Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network safety protective method for preventing reject service attack event

A denial of service attack, network security protection technology, applied in the field of network security, can solve the problems of computing cookies cost, processing a limited number of semi-connections, crashes, etc., to achieve the effect of increasing processing performance

Inactive Publication Date: 2009-08-19
赵洪宇
View PDF4 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The disadvantage of this method is: when attacked by TCP, the number of connection queues will increase, but the number of connections that the general server can bear is much larger than the number of half-connections
The disadvantage of this method is: here, the role of the relay firewall is equivalent to a TCP proxy, which replaces the server to handle TCP attacks. The TCP proxy program works in the user layer, and the number of semi-connections processed is also limited, which is easy to be broken
The disadvantage of this method is: some TCP options must be disabled, such as large windows, etc. In addition, the calculation of cookies is costly, which seriously consumes CPU resources when attacked, and even causes a crash

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network safety protective method for preventing reject service attack event
  • Network safety protective method for preventing reject service attack event
  • Network safety protective method for preventing reject service attack event

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] The protection module that the present invention proposes starts and carries out active protection when being attacked by denial of service, and its specific method is:

[0023] According to the characteristics of the denial of service attack, the quantity of the TCP request packet will become very large instantaneously when the attack occurs, so in the present invention, determine whether the network is under attack by adopting the method of counting the traffic of the TCP request packet. The system first judges what type of data packet it is according to the TCP header information, so as to count the number of TCP request packets arriving per second. Once the firewall detects that the TCP traffic exceeds the normal processing limit of the server, it starts the protection module to process the TCP request packet. And when the TCP flow returns to the normal state of the network, the firewall will no longer start the protection module, and still allow the client computer ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A network security protection method withstanding denial of service attack event designs defence module in data link layer. Said method judges TCP request packet received from different kinds of IP address to realize to denial of service offensive filtering. Said method includes following steps : fire wall capturing outer network client-side sent TCP data package to inner network server, to realize first layer protective treatment, the TCP data package passing first layer protection entering second layer protective treatment, checking whether said received TCP categorical data having matched item in legal IP address chaining recording list, if having matched item, then regarding as normal data package capable of directly handing inner core processing, otherwise to proceed package flow rate statistics in period of time. Said invention can active defense denial of service attack from any kind of attack tool and realize inner core active defense protection effect.

Description

technical field [0001] The invention relates to the field of network security, in particular to a method for preventing the network from collapsing due to denial of service attacks. Background technique [0002] DDoS (Distributed Denial of Service) distributed denial of service attacks on the Internet may even cause some large websites to be completely paralyzed due to intrusion. Many government websites, ISP information service providers, IDC hosting computer rooms, commercial sites, game servers, chat networks and other network service providers have been plagued by DDOS attacks for a long time. The main impact is that the database cannot be used normally, and the server is invaded and confidential information is lost. , and some related problems. But at present, there is no breakthrough in the research work on the prevention, prediction and counterattack of DDoS attacks in the world. [0003] SYN / ACK Flood attack is one of the most typical denial-of-service attacks. Its...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/56
Inventor 赵洪宇刘亚光朱睿
Owner 赵洪宇
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products