted to a device initiating a SYN attack, and if the opposite-end device is a normal device, an ACK message response is responded, so that the corresponding ARP entry is not aged.
As a technical solution, the establishing an ARP entry according to a received TCP SYN packet includes: and generating a corresponding short connection session according to the received TCP SYN message, initiating an ARP request according to the source IP address of the TCP SYN message, and generating an ARP table entry according to a corresponding ARP request response.
The passive side of the TCP session enters a short connection state after receiving the TCP SYN message, and then enters a long connection state after finishing three-way handshake, wherein the short connection session is a general term of the intermediate state of the TCP session, the aging time of the session in the state is short, and the short connection session which can not enter the long connection state in the specified time can be aged off quickly.
As a technical solution, the ARP entry includes an entry type field, and the values of the entry type fields of the ARP entries corresponding to the ACK packet response not responded and the ACK packet response responded are different.
And for the ACK message response with the type of being not responded, aging the ACK message response after the preset time.
As a technical solution, if a message responding to the ACK message response is received, the entry type field of the corresponding ARP entry is updated.
If the ACK message response is responded within the preset time, the corresponding type field is refreshed to the value of the corresponding responded ACK message response, so that the ACK message response is prevented from being aged in a short time.
The present disclosure also provides an anti-attack apparatus, applied to a network device, as shown in fig. 2, the apparatus includes: a receiving module 21, configured to receive a TCP SYN packet sent by an opposite-end device; the processing module 22 establishes an ARP table according to the received TCP SYN message, and encapsulates and sends an ACK message response according to the ARP table; and the aging module 23 ages the ARP table entry corresponding to the ACK message response which is not responded.
As a technical solution, the establishing an ARP entry according to a received TCP SYN packet includes: and generating a corresponding short connection session according to the received TCP SYN message, initiating an ARP request according to the source IP address of the TCP SYN message, and generating an ARP table entry according to a corresponding ARP request response.
As a technical solution, the ARP entry includes an entry type field, and the values of the entry type fields of the ARP entries corresponding to the ACK packet response not responded and the ACK packet response responded are different.
As a technical solution, if a message responding to the ACK message response is received, the entry type field of the corresponding ARP entry is updated.
ARP table item structure is shown in table 1
| Index | IP | MAC | VLAN | INTERFACE | AGING | TYPE |
| 1 | ip1 | mac1 | vlan1 | interface1 | t1 | T |
TABLE 1
IP field: IP information stored in ARP table entries;
and MAC field: MAC information stored in ARP table entry;
VLAN field: learning VLAN information of ARP;
INTERFACE field: learning interface information of ARP;
an AGING field: normal aging time of ARP table entry;
TYPE field: entry type field of ARP entry.
Adding table item type field in the table item structure of ARP table to mark that this ARP table item is learned by the ARP request triggered by TCP connection, if TCP connection completes the subsequent interaction and enters into long connection state, switching the value of ARP table item type to normal type, that is to say, obtaining the responded value of ARP message correspondingly.
After receiving the TCP SYN message, the TCP module issues a corresponding short connection session and informs the ARP module to initiate an ARP request corresponding to the source IP address of the SYN message;
the ARP module initiates an ARP request corresponding to the IP of the SYN message source, the opposite-end equipment which is under SYN attack responds to the response after receiving the request, and sends an ARP table entry after receiving the response, wherein the aging time of the ARP table entry is t1 (the aging time of the TCP short connection), and the response is sent to the TCP module.
And the TCP module packages an ACK message response according to the ARP table entry after receiving the response, if the terminal does not respond at the moment, the TCP short connection is aged after t1 time, and the TCP module informs the ARP module to delete the corresponding ARP table entry after the short connection is aged.
And after the TCP module receives the response, the ACK message response is packaged according to the ARP table entry, the short connection is changed into long connection after the subsequent complete TCP three-way handshake is completed, the TCP module informs the ARP module to switch the corresponding table entry type field of the ARP table entry after the long connection is completed, and meanwhile, the aging time is refreshed from t1 to t2 (default aging time of dynamic ARP).
In an embodiment, the present disclosure provides an electronic device, including a processor and a machine-readable storage medium, where the machine-readable storage medium stores machine-executable instructions capable of being executed by the processor, and the processor executes the machine-executable instructions to implement the foregoing anti-attack method, and from a hardware level, a schematic diagram of a hardware architecture may be shown in fig. 3.
In one embodiment, the present disclosure provides a machine-readable storage medium having stored thereon machine-executable instructions that, when invoked and executed by a processor, cause the processor to implement the foregoing anti-attack method.
Here, a machine-readable storage medium may be any electronic, magnetic, optical, or other physical storage device that can contain or store information such as executable instructions, data, and so forth. For example, the machine-readable storage medium may be: a RAM (random access Memory), a volatile Memory, a non-volatile Memory, a flash Memory, a storage drive (e.g., a hard drive), a solid state drive, any type of storage disk (e.g., an optical disk, a dvd, etc.), or similar storage medium, or a combination thereof.
The systems, devices, modules or units described in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the various elements may be implemented in the same one or more software and/or hardware implementations in practicing the disclosure.
As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Furthermore, these computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media (which may include, but is not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The above description is only an embodiment of the present disclosure, and is not intended to limit the present disclosure. Various modifications and variations of this disclosure will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present disclosure should be included in the scope of the claims of the present disclosure.
Claims (10)
1. An anti-attack method applied to a network device, the method comprising:
receiving a TCP SYN message sent by opposite-end equipment;
establishing an ARP table entry according to a received TCP SYN message, and packaging and sending an ACK message response according to the ARP table entry;
and aging the ARP table entry corresponding to the ACK message response which is not responded.
2. The method according to claim 1, wherein said establishing an ARP entry based on the received TCP SYN packet comprises:
and generating a corresponding short connection session according to the received TCP SYN message, initiating an ARP request according to the source IP address of the TCP SYN message, and generating an ARP table entry according to a corresponding ARP request response.
3. The method according to claim 1, wherein the ARP table entry includes a table entry type field, and the values of the table entry type fields of the ARP table entries respectively corresponding to the ACK packet reply without response and the ACK packet reply with response are different.
4. The method according to claim 3, wherein if a message responding to the ACK message reply is received, the entry type field of the corresponding ARP entry is updated.
5. An anti-attack apparatus applied to a network device, the apparatus comprising:
the receiving module is used for receiving a TCP SYN message sent by opposite-end equipment;
the processing module establishes an ARP table item according to the received TCP SYN message, and encapsulates and sends an ACK message response according to the ARP table item;
and the aging module is used for aging the ARP table entry corresponding to the ACK message response which is not responded.
6. The apparatus of claim 5, wherein the establishing an ARP entry based on the received TCP SYN message comprises:
and generating a corresponding short connection session according to the received TCP SYN message, initiating an ARP request according to the source IP address of the TCP SYN message, and generating an ARP table entry according to a corresponding ARP request response.
7. The apparatus according to claim 5, wherein the ARP table entry includes a table entry type field, and values of the table entry type fields of the ARP table entries corresponding to the unresponsive ACK packet replies and the responded ACK packet replies are different.
8. The apparatus according to claim 7, wherein if a message responding to the ACK message response is received, the entry type field of the corresponding ARP entry is updated.
9. An electronic device, comprising: a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor to perform the method of any one of claims 1 to 4.
10. A machine-readable storage medium having stored thereon machine-executable instructions which, when invoked and executed by a processor, cause the processor to implement the method of any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010603331.XA CN111835735B (en) | 2020-06-29 | 2020-06-29 | Anti-attack method, device, equipment and machine-readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010603331.XA CN111835735B (en) | 2020-06-29 | 2020-06-29 | Anti-attack method, device, equipment and machine-readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111835735A true CN111835735A (en) | 2020-10-27 |
| CN111835735B CN111835735B (en) | 2023-12-29 |
Family
ID=72898312
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010603331.XA Active CN111835735B (en) | 2020-06-29 | 2020-06-29 | Anti-attack method, device, equipment and machine-readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111835735B (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH11187059A (en) * | 1997-12-18 | 1999-07-09 | Nippon Telegr & Teleph Corp <Ntt> | Table entry updating method at packet communication network |
| CN101179566A (en) * | 2007-11-24 | 2008-05-14 | 华为技术有限公司 | Method and apparatus for preventing ARP packet attack |
| CN102291441A (en) * | 2011-08-02 | 2011-12-21 | 杭州迪普科技有限公司 | Method and security agent device for protecting against attack of synchronize (SYN) Flood |
| CN105025028A (en) * | 2015-07-28 | 2015-11-04 | 中国工程物理研究院计算机应用研究所 | IP black hole discovering method based on flow analysis |
| WO2016101870A1 (en) * | 2014-12-26 | 2016-06-30 | 中兴通讯股份有限公司 | Network attack analysis method and device |
| CN106559506A (en) * | 2015-09-28 | 2017-04-05 | 中兴通讯股份有限公司 | ARP entry generation method and device |
| US20170199926A1 (en) * | 2016-01-11 | 2017-07-13 | Microsoft Technology Licensing, Llc | Checklist generation |
| CN107689963A (en) * | 2017-09-26 | 2018-02-13 | 杭州迪普科技股份有限公司 | A kind of detection method and device for arp reply message aggression |
| CN108512833A (en) * | 2018-03-09 | 2018-09-07 | 新华三技术有限公司 | A kind of security from attacks method and device |
| CN108616418A (en) * | 2018-03-30 | 2018-10-02 | 新华三技术有限公司 | Detect the method and device of failure |
| CN109274588A (en) * | 2017-07-18 | 2019-01-25 | 中兴通讯股份有限公司 | The processing method and processing device of IP packet |
-
2020
- 2020-06-29 CN CN202010603331.XA patent/CN111835735B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH11187059A (en) * | 1997-12-18 | 1999-07-09 | Nippon Telegr & Teleph Corp <Ntt> | Table entry updating method at packet communication network |
| CN101179566A (en) * | 2007-11-24 | 2008-05-14 | 华为技术有限公司 | Method and apparatus for preventing ARP packet attack |
| CN102291441A (en) * | 2011-08-02 | 2011-12-21 | 杭州迪普科技有限公司 | Method and security agent device for protecting against attack of synchronize (SYN) Flood |
| WO2016101870A1 (en) * | 2014-12-26 | 2016-06-30 | 中兴通讯股份有限公司 | Network attack analysis method and device |
| CN105025028A (en) * | 2015-07-28 | 2015-11-04 | 中国工程物理研究院计算机应用研究所 | IP black hole discovering method based on flow analysis |
| CN106559506A (en) * | 2015-09-28 | 2017-04-05 | 中兴通讯股份有限公司 | ARP entry generation method and device |
| US20170199926A1 (en) * | 2016-01-11 | 2017-07-13 | Microsoft Technology Licensing, Llc | Checklist generation |
| CN109274588A (en) * | 2017-07-18 | 2019-01-25 | 中兴通讯股份有限公司 | The processing method and processing device of IP packet |
| CN107689963A (en) * | 2017-09-26 | 2018-02-13 | 杭州迪普科技股份有限公司 | A kind of detection method and device for arp reply message aggression |
| CN108512833A (en) * | 2018-03-09 | 2018-09-07 | 新华三技术有限公司 | A kind of security from attacks method and device |
| CN108616418A (en) * | 2018-03-30 | 2018-10-02 | 新华三技术有限公司 | Detect the method and device of failure |
Non-Patent Citations (3)
| Title |
|---|
| M. CHOUMAN; H. SAFA; H. ARTAIL: "Novel defense mechanism against SYN flooding attacks in IP networks", 《CANADIAN CONFERENCE ON ELECTRICAL AND COMPUTER ENGINEERING, 2005.》 * |
| 熊伟;车任秋;: "一种工业以太网交换机ARP老化机制", 《工业控制计算机》, no. 05 * |
| 石利平;: "ARP欺骗研究综述", 《计算机与现代化》, no. 06 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111835735B (en) | 2023-12-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6858749B2 (en) | Devices and methods for establishing connections in load balancing systems | |
| CN101997768B (en) | Method and device for uploading address resolution protocol messages | |
| CN109361608B (en) | Message processing method, system and storage medium | |
| US20130322438A1 (en) | System and method for identifying frames | |
| CN108600109B (en) | Message forwarding method and device | |
| CN108718278B (en) | Message transmission method and device | |
| CN109412926B (en) | Tunnel establishment method and device | |
| US20170214691A1 (en) | Methods, systems, and computer readable media for remote authentication dial-in user service (radius) topology hiding | |
| CN111431871B (en) | Processing method and device of TCP (Transmission control protocol) semi-transparent proxy | |
| CN107995233B (en) | Method for establishing connection and corresponding equipment | |
| CN111193756B (en) | VXLAN tunnel load balancing method and related equipment | |
| CN112367257B (en) | Route notification method and device | |
| CN104852855A (en) | Congestion control method, device and equipment | |
| CN112073545A (en) | Using DNS to communicate MP-TCP capabilities of server devices | |
| CN113114570B (en) | Control method, device and system of flow table item | |
| CN109639589B (en) | Load balancing method and device | |
| CN109728972B (en) | Network connection detection method and device | |
| CN113364660B (en) | Data packet processing method and device in LVS load balancing | |
| CN108600225B (en) | Authentication method and device | |
| US10999379B1 (en) | Liveness detection for an authenticated client session | |
| US9985926B2 (en) | Address acquiring method and network virtualization edge device | |
| JP2023510707A (en) | Method for sending reply packet, method for sending route advertisement message, network device and computer program | |
| CN111835735B (en) | Anti-attack method, device, equipment and machine-readable storage medium | |
| WO2017219777A1 (en) | Packet processing method and device | |
| CN111629077B (en) | Method, device and storage medium for processing address conflict |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |