Conversation control method and control device

A control method and legal technology, applied in the field of information security, can solve the problems of aggravated consequences of denial of service attacks, occupation, and the total number of IKE sessions is full, so as to achieve the effect of reduced occupation and guaranteed processing

Inactive Publication Date: 2010-10-13
NEW H3C TECH CO LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, when an attacker frequently sends IKE requests including different cookies in a short period of time, the maximum number of connections limited by the IKE mechanism can be completely occupied within the timeout aging period stipulated in the IKE protocol, causing other IKE negotiation initiators to be unable to Establishes an IKE connection with the system, resulting in an increased denial of service attack
In particular, if an attacker pretends to be a legitimate IKE negotiation initiator and frequently sends IKE requests including different cookies in a short period of time, the maximum number of IKE connections will be quickly occupied, causing other IKE negotiation initiators to be unable to communicate with the system. Establish IKE connection
[0009] Take the application scenario above as an example. When an attacker frequently sends attack packets with changing cookies, the cookie mechanism can be quickly overridden in a short time. The total number of limited IKE sessions is full, so that other gateways with addresses other than gateway A cannot perform normal IKE negotiations with gateway B
[0010] In addition, in addition to DoS attacks, there are other attacks that may exhaust system resources, causing other IKE negotiation initiators to fail to perform normal IKE negotiations with the system.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Conversation control method and control device
  • Conversation control method and control device
  • Conversation control method and control device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0031] The technical solutions of the present invention will be described in further detail below in conjunction with the accompanying drawings and embodiments.

[0032] In the prior art, the Internet Key Exchange Protocol (IKE for short) adopts the Cookie mechanism, uses the Cookie contained in the IKE message to identify an IKE session, and sets the total number of connections of the IKE session. Although this Cookie mechanism can effectively counter the denial-of-service attack that the attacker tries to exhaust system resources by sending a large number of IKE request messages including fixed Cookie values, it cannot effectively counter the attacker's attack by sending a large number of A denial-of-service attack that exhausts system resources by using IKE request packets with a large value. In addition, in addition to DoS attacks, there are other attacks that may exhaust system resources, causing other IKE negotiation initiators to fail to perform normal IKE negotiations ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A method for controlling conversation distributes corresponding system resource to IKE consultation process from pre-reserved system resource corresponding to trustful P2P body and returns response message back to IKE consultation initiator when pre-reserved system resource corresponding to trustful P2P body corresponding to group of IKE consultation initiator is not fully occupied after the first request message of IKE consultation process sent by IKE consultation initiator is received. The control device used for realizing said method is also disclosed.

Description

technical field [0001] The invention relates to information security technology, in particular to a session control method and a control device, belonging to the communication field. Background technique [0002] The Internet Key Exchange Protocol (Internet Key Exchange, referred to as IKE) is the general name of the authentication and key protocol family, which includes the Internet Security Association and Key Management Protocol (abbreviated ISAKMP), Key Determination Protocol (referred to as Oakley) and general Internet Secure Key Exchange Protocol (SKEME for short). [0003] The ISAKMP protocol is the core component of IKE. It defines the whole process and message format including negotiation, establishment, modification and deletion of security associations, and defines the payload format for exchanging key generation and identity authentication data. The definition of these formats provides a fixed framework for key transmission and authentication that is independent...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L9/00
Inventor 徐庆伟
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap