Unlock instant, AI-driven research and patent intelligence for your innovation.

Method for preventing NAT-PT equipment from being attacked

A technology of NAT-PT and equipment, applied in the direction of digital transmission system, electrical components, transmission system, etc., can solve the problems that other hosts cannot, occupy the NAPT table, host virus attack, etc., and achieve the effect of improving security

Inactive Publication Date: 2009-08-05
INST OF COMPUTING TECH CHINESE ACAD OF SCI
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The purpose of the present invention is to overcome the deficiencies in the prior art, solve the problem that hosts are attacked by viruses and occupy a large number of entries in the NAPT table, and cause other hosts to fail to forward packets normally through the NAT-PT device, and provide a method for preventing NAT-PT Methods by which the device can be attacked

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for preventing NAT-PT equipment from being attacked
  • Method for preventing NAT-PT equipment from being attacked
  • Method for preventing NAT-PT equipment from being attacked

Examples

Experimental program
Comparison scheme
Effect test

example 1

[0073] Setting: Min=200, Max=500, when the data packet whose host address is 2001:250:f007:1::10a enters the NAT-PT device, query the restriction table ( figure 2 ), there is an entry for this IP address, indicating that this host is restricted, and the current number of links is 255, then perform the following steps:

[0074] Because Max>255>Min, Pa=(Cur-Min) / (Max-Min)=(255-200) / (500-200)=0.183, so the NAT-PT device discards the 255th link with a probability of 0.183 packet; that is, the packet is allowed to establish a link with probability 1-0.183.

example 2

[0076] Setting: Min=200, Max=500, when the data packet whose host address is 2001:250:f007:1::10b enters the NAT-PT device, query the restriction table ( figure 2 ), there is an entry for this IP address, indicating that this host is restricted, and the current number of links is 400, then perform the following steps:

[0077] Because Max>400>Min, Pa=(Cur-Min) / (Max-Min)=(400-200) / (500-200)=0.667, so the NAT-PT device discards the 400th connection with a probability of 0.667 packet; that is, the packet is allowed to establish a link with probability 1-0.667.

example 3

[0079] Setting: Min=200, Max=500, when the data packet whose host address is 2001:250:f007:1::10c enters the NAT-PT device, query the restriction table ( figure 2 ), there is an entry for this IP address, indicating that this host is restricted, and the current number of links is 501, then perform the following steps:

[0080] Because 501>Max, the NAT-PT device directly discards the data packet for the 501st link, and does not establish the link of the data packet.

[0081] It can be seen from the above example: if the total number of current links is between Min and Max, then the behavior of the data packets from the host being processed by the NAT-PT device is between a probability, and this probability value is determined by Pa. The closer the current total number of links is to Min, the higher the probability of being processed by NAT-PT, and the closer to Max, the lower the probability of being processed by NAT-PT.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for preventing IPv4 and IPv6 network address translation and protocol translation equipment from being attacked. Including the following steps: setting the content fields of the NAPT table and the limit table, and initializing; setting the maximum value of the NAT-PT device allowing a certain host to establish a link entry to be Max; setting the minimum value of the NAT-PT device allowing a certain host to establish a link entry It is Min; the entries in the NAPT table are counted, the number of links of a certain host is counted, and whether to put this host into the restriction table is determined according to the statistical results; the processing flow of the data packet is determined according to the total number of links in the restriction table; Call the refresh operation of the NAPT table and the restriction table periodically to update the total number of links. The invention can identify hosts that initiate attacks, prevent users from establishing a large number of useless NAPT links, ensure the passage of normal data packets, and improve network security.

Description

technical field [0001] The invention relates to the technical field of computer network security, in particular to a method for preventing IPv4 and IPv6 network address translation and protocol translation (NAT-PT) equipment from being attacked. Background technique [0002] IPv6 (Internet Protocol Version 6) protocol is a next-generation Internet protocol that replaces IPv4 (Internet Protocol Version 4) protocol, and it has many new features and functions. During the network transition period, IPv4 and IPv6 technologies will coexist for a long time, and eventually transition to IPv6. At present, how to realize the smooth transition from IPv4 protocol to IPv6 protocol is a problem that people face. The IETF working group proposed several mechanisms to realize IPv4 and IPv6 intercommunication, such as dual protocol stack (described in RFC2893), tunnel technology (described in RFC2893), NAT-PT (Network Address Translation-Protocol Translation, network address translation and ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/24
Inventor 李丹陈沫毕经平
Owner INST OF COMPUTING TECH CHINESE ACAD OF SCI
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com