CN1874303A - Method for implementing black sheet - Google Patents
Method for implementing black sheet Download PDFInfo
- Publication number
- CN1874303A CN1874303A CNA2006100341552A CN200610034155A CN1874303A CN 1874303 A CN1874303 A CN 1874303A CN A2006100341552 A CNA2006100341552 A CN A2006100341552A CN 200610034155 A CN200610034155 A CN 200610034155A CN 1874303 A CN1874303 A CN 1874303A
- Authority
- CN
- China
- Prior art keywords
- address
- message
- blacklist
- port
- list item
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The method comprises: a) receiving message from one port of system, and analyzing the received message to get its source IP address; b) checking said source IP address to decide if it is in the blacklist of said port; if yes, discarding said message. Taking port as the scope of influence of blacklist can avoid an expanding of blacklist scope caused by the address cheating or other attack, which can influence normal operation of users; the user in blacklist is not limited to visit a trusted site in which the access privilege has been set; the visit to a dedicated network from a privilege user can be implemented by setting a privilege rule.
Description
Technical field
The present invention relates to a kind of message shielding implementation method of network, in particular, a kind of method that realizes based on the blacklist of port.
Background technology
Router or firewall box need filtering data bag and a series of rule of configuration for the purpose of safety, can pass through to determine which type of packet, and these rules are to define by Access Control List (ACL) (ACL, Access Control List).The a series of sequential rule that Access Control List (ACL) is made up of " permission ", " refusal " statement, these rules wait according to source address, destination address, the port numbers of packet and describe.ACL classifies to packet by these rules, and these rule application are to the interface of equipment, and equipment according to which packet of these rule judgment can receive, which packets need refusal.
Blacklist refers to a kind of mode that the source IP address according to message filters, filtration that can the realization of High Speed message, thereby the message that effectively particular ip address is sent shielding.The topmost characteristic of blacklist is to be added dynamically by router or fire compartment wall, after finding the attack attempt of particular ip address according to the behavioural characteristic of message, modification blacklist list that can be is initiatively fallen the packet filtering that this address sends.
Existing blacklist technology has two kinds of establishment modes, manual creation blacklist list item or dynamically add the blacklist list item according to attack condition.The blacklist list item is the foundation of insertion with the IP address, when generating the blacklist list item, does not specify time-out time to mean that list item is effective forever, can be by not aging.Otherwise the blacklist list item can be deleted in the ageing time of appointment later automatically, and the filtering function of the message that is derived from corresponding IP address is also disappeared thereupon.Blacklist logic list item is dynamically added by detection module, and it comprises following territory: source IP address, ageing time, adding reason etc.
Have the blacklist function now as shown in Figure 1, it realizes simple, efficient height, but underaction in the practical application.No matter be manual mode or automated manner, if certain IP address has been added in " blacklist " tabulation, in a period of time after this, any message from this IP address all can be filtered out by blacklist.At this moment because existing blacklist is not distinguished internal network or external network, blacklist all comes into force to all ports.For example just apparent in view in this deficiency of following application scenarios.
Scene 1---internal host is stoped the visit external network by blacklist when becoming propagating source
Certain main frame in the internal network has infected virus, then may initiatively initiate the behavior of scanning attack, fire compartment wall or border router can join the IP address of this main frame in the blacklist list so, then this user can not visit any external network resource, even if think the down operation system mend, or it is also impossible to go up virus killing website download antivirus software.
Scene 2---the attack of external network camouflage internal host
Attack from external network, forge the source address of the IP address of internal network main frame as scanning attack, scanning attack that neither be real strictly speaking, because source IP address is forged, fire compartment wall or border router can join this IP address in the blacklist list so, and this inner main frame can not be visited any external network resource.
But existing blacklist technology in case added blacklist, then all comes into force to all ports.Blacklist can not be discerned effective attack fully in addition.Therefore, there is defective in prior art, needs to improve.
Summary of the invention
The method that the object of the present invention is to provide a kind of blacklist to realize enlarges and influence the use of normal users with the blacklist action scope of avoiding address spoofing or other attack to cause, strengthens the flexibility and the validity of blacklist technology realization.
Technical scheme of the present invention is as follows:
The method that a kind of blacklist is realized, it may further comprise the steps: A, receive message from a port of system, resolve the source IP address that obtains described message; Whether B, the described source IP address of detection belong to the blacklist of described port, when determining to belong to the blacklist of described port, abandon described message.
Described method wherein, is provided with a blacklist logical table that belongs to described port in the system, it is used for the storing IP address, and described step B specifically comprises: search for described blacklist logical table, if wherein there is the source IP address of described message, then abandon described message.
Described method, wherein, a blacklist logical table is set in the system, each list item of described blacklist logical table comprises port numbers and IP address, described step B specifically comprises: search for described blacklist logical table, if wherein have the list item of the source IP address of the port numbers comprise the port that receives described message simultaneously and described message, then abandon described message.
Described method, wherein, a hash table also is set in the system, point to described blacklist logical table list item, its key assignments generates according to port numbers in the described blacklist logical table list item and IP address, the described blacklist logical table of the described search of step B specifically comprises: calculate first key assignments according to the port numbers of the port of the described message of described reception and the source IP address of described message, search for the list item blacklist logical table list item pointed that key assignments is identical with described first key assignments in all described hash tables.
Described method, wherein, also comprise step before the described steps A: when system detects attack message, parse the source IP address of described attack message and receive the port of described attack message, described attack message source IP address is joined in the blacklist of port of described attack message.
Described method, wherein, described step B also comprises step: C before abandoning described message, resolves the purpose IP address that obtains described message; Whether D, the described purpose IP of detection address belong to the privilege access address, when determining that described purpose IP address belongs to the privilege access address, do not abandon described message, process ends.
Described method wherein, is provided with a reliable site list in the system, wherein comprise the IP address, and step D specifically comprises step: search for described reliable site list, if wherein there is the purpose IP address of described message, then do not abandon described message, process ends.
Described method wherein, is provided with Privilege Rule group table, and it is the set of Privilege Rule, and it comprises group number, destination address and rule; Black list user's authorization table is set, and it comprises port numbers, IP address and Privilege Rule group number; Described step B also comprises step: E1, the described black list user's authorization table of search before abandoning described message, when the list item of the source IP address that wherein has the port numbers comprise the port that receives described message simultaneously and described message, find corresponding list item in the Privilege Rule group table according to the Privilege Rule group number of described list item, execution in step E2, otherwise, abandon described message; E2, parsing obtain reporting the destination address of stating message, with the Privilege Rule of described matching destination address appointment; E3, handle message, process ends according to the Privilege Rule of hitting.
Described method, wherein, described rule comprises normal forwarding of message and packet loss.
Described method, wherein, the hash table of black list user's authorization table also is set in the system, point to described black list user's authorization table list item, its key assignments generates according to port numbers in described black list user's authorization table list item and IP address, the described black list user's authorization table of search described in the step e 1 specifically comprises: calculate second key assignments according to the port numbers of the port of the described message of described reception and the source IP address of described message, search for list item black list user's authorization table list item pointed that key assignments is identical with described second key assignments in all described black list user's authorization table hash tables.
Adopt such scheme, the invention provides a kind of blacklist implementation method, by on the basis of existing blacklist technology, expanding, with the port action scope of blacklist, the blacklist action scope of having avoided address spoofing or other attack to cause enlarges and influences the use of normal users; Do not limit the visit of the reliable website that the user that added blacklist is provided with privilege; Also can realize the visit of superuser by Privilege Rule is set voluntarily to particular network; Flexibility and validity that the blacklist technology realizes have been strengthened.
Description of drawings
Fig. 1 is the blacklist schematic diagram of prior art;
Fig. 2 is a port level blacklist schematic diagram of the present invention;
Fig. 3 is a method flow diagram of the present invention.
Embodiment
Below preferred embodiment of the present invention is described in detail.
As shown in Figure 2, the invention provides a kind of blacklist realization technology of port level, make that the interpolation of dynamic blacklist is a unit with the port, is the action scope of blacklist with the port, the blacklist action scope that can avoid address spoofing or other attack to cause enlarges, and influences the use of normal users.
As shown in Figure 3, the invention provides a kind of blacklist implementation method, it comprises step: A, receive message from port of system, resolve the source IP address that obtains described message; Whether B, the described source IP address of detection belong to the blacklist of described port, when determining to belong to the blacklist of described port, abandon described message.
Blacklist can have multiple method for building up, for example before described steps A, also comprise step: when system detects attack message, parse the source IP address of described attack message and receive the port of described attack message, described attack message source IP address is joined in the blacklist of port of described attack message.Also can be when system start-up the port that exists of search system, set up corresponding blacklist for described port, also can manually add blacklist by the user.
Described blacklist realizes that by the form of blacklist logical table a blacklist logical table that belongs to described port for example is set, and it is used for the storing IP address in system, its index is: source IP address; Then described step B specifically comprises: search for described blacklist logical table, if wherein there is the source IP address of described message, then abandon described message.Equally, can such blacklist logical table all be set for each port in the system, and carry out similar operation.The blacklist logical table also can comprise port numbers, described port numbers embodies in the form of blacklist logical table with port index, a blacklist logical table for example is set in system, each list item of described blacklist logical table comprises port numbers and IP address, and its index is: source IP address and receiving port; Then described step B specifically comprises: search for described blacklist logical table, if wherein there is the list item of the source IP address of the port numbers comprise the port that receives described message simultaneously and described message, then abandon described message.Like this, whole system can only be provided with a blacklist logical table.Below illustrate the form of blacklist logical table:
The source IP address port index adds the reason blacklist out-of-service time of blacklist
----------------------------------------------------------
X1.X2.X3.X4 port n scanning attack 6 hours
Port wherein is the meaning of equipment interface.In the methods of the invention, the blacklist logical table can only comprise the source IP address item, and the reason and the blacklist out-of-service time of port index, adding blacklist all are to belong to option.A blacklist logical table that belongs to described port can not comprise port index; A blacklist logical table that has comprised port index can be effective to a plurality of ports.
In the methods of the invention, can improve system searching speed by setting up hash table (HASH table).A hash table for example also is set in system, point to described blacklist logical table list item, its key assignments generates according to port numbers in the described blacklist logical table list item and IP address, the described blacklist logical table of the described search of step B specifically comprises: calculate first key assignments according to the port numbers of the port of the described message of described reception and the source IP address of described message, search for the list item blacklist logical table list item pointed that key assignments is identical with described first key assignments in all described hash tables.
Can not limit its visit for the user who adds blacklist to the reliable website of privilege setting, at described blacklist the privilege access address entries is set also, described step B also comprises step: C before abandoning described message, resolves the purpose IP address that obtains described message; Whether D, the described purpose IP of detection address belong to the privilege access address, when determining that described purpose IP address belongs to the privilege access address, do not abandon described message, finish current flow process.List the privilege access address in as the website that will have operating system patch or antivirus software, the user who adds blacklist still can visit these websites with repair system.
The specific implementation of privilege access of the present invention can have a variety of, for example by setting up reliable site list, wherein comprise the IP address, specifically comprise step at step D: search for described reliable site list, if wherein there is the purpose IP address of described message, then do not abandon described message, process ends.Handle like this, the user is not just limited by blacklist to the visit of the website in the described reliable site list, even the user is because its computer is stoped the visit external network by blacklist when becoming propagating source, this user also can realize its visit to the reliable website of privilege setting.
For the user who adds blacklist, the present invention can also treat the list item of blacklist logical table with a certain discrimination by setting up Privilege Rule group table and black list user's authorization table, realizes the flexible Application of blacklist method.The implementation method of present embodiment is that Privilege Rule group table is set, and it is the set of Privilege Rule, and it comprises group number, destination address and rule; Black list user's authorization table also is set, and it is provided with by hand for the user, and it comprises port numbers, IP address and Privilege Rule group number; Described step B also comprises step: E1, the described black list user's authorization table of search before abandoning described message, when the list item of the source IP address that wherein has the port numbers comprise the port that receives described message simultaneously and described message, find corresponding list item in the Privilege Rule group table according to the Privilege Rule group number of described list item, execution in step E2, otherwise, abandon described message; E2, parsing obtain reporting the destination address of stating message, with the Privilege Rule of described matching destination address appointment; E3, handle message, process ends according to the Privilege Rule of hitting.
Described Privilege Rule is the access strategy to particular station and/or particular web site; Described access strategy comprises: allow, refuse and user-defined access strategy; Therefore described Privilege Rule comprises normally forwarding of message, packet loss and handles message by the User Defined strategy.The Privilege Rule item can be only at certain superuser or specific user; Simultaneously also can set up a Privilege Rule item that all users are come into force not at certain superuser.The implementation here can compare flexibly.The Privilege Rule group can use the form of ACL to realize, also can use other user-defined form.Such as we are defined as follows Privilege Rule here: (i) purpose network address: local dns server; Destination interface: ANY; Strategy: allow visit.(ii) purpose network address: windows official website; Destination interface: ANY; Strategy: allow visit.(iii) purpose network address: certain official website of antivirus software company; Destination interface: 80; Strategy: allow visit.And other Privilege Rule etc.Described Privilege Rule group table carries out index by the Privilege Rule group number.Below be the example of a Privilege Rule group table:
Group number purpose network address destination interface strategy
-----------------------------------------------------
The dns server ANY of n1 locality allows visit
The n1 windows ANY of official website allows visit
Official website of n2 antivirus software company 80 allows visit
…
Wherein, destination interface is the port during network SOCKET uses; Group number can repeat in this table, thereby has solved the problem that a black list user privilege allows several addressable addresses.
In the present embodiment, black list user's authorization table adopts the index the same with the blacklist logical table, also is source IP address and receiving port.Comprised a Privilege Rule group number in the list item of each described black list user's authorization table, can there be identical Privilege Rule group number in the list item of a plurality of described black list user's authorization tables.Because Privilege Rule group table is overall, may all specify same Privilege Rule group by a plurality of black list user's privilege list items.Therefore can set up a Privilege Rule group table, wherein comprise the Privilege Rule item that all users are come into force.If hit the Privilege Rule item of black list user's authorization table, then message is handled by defined strategy in the Privilege Rule item.Black list user's authorization table comprises following territory: " source IP address ", " port index ", " Privilege Rule group number ".Below be the example of black list user's authorization table:
Source IP address port index Privilege Rule group number
---------------------------------------
X1.X2.X3.X4 port n n1
…
Port wherein is the meaning of equipment interface.
For improving system effectiveness, the hash table of black list user's authorization table also is set in system, point to described black list user's authorization table list item, its key assignments generates according to port numbers in described black list user's authorization table list item and IP address, the described black list user's authorization table of search described in the step e 1 specifically comprises: calculate second key assignments according to the port numbers of the port of the described message of described reception and the source IP address of described message, search for list item black list user's authorization table list item pointed that key assignments is identical with described second key assignments in all described black list user's authorization table hash tables.
The inventive method can be applicable to router, fire compartment wall, switch or realizes the same category of device of correlation technique.Same category of device is meant the equipment that can realize associated router, fire compartment wall, switch and fusion function thereof.By method provided by the invention, can be when the initialization of equipment such as router, fire compartment wall, switch with regard to the port of the current existence of detection system; And set up a blacklist logical table for certain port; When system receives message, then carry out corresponding steps, can realize the blacklist technology effectively like this.
As when router or fire compartment wall have detected message aggression, can carry out following operation by the inventive method:
1) parses the source IP address of this message aggression and the port that message receives;
2) port that source IP address and message are received generates the blacklist list item, adds in the logical table of blacklist, upgrades the index of this blacklist list item in the hash table of blacklist logical table simultaneously.
When router or fire compartment wall receive message from certain interface, in the time of can carrying out following operation according to the inventive method:
1) parses the source IP address of this message and the port that message receives.
2) index calculation according to source IP address and receiving port goes out key assignments, is the logical table of index search blacklist with the key assignments.
3) if do not hit the logical table of blacklist, message is normally transmitted.
4) if hit the logical table of blacklist, then the index calculation according to source IP address and receiving port goes out key assignments, is index search black list user authorization table with the key assignments.If do not hit black list user's authorization table, packet loss is no longer transmitted.
5) detect described source IP address and described port hits black list user's authorization table when system, then the Privilege Rule group number of the list item by black list user's authorization table finds the corresponding list item in the Privilege Rule group; Use destination address then, destination interface mates the rule of appointment one by one; According to the rule process message that hits.If strategy is " permission ", message is normally transmitted; If strategy is " refusal ", packet loss; If strategy hits the User Defined rule, message is pressed the User Defined strategy and is handled.Custom rule provides very big flexibility to the user.Such as: by traffic statistics threshold value decision-making be " permissions " or " refusal ", or is " permission " or " refusal " or the like according to the time period decision-making, and these custom rules can be defined according to actual conditions and expanded by the user.If do not have matched rule, packet loss.
Blacklist implementation method of the present invention is unit for the interpolation of dynamic blacklist with the port, is the action scope of blacklist with the port, and the blacklist action scope that can avoid address spoofing or other attack to cause enlarges, and influences the use of normal users; Do not limit the visit of the reliable website that the user that added blacklist is provided with privilege; Also can realize the visit of superuser by Privilege Rule is set voluntarily to particular network; Flexibility and validity that the blacklist technology realizes have been strengthened.
Should be understood that, for those of ordinary skills, can be improved according to the above description or conversion, and all these improvement and conversion all should belong to the protection range of claims of the present invention.
Claims (10)
1, a kind of method of blacklist realization is characterized in that, may further comprise the steps:
A, receive message, resolve the source IP address that obtains described message from port of system;
Whether B, the described source IP address of detection belong to the blacklist of described port, when determining to belong to the blacklist of described port, abandon described message.
2, method according to claim 1 is characterized in that, a blacklist logical table that belongs to described port is set in the system, and it is used for the storing IP address, and described step B specifically comprises:
Search for described blacklist logical table,, then abandon described message if wherein there is the source IP address of described message.
3, method according to claim 1 is characterized in that, a blacklist logical table is set in the system, and each list item of described blacklist logical table comprises port numbers and IP address, and described step B specifically comprises:
Search for described blacklist logical table,, then abandon described message if wherein there is the list item of the source IP address of the port numbers comprise the port that receives described message simultaneously and described message.
4, method according to claim 3, it is characterized in that, a hash table also is set in the system, point to described blacklist logical table list item, its key assignments generates according to port numbers in the described blacklist logical table list item and IP address, and the described blacklist logical table of the described search of step B specifically comprises:
Calculate first key assignments according to the port numbers of the port of the described message of described reception and the source IP address of described message, search for the list item blacklist logical table list item pointed that key assignments is identical with described first key assignments in all described hash tables.
5, method according to claim 1 is characterized in that, also comprises step before the described steps A:
When system detects attack message, parse the source IP address of described attack message and receive the port of described attack message, described attack message source IP address is joined in the blacklist of port of described attack message.
According to each described method of claim 1 to 5, it is characterized in that 6, described step B abandons described message and also comprises step before:
C, parsing obtain the purpose IP address of described message;
Whether D, the described purpose IP of detection address belong to the privilege access address, when determining that described purpose IP address belongs to the privilege access address, do not abandon described message, process ends.
7, method according to claim 6 is characterized in that, a reliable site list is set in the system, wherein comprises the IP address, and step D specifically comprises step:
Search for described reliable site list,, then do not abandon described message, process ends if wherein there is the purpose IP address of described message.
According to each described method of claim 1 to 5, it is characterized in that 8, Privilege Rule group table is set, and it is the set of Privilege Rule, it comprises group number, destination address and rule; Black list user's authorization table is set, and it comprises port numbers, IP address and Privilege Rule group number; Described step B abandons described message and also comprises step before:
E1, the described black list user's authorization table of search, when the list item of the source IP address that wherein has the port numbers comprise the port that receives described message simultaneously and described message, find corresponding list item in the Privilege Rule group table according to the Privilege Rule group number of described list item, execution in step E2, otherwise, abandon described message;
E2, parsing obtain reporting the destination address of stating message, with the Privilege Rule of described matching destination address appointment;
E3, handle message, process ends according to the Privilege Rule of hitting.
9, method according to claim 8 is characterized in that, described rule comprises normal forwarding of message and packet loss.
10, method according to claim 8, it is characterized in that, the hash table of black list user's authorization table also is set in the system, point to described black list user's authorization table list item, its key assignments generates according to port numbers in described black list user's authorization table list item and IP address, and the described black list user's authorization table of search described in the step e 1 specifically comprises:
Calculate second key assignments according to the port numbers of the port of the described message of described reception and the source IP address of described message, search for list item black list user's authorization table list item pointed that key assignments is identical with described second key assignments in all described black list user's authorization table hash tables.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100341552A CN100471172C (en) | 2006-03-04 | 2006-03-04 | Method for implementing black sheet |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100341552A CN100471172C (en) | 2006-03-04 | 2006-03-04 | Method for implementing black sheet |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1874303A true CN1874303A (en) | 2006-12-06 |
| CN100471172C CN100471172C (en) | 2009-03-18 |
Family
ID=37484575
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006100341552A Active CN100471172C (en) | 2006-03-04 | 2006-03-04 | Method for implementing black sheet |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100471172C (en) |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008141584A1 (en) * | 2007-05-22 | 2008-11-27 | Huawei Technologies Co., Ltd. | Message processing method, system, and equipment |
| CN100563149C (en) * | 2007-04-25 | 2009-11-25 | 华为技术有限公司 | A kind of DHCP monitor method and device thereof |
| WO2009140889A1 (en) * | 2008-05-20 | 2009-11-26 | 成都市华为赛门铁克科技有限公司 | Data transmission control method and data transmission control apparatus |
| CN101669347A (en) * | 2007-04-23 | 2010-03-10 | 国际商业机器公司 | Method and apparatus for detecting port scans with fake source address |
| CN101227467B (en) * | 2008-01-08 | 2011-11-30 | 中兴通讯股份有限公司 | Apparatus for managing black list |
| CN101599889B (en) * | 2008-06-06 | 2013-01-16 | 中兴通讯股份有限公司 | Method for preventing MAC address deceiving in Ethernet exchange equipment |
| CN103825900A (en) * | 2014-02-28 | 2014-05-28 | 广州云宏信息科技有限公司 | Website access method and device and filter form downloading and updating method and system |
| TWI455526B (en) * | 2009-12-21 | 2014-10-01 | Fih Hong Kong Ltd | Modem and power saving method |
| CN104270364A (en) * | 2014-09-30 | 2015-01-07 | 杭州华三通信技术有限公司 | Message processing method and device for hypertext transfer protocol |
| WO2016041346A1 (en) * | 2014-09-19 | 2016-03-24 | 中兴通讯股份有限公司 | Network data traffic control method and device |
| CN105721406A (en) * | 2014-12-05 | 2016-06-29 | 中国移动通信集团广东有限公司 | Method and device for obtaining IP black list |
| CN106254353A (en) * | 2016-08-05 | 2016-12-21 | 杭州迪普科技有限公司 | The update method of IPS strategy and device |
| CN107113228A (en) * | 2014-11-19 | 2017-08-29 | 日本电信电话株式会社 | Control device, border router, control method and control program |
| CN107948195A (en) * | 2017-12-25 | 2018-04-20 | 杭州迪普科技股份有限公司 | A kind of method and device of protection Modbus attacks |
| CN109561109A (en) * | 2019-01-16 | 2019-04-02 | 新华三技术有限公司 | A kind of message processing method and device |
| CN109714313A (en) * | 2018-11-20 | 2019-05-03 | 远江盛邦(北京)网络安全科技股份有限公司 | The method of anti-crawler |
| CN110381053A (en) * | 2019-07-16 | 2019-10-25 | 新华三信息安全技术有限公司 | A kind of message filtering method and device |
| CN111526150A (en) * | 2020-04-28 | 2020-08-11 | 吴飞 | Zero-trust automation rule releasing platform and releasing method for single-cluster or multi-cluster cloud computer remote operation and maintenance port |
| CN112567713A (en) * | 2018-08-17 | 2021-03-26 | 大陆汽车有限责任公司 | Anti-attack network interface |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11722459B1 (en) | 2021-06-07 | 2023-08-08 | Wells Fargo Bank, N.A. | Cumulative sum model for IP deny lists |
| US11601435B1 (en) | 2021-06-07 | 2023-03-07 | Wells Fargo Bank, N.A. | System and method for graduated deny lists |
| US11855989B1 (en) | 2021-06-07 | 2023-12-26 | Wells Fargo Bank, N.A. | System and method for graduated deny list |
-
2006
- 2006-03-04 CN CNB2006100341552A patent/CN100471172C/en active Active
Cited By (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101669347A (en) * | 2007-04-23 | 2010-03-10 | 国际商业机器公司 | Method and apparatus for detecting port scans with fake source address |
| CN100563149C (en) * | 2007-04-25 | 2009-11-25 | 华为技术有限公司 | A kind of DHCP monitor method and device thereof |
| WO2008141584A1 (en) * | 2007-05-22 | 2008-11-27 | Huawei Technologies Co., Ltd. | Message processing method, system, and equipment |
| CN100586106C (en) * | 2007-05-22 | 2010-01-27 | 华为技术有限公司 | Message processing method, system and equipment |
| CN101227467B (en) * | 2008-01-08 | 2011-11-30 | 中兴通讯股份有限公司 | Apparatus for managing black list |
| WO2009140889A1 (en) * | 2008-05-20 | 2009-11-26 | 成都市华为赛门铁克科技有限公司 | Data transmission control method and data transmission control apparatus |
| CN101599889B (en) * | 2008-06-06 | 2013-01-16 | 中兴通讯股份有限公司 | Method for preventing MAC address deceiving in Ethernet exchange equipment |
| TWI455526B (en) * | 2009-12-21 | 2014-10-01 | Fih Hong Kong Ltd | Modem and power saving method |
| CN103825900A (en) * | 2014-02-28 | 2014-05-28 | 广州云宏信息科技有限公司 | Website access method and device and filter form downloading and updating method and system |
| CN105490954A (en) * | 2014-09-19 | 2016-04-13 | 中兴通讯股份有限公司 | Method and device for controlling network data flow |
| WO2016041346A1 (en) * | 2014-09-19 | 2016-03-24 | 中兴通讯股份有限公司 | Network data traffic control method and device |
| CN104270364A (en) * | 2014-09-30 | 2015-01-07 | 杭州华三通信技术有限公司 | Message processing method and device for hypertext transfer protocol |
| CN104270364B (en) * | 2014-09-30 | 2018-01-12 | 新华三技术有限公司 | A kind of Hypertext Transfer Protocol message treating method and apparatus |
| US10652211B2 (en) | 2014-11-19 | 2020-05-12 | Nippon Telegraph And Telephone Corporation | Control device, border router, control method, and control program |
| CN107113228B (en) * | 2014-11-19 | 2020-07-31 | 日本电信电话株式会社 | Control device, border router, control method, and computer-readable storage medium |
| CN107113228A (en) * | 2014-11-19 | 2017-08-29 | 日本电信电话株式会社 | Control device, border router, control method and control program |
| CN105721406A (en) * | 2014-12-05 | 2016-06-29 | 中国移动通信集团广东有限公司 | Method and device for obtaining IP black list |
| CN106254353A (en) * | 2016-08-05 | 2016-12-21 | 杭州迪普科技有限公司 | The update method of IPS strategy and device |
| CN107948195A (en) * | 2017-12-25 | 2018-04-20 | 杭州迪普科技股份有限公司 | A kind of method and device of protection Modbus attacks |
| CN107948195B (en) * | 2017-12-25 | 2020-12-04 | 杭州迪普科技股份有限公司 | Method and device for protecting Modbus attack |
| CN112567713A (en) * | 2018-08-17 | 2021-03-26 | 大陆汽车有限责任公司 | Anti-attack network interface |
| CN112567713B (en) * | 2018-08-17 | 2023-09-05 | 大陆汽车科技有限公司 | Attack-proof network interface |
| CN109714313A (en) * | 2018-11-20 | 2019-05-03 | 远江盛邦(北京)网络安全科技股份有限公司 | The method of anti-crawler |
| CN109561109A (en) * | 2019-01-16 | 2019-04-02 | 新华三技术有限公司 | A kind of message processing method and device |
| CN110381053A (en) * | 2019-07-16 | 2019-10-25 | 新华三信息安全技术有限公司 | A kind of message filtering method and device |
| CN111526150A (en) * | 2020-04-28 | 2020-08-11 | 吴飞 | Zero-trust automation rule releasing platform and releasing method for single-cluster or multi-cluster cloud computer remote operation and maintenance port |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100471172C (en) | 2009-03-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1874303A (en) | Method for implementing black sheet | |
| CN101087196B (en) | Multi-layer honey network data transmission method and system | |
| CN102263788B (en) | Method and equipment for defending against denial of service (DDoS) attack to multi-service system | |
| WO2017148263A1 (en) | Prevention and control method, apparatus and system for network attack | |
| US7540025B2 (en) | Mitigating network attacks using automatic signature generation | |
| US7624446B1 (en) | Efficient signature packing for an intrusion detection system | |
| CN1968271A (en) | Method and apparatus for identifying and disabling worms in communication networks | |
| CN101039326A (en) | Service flow recognition method, apparatus and method and system for defending distributed refuse attack | |
| US20040181694A1 (en) | Method for blocking denial of service and address spoofing attacks on a private network | |
| JP2020530638A (en) | Malware Host NetFlow Analysis System and Method | |
| CN101056306A (en) | Network device and its access control method | |
| CN108683686B (en) | Random sub-domain DDoS attack detection method | |
| CN101123614B (en) | A method and communication device for processing address parsing protocol packet | |
| CN1612532A (en) | Host-based network intrusion detection systems | |
| CN1655518A (en) | Network security system and method | |
| WO2009135396A1 (en) | Network attack processing method, processing device and network analyzing and monitoring center | |
| CN1725705A (en) | Method for detecting flow attacking message characteristic of network equipment | |
| CN1893375A (en) | System and method for detection and mitigation of distributed denial of service attacks | |
| CN101039176A (en) | DHCP monitoring method and apparatus thereof | |
| CN1578227A (en) | Dynamic IP data packet filtering method | |
| CN1878082A (en) | Protective method for network attack | |
| KR100996288B1 (en) | A method for neutralizing the ARP spoofing attack by using counterfeit MAC addresses | |
| CN102624750B (en) | Resist the method and system that DNS recurrence is attacked | |
| CN1175621C (en) | Method of detecting and monitoring malicious user host machine attack | |
| CN109756480B (en) | DDoS attack defense method, device, electronic equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |