Method and apparatus for preventing distributed refuse service attack

A technology of distributed rejection and equipment, applied in the field of data transmission, can solve problems such as restricted and normal data flow rejection, and achieve the effect of preventing preemption

Active Publication Date: 2007-12-05
NEW H3C TECH CO LTD
View PDF0 Cites 41 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] The present invention provides a method and device for preventing distributed denial of service attacks, so as to solve the defects in the prior art that normal data traffic will be rejected or restricted when preventing DDoS attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and apparatus for preventing distributed refuse service attack
  • Method and apparatus for preventing distributed refuse service attack
  • Method and apparatus for preventing distributed refuse service attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0058] The core idea of ​​the present invention is: combine the hardware processing chip and the control chip to form a closed-loop control device with feedback. When a malicious attack message is received, the hardware processing chip can be controlled to limit the rate of the attack message to a higher rate, so that the impact of the attack message on the device can be reduced to a negligible level; and, when the control chip detects the attack message After the message disappears, resume receiving the corresponding port and classified message.

[0059] The specific implementation manner of the present invention will be described in further detail below in conjunction with the drawings and embodiments.

[0060] The invention provides a method for preventing distributed denial-of-service attacks, which is applied to network equipment including a control unit and a processing unit, wherein the control unit is a chip with high processing capability, including a CPU, etc., and t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention supplies a method of anti distributivity denial of service attack. It includes the following steps: using processing unit to do amplitude lowering speed limiting for the received message and sending it to control unit; judging whether it is the attack message or not; if it is, sending switching information to the processing unit to separate out it and processing amplitude heightening speed limiting. The invention also supplies its device. It combines data plane and control plane to filtrate the data packet, processes speed limiting, effectively prevent DDoS attack to racing to control exchanger CPU resource.

Description

technical field [0001] The invention relates to the technical field of data transmission, in particular to a method and device for preventing distributed denial of service attacks. Background technique [0002] DoS (Denial of Service, denial of service) refers to deliberately attacking the flaws of the network protocol or directly exhausting the resources of the target device under attack, with the purpose of making the target device or network unable to provide normal services, or even the system crashes. Traditional DoS attacks use a one-to-one approach, and the attack effect is obvious when the CPU (Central Process Unit, central processing unit) speed of the target device is low, the memory is small, or the network bandwidth is not high. With the development of computer and network technology, the processing power of CPU has increased rapidly, and the memory capacity has increased. At the same time, gigabit-level networks have appeared. The defense capabilities of the att...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/24H04L29/06H04L12/56H04L47/20
Inventor 辛军
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap