WO2016197498A1 - Procédé et dispositif permettant d'empêcher une attaque de réseau, et support d'informations - Google Patents

Procédé et dispositif permettant d'empêcher une attaque de réseau, et support d'informations Download PDF

Info

Publication number
WO2016197498A1
WO2016197498A1 PCT/CN2015/092042 CN2015092042W WO2016197498A1 WO 2016197498 A1 WO2016197498 A1 WO 2016197498A1 CN 2015092042 W CN2015092042 W CN 2015092042W WO 2016197498 A1 WO2016197498 A1 WO 2016197498A1
Authority
WO
WIPO (PCT)
Prior art keywords
message
tcp
information
client
tcp packet
Prior art date
Application number
PCT/CN2015/092042
Other languages
English (en)
Chinese (zh)
Inventor
高飞
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2016197498A1 publication Critical patent/WO2016197498A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks

Definitions

  • the present invention relates to the field of network security, and in particular, to a method and device for preventing network attacks, and a storage medium.
  • the normal transmission control protocol (TCP) connection establishment process includes: the client sends a TCP packet including a handshake (SYN) flag to the access device, and the access device returns a handshake to the client after receiving the packet.
  • the subsequent TCP packet is sent to the access device.
  • the above process is called TCP three-way handshake.
  • the access device cannot receive a response after sending a TCP packet with the SYN+ACK set.
  • the TCP three-way handshake cannot be established.
  • the connection is a semi-join. Normally, the access device resends the TCP packet containing the SYN+ACK set after waiting for a period of time. If the access device waits for a period of time, the access device still cannot receive the packet sent by the client. After the TCP packet with the ACK is set, the access device will try to send again, and the access device discards the connection and releases the memory until the number of times the maximum number of transmissions is reached.
  • the maximum number of received TCP connections of the access device is set to 128, and the number of times the server attempts to resend SYN+ACK packets is set to 5.
  • the number of TCP packets processed per unit time is not limited.
  • the SYN flood attack is the third step of the TCP three-way handshake. "The client needs to return the TCP packet containing the ACK is set to the access device.” The so-called SYN flood attack is performed by the client.
  • the TCP connection request containing the TCP message forging the SYN flag then it is not surprising that a client has a half-connection as described above, causing the access device to wait for a timeout, but if there are tens of thousands of semi-connections in a short time It is a malicious attack.
  • a TCP connection initiated by a TCP packet containing a forged SYN flag will cause the access device's central processing unit (CPU) to run out of resources and the buffer to be filled. At this time, the connection request of the normal TCP packet cannot be processed in time, which affects the normal communication of the user.
  • CPU central processing unit
  • the embodiments of the present invention are directed to a method, a device, and a storage medium for preventing network attacks, which can effectively reduce SYN flood attacks and improve the efficiency of network attack prevention.
  • an embodiment of the present invention provides a method for preventing a network attack, where the method includes:
  • the information type includes valid information and invalid information
  • the connection trace is deleted.
  • the method further includes: setting the number of receiving TCP connections to m, where m is a natural number;
  • the first message including:
  • the TCP packet is discarded; if the number of currently received TCP connections is less than or equal to m, establishing a connection tracking for the TCP packet and going to the client Send the first message.
  • the k is 3, the first unit time is 1 second, and m is 1024.
  • the information of the TCP packet includes: a source IP address, a destination IP address, a source port, a destination port, and a protocol;
  • the first message is a TCP packet including a handshake signal SYN+ confirming that the ACK is set;
  • the second message is a TCP packet including the ACK being set.
  • an embodiment of the present invention further provides a device for preventing a network attack, where the device includes:
  • a module configured to set the number of times to resend the first message to k, where k is a natural number
  • the determining module is configured to obtain information about the TCP packet sent by the client, and determine the type of the information according to the connection tracking entry; the information type includes valid information and invalid information;
  • a sending module configured to establish a connection tracking for the TCP message of the invalid information, and send the first message to the client;
  • a receiving module configured to resend the first message if the second message sent by the client is not received in the second unit time; the number of resending times is greater than k and the sending by the client is still not received
  • the connection tracking is deleted when the second message is received.
  • the setting module is further configured to set the number of receiving TCP connections to be m, where m is a natural number;
  • the sending module is further configured to determine the number of currently received TCP connections
  • the configuration is further configured to: if the number of currently received TCP connections is greater than m, the TCP packet is sent. Discarding; if the number of currently received TCP connections is less than or equal to m, establishing a connection tracking for the TCP packet and sending a first message to the client.
  • the k is 3, the first unit time is 1 second, and m is 1024.
  • the information of the TCP packet includes: a source IP address, a destination IP address, a source port, a destination port, and a protocol;
  • the first message is a TCP packet including a handshake signal SYN+ confirming that the ACK is set;
  • the second message is a TCP packet including the ACK being set.
  • the method and device for preventing a network attack and the storage medium provided by the embodiment of the present invention obtain the information of the TCP packet sent by the client by setting the number of times of resending the first message to k, and determining the type of the information according to the connection tracking entry. And when the information type is invalid information, establish a connection tracking for the TCP message of the invalid information, and send the first message to the client, and when the client is not received in the second unit time When the second message is sent, the first message is resent; and when the number of retransmissions is greater than k and the second message sent by the client is still not received, the connection tracking is deleted, and the TCP is implemented.
  • the transmission control of the message thus, the SYN flood attack is effectively reduced, and the efficiency of the network attack prevention is improved.
  • Embodiment 1 is a flowchart of Embodiment 1 of a method for preventing a network attack according to an embodiment of the present invention
  • Embodiment 2 is a flowchart of Embodiment 2 of a method for preventing a network attack according to an embodiment of the present invention
  • FIG. 3 is a structural diagram of an apparatus for preventing a network attack according to an embodiment of the present invention.
  • FIG. 1 is a flowchart of Embodiment 1 of a method for preventing a network attack according to an embodiment of the present invention, as shown in FIG. 1 As shown, the method can include:
  • Step 101 Set the number of times to resend the first message to k, where k is a natural number.
  • the step 101 may be specifically: setting the number of retransmissions of the first message to be k, and processing the number of transmission control protocol TCP packets in the first unit time to be n, where k and n are natural numbers.
  • the access device includes, but is not limited to, a data card, a customer premise equipment (CPE), and the like; on the access device, the number of times the first message is retransmitted, and the first unit time is processed and transmitted.
  • the number of TCP packets of the control protocol is set to a specific value, which lays a foundation for the subsequent SYN flood prevention.
  • the first message is a TCP packet containing the SYN+ACK is set, and the second message is set to contain the ACK.
  • the TCP packet after the bit is set.
  • the setting of the specific value of the parameter may be set before the access device leaves the factory, or the user may be dynamically set according to the specific usage scenario on the access device, and may be set according to actual needs. The settings are not limited herein.
  • Step 102 Obtain information about a TCP packet sent by the client, and determine the type of the information according to the connection tracking entry, where the information type includes valid information and invalid information.
  • the access device After receiving the TCP packet whose SYN field is set to 1, the access device extracts the information carried in the current TCP packet, and then determines the current TCP packet in the connection tracking entry of the access device. Whether the information is valid information or invalid information. If the information is valid, that is, the information of the current TCP packet exists in the connection tracking entry of the access device, the access device forwards the current TCP packet directly. The technique is not described here. If the information is invalid, that is, the information of the current TCP packet does not exist in the connection tracking entry of the access device, step 103 is performed.
  • the processing of the current TCP packet information by the access device specifically includes:
  • the access device extracts the source IP address, the destination IP address, the source port, the destination port, and the protocol in the information of the current TCP packet, and then corresponds to the current TCP packet according to the connection tracking entry in the access device.
  • Source IP address, destination IP address, source port, destination port, The protocol is compared. If the five elements match, the information of the current TCP packet can be determined as valid information. If any one of the five elements does not match, the information of the current TCP packet is determined to be invalid.
  • Step 103 Establish a connection tracking for the TCP message of the invalid information and send the first message to the client.
  • the access device establishes a new connection tracking in the access device for the TCP message of the invalid information, and sends a TCP packet including the SYN+ACK set to the client.
  • establishing a connection tracking for the TCP message of the invalid information and sending the first message to the client may further include:
  • the access device determines the number of currently received TCP connections
  • the access device discards the TCP packets; if the number of currently received TCP connections is less than or equal to m, the access device establishes connection tracking for the TCP packets. And sending a first message to the client, where m is a natural number.
  • Step 104 If the second message sent by the client is not received in the second unit time, resend the first message; the number of resends is greater than k and the second sent by the client is still not received. The connection trace is deleted when the message is received.
  • the access device if the access device does not receive the TCP packet from the client that includes the ACK set after the second unit time, the access device will resend the TCP including the SYN+ACK set. And the number of times of resending the TCP packet including the SYN+ACK is set, and if the number of retransmissions is less than or equal to the number of times set in step 101, the access device receives the packet sent by the client. After the ACK is set, the access device forwards the TCP packet; if the number of retransmissions is greater than the number of times set in step 101, the access device deletes the record of the connection tracking of the TCP packet. .
  • the first unit time and the second unit time may be It is set according to actual needs and is not limited here.
  • the method for preventing a network attack is to set a retransmission of the number of TCP packets including the SYN+ACK set to be k, and the number of TCP packets processed in the first unit time is n.
  • the number of received TCP connections is m, which controls the transmission of TCP packets during TCP packet transmission. This can effectively reduce SYN flood attacks, improve the efficiency of network attack defense, and reduce CPU resource exhaustion in access devices.
  • the connection request of the normal TCP packet can be processed in time to ensure normal communication of the user.
  • the method for preventing network attacks provided by the embodiment of the present invention, by setting the number of times of resending a TCP packet including the SYN+ACK set to be k, and processing the number of transmission control protocol TCP packets in the first unit time
  • the number of receiving TCP connections is m.
  • the access device determines the information type of the current TCP packet according to the connection tracking entry. After determining the invalid information, the access device determines whether it is the current TCP according to the number of currently received TCP connections.
  • the packet establishes a connection tracking, and sends a TCP packet including the SYN+ACK being set to the client; if the access device does not receive the TCP packet after the client sends the ACK that is set in the second unit time If the number of resends is greater than k and the number of resends is greater than k and the TCP packet containing the ACK is set is not received, the current connection trace is deleted. In this way, the SYN flood attack can be effectively reduced, and the efficiency of network attack prevention is improved. In addition, the problem that the CPU of the access device is exhausted and the buffer is filled is reduced, so that the connection request of the normal TCP packet can be processed in time to ensure normal communication of the user.
  • the embodiment of the invention further provides a computer readable storage medium, the storage medium comprising a set of instructions for performing the method for preventing a network attack as described above.
  • FIG. 2 is a flowchart of Embodiment 2 of a method for preventing a network attack according to an embodiment of the present invention. Such as shown in Figure 2, the method includes:
  • Step 201 Set a specific value of the parameter.
  • the reason for setting the reasonable parameters is to prevent the SYN flood attack.
  • the rationality of the parameter setting is very important.
  • the home gateway product is oriented to the common user. Therefore, the number of times the access device attempts to resend the SYN+ACK packet is set to 3.
  • the number of the TCP packets processed in the first unit time is set to be 10, and the number of the received TCP connections is set to 1024.
  • the specific parameters are specified. The values are exemplified in the embodiment, and can be set according to actual needs, and are not limited herein.
  • Step 202 Obtain information about a TCP packet sent by the client, and determine the type of the information according to the connection tracking entry, where the information type includes valid information and invalid information.
  • the access device After receiving the TCP packet with the SYN field set to 1, the access device extracts the information carried in the current TCP packet, and then determines that the current TCP packet information is valid information in the connection tracking entry of the access device. If the information is valid, that is, the information of the current TCP packet exists in the connection tracking entry of the access device, step 203 is performed; if the information is invalid, the information of the current TCP packet is on the access device. If the connection tracking entry does not exist, go to step 204.
  • the processing of the current TCP packet information by the access device is specifically as follows:
  • the access device extracts the source IP address, the destination IP address, the source port, the destination port, and the protocol in the information of the current TCP packet, and then corresponds to the current TCP packet according to the connection tracking entry in the access device.
  • the source IP address, the destination IP address, the source port, the destination port, and the protocol are compared. If the five elements match, the information of the current TCP packet can be determined as valid information; if any of the five elements is any one of the five elements If the information does not match, the information of the current TCP packet is determined to be invalid.
  • Step 203 Forward the current TCP packet directly.
  • Step 204 Determine whether the number of currently established TCP connections is greater than the receiving The number of TCP connections.
  • the access device performs step 205; if the number of currently established TCP connections is less than or equal to the number of the received TCP connections, the access device performs Step 206.
  • Step 205 Discard the currently established TCP connection.
  • Step 206 Establish a connection tracking for the TCP message of the invalid information, and send a TCP packet including the SYN+ACK set to the client.
  • Step 207 Determine whether a TCP packet sent by the client and containing the ACK is set is received in the second unit time.
  • the access device receives the TCP packet sent by the client and the ACK is set, the access device performs step 208; if the access device does not receive the second unit time The TCP packet sent by the client, including the ACK, is set, and the access device performs step 209.
  • Step 208 Determine that the TCP connection is normal.
  • Step 209 Resend the TCP packet including the SYN+ACK set.
  • Step 210 Determine whether the number of times of resending the TCP packet including the SYN+ACK being set is greater than 1024.
  • the process returns to step 207; if the number of times the TCP packet containing the SYN+ACK is set is greater than 1024, then the step is performed. 211.
  • Step 211 Delete the connection tracking of the current TCP packet.
  • the first unit time and the second unit time may be set according to actual requirements, and are not limited herein.
  • the method for preventing network attacks provided by the embodiment of the present invention reduces the number of unnecessary retransmission SYN+ACK packets while increasing the number of receiving TCP connections compared with the prior art. Control the number of TCP packets in a unit of time. By using the method of "1 increase and decrease", the SYN flood attack can be effectively reduced, and the efficiency of network attack prevention is improved. In addition, the CPU resources in the access device are depleted. When the buffer is filled, the connection request of the normal TCP packet can be processed in time to ensure the normal communication of the user.
  • FIG. 3 is a structural diagram of an apparatus for preventing a network attack according to an embodiment of the present invention.
  • the apparatus for preventing network attacks may include: a setting module 031, a determining module 032, a sending module 033, and a receiving module 034; among them,
  • the setting module 031 is configured to set the number of times of resending the first message to be k, where k is a natural number; in an actual application, the setting module 031 is configured to set the number of times of resending the first message to be k,
  • the number of TCP packets processed by the transmission control protocol in the first unit time is n, where k and n are natural numbers;
  • the determining module 032 is configured to obtain information about a TCP packet sent by the client, and determine the type of the information according to the connection tracking entry; the information type includes valid information and invalid information;
  • the sending module 033 is configured to establish a connection tracking for the TCP message of the invalid information and send the first message to the client.
  • the receiving module 034 is configured to resend the first message if the second message sent by the client is not received in the second unit time; the number of resends is greater than k and the client is still not received.
  • the connection tracking is deleted.
  • the setting module 031 is further configured to set the number of receiving TCP connections to be m, where m is a natural number;
  • the sending module 033 is further configured to determine the number of currently received TCP connections
  • the k is 3, the first unit time is 1 second, n is 10, and m is 1024.
  • the information of the TCP packet includes: a source IP address, a destination IP address, a source port, a destination port, and a protocol;
  • the first message is a TCP packet including a handshake signal SYN+ confirming that the ACK is set;
  • the second message is a TCP packet including the ACK being set.
  • the device in this embodiment may be used to implement the technical solution of the foregoing method embodiment, and the implementation principle and the technical effect are similar, and details are not described herein again.
  • the setting module 031, the determining module 032, the sending module 033, and the receiving module 034 may be a central processing unit (CPU), a microprocessor (MPU), and a digital signal processor (DSP) located on the access device. Or device implementation such as field programmable gate array (FPGA).
  • CPU central processing unit
  • MPU microprocessor
  • DSP digital signal processor
  • FPGA field programmable gate array
  • embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention can take the form of a hardware embodiment, a software embodiment, or a combination of software and hardware. Moreover, the invention can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage and optical storage, etc.) including computer usable program code.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the computer is readable and stored
  • the instructions in the reservoir produce an article of manufacture comprising an instruction device that implements the functions specified in one or more blocks of the flow or in a flow or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
  • the embodiment of the present invention obtains the information of the TCP packet sent by the client by setting the number of times of resending the first message to k, and determines the type of the information according to the connection tracking entry.
  • the TCP message of the invalid information establishes a connection tracking and sends the first message to the client, and resends the first message when the second message sent by the client is not received within the second unit time a message; and when the number of retransmissions is greater than k and the second message sent by the client is still not received, the connection tracking is deleted, and the transmission control of the TCP packet is implemented; thus, the SYN is effectively reduced.
  • Flood attacks increase the efficiency of network attack prevention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un procédé permettant d'empêcher une attaque de réseau, consistant : à définir le nombre de renvois d'un premier message comme étant k, k étant un entier naturel ; à acquérir des informations concernant un paquet TCP envoyé par un client, et à déterminer le type des informations selon une entrée de table de suivi de connexion, le type des informations comprenant des informations valides et des informations non valides ; à établir un suivi de connexion pour le paquet TCP des informations non valides, et à envoyer le premier message au client ; et si un second message envoyé par le client n'est pas reçu dans une seconde unité de temps, à renvoyer le premier message, et si le nombre de renvois est supérieur à k et que le second message envoyé par le client n'est toujours pas reçu, à supprimer le suivi de connexion. L'invention concerne également un dispositif permettant d'empêcher une attaque de réseau, et un support d'informations.
PCT/CN2015/092042 2015-06-10 2015-10-15 Procédé et dispositif permettant d'empêcher une attaque de réseau, et support d'informations WO2016197498A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510316924.7A CN106302361A (zh) 2015-06-10 2015-06-10 一种防止网络攻击的方法及设备
CN201510316924.7 2015-06-10

Publications (1)

Publication Number Publication Date
WO2016197498A1 true WO2016197498A1 (fr) 2016-12-15

Family

ID=57502985

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/092042 WO2016197498A1 (fr) 2015-06-10 2015-10-15 Procédé et dispositif permettant d'empêcher une attaque de réseau, et support d'informations

Country Status (2)

Country Link
CN (1) CN106302361A (fr)
WO (1) WO2016197498A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110071939A (zh) * 2019-05-05 2019-07-30 江苏亨通工控安全研究院有限公司 针对传统ddos防火墙syn flood防护在工业网络中的改进方法
CN112087464A (zh) * 2020-09-17 2020-12-15 北京知道创宇信息技术股份有限公司 SYN Flood攻击清洗方法、装置、电子设备和可读存储介质
CN115118628A (zh) * 2022-06-28 2022-09-27 中国银行股份有限公司 一种异常报文处理方法及装置

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109936543A (zh) * 2017-12-18 2019-06-25 中国移动通信集团辽宁有限公司 ACK Flood攻击的防护方法、装置、设备及介质

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6725378B1 (en) * 1998-04-15 2004-04-20 Purdue Research Foundation Network protection for denial of service attacks
US6823387B1 (en) * 2000-06-23 2004-11-23 Microsoft Corporation System and method for enhancing a server's ability to withstand a “SYN flood” denial of service attack
CN1630248A (zh) * 2003-12-19 2005-06-22 北京航空航天大学 基于连接请求验证的SYN flooding攻击防御方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6725378B1 (en) * 1998-04-15 2004-04-20 Purdue Research Foundation Network protection for denial of service attacks
US6823387B1 (en) * 2000-06-23 2004-11-23 Microsoft Corporation System and method for enhancing a server's ability to withstand a “SYN flood” denial of service attack
CN1630248A (zh) * 2003-12-19 2005-06-22 北京航空航天大学 基于连接请求验证的SYN flooding攻击防御方法

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
YANG, JIN: "Solution of Stateful Firewall's Iptables Overflow Caused by Attack", JOURNAL OF CHONGQING UNIVERSITY ( NATURAL SCIENCE EDITION, vol. 27, no. 6, 30 June 2004 (2004-06-30) *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110071939A (zh) * 2019-05-05 2019-07-30 江苏亨通工控安全研究院有限公司 针对传统ddos防火墙syn flood防护在工业网络中的改进方法
CN110071939B (zh) * 2019-05-05 2021-06-29 江苏亨通工控安全研究院有限公司 针对传统ddos防火墙syn flood防护在工业网络中的改进方法
CN112087464A (zh) * 2020-09-17 2020-12-15 北京知道创宇信息技术股份有限公司 SYN Flood攻击清洗方法、装置、电子设备和可读存储介质
CN115118628A (zh) * 2022-06-28 2022-09-27 中国银行股份有限公司 一种异常报文处理方法及装置
CN115118628B (zh) * 2022-06-28 2024-04-19 中国银行股份有限公司 一种异常报文处理方法及装置

Also Published As

Publication number Publication date
CN106302361A (zh) 2017-01-04

Similar Documents

Publication Publication Date Title
US10498831B2 (en) Communication sessions at a CoAP protocol layer
JP6858749B2 (ja) 負荷平衡システムにおいて接続を確立するデバイス及び方法
US9838353B2 (en) Communication across network address translation
US7990866B2 (en) Server device, method for controlling a server device, and method for establishing a connection using the server device
US9438702B2 (en) Techniques for protecting against denial of service attacks
WO2018121294A1 (fr) Procédé de transmission de paquets, terminal, dispositif de réseau et système de communication
US9491261B1 (en) Remote messaging protocol
US9516114B2 (en) Data packet transmission method and related device and system
US10530644B2 (en) Techniques for establishing a communication connection between two network entities via different network flows
JP6178932B2 (ja) パケット伝送ネットワークにおけるハンドシェイクを制御するための方法及び装置
WO2016197498A1 (fr) Procédé et dispositif permettant d'empêcher une attaque de réseau, et support d'informations
CN110266678B (zh) 安全攻击检测方法、装置、计算机设备及存储介质
JP5185955B2 (ja) 物理伝送媒体が中断した場合のtcpデータ伝送プロセスを改善する方法
WO2011029357A1 (fr) Procédé d'authentification de trafic de communication, système de communication, et appareil de protection
GB2519491A (en) Method and system for increasing data flow transmission
US20230016035A1 (en) Efficient connection processing
US11522979B2 (en) Transmission control protocol (TCP) acknowledgement (ACK) packet suppression
US8595477B1 (en) Systems and methods for reducing handshake delay in streaming protocol web requests
KR20130022089A (ko) 서비스 거부 공격에 대한 tcp연결 해제 방법 및 장치
JP2006148727A (ja) アプリケーションモニタ装置
KR101104599B1 (ko) 네트워크 상에서 tcp syn 플러딩 공격을 차단하는 장치 및 방법
KR102184363B1 (ko) 네트워크 커넥터의 호스트 및 클라이언트와의 통신 방법, 그리고 동일 방법을 수행하는 네트워크 커넥터
CN114124489B (zh) 防止流量攻击的方法、清洗装置、设备和介质
Wei Analysis and protection of SYN flood attack

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15894762

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15894762

Country of ref document: EP

Kind code of ref document: A1