Session control method and control device

A semi-connection and Internet technology, applied in the field of information security, can solve problems such as failure of IKE negotiation, occupation of the maximum number of connections, and failure of other users to establish IKE connections.

Active Publication Date: 2007-08-15
NEW H3C TECH CO LTD
View PDF0 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, when an attacker frequently sends IKE requests including different cookies in a short period of time, the maximum number of connections limited by the IKE mechanism can be completely occupied within the timeout aging period stipulated in the IKE protocol, causing other users to fail to establish with the system. IKE connection, which leads to aggravated consequences of denial-of-service attacks
[0009] Take the application scenario above as an example. When an attacker frequently sends attack packets with changing cookies, the cookie mechanism can be quickly overridden in a short time. The total number of limited IKE sessions is full, so that other gateways with addresses other than gateway A cannot perform normal IKE negotiations with gateway B

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Session control method and control device
  • Session control method and control device
  • Session control method and control device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] The technical solutions of the present invention will be described in further detail below in conjunction with the accompanying drawings and embodiments.

[0025] In the prior art, the Internet Key Exchange Protocol (IKE for short) adopts the Cookie mechanism, uses the Cookie contained in the IKE message to identify an IKE session, and sets the total number of connections of the IKE session. Although this Cookie mechanism can effectively counter the denial-of-service attack that the attacker tries to exhaust system resources by sending a large number of IKE request messages including fixed Cookie values, it cannot effectively counter the attacker's attack by sending a large number of A denial-of-service attack that exhausts system resources by using IKE request packets with a large value. Moreover, because the timeout and aging time stipulated by the IKE protocol itself is too long, it is impossible to release resources in time for the semi-connection established by the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The disclosed dialogue control method comprises: setting the overtime time according to Internet key exchange protocol negotiation mode; hereby detecting the duration time for built semi-connection dialogue; to the semi-connection over the time, releasing the occupied resource and connection number. This invention overcomes defects in prior art, and ensures the normal process on Internet key exchange protocol.

Description

technical field [0001] The invention relates to information security technology, in particular to a session control method and a control device, belonging to the communication field. Background technique [0002] The Internet Key Exchange Protocol (Internet Key Exchange, referred to as IKE) is the general name of the authentication and key protocol family, which includes the Internet Security Association and Key Management Protocol (abbreviated ISAKMP), Key Determination Protocol (referred to as Oakley) and general Internet Secure Key Exchange Protocol (SKEME for short). [0003] The ISAKMP protocol is the core component of IKE. It defines the whole process and message format including negotiation, establishment, modification and deletion of security associations, and defines the payload format for exchanging key generation and identity authentication data. The definition of these formats provides a fixed framework for key transmission and authentication that is independent...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/56H04L9/00H04L12/46H04L12/66
Inventor 徐庆伟
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap