CN111835735B - Anti-attack method, device, equipment and machine-readable storage medium - Google Patents
Anti-attack method, device, equipment and machine-readable storage medium Download PDFInfo
- Publication number
- CN111835735B CN111835735B CN202010603331.XA CN202010603331A CN111835735B CN 111835735 B CN111835735 B CN 111835735B CN 202010603331 A CN202010603331 A CN 202010603331A CN 111835735 B CN111835735 B CN 111835735B
- Authority
- CN
- China
- Prior art keywords
- arp
- entry
- message
- response
- tcp syn
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 28
- 230000004044 response Effects 0.000 claims abstract description 68
- 230000032683 aging Effects 0.000 claims abstract description 21
- 238000004806 packaging method and process Methods 0.000 claims abstract description 5
- 230000000977 initiatory effect Effects 0.000 claims description 8
- 230000002431 foraging effect Effects 0.000 claims description 2
- 230000002265 prevention Effects 0.000 claims description 2
- 238000004590 computer program Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 238000004002 angle-resolved photoelectron spectroscopy Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 101100289995 Caenorhabditis elegans mac-1 gene Proteins 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
Abstract
The present disclosure provides an anti-attack method, apparatus, device and machine-readable storage medium, the method comprising: receiving a TCP SYN message sent by opposite terminal equipment; establishing an ARP (address resolution protocol) table entry according to the received TCP SYN message, and packaging and sending an ACK (acknowledgement) message response according to the ARP table entry; and aging out ARP list items corresponding to the ACK message response which is not responded. Through the technical scheme of the disclosure, an ACK message response is initiated to the terminal corresponding to the ARP table entry, if the response is not obtained, the TCP SYN message corresponding to the ARP table entry is considered to be a SYN attack message, and the ARP table entry is aged, so that the ARP table is prevented from being unable to work normally due to SYN attack.
Description
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to an anti-attack method, apparatus, device, and machine-readable storage medium.
Background
TCP (Transmission Control Protocol ) is a connection-oriented, reliable, byte-stream based transport layer communication protocol. TCP is intended to accommodate a layered protocol hierarchy that supports multiple network applications. Reliable communication services are provided by means of TCP between pairs of processes in host computers connected to different but interconnected computer communication networks. TCP assumes that it can obtain simple, possibly unreliable datagram services from lower level protocols.
ARP (Address Resolution Protocol ) is a TCP/IP protocol that obtains a physical address from an IP address. Broadcasting an ARP request containing a target IP address to all hosts on a local area network when the hosts send information, and receiving a return message so as to determine the physical address of the target; after receiving the return message, the IP address and the physical address are stored in the local ARP cache and kept for a certain time, and the ARP cache is directly inquired when the request is next time so as to save resources. The address resolution protocol is based on that each host computer in the network trusts each other, and the host computers on the local area network can autonomously send ARP response messages, and other host computers can record the response messages into the local ARP cache without detecting the authenticity of the messages when receiving the response messages.
SYN (Synchronize Sequence Numbers, synchronization sequence number) is a handshake signal used when TCP/IP establishes a connection. When a normal TCP network connection is established between the client and the server, the client first sends a SYN message, the server uses a SYN+ACK acknowledgement to indicate that the message was received, and finally the client responds with an ACK message. In this way, a reliable TCP connection can be established between the client and the server, and data can be transferred between the client and the server.
The flow of the user accessing the Internet is transmitted to the gateway router ROUTE and then to the external network through the switch, and the return flow of the Internet is opposite. The equipment has no problem under the condition of normal user access, but if someone in the local area network carries out SYN attack of TCP at this time, the SYN report Wen Lun inquires and changes the source IP address, the equipment can initiate ARP request messages to the source address of the SYN message after receiving the SYN message, the attack terminal responds to the ARPs at this time, under the condition, the gateway router quickly learns the ARP list items to be full, and the ageing time of the common ARP is longer, so that the ARP response received by the ARP request initiated by normal new service can not generate the list items, the service is influenced, and in fact, the half connection caused by the TCP SYN attack is aged off very soon.
Disclosure of Invention
In view of this, the disclosure provides an anti-attack method and device, an electronic device, and a machine-readable storage medium, so as to solve the problem that ARP table cannot work normally due to SYN attack.
The technical scheme is as follows:
the present disclosure provides an anti-attack method applied to a network device, the method comprising: receiving a TCP SYN message sent by opposite terminal equipment; establishing an ARP (address resolution protocol) table entry according to the received TCP SYN message, and packaging and sending an ACK (acknowledgement) message response according to the ARP table entry; and aging out ARP list items corresponding to the ACK message response which is not responded.
As a technical solution, the establishing an ARP table entry according to the received TCP SYN message includes: generating a corresponding short connection session according to the received TCP SYN message, initiating an ARP request according to the source IP address of the TCP SYN message, and generating an ARP table entry according to the response of the corresponding ARP request.
As a technical solution, the ARP entry includes an entry type field, where the value of the entry type field of the ARP entry corresponding to the ACK message response that does not obtain the response is different from the value of the entry type field of the ARP entry corresponding to the ACK message response that obtains the response.
As a technical solution, if a message responding to the ACK message response is received, the entry type field of the corresponding ARP entry is updated.
The present disclosure also provides an anti-attack apparatus applied to a network device, the apparatus comprising: the receiving module is used for receiving the TCP SYN message sent by the opposite terminal equipment; the processing module establishes an ARP table entry according to the received TCP SYN message, and encapsulates and sends an ACK message response according to the ARP table entry; and the aging module is used for aging out ARP (address resolution protocol) list items corresponding to the ACK message response which is not responded.
As a technical solution, the establishing an ARP table entry according to the received TCP SYN message includes: generating a corresponding short connection session according to the received TCP SYN message, initiating an ARP request according to the source IP address of the TCP SYN message, and generating an ARP table entry according to the response of the corresponding ARP request.
As a technical solution, the ARP entry includes an entry type field, where the value of the entry type field of the ARP entry corresponding to the ACK message response that does not obtain the response is different from the value of the entry type field of the ARP entry corresponding to the ACK message response that obtains the response.
As a technical solution, if a message responding to the ACK message response is received, the entry type field of the corresponding ARP entry is updated.
The present disclosure also provides an electronic device comprising a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor executing the machine-executable instructions to implement the foregoing method of combating attacks.
The present disclosure also provides a machine-readable storage medium storing machine-executable instructions that, when invoked and executed by a processor, cause the processor to implement the foregoing method of preventing attacks.
The technical scheme provided by the disclosure at least brings the following beneficial effects:
and initiating an ACK message response to the terminal corresponding to the generated ARP table entry, and if the response is not obtained, considering the TCP SYN message corresponding to the ARP table entry as a SYN attack message, and aging out the ARP table entry, thereby avoiding that the ARP table cannot work normally due to SYN attack.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings that are required to be used in the embodiments of the present disclosure or the description of the prior art will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments described in the present disclosure, and other drawings may also be obtained according to these drawings of the embodiments of the present disclosure to those skilled in the art.
FIG. 1 is a flow chart of a method of protecting against attacks in one embodiment of the present disclosure;
FIG. 2 is a block diagram of an anti-attack device in one embodiment of the present disclosure;
fig. 3 is a hardware configuration diagram of an electronic device in one embodiment of the present disclosure.
Detailed Description
The terminology used in the embodiments of the disclosure is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. As used in this disclosure and the claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to any or all possible combinations including one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used in the embodiments of the present disclosure to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present disclosure. Depending on the context, furthermore, the word "if" used may be interpreted as "at … …" or "at … …" or "in response to a determination".
The flow of the user accessing the Internet is transmitted to the gateway router ROUTE and then to the external network through the switch, and the return flow of the Internet is opposite. The equipment has no problem under the condition of normal user access, but if someone in the local area network carries out SYN attack of TCP at this time, the SYN report Wen Lun inquires and changes the source IP address, the equipment can initiate ARP request messages to the source address of the SYN message after receiving the SYN message, the attack terminal responds to the ARPs at this time, under the condition, the gateway router quickly learns the ARP list items to be full, and the ageing time of the common ARP is longer, so that the ARP response received by the ARP request initiated by normal new service can not generate the list items, the service is influenced, and in fact, the half connection caused by the TCP SYN attack is aged off very soon. The current TCP SYN anti-attack can only delay the filling speed of the table entries of the ARP table, but cannot solve the problem.
In view of this, the disclosure provides an anti-attack method and device, an electronic device, and a machine-readable storage medium, so as to solve the problem that ARP table cannot work normally due to SYN attack.
The specific technical scheme is as follows.
The present disclosure provides an anti-attack method applied to a network device, the method comprising: receiving a TCP SYN message sent by opposite terminal equipment; establishing an ARP (address resolution protocol) table entry according to the received TCP SYN message, and packaging and sending an ACK (acknowledgement) message response according to the ARP table entry; and aging out ARP list items corresponding to the ACK message response which is not responded.
Specifically, as shown in fig. 1, the method comprises the following steps:
step S11, receiving a TCP SYN message sent by the opposite terminal equipment.
And step S12, establishing an ARP (address resolution protocol) list item according to the received TCP SYN message, and packaging and sending an ACK (acknowledgement) message response according to the ARP list item.
And S13, aging out ARP list items corresponding to the ACK message response which is not responded.
And initiating an ACK message response to the terminal corresponding to the generated ARP table entry, and if the response is not obtained, considering the TCP SYN message corresponding to the ARP table entry as a SYN attack message, and aging out the ARP table entry, thereby avoiding that the ARP table cannot work normally due to SYN attack.
In this embodiment, the peer device defaults to a device that initiates a SYN attack, and if the peer device is a normal device, it will respond to an ACK message, so that the corresponding ARP entry will not be aged.
As a technical solution, the establishing an ARP table entry according to the received TCP SYN message includes: generating a corresponding short connection session according to the received TCP SYN message, initiating an ARP request according to the source IP address of the TCP SYN message, and generating an ARP table entry according to the response of the corresponding ARP request.
The passive side of the TCP session enters a short connection state after receiving the TCP SYN message, and enters a long connection state after completing three-way handshake, wherein the short connection session is a generic term of the intermediate state of the TCP session, the aging time of the session in the state is very short, and the short connection session which cannot enter the long connection state in the appointed time is quickly aged.
As a technical solution, the ARP entry includes an entry type field, where the value of the entry type field of the ARP entry corresponding to the ACK message response that does not obtain the response is different from the value of the entry type field of the ARP entry corresponding to the ACK message response that obtains the response.
And (3) for the ACK message response with the type of unresponsed, aging the ACK message response after a preset time.
As a technical solution, if a message responding to the ACK message response is received, the entry type field of the corresponding ARP entry is updated.
And if the ACK message response is responded within the preset time, refreshing the corresponding type field to be the value of the corresponding response-obtained ACK message response, so that the ACK message response is prevented from being aged in a short time.
The present disclosure also provides an anti-attack device, applied to a network device, as shown in fig. 2, the device includes: a receiving module 21, for receiving a TCP SYN message sent by the opposite terminal device; the processing module 22 establishes an ARP table entry according to the received TCP SYN message, and encapsulates and sends an ACK message response according to the ARP table entry; and the aging module 23 ages the ARP table entry corresponding to the ACK message response which is not responded.
As a technical solution, the establishing an ARP table entry according to the received TCP SYN message includes: generating a corresponding short connection session according to the received TCP SYN message, initiating an ARP request according to the source IP address of the TCP SYN message, and generating an ARP table entry according to the response of the corresponding ARP request.
As a technical solution, the ARP entry includes an entry type field, where the value of the entry type field of the ARP entry corresponding to the ACK message response that does not obtain the response is different from the value of the entry type field of the ARP entry corresponding to the ACK message response that obtains the response.
As a technical solution, if a message responding to the ACK message response is received, the entry type field of the corresponding ARP entry is updated.
ARP table entry structure is as shown in Table 1
Index | IP | MAC | VLAN | INTERFACE | AGING | TYPE |
1 | ip1 | mac1 | vlan1 | interface1 | t1 | T |
TABLE 1
IP field: IP information stored in ARP list item;
MAC field: MAC information stored in ARP list item;
VLAN field: learning VLAN information of ARP;
an INTERFACE field: learning interface information of ARP;
the AGING field: normal aging time of ARP table entries;
TYPE field: an entry type field of the ARP entry.
And adding an item type field in an item structure of the ARP list, wherein the item type field is used for marking that the ARP item is learned by an ARP request triggered by the TCP connection, and if the subsequent interaction of the TCP connection is completed and enters a long connection state, switching the value of the ARP item type into a normal type, namely, correspondingly obtaining the response value of the ARP message response.
After receiving the TCP SYN message, the TCP module issues and generates a corresponding short connection session, and notifies the ARP module to initiate an ARP request corresponding to the source IP address of the SYN message;
the ARP module initiates an ARP request corresponding to the SYN message source IP, the opposite terminal equipment under SYN attack responds after receiving the request, and sends an ARP table entry after receiving the response, wherein the ageing time of the ARP table entry is t1 (the ageing time of the TCP short connection), and simultaneously responds to the TCP module.
And after receiving the response, the TCP module packages the ACK message response according to the ARP list item, if the terminal does not respond at the moment, the TCP short connection is aged after t1, and the TCP module notifies the ARP module to delete the corresponding ARP list item after the short connection is aged.
After receiving the response, the TCP module encapsulates the ACK message response according to the ARP list item, when the subsequent complete TCP three-way handshake is completed, the short connection is changed into the long connection, and after the long connection is completed, the TCP module notifies the ARP module to switch the list item type field of the corresponding ARP list item, and simultaneously refreshes the aging time from t1 to t2 (default aging time of dynamic ARP).
In one embodiment, the present disclosure provides an electronic device including a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor executing the machine-executable instructions to implement the foregoing attack prevention method, and from a hardware level, a hardware architecture diagram may be shown with reference to fig. 3.
In one embodiment, the present disclosure provides a machine-readable storage medium storing machine-executable instructions that, when invoked and executed by a processor, cause the processor to implement the foregoing method of combating attacks.
Here, a machine-readable storage medium may be any electronic, magnetic, optical, or other physical storage device that may contain or store information, such as executable instructions, data, or the like. For example, a machine-readable storage medium may be: RAM (Radom Access Memory, random access memory), volatile memory, non-volatile memory, flash memory, a storage drive (e.g., hard drive), a solid state drive, any type of storage disk (e.g., optical disk, dvd, etc.), or a similar storage medium, or a combination thereof.
The system, apparatus, module or unit set forth in the above embodiments may be implemented in particular by a computer chip or entity, or by a product having a certain function. A typical implementation device is a computer, which may be in the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email device, game console, tablet computer, wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being functionally divided into various units, respectively. Of course, the functions of the various elements may be implemented in the same one or more software and/or hardware when implementing the present disclosure.
It will be apparent to those skilled in the art that embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Moreover, these computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be appreciated by those skilled in the art that embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media (which may include, but are not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
The foregoing is merely an embodiment of the present disclosure and is not intended to limit the present disclosure. Various modifications and variations of this disclosure will be apparent to those skilled in the art. Any modifications, equivalent substitutions, improvements, or the like, which are within the spirit and principles of the present disclosure, are intended to be included within the scope of the claims of the present disclosure.
Claims (10)
1. An attack prevention method, applied to a network device, comprising:
receiving a TCP SYN message sent by opposite terminal equipment;
establishing an ARP (address resolution protocol) table entry according to the received TCP SYN message, and packaging and sending an ACK (acknowledgement) message response according to the ARP table entry;
and aging out ARP list items corresponding to the ACK message response which is not responded.
2. The method of claim 1, wherein the establishing an ARP entry according to the received TCP SYN message comprises:
generating a corresponding short connection session according to the received TCP SYN message, initiating an ARP request according to the source IP address of the TCP SYN message, and generating an ARP table entry according to the response of the corresponding ARP request.
3. The method of claim 1, wherein the ARP entry includes an entry type field, and the ACK message reply that is not responded is different from the value of the entry type field of the ARP entry to which the ACK message reply that is responded corresponds.
4. A method according to claim 3, wherein if a message is received in response to the ACK message reply, the entry type field of the corresponding ARP entry is updated.
5. An anti-attack apparatus for use with a network device, the apparatus comprising:
the receiving module is used for receiving the TCP SYN message sent by the opposite terminal equipment;
the processing module establishes an ARP table entry according to the received TCP SYN message, and encapsulates and sends an ACK message response according to the ARP table entry;
and the aging module is used for aging out ARP (address resolution protocol) list items corresponding to the ACK message response which is not responded.
6. The apparatus of claim 5, wherein the establishing an ARP entry from the received TCP SYN message comprises:
generating a corresponding short connection session according to the received TCP SYN message, initiating an ARP request according to the source IP address of the TCP SYN message, and generating an ARP table entry according to the response of the corresponding ARP request.
7. The apparatus of claim 5, wherein the ARP entry includes an entry type field, and the ACK message reply that is not responded to differs from the value of the entry type field of the ARP entry to which the ACK message reply that is responded to corresponds respectively.
8. The apparatus of claim 7 wherein the entry type field of the corresponding ARP entry is updated if a message is received in response to the ACK message reply.
9. An electronic device, comprising: a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor to perform the method of any one of claims 1-4.
10. A machine-readable storage medium storing machine-executable instructions which, when invoked and executed by a processor, cause the processor to implement the method of any one of claims 1-4.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010603331.XA CN111835735B (en) | 2020-06-29 | 2020-06-29 | Anti-attack method, device, equipment and machine-readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010603331.XA CN111835735B (en) | 2020-06-29 | 2020-06-29 | Anti-attack method, device, equipment and machine-readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111835735A CN111835735A (en) | 2020-10-27 |
CN111835735B true CN111835735B (en) | 2023-12-29 |
Family
ID=72898312
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010603331.XA Active CN111835735B (en) | 2020-06-29 | 2020-06-29 | Anti-attack method, device, equipment and machine-readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111835735B (en) |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH11187059A (en) * | 1997-12-18 | 1999-07-09 | Nippon Telegr & Teleph Corp <Ntt> | Table entry updating method at packet communication network |
CN101179566A (en) * | 2007-11-24 | 2008-05-14 | 华为技术有限公司 | Method and apparatus for preventing ARP packet attack |
CN102291441A (en) * | 2011-08-02 | 2011-12-21 | 杭州迪普科技有限公司 | Method and security agent device for protecting against attack of synchronize (SYN) Flood |
CN105025028A (en) * | 2015-07-28 | 2015-11-04 | 中国工程物理研究院计算机应用研究所 | IP black hole discovering method based on flow analysis |
WO2016101870A1 (en) * | 2014-12-26 | 2016-06-30 | 中兴通讯股份有限公司 | Network attack analysis method and device |
CN106559506A (en) * | 2015-09-28 | 2017-04-05 | 中兴通讯股份有限公司 | ARP entry generation method and device |
CN107689963A (en) * | 2017-09-26 | 2018-02-13 | 杭州迪普科技股份有限公司 | A kind of detection method and device for arp reply message aggression |
CN108512833A (en) * | 2018-03-09 | 2018-09-07 | 新华三技术有限公司 | A kind of security from attacks method and device |
CN108616418A (en) * | 2018-03-30 | 2018-10-02 | 新华三技术有限公司 | Detect the method and device of failure |
CN109274588A (en) * | 2017-07-18 | 2019-01-25 | 中兴通讯股份有限公司 | The processing method and processing device of IP packet |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10373119B2 (en) * | 2016-01-11 | 2019-08-06 | Microsoft Technology Licensing, Llc | Checklist generation |
-
2020
- 2020-06-29 CN CN202010603331.XA patent/CN111835735B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH11187059A (en) * | 1997-12-18 | 1999-07-09 | Nippon Telegr & Teleph Corp <Ntt> | Table entry updating method at packet communication network |
CN101179566A (en) * | 2007-11-24 | 2008-05-14 | 华为技术有限公司 | Method and apparatus for preventing ARP packet attack |
CN102291441A (en) * | 2011-08-02 | 2011-12-21 | 杭州迪普科技有限公司 | Method and security agent device for protecting against attack of synchronize (SYN) Flood |
WO2016101870A1 (en) * | 2014-12-26 | 2016-06-30 | 中兴通讯股份有限公司 | Network attack analysis method and device |
CN105025028A (en) * | 2015-07-28 | 2015-11-04 | 中国工程物理研究院计算机应用研究所 | IP black hole discovering method based on flow analysis |
CN106559506A (en) * | 2015-09-28 | 2017-04-05 | 中兴通讯股份有限公司 | ARP entry generation method and device |
CN109274588A (en) * | 2017-07-18 | 2019-01-25 | 中兴通讯股份有限公司 | The processing method and processing device of IP packet |
CN107689963A (en) * | 2017-09-26 | 2018-02-13 | 杭州迪普科技股份有限公司 | A kind of detection method and device for arp reply message aggression |
CN108512833A (en) * | 2018-03-09 | 2018-09-07 | 新华三技术有限公司 | A kind of security from attacks method and device |
CN108616418A (en) * | 2018-03-30 | 2018-10-02 | 新华三技术有限公司 | Detect the method and device of failure |
Non-Patent Citations (3)
Title |
---|
ARP欺骗研究综述;石利平;;《计算机与现代化》(06);全文 * |
M. Chouman ; H. Safa ; H. Artail.Novel defense mechanism against SYN flooding attacks in IP networks.《Canadian Conference on Electrical and Computer Engineering, 2005.》.2006,全文. * |
一种工业以太网交换机ARP老化机制;熊伟;车任秋;;《工业控制计算机》(05);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN111835735A (en) | 2020-10-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6858749B2 (en) | Devices and methods for establishing connections in load balancing systems | |
CN101094236B (en) | Method for processing message in address resolution protocol, communication system, and forwarding planar process portion | |
CN101997768B (en) | Method and device for uploading address resolution protocol messages | |
CN107547349B (en) | Virtual machine migration method and device | |
EP3352431B1 (en) | Network load balance processing system, method, and apparatus | |
EP2251783A1 (en) | Method and system for application migration in a cloud | |
CN108718278B (en) | Message transmission method and device | |
CN108600109B (en) | Message forwarding method and device | |
CN109525684B (en) | Message forwarding method and device | |
US8887280B1 (en) | Distributed denial-of-service defense mechanism | |
CN111431871B (en) | Processing method and device of TCP (Transmission control protocol) semi-transparent proxy | |
CN107995233B (en) | Method for establishing connection and corresponding equipment | |
US20220353170A1 (en) | Method, apparatus, and system for controlling a flow entry | |
CN106716870B (en) | Local packet switching at satellite device | |
CN109728972B (en) | Network connection detection method and device | |
CN113783910A (en) | Data forwarding method, device and system | |
CN109639589B (en) | Load balancing method and device | |
CN108600225B (en) | Authentication method and device | |
CN113364660A (en) | Data packet processing method and device in LVS load balancing | |
CN111835735B (en) | Anti-attack method, device, equipment and machine-readable storage medium | |
US20160330166A1 (en) | Address Acquiring Method and Network Virtualization Edge Device | |
US10148613B2 (en) | Increased port address space | |
US20070147376A1 (en) | Router-assisted DDoS protection by tunneling replicas | |
WO2017219777A1 (en) | Packet processing method and device | |
CN111629077B (en) | Method, device and storage medium for processing address conflict |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |