Transmission control protocol blocking module and soft switch method

A transmission control protocol and soft switching technology, applied in the field of security attack prevention technology TCP interception, can solve the problems of not being able to truly protect the server, running out of resources during the service period, and single working mode, saving memory and improving utilization. , the effect of flexible working mode

Inactive Publication Date: 2008-03-05
ZTE CORP
View PDF0 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, routers working in this mode cannot really protect internal servers, because SYN-flood attack packets can reach internal servers
[0007] Therefore, the existing TCP interception technology has the following deficiencies: the working mode is single, and it can only work in one of these two modes
However, network hackers are always waiting for opportunities. The network environment is not safe. When the network is under attack, if the router is in monitoring mode, it cannot really protect the internal server, because a large number of flooding packets arrive at the server in an instant. , which will cause the resources in the service period to be exhausted quickly and cause service denial

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Transmission control protocol blocking module and soft switch method
  • Transmission control protocol blocking module and soft switch method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0027] Below in conjunction with accompanying drawing and specific embodiment, the present invention is described in further detail:

[0028] In the present invention, the router can freely switch the working mode of the TCP interception module according to the situation that it is attacked:

[0029] Monitoring mode: indicates that the router is in a non-attack state. The monitoring module monitors the TCP connection requests initiated by the external host to the internal server, and judges whether the router suffers a Attacks to external networks.

[0030] Interception mode: Indicates that the router has been attacked. The interception module will intercept the TCP connection request initiated by the external host to the internal server, and connect the longest (or random) semi-connection from the system, and then send a response message instead of the internal server. , reduce the initial timeout retransmission time to 0.5s, so that the overall timeout time saved by the sys...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The TCP interception module includes monitoring module, halting module, and soft switching module. The monitoring module is in use for monitoring TCP connection request initiated from external host to inner server, and determining whether router is attacked by external network. The halting module is in use for halting TCP connection request initiated from external host to inner server as well as replacing the protected server to respond to TCP connection request initiated from external network. The soft switching module is n use for switching working modes of router between the monitoring mode and the halting mode freely. Simplifying flow for processing former monitoring mode, the invention does not increase processing complexity of the interception module. Advantages are: flexible working-modes, switching between modes freely, reduced system overhead, and raised utilization ratio of CPU.

Description

technical field [0001] The invention relates to the field of security attack prevention in network communication, in particular to a security attack prevention technology TCP (Transfer Control Protocol) interception method. Background technique [0002] With the rapid development of the Internet, its applications are becoming more and more extensive, and the security of the network has attracted more and more attention. Because the attacks against the network are increasingly rampant, the security of the network is an important bottleneck restricting the development of the Internet. . Whether it is the application layer software, the operating system, or the hardware itself, there are security vulnerabilities. The network protocol itself also has security risks, which provide opportunities for network hackers to attack network systems. DDOS (Distributed Denial of Service attack) is a popular network attack method in recent years. Once implemented, the attack network packet...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/56
Inventor 李春红
Owner ZTE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap