WO2013086832A1 - Method and device for suppressing impact of snmp packets - Google Patents

Method and device for suppressing impact of snmp packets Download PDF

Info

Publication number
WO2013086832A1
WO2013086832A1 PCT/CN2012/075306 CN2012075306W WO2013086832A1 WO 2013086832 A1 WO2013086832 A1 WO 2013086832A1 CN 2012075306 W CN2012075306 W CN 2012075306W WO 2013086832 A1 WO2013086832 A1 WO 2013086832A1
Authority
WO
WIPO (PCT)
Prior art keywords
snmp
address
module
impact
packets
Prior art date
Application number
PCT/CN2012/075306
Other languages
French (fr)
Chinese (zh)
Inventor
强伟峰
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2013086832A1 publication Critical patent/WO2013086832A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/32Flow control; Congestion control by discarding or delaying data units, e.g. packets or frames
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/0213Standardised network management protocols, e.g. simple network management protocol [SNMP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0604Management of faults, events, alarms or notifications using filtering, e.g. reduction of information by using priority, element types, position or time
    • H04L41/0622Management of faults, events, alarms or notifications using filtering, e.g. reduction of information by using priority, element types, position or time based on time

Definitions

  • the present invention relates to the field of network technologies, and in particular, to a simple network management protocol.
  • SNMP is the most widely used network management protocol in TCP/IP networks. After years of development and application, SNMP has become the de facto standard for network management.
  • the SNMP-based network management consists of two parts: a network management station (Manager) and a managed network unit (Agent).
  • the network management station can also be called a management process, and the network unit can also be called a proxy device.
  • the network device is affected by SNMP packets.
  • SNMP packets In some cases, a large number of SNMP packets are generated, which is several thousand per second. These SNMP packets point to the same IP address. Some of these situations are caused by network device failures, and some are malicious attacks.
  • Related solutions have not yet been proposed to avoid the problem of network devices being affected by SNMP packets. Summary of the invention
  • the embodiment of the invention provides a method and a device for suppressing the impact of an SNMP packet, which are used to solve the problem that the network device in the prior art is affected by the SNMP packet.
  • the method for suppressing the impact of the SNMP packet includes: the network unit determines whether the number of SNMP packets received within the predetermined time reaches a preset limit, and obtains a judgment result; when the number of SNMP packets exceeds a preset limit, the network The unit will receive more than the preset limit within the predetermined time. SNMP packets are discarded.
  • the network unit determines whether the number of SNMP packets received within the predetermined time reaches a preset limit, and obtains a determination result that: the network unit updates the SNMP received in the first predetermined time period when receiving the new SNMP message. The number of packets; and the network unit determines whether the current time reaches the second predetermined time, and if not, determines whether the number of SNMP packets reaches the preset limit.
  • the method for suppressing the impact of the SNMP packet further includes: filtering, by the network unit, based on the predetermined mask list Illegal SNMP packets.
  • the predetermined mask list is: a list consisting of a preset illegal IP address or an illegal MAC address.
  • the network unit filters out the illegal SNMP message based on the predetermined mask list, including: the network unit acquires the source IP address or the source MAC address of the received SNMP message; the network unit reaches a comparison result; the network unit compares the result to the source When the IP address or source MAC address is an illegal IP address or an illegal MAC address, the SNMP packets corresponding to the source IP address or the source MAC address are discarded.
  • an apparatus for suppressing an impact of an SNMP message is provided, and the following technical solutions are adopted:
  • the device for suppressing the impact of the SNMP packet includes: a determining module, configured to determine whether the number of SNMP packets received within a predetermined time reaches a preset limit, and obtain a judgment result; and the first discarding module is set to be in the judgment result When the number of SNMP packets exceeds the preset limit, the SNMP packets received within the preset time limit exceeding the preset limit are discarded.
  • the determining module includes an updating module, configured to update the number of SNMP packets received in the first predetermined time period when receiving the new SNMP message; and determining the submodule, Set to determine whether the current time reaches the second predetermined time. If not, determine whether the number of SNMP packets reaches the preset limit.
  • the device for suppressing the impact of the SNMP packet further includes: a filtering module, configured to filter the illegal SNMP packet according to the predetermined mask list.
  • the filtering module includes an obtaining module, configured to obtain a source IP address or a source MAC address of the received SNMP packet, and a comparison module, configured to compare the source IP address or the source MAC address with the illegal IP address or the illegal MAC address. And obtaining a comparison result; and the second discarding module is set to be the source IP address or the source MAC address is an illegal IP address or illegally found, and the technical solution described in the embodiment of the present invention has the following advantages:
  • FIG. 3 is a specific flowchart of a method for suppressing an impact of an SNMP packet according to the embodiment of the present invention
  • FIG. 4 is a schematic structural diagram of an apparatus for suppressing an impact of an SNMP packet according to an embodiment of the present invention. detailed description
  • the network unit determines whether the number of SNMP packets received within the predetermined time reaches a preset limit, and obtains a judgment result;
  • the limit of the number of packets is set in a unit time, and when a large number of SNMP packets are impacted on the device, the SNMP packets exceeding the quota are discarded, so that the device does not appear. In addition to discarding some SNMP packets, other functions work normally.
  • the network unit determines whether the number of SNMP packets received within the predetermined time reaches a preset limit, and obtains a determination result that: the network unit updates the SNMP received in the first predetermined time period when receiving the new SNMP message. The number of packets; and the network unit determines whether the current time reaches the second predetermined time, and if not, determines whether the number of SNMP packets reaches the preset limit.
  • the specific implementation of the foregoing embodiment may be: Whenever there is an SNMP message, first update the number of SNMP packets received in the current second, and then check whether the current time reaches the next second: If the next second is reached, it will indicate The number of SNMP packets received in the current second is zero. If the next second is not received, check whether the number of SNMP packets processed in the current second reaches the limit. If not, continue processing. If it is reached, discard the current one. SNMP packets are not processed.
  • the method for suppressing the impact of the SNMP packet before the network unit determines that the number of SNMP packets received in the predetermined time period reaches a preset limit includes: the network unit filters out the predetermined mask list. Illegal SNMP packets.
  • the method of setting the SNMP packet limit per unit time can effectively reduce the number of SNMP packets processed by the system.
  • the disadvantage is that the SNMP request from the attacker may be filtered together with other legitimate SNMP requests on the network, resulting in the system. The normal working is affected.
  • the SNMP packet can be discarded once, so that the illegal SNMP packet is discarded in advance, and the method for ensuring the legal SNMP packet to participate in the SNMP packet quota is further SNMP files are processed.
  • the predetermined mask list is: a list consisting of a preset illegal IP address or an illegal MAC address.
  • a malicious or illegal or abnormal IP address and MAC address are included in the list, and the source IP address is obtained when receiving the SNMP packet. If the source IP address or the source MAC address is in the list, the corresponding SNMP packet is discarded.
  • the network unit filters out the illegal SNMP message based on the predetermined mask list, including: the network unit acquires the source IP address or the source MAC address of the received SNMP message; the network unit to a comparison result; the network unit compares the result to the source When the IP address or source MAC address is an illegal IP address or an illegal MAC address, the SNMP packets corresponding to the source IP address or the source MAC address are discarded.
  • the IP address or MAC from the mask list can be SNMP packets discarded address, the system handles only valid SNMP requests t
  • Step 201 Read the arrived data from the SNMP port, and put the read data into the buffer area. Only the text shock treatment.
  • Step 203 Decode the SNMP packet, parse the received packet, and convert it into an internal format.
  • Step 204 Security check, check whether the message has permission to operate the MIB change it requires.
  • Step 205 Map the MIB variable to confirm that the requested MIB variable must be in the main MIB tree and can be mapped to the corresponding MIB leaf node.
  • Step 206 After setting the corresponding data, after finding the leaf node of the MIB object on the MIB tree, the corresponding function should be executed according to the requested GET/SET operation to read or modify the data.
  • Step 207 After encoding the result and performing the corresponding operation, the agent needs to convert the internal data structure into the ASN.1 format and put it into the buffer to be sent.
  • Step 208 Send an SNMP message, and call a sending function to send the data to the management station.
  • the device supporting the SNMP protocol has the capability of resisting the impact of the SNMP packet, and the solution has the characteristics of being simple and versatile, and is also suitable for other protocol processing modules.
  • FIG. 3 is a specific flowchart of a method for suppressing an impact of an SNMP packet according to an embodiment of the present invention. As shown in FIG. 3, the specific steps of the method for suppressing the impact of the SNMP packet may be as follows: Step 301: Receive an SNMP packet, read the arrived data from the SNMP port, and put the read data into the buffer.
  • Step 302 Check whether the source IP address or the source MAC address in the SNMP packet is in the masked list. If yes, the program proceeds to step 305 to discard the SNMP packet. If it is not in the mask list, go to step 303.
  • the IP address or MAC address to be masked can be configured in advance through the command line.
  • Step 303 In this step, it is checked whether the SNMP packet received in the current time period has reached the set limit. If the quota is reached, the program proceeds to step 305 to discard the SNMP packet. If not, the process proceeds to step 304 continues processing.
  • the specific method of determining whether the SNMP packet received in the current time period reaches the limit is as follows: Whenever there is an SNMP packet, update the number of SNMP packets received in the current second, and then check whether the current time is up. Next second: If the next second is reached, it will indicate that the number of SNMP packets received in the current second is zero; if it is not the next second, it checks whether the number of SNMP messages processed in the current second reaches the limit, if not Reach, continue processing, if it is reached, the program discards the current SNMP message and does not process it.
  • Step 304 In this step, the processing of the SNMP ⁇ message is continued, and the normal processing procedure is entered.
  • the method of processing the SNMP packet limit and the method of filtering the illegal address in the unit time is minimized, so that the impact of the SNMP packet impact on the system is minimized.
  • FIG. 4 is a schematic structural diagram of an apparatus for suppressing an impact of an SNMP packet according to an embodiment of the present invention.
  • the apparatus for suppressing the impact of the SNMP packet includes a determining module 41, configured to determine whether the number of SNMP packets received within a predetermined time reaches a preset limit, and obtain a judgment result; and the first discarding module 43, set to the number of SNMP packets in the judgment result exceeds the pre- When a quota is set, SNMP packets that exceed the preset limit received within the predetermined time are discarded.
  • the determining module 41 includes an update module (not shown), configured to update the number of SNMP packets received within the current predetermined time before receiving the new SNMP message; and determining the sub-module (not shown) Set to determine whether the current time is within a predetermined period of time. If yes, determine whether the number of SNMP packets reaches the preset limit.
  • the apparatus for suppressing the impact of the SNMP packet further includes a filtering module (not shown) configured to filter the illegal SNMP packet based on the predetermined mask list.
  • the filtering module includes an ear block (not shown), configured to obtain a source IP address or a source MAC address of the received SNMP message; and a comparison module (not shown) , configured to compare the source IP address or the source MAC address with the illegal IP address or the illegal MAC address to obtain a comparison result; and the second discarding module (not shown), set to compare the result address or the source MAC address The corresponding SNMP ⁇ text is discarded.
  • the SNMP number exceeding the quota part is discarded in the case that a large number of SNMP packets impact the device when the number of packets is set in a unit time. For example, you can make the device not down. In addition to discarding some SNMP packets, other functions work normally. You can also eliminate the impact of abnormal SNMP packets by setting an illegal IP address or non-filtering.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides a method and device for suppressing an impact of SNMP packets, used for resisting the impact from SNMP packets. The method for suppressing an impact of SNMP packets comprises: a network unit determining whether the number of SNMP packets received in a preset time reaches a preset limit, and obtaining a determination result; and when the determination result is that the number of the SNMP packets exceeds the preset limit, the network unit discarding the SNMP packets that exceed the present limit and are received in the present time. The technical solutions of the present invention effectively resist the impact from the SNMP packets.

Description

抑制 SNMP报文冲击的方法与装置 技术领域  Method and device for suppressing SNMP packet impact
本发明涉及网络技术领域, 尤其涉及一种抑制简单网络管理协议 The present invention relates to the field of network technologies, and in particular, to a simple network management protocol.
( Simple Network Management Protocol , SNMP )才艮文沖击的方法与装置。 背景技术 (Simple Network Management Protocol, SNMP) is a method and device for attacking texts. Background technique
SNMP是目前 TCP/IP网络中应用最为广泛的网络管理协议, 经过多年 的发展应用已经成为网络管理的事实上的标准。 基于 SNMP的网络管理包 含两个部分: 网络管理站(Manager )和被管的网络单元(Agent ), 其中, 网络管理站也可称为管理进程, 网络单元也可称为代理设备。  SNMP is the most widely used network management protocol in TCP/IP networks. After years of development and application, SNMP has become the de facto standard for network management. The SNMP-based network management consists of two parts: a network management station (Manager) and a managed network unit (Agent). The network management station can also be called a management process, and the network unit can also be called a proxy device.
在实际网络应用中, 网络设备存在受到 SNMP报文沖击的问题, 即有 时会出现大量的 SNMP报文, 每秒达到几千个之多, 这些 SNMP报文指向 同一个 IP地址。 这种情况的出现有些是因为网络设备故障引起的, 有些是 人为进行的恶意攻击。 目前尚未提出相关解决方案以避免网络设备存在受 到 SNMP报文沖击的问题。 发明内容  In an actual network application, the network device is affected by SNMP packets. In some cases, a large number of SNMP packets are generated, which is several thousand per second. These SNMP packets point to the same IP address. Some of these situations are caused by network device failures, and some are malicious attacks. Related solutions have not yet been proposed to avoid the problem of network devices being affected by SNMP packets. Summary of the invention
本发明实施例提供一种抑制 SNMP报文沖击的方法与装置, 用于解决 现有技术中网络设备存在受到 SNMP报文沖击的问题。  The embodiment of the invention provides a method and a device for suppressing the impact of an SNMP packet, which are used to solve the problem that the network device in the prior art is affected by the SNMP packet.
为实现本发明的目的, 根据本发明实施例的一个方面, 提供一种抑制 SNMP报文沖击的方法, 采用了以下技术方案:  In order to achieve the object of the present invention, according to an aspect of the embodiments of the present invention, a method for suppressing an impact of an SNMP packet is provided, and the following technical solutions are adopted:
抑制 SNMP报文沖击的方法包括: 网络单元判断预定时间内接收到的 SNMP报文数量是否达到预设限额,并得一判断结果;在判断结果为 SNMP 报文数量超过预设限额时, 网络单元将预定时间内接收的超出预设限额的 SNMP报文丟弃。 The method for suppressing the impact of the SNMP packet includes: the network unit determines whether the number of SNMP packets received within the predetermined time reaches a preset limit, and obtains a judgment result; when the number of SNMP packets exceeds a preset limit, the network The unit will receive more than the preset limit within the predetermined time. SNMP packets are discarded.
进一步地, 网络单元判断预定时间内接收到的 SNMP报文数量是否达 到预设限额, 并得一判断结果包括: 网络单元在接收新的 SNMP报文时更 新当前第一预定时间内接收到的 SNMP报文的数量; 以及网络单元判断当 前时间是否到达第二预定时间, 若否, 判断 SNMP报文的数量是否到达预 设限额。  Further, the network unit determines whether the number of SNMP packets received within the predetermined time reaches a preset limit, and obtains a determination result that: the network unit updates the SNMP received in the first predetermined time period when receiving the new SNMP message. The number of packets; and the network unit determines whether the current time reaches the second predetermined time, and if not, determines whether the number of SNMP packets reaches the preset limit.
进一步地, 在网络单元判断预定时间内接收到的 SNMP报文数量是否 达到预设限额, 并得一判断结果之前, 抑制 SNMP报文沖击的方法还包括: 网络单元基于预定的屏蔽列表过滤掉非法 SNMP报文。  Further, before the network unit determines whether the number of SNMP packets received within a predetermined time reaches a preset limit, and before obtaining a determination result, the method for suppressing the impact of the SNMP packet further includes: filtering, by the network unit, based on the predetermined mask list Illegal SNMP packets.
进一步地,预定的屏蔽列表为: 由预先设定的非法 IP地址或非法 MAC 地址组成的列表。  Further, the predetermined mask list is: a list consisting of a preset illegal IP address or an illegal MAC address.
进一步地,网络单元基于预定的屏蔽列表过滤掉非法 SNMP报文包括: 网络单元获取接收到的 SNMP报文的源 IP地址或源 MAC地址; 网络单元 到一比较结果; 网络单元在比较结果为源 IP地址或源 MAC地址为非法 IP 地址或非法 MAC地址时, 将与源 IP地址或源 MAC地址对应的 SNMP报 文丟弃。  Further, the network unit filters out the illegal SNMP message based on the predetermined mask list, including: the network unit acquires the source IP address or the source MAC address of the received SNMP message; the network unit reaches a comparison result; the network unit compares the result to the source When the IP address or source MAC address is an illegal IP address or an illegal MAC address, the SNMP packets corresponding to the source IP address or the source MAC address are discarded.
根据本发明的另外一个方面, 提供一种抑制 SNMP报文沖击的装置, 并采用以下技术方案:  According to another aspect of the present invention, an apparatus for suppressing an impact of an SNMP message is provided, and the following technical solutions are adopted:
抑制 SNMP报文沖击的装置包括: 判断模块, 设置为判断预定时间内 接收到的 SNMP报文数量是否达到预设限额, 并得一判断结果; 以及第一 丟弃模块, 设置为在判断结果为 SNMP报文数量超过预设限额时, 将预定 时间内接收的超过预设限额的 SNMP报文丟弃。  The device for suppressing the impact of the SNMP packet includes: a determining module, configured to determine whether the number of SNMP packets received within a predetermined time reaches a preset limit, and obtain a judgment result; and the first discarding module is set to be in the judgment result When the number of SNMP packets exceeds the preset limit, the SNMP packets received within the preset time limit exceeding the preset limit are discarded.
进一步地, 判断模块包括更新模块, 设置为在接收新的 SNMP报文时 更新当前第一预定时间内接收到的 SNMP报文的数量; 以及判断子模块, 设置为判断当前时间是否到达第二预定时间, 若否, 判断 SNMP报文的数 量是否到达预设限额。 Further, the determining module includes an updating module, configured to update the number of SNMP packets received in the first predetermined time period when receiving the new SNMP message; and determining the submodule, Set to determine whether the current time reaches the second predetermined time. If not, determine whether the number of SNMP packets reaches the preset limit.
进一步地, 抑制 SNMP报文沖击的装置还包括: 过滤模块, 设置为基 于预定的屏蔽列表过滤掉非法 SNMP报文。  Further, the device for suppressing the impact of the SNMP packet further includes: a filtering module, configured to filter the illegal SNMP packet according to the predetermined mask list.
进一步地, 过滤模块包括获取模块, 设置为获取接收到的 SNMP报文 的源 IP地址或源 MAC地址; 比较模块, 设置为将源 IP地址或源 MAC地 址与非法 IP地址或非法 MAC地址进行比较, 得到一比较结果; 以及第二 丟弃模块,设置为在比较结果为源 IP地址或源 MAC为非法 IP地址或非法 可以发现, 本发明实施例所述的技术方案具有以下优势:  Further, the filtering module includes an obtaining module, configured to obtain a source IP address or a source MAC address of the received SNMP packet, and a comparison module, configured to compare the source IP address or the source MAC address with the illegal IP address or the illegal MAC address. And obtaining a comparison result; and the second discarding module is set to be the source IP address or the source MAC address is an illegal IP address or illegally found, and the technical solution described in the embodiment of the present invention has the following advantages:
1.通过在单位时间内设置报文数量的限额, 在大量 SNMP报文沖击设 备的情况下, 丟弃超出限额部分的 SNMP报文, 则可以使设备不会出现宕 机, 除丟弃了部分 SNMP报文外, 其他功能正常运作。  1. By setting the limit of the number of packets in a unit of time, if a large number of SNMP packets are impacted on the device and the SNMP packets exceeding the quota are discarded, the device will not be down, except for the device. In addition to some SNMP messages, other functions work normally.
2.通过设置包含非法 IP地址或非法 MAC 地址的列表, 可以对异常 SNMP报文的 IP地址或 MAC地址进行过滤, 消除异常 SNMP报文造成的 影响。 附图说明  2. By setting a list of illegal IP addresses or illegal MAC addresses, you can filter the IP addresses or MAC addresses of abnormal SNMP packets to eliminate the impact of abnormal SNMP packets. DRAWINGS
处理流程图; Processing flow chart;
图 3为本发明所述实施例所述抑制 SNMP报文沖击的方法的具体流程 图; 以及  FIG. 3 is a specific flowchart of a method for suppressing an impact of an SNMP packet according to the embodiment of the present invention;
图 4为本发明实施例所述抑制 SNMP报文沖击的装置的结构示意图。 具体实施方式 FIG. 4 is a schematic structural diagram of an apparatus for suppressing an impact of an SNMP packet according to an embodiment of the present invention. detailed description
以下结合附图对本发明的实施例进行详细说明, 但是本发明可以由权 利要求限定和覆盖的多种不同方式实施。  The embodiments of the present invention are described in detail below with reference to the drawings, but the present invention may be embodied in many different ways as defined and covered by the claims.
S101 : 网络单元判断预定时间内接收到的 SNMP报文数量是否达到预 设限额, 并得一判断结果; S101: The network unit determines whether the number of SNMP packets received within the predetermined time reaches a preset limit, and obtains a judgment result;
S103: 在判断结果为 SNMP报文数量超过预设限额时, 网络单元将预 定时间内接收的超出预设限额的 SNMP报文丟弃。  S103: When the number of SNMP packets exceeds the preset limit, the network unit discards the SNMP packets that exceed the preset limit received in the predetermined time.
通过本实施例的上述技术方案, 在单位时间内设置报文数量的限额, 在大量 SNMP报文沖击设备的情况下, 丟弃超出限额部分的 SNMP报文, 则可以使设备不会出现宕机, 除丟弃了部分 SNMP报文外, 其他功能正常 运作。  With the above technical solution of the embodiment, the limit of the number of packets is set in a unit time, and when a large number of SNMP packets are impacted on the device, the SNMP packets exceeding the quota are discarded, so that the device does not appear. In addition to discarding some SNMP packets, other functions work normally.
优选地, 网络单元判断预定时间内接收到的 SNMP报文数量是否达到 预设限额, 并得一判断结果包括: 网络单元在接收新的 SNMP报文时更新 当前第一预定时间内接收到的 SNMP报文的数量; 以及网络单元判断当前 时间是否到达第二预定时间, 若否, 判断 SNMP报文的数量是否到达预设 限额。  Preferably, the network unit determines whether the number of SNMP packets received within the predetermined time reaches a preset limit, and obtains a determination result that: the network unit updates the SNMP received in the first predetermined time period when receiving the new SNMP message. The number of packets; and the network unit determines whether the current time reaches the second predetermined time, and if not, determines whether the number of SNMP packets reaches the preset limit.
上述实施例的具体做法可以为: 每当有 SNMP报文来时, 先更新当前 这秒接收到的 SNMP报文数, 然后检查当前时间是否到下一秒: 如果到了 下一秒, 就将表示当前这秒接收到的 SNMP报文数请零; 如果没到下一秒, 就检查当前这秒处理的 SNMP报文数是否达到限额, 如果没有达到, 继续 处理, 如果达到了, 丟弃当前的 SNMP报文, 不作处理。  The specific implementation of the foregoing embodiment may be: Whenever there is an SNMP message, first update the number of SNMP packets received in the current second, and then check whether the current time reaches the next second: If the next second is reached, it will indicate The number of SNMP packets received in the current second is zero. If the next second is not received, check whether the number of SNMP packets processed in the current second reaches the limit. If not, continue processing. If it is reached, discard the current one. SNMP packets are not processed.
通过本实施例的上述技术方案,在大量的 SNMP报文沖击网络单元时, 会消耗设备大量的 CPU和内存资源, 轻则影响设备正常工作, 重则让设备 处于瘫痪状态。 通过设置每秒处理的 SNMP报文限额, 将超过此限额的报 文丟弃, 这样大量的报文在 SNMP协议处理的起始阶段就被丟弃了, 减少 了对系统资源的占用。 With the above technical solution of the embodiment, when a large number of SNMP packets impact the network element, a large amount of CPU and memory resources of the device are consumed, which affects the normal operation of the device, and the device is allowed to be used. In a state of paralysis. Packets that exceed this limit are discarded by setting the limit of the SNMP packets processed per second. The large number of packets are discarded at the initial stage of SNMP processing, which reduces the occupation of system resources.
优选地, 在网络单元判断预定时间内接收到的 SNMP报文数量是否达 到预设限额, 并得一判断结果之前, 抑制 SNMP报文沖击的方法还包括: 网络单元基于预定的屏蔽列表过滤掉非法 SNMP报文。  Preferably, the method for suppressing the impact of the SNMP packet before the network unit determines that the number of SNMP packets received in the predetermined time period reaches a preset limit, and the method for suppressing the impact of the SNMP packet includes: the network unit filters out the predetermined mask list. Illegal SNMP packets.
对于设定单位时间处理 SNMP报文限额的方法能有效减少系统处理的 SNMP报文数, 但存在的缺点是可能将来自攻击方的 SNMP请求和网络上 其他合法的 SNMP请求一起过滤了, 导致系统正常工作受到影响, 通过本 实施例的上述技术方案, 可以先对 SNMP报文进行一次过虑, 从而将非法 SNMP报文提前丟弃掉, 保证合法的 SNMP报文参与 SNMP报文限额的方 法进一步对 SNMP 文进行处理。  The method of setting the SNMP packet limit per unit time can effectively reduce the number of SNMP packets processed by the system. However, the disadvantage is that the SNMP request from the attacker may be filtered together with other legitimate SNMP requests on the network, resulting in the system. The normal working is affected. With the above technical solution of the embodiment, the SNMP packet can be discarded once, so that the illegal SNMP packet is discarded in advance, and the method for ensuring the legal SNMP packet to participate in the SNMP packet quota is further SNMP files are processed.
优选地, 预定的屏蔽列表为: 由预先设定的非法 IP地址或非法 MAC 地址组成的列表。  Preferably, the predetermined mask list is: a list consisting of a preset illegal IP address or an illegal MAC address.
对于事先知道的属于恶意或非法或异常的 IP地址和 MAC地址, 通过 建立一个列表, 将这些属于恶意或非法或异常的 IP地址和 MAC地址纳入 其中, 在接收 SNMP报文时, 获取其源 IP地址或源 MAC地址, 如果该源 IP地址或源 MAC地址在该列表中, 则丟弃与之对应的 SNMP报文。  For a malicious or illegal or abnormal IP address and MAC address that is known in advance, a malicious or illegal or abnormal IP address and MAC address are included in the list, and the source IP address is obtained when receiving the SNMP packet. If the source IP address or the source MAC address is in the list, the corresponding SNMP packet is discarded.
优选地, 网络单元基于预定的屏蔽列表过滤掉非法 SNMP报文包括: 网络单元获取接收到的 SNMP报文的源 IP地址或源 MAC地址; 网络单元 到一比较结果; 网络单元在比较结果为源 IP地址或源 MAC地址为非法 IP 地址或非法 MAC地址时, 将与源 IP地址或源 MAC地址对应的 SNMP报 文丟弃。  Preferably, the network unit filters out the illegal SNMP message based on the predetermined mask list, including: the network unit acquires the source IP address or the source MAC address of the received SNMP message; the network unit to a comparison result; the network unit compares the result to the source When the IP address or source MAC address is an illegal IP address or an illegal MAC address, the SNMP packets corresponding to the source IP address or the source MAC address are discarded.
通过本实施的上述技术方案,可以将来自屏蔽列表中的 IP地址或 MAC 地址的 SNMP报文丟弃, 使系统只处理合法的 SNMP请求 t Through the above technical solution of the implementation, the IP address or MAC from the mask list can be SNMP packets discarded address, the system handles only valid SNMP requests t
.明实施例所述带有抑刺 ¾1 M ί艮人 T 万 处理流程图。  The flow chart of the T-processing of the thorn suppression 3⁄41 M 艮 所述 is described in the embodiment.
参见图 2所示,对于正常的 SNMP报文处理流程来说,加入抑制 SNMP 报文沖击方法的具体步驟可以为:  As shown in Figure 2, the specific steps for adding a method for suppressing SNMP packet attacks are as follows:
步驟 201 : 从 SNMP端口读取到达的数据, 并将读取的数据放入緩沖 区。 才艮文沖击处理。  Step 201: Read the arrived data from the SNMP port, and put the read data into the buffer area. Only the text shock treatment.
步驟 203: 对 SNMP报文进行解码, 对接收的报文进行语法分析并转 化为内部格式。  Step 203: Decode the SNMP packet, parse the received packet, and convert it into an internal format.
步驟 204: 安全性检查, 检查该报文是否有权限操作它要求的 MIB变 步驟 205: 映射 MIB变量, 确认被请求的 MIB变量必须在主 MIB树 上, 并能映射到相应的 MIB叶节点。  Step 204: Security check, check whether the message has permission to operate the MIB change it requires. Step 205: Map the MIB variable to confirm that the requested MIB variable must be in the main MIB tree and can be mapped to the corresponding MIB leaf node.
步驟 206: 设置相应数据, 在 MIB树上找到 MIB对象的叶节点后, 就 应根据请求的 GET/SET操作来执行相应的函数来读取或修改数据。  Step 206: After setting the corresponding data, after finding the leaf node of the MIB object on the MIB tree, the corresponding function should be executed according to the requested GET/SET operation to read or modify the data.
步驟 207: 对结果编码, 执行完成相应的操作后, 代理需要将内部的数 据结构转化为 ASN.1格式, 并放入緩沖区准备发送。  Step 207: After encoding the result and performing the corresponding operation, the agent needs to convert the internal data structure into the ASN.1 format and put it into the buffer to be sent.
步驟 208: 发送 SNMP报文, 调用发送函数将数据发送给管理站。 通过本实施例的上述技术方案, 使得支持 SNMP协议的设备具备抵御 SNMP报文沖击的能力,并且本方案具有简单易行通用性强的特点, 也适合 其他的协议处理模块。  Step 208: Send an SNMP message, and call a sending function to send the data to the management station. With the above technical solution of the embodiment, the device supporting the SNMP protocol has the capability of resisting the impact of the SNMP packet, and the solution has the characteristics of being simple and versatile, and is also suitable for other protocol processing modules.
图 3为本发明所述实施例所述抑制 SNMP报文沖击的方法的具体流程 参见图 3所示, 抑制 SNMP 4艮文沖击的方法的具体步驟可以为: 步驟 301 : 接收 SNMP报文, 从 SNMP端口读取到达的数据, 并将读 取的数据放入緩沖区。 FIG. 3 is a specific flowchart of a method for suppressing an impact of an SNMP packet according to an embodiment of the present invention; As shown in FIG. 3, the specific steps of the method for suppressing the impact of the SNMP packet may be as follows: Step 301: Receive an SNMP packet, read the arrived data from the SNMP port, and put the read data into the buffer.
步驟 302: 检查 SNMP报文中的源 IP地址或者源 MAC地址是否在屏 蔽的列表中, 如果在, 程序进入步驟 305丟弃此 SNMP报文, 如果不在屏 蔽列表中, 进入 303步驟中。 需要屏蔽的 IP地址或 MAC地址, 可以事先 通过命令行等方式进行配置。  Step 302: Check whether the source IP address or the source MAC address in the SNMP packet is in the masked list. If yes, the program proceeds to step 305 to discard the SNMP packet. If it is not in the mask list, go to step 303. The IP address or MAC address to be masked can be configured in advance through the command line.
步驟 303: 在此环节中检查当前这秒的时间段内收到的 SNMP报文是 否已经达到设定的限额, 如果达到限额, 程序进入步驟 305丟弃此 SNMP 报文, 如果没有达到, 进入步驟 304继续处理。  Step 303: In this step, it is checked whether the SNMP packet received in the current time period has reached the set limit. If the quota is reached, the program proceeds to step 305 to discard the SNMP packet. If not, the process proceeds to step 304 continues processing.
判断当前这秒的时间段内收到的 SNMP报文是否达到限额的具体做法 如下: 每当有 SNMP报文来时, 先更新当前这秒接收到的 SNMP报文数, 然后检查当前时间是否到下一秒: 如果到了下一秒, 就将表示当前这秒接 收到的 SNMP报文数请零;如果没到下一秒,就检查当前这秒处理的 SNMP 艮文数是否达到限额, 如果没有达到, 继续处理, 如果达到了, 程序丟弃 当前的 SNMP报文, 不作处理。  The specific method of determining whether the SNMP packet received in the current time period reaches the limit is as follows: Whenever there is an SNMP packet, update the number of SNMP packets received in the current second, and then check whether the current time is up. Next second: If the next second is reached, it will indicate that the number of SNMP packets received in the current second is zero; if it is not the next second, it checks whether the number of SNMP messages processed in the current second reaches the limit, if not Reach, continue processing, if it is reached, the program discards the current SNMP message and does not process it.
步驟 304: 在此步驟里继续 SNMP ^艮文的处理, 进入 文正常处理程 序。  Step 304: In this step, the processing of the SNMP^ message is continued, and the normal processing procedure is entered.
通过本实施例的上述技术方案, 结合设定单位时间内处理 SNMP报文 限额的方式与非法地址过滤的方式, 使 SNMP报文沖击对系统的影响降低 到最小。  With the above technical solution of the present embodiment, the method of processing the SNMP packet limit and the method of filtering the illegal address in the unit time is minimized, so that the impact of the SNMP packet impact on the system is minimized.
图 4为本发明实施例所述抑制 SNMP报文沖击的装置的结构示意图。 参见图 4所示, 抑制 SNMP报文沖击的装置包括判断模块 41 , 设置为 判断预定时间内接收到的 SNMP报文数量是否达到预设限额, 并得一判断 结果; 以及第一丟弃模块 43 , 设置为在判断结果为 SNMP报文数量超过预 设限额时, 将预定时间内接收的超过预设限额的 SNMP报文丟弃。 FIG. 4 is a schematic structural diagram of an apparatus for suppressing an impact of an SNMP packet according to an embodiment of the present invention. As shown in FIG. 4, the apparatus for suppressing the impact of the SNMP packet includes a determining module 41, configured to determine whether the number of SNMP packets received within a predetermined time reaches a preset limit, and obtain a judgment result; and the first discarding module 43, set to the number of SNMP packets in the judgment result exceeds the pre- When a quota is set, SNMP packets that exceed the preset limit received within the predetermined time are discarded.
优选地, 判断模块 41 包括更新模块(图中未示), 设置为在接收新的 SNMP报文之前更新当前预定时间内接收到的 SNMP报文的数量; 以及判 断子模块(图中未示),设置为判断当前时间是否在一个预定时间的周期内, 若是, 判断 SNMP报文的数量是否到达预设限额。  Preferably, the determining module 41 includes an update module (not shown), configured to update the number of SNMP packets received within the current predetermined time before receiving the new SNMP message; and determining the sub-module (not shown) Set to determine whether the current time is within a predetermined period of time. If yes, determine whether the number of SNMP packets reaches the preset limit.
优选地, 抑制 SNMP报文沖击的装置还包括过滤模块(图中未示), 设 置为基于预定的屏蔽列表过滤掉非法 SNMP报文。  Preferably, the apparatus for suppressing the impact of the SNMP packet further includes a filtering module (not shown) configured to filter the illegal SNMP packet based on the predetermined mask list.
优选地, 过滤模块(图中未示) 包括获耳 4莫块(图中未示), 设置为获 取接收到的 SNMP报文的源 IP地址或源 MAC地址;比较模块(图中未示), 设置为将源 IP地址或源 MAC地址与非法 IP地址或非法 MAC地址进行比 较, 得到一比较结果; 以及第二丟弃模块(图中未示), 设置为在比较结果 址或源 MAC地址对应的 SNMP ^艮文丟弃。  Preferably, the filtering module (not shown) includes an ear block (not shown), configured to obtain a source IP address or a source MAC address of the received SNMP message; and a comparison module (not shown) , configured to compare the source IP address or the source MAC address with the illegal IP address or the illegal MAC address to obtain a comparison result; and the second discarding module (not shown), set to compare the result address or the source MAC address The corresponding SNMP^ text is discarded.
通过本发明的上述实施例, 在出现大量的 SNMP ^艮文时, 通过在单位 时间内设置报文数量的限额, 在大量 SNMP报文沖击设备的情况下, 丟弃 超出限额部分的 SNMP报文, 则可以使设备不会出现宕机, 除丟弃了部分 SNMP报文外, 其他功能正常运作。 还可以通过设置包含非法 IP地址或非 过滤, 消除异常 SNMP报文造成的影响。  With the above-mentioned embodiment of the present invention, when a large number of SNMP messages are generated, the SNMP number exceeding the quota part is discarded in the case that a large number of SNMP packets impact the device when the number of packets is set in a unit time. For example, you can make the device not down. In addition to discarding some SNMP packets, other functions work normally. You can also eliminate the impact of abnormal SNMP packets by setting an illegal IP address or non-filtering.
以上所述仅是本发明的实施方式, 应当指出, 对于本技术领域的普通 技术人员来说, 在不脱离本发明原理的前提下, 还可以作出若干改进和润 饰, 这些改进和润饰也应视为本发明的保护范围。  The above description is only an embodiment of the present invention, and it should be noted that those skilled in the art can also make several improvements and retouchings without departing from the principles of the present invention. These improvements and retouchings should also be considered. It is the scope of protection of the present invention.

Claims

权利要求书 Claim
1. 一种抑制 SNMP 4艮文沖击的方法, 其中, 该方法包括:  A method for suppressing an impact of an SNMP 4 message, wherein the method comprises:
网络单元判断预定时间内接收到的 SNMP报文数量是否达到预设限 额, 并得一判断结果;  The network unit determines whether the number of SNMP packets received within the predetermined time reaches a preset limit, and obtains a judgment result;
在所述判断结果为所述 SNMP报文数量超过所述预设限额时, 所述网 络单元将所述预定时间内接收的超出所述预设限额的 SNMP报文丟弃。  When the number of the SNMP packets exceeds the preset limit, the network unit discards the SNMP packets that are received within the predetermined time and exceeds the preset limit.
2. 如权利要求 1所述的抑制 SNMP报文沖击的方法, 其中, 所述网络 单元判断预定时间内接收到的 SNMP报文数量是否达到预设限额, 并得一 判断结果为:  The method for suppressing the impact of an SNMP packet according to claim 1, wherein the network unit determines whether the number of SNMP packets received within a predetermined time reaches a preset limit, and obtains a judgment result as follows:
所述网络单元在接收新的 SNMP报文时更新当前第一预定时间内接收 到的所述 SNMP报文的数量;  The network unit updates the number of the SNMP packets received in the first predetermined time period when receiving a new SNMP message;
所述网络单元判断当前时间是否到达第二预定时间, 若否, 判断所述 SNMP报文的数量是否到达所述预设限额。  The network unit determines whether the current time reaches the second predetermined time, and if not, determines whether the number of the SNMP packets reaches the preset limit.
3. 如权利要求 1所述的抑制 SNMP报文沖击的方法, 其中, 在所述网 络单元判断预定时间内接收到的 SNMP报文数量是否达到预设限额, 并得 一判断结果之前, 该方法还包括:  The method for suppressing the impact of an SNMP packet according to claim 1, wherein the network unit determines whether the number of SNMP packets received within a predetermined time reaches a preset limit, and before obtaining a judgment result, The method also includes:
所述网络单元基于预定的屏蔽列表过滤掉非法 SNMP报文。  The network unit filters out the illegal SNMP message based on the predetermined mask list.
4. 如权利要求 3所述的抑制 SNMP报文沖击的方法, 其中, 所述预定 的屏蔽列表为:  4. The method for suppressing the impact of an SNMP packet according to claim 3, wherein the predetermined mask list is:
¾1¾光设 ^ ^ 丄
Figure imgf000011_0001
'i 3⁄413⁄4 light setting ^ ^ 丄
Figure imgf000011_0001
'i
5. 如权利要求 4所述的抑制 SNMP报文沖击的方法, 其中, 所述网络 单元基于预定的屏蔽列表过滤掉非法 SNMP报文包括:  The method for suppressing the impact of an SNMP packet according to claim 4, wherein the filtering, by the network unit, the filtering of the illegal SNMP packet based on the predetermined mask list comprises:
所述网络单元获取接收到的所述 SNMP ^艮文的源 IP地址或源 MAC地 址;  Obtaining, by the network unit, a source IP address or a source MAC address of the received SNMP message;
所述网 或所述非法 MAC地址进行比较, 得到一比较结果; The net Or comparing the illegal MAC addresses to obtain a comparison result;
所述网络单元在所述比较结果为所述源 IP地址或所述源 MAC地址为 所述非法 IP地址或所述非法 MAC地址时, 将与所述源 IP地址或所述源 MAC地址对应的 SNMP ^艮文丟弃。  When the comparison result is that the source IP address or the source MAC address is the illegal IP address or the illegal MAC address, the network unit will correspond to the source IP address or the source MAC address. SNMP ^ discarded.
6.一种抑制 SNMP报文沖击的装置, 其中, 该装置包括: 判断模块和 第一丟弃模块; 其中,  An apparatus for suppressing an impact of an SNMP packet, where the apparatus includes: a judging module and a first discarding module; wherein
所述判断模块, 设置为判断预定时间内接收到的 SNMP报文数量是否 达到预设限额, 并得一判断结果; 以及  The determining module is configured to determine whether the number of SNMP packets received within a predetermined time reaches a preset limit, and obtain a judgment result;
所述第一丟弃模块, 设置为在所述判断结果为所述 SNMP报文数量超 过所述预设限额时, 所述将所述预定时间内接收的超过所述预设限额的 SNMP报文丟弃。  The first discarding module is configured to: when the number of the SNMP packets exceeds the preset quota, the SNMP packets that are received in the predetermined time and exceed the preset limit throw away.
7. 如权利要求 6所述的抑制 SNMP报文沖击的装置, 其中, 所述判断 模块包括: 更新模块和判断子模块; 其中,  The apparatus for suppressing the impact of an SNMP packet according to claim 6, wherein the determining module comprises: an updating module and a determining submodule;
所述更新模块, 设置为在接收新的 SNMP报文时更新当前第一预定时 间内接收到的所述 SNMP报文的数量;  The update module is configured to update the number of the SNMP packets received in the first predetermined time period when receiving a new SNMP message;
所述判断子模块, 设置为判断当前时间是否到达第二预定时间, 若否, 判断所述 SNMP报文的数量是否到达所述预设限额。  The determining sub-module is configured to determine whether the current time reaches the second predetermined time, and if not, determine whether the number of the SNMP packets reaches the preset limit.
8. 如权利要求 7所述的抑制 SNMP报文沖击的装置, 其中, 该装置还 包括:  The device for suppressing the impact of an SNMP packet according to claim 7, wherein the device further comprises:
过滤模块, 设置为基于预定的屏蔽列表过滤掉非法 SNMP报文。  The filtering module is configured to filter out illegal SNMP packets based on the predetermined mask list.
9. 如权利要求 8所述的抑制 SNMP报文沖击的装置, 其中, 所述过滤 模块包括: 获取模块、 比较模块和第二丟弃模块; 其中,  The device for suppressing the impact of an SNMP packet according to claim 8, wherein the filtering module comprises: an obtaining module, a comparing module, and a second discarding module;
所述获取模块,设置为获取接收到的所述 SNMP报文的源 IP地址或源 MAC地址;  The obtaining module is configured to obtain a source IP address or a source MAC address of the received SNMP packet;
所述比较模块, 设置为将所述源 IP地址或所述源 MAC地址与所述非 法 IP地址或所述非法 MAC地址进行比较, 得到一比较结果; 以及 所述第二丟弃模块, 设置为在所述比较结果为所述源 IP地址或所述源 MAC地址为所述非法 IP地址或所述非法 MAC地址时, 将所述源 IP地址 或所述源 MAC地址对应的 SNMP ^艮文丟弃。 The comparing module is configured to set the source IP address or the source MAC address to the non- Comparing the legal IP address or the illegal MAC address to obtain a comparison result; and the second discarding module is configured to: when the comparison result is the source IP address or the source MAC address is the illegal IP address When the address or the illegal MAC address is used, the source IP address or the SNMP address corresponding to the source MAC address is discarded.
PCT/CN2012/075306 2011-12-14 2012-05-10 Method and device for suppressing impact of snmp packets WO2013086832A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110418161.9 2011-12-14
CN2011104181619A CN103166784A (en) 2011-12-14 2011-12-14 Method and device for retraining simple network management protocol (SNMP) message impact

Publications (1)

Publication Number Publication Date
WO2013086832A1 true WO2013086832A1 (en) 2013-06-20

Family

ID=48589537

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/075306 WO2013086832A1 (en) 2011-12-14 2012-05-10 Method and device for suppressing impact of snmp packets

Country Status (2)

Country Link
CN (1) CN103166784A (en)
WO (1) WO2013086832A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101184085A (en) * 2007-12-13 2008-05-21 华为技术有限公司 IP telephone terminal and safety communication method thereof
CN101582838A (en) * 2008-05-13 2009-11-18 原创信通电信技术(北京)有限公司 Resource management method of IP telecommunications network routing/exchanging equipment based on threshold value control
CN101834743A (en) * 2010-04-27 2010-09-15 中兴通讯股份有限公司 Processing method and device of SNMP (Simple Network Management Protocol) request message
US8176553B1 (en) * 2001-06-29 2012-05-08 Mcafee, Inc. Secure gateway with firewall and intrusion detection capabilities

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101296182A (en) * 2008-05-20 2008-10-29 华为技术有限公司 Data transmission control method and data transmission control device
CN101286996A (en) * 2008-05-30 2008-10-15 北京星网锐捷网络技术有限公司 Storm attack resisting method and apparatus

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8176553B1 (en) * 2001-06-29 2012-05-08 Mcafee, Inc. Secure gateway with firewall and intrusion detection capabilities
CN101184085A (en) * 2007-12-13 2008-05-21 华为技术有限公司 IP telephone terminal and safety communication method thereof
CN101582838A (en) * 2008-05-13 2009-11-18 原创信通电信技术(北京)有限公司 Resource management method of IP telecommunications network routing/exchanging equipment based on threshold value control
CN101834743A (en) * 2010-04-27 2010-09-15 中兴通讯股份有限公司 Processing method and device of SNMP (Simple Network Management Protocol) request message

Also Published As

Publication number Publication date
CN103166784A (en) 2013-06-19

Similar Documents

Publication Publication Date Title
EP1560398B1 (en) Metering packet flows for limiting effects of denial of service attacks
US8879388B2 (en) Method and system for intrusion detection and prevention based on packet type recognition in a network
US20190230118A1 (en) Ddos attack defense method, system, and related device
EP2309685B1 (en) A method and apparatus for realizing forwarding the reversal transmission path of the unique address
US7818795B1 (en) Per-port protection against denial-of-service and distributed denial-of-service attacks
WO2011140795A1 (en) Method and switching device for preventing media access control address spoofing attack
WO2007045150A1 (en) A system for controlling the security of network and a method thereof
WO2008141548A1 (en) A method and device of preventing attack for network equipment
JP2006517066A (en) Mitigating denial of service attacks
WO2008080314A1 (en) A method, forwarding engine and communication device for message acces control
US20090240804A1 (en) Method and apparatus for preventing igmp packet attack
WO2011129809A2 (en) Method for applying a host security service to a network
CN101340440A (en) Method and apparatus for defending network attack
EP1843624B1 (en) Method for protecting digital subscriber line access multiplexer, DSLAM and XDSL single service board
WO2009121253A1 (en) Network configuring method for preventing attack, method and device for preventing attack
US8006303B1 (en) System, method and program product for intrusion protection of a network
US20110023088A1 (en) Flow-based dynamic access control system and method
WO2017143897A1 (en) Method, device, and system for handling attacks
CN106789892B (en) Universal method for defending distributed denial of service attack for cloud platform
WO2019096104A1 (en) Attack prevention
CN112383559B (en) Address resolution protocol attack protection method and device
KR20180000100A (en) Sdn-based network-attacks blocking system for micro server management system protection
JP2005193590A (en) Printing device
Pande et al. Detection and mitigation of DDoS in SDN
JP2014535195A (en) Method and apparatus for monitoring a mobile radio interface on a mobile terminal

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12857888

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12857888

Country of ref document: EP

Kind code of ref document: A1