Refused service attack protection method, network system and proxy server

A denial of service attack and proxy server technology, applied in the field of network security, can solve problems such as reducing network reliability, increasing costs, and defending against denial-of-service attacks

Active Publication Date: 2008-05-07
FORTINET
View PDF0 Cites 64 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This traditional mode can alleviate denial of service attacks to a certain extent, but the disadvantage is that additional serial network devices need to be added, which reduces the reliability of the network and increases the cost
[0009] For another kind of built-in firewall with anti-denial of service attack, it can protect the external network from the denial of service attack on the firewall itself, but its disadvantage is that it cannot protect the network behind it, so this solution cannot really defend against denial of service attacks. service attack

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Refused service attack protection method, network system and proxy server
  • Refused service attack protection method, network system and proxy server
  • Refused service attack protection method, network system and proxy server

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0102] In order to make the purpose, technical solution and advantages of the present invention clearer, a denial of service attack protection method, network system and proxy server of the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0103] In the embodiment of the present invention, the present invention is implemented by modifying the Linux core protocol of the data link layer of the network system based on the Linux 2.6 core.

[0104] The present invention uses the filtering unit (NetFilter) in the Linux system, and realizes by utilizing three nodes NF_IP_LOCAL_IN, NF_IP_LOCAL_OUT and NF_IP_FORWARD.

[0105] A kind of denial of service attack protection method of the present invention is described in detail below:

[0106] like figure 1 As in...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a refusing service attacks protection method, a network system and a proxy server. Through intercepting a connection request packet, the invention obtains the source address of the connection request packet through the analysis and queries the legality of the matching connection request packet. To the connection request packet which cannot determine the legality, an agent objective end responses to the requests of clients, filters out the refusing service attacks and judges the address of the objective end according to the legal connection request response packet. The connection between the agent objective end and the objective end is constructed to realize the refusing service attacks protection. The invention can finish the integrated protection of local and remote servers.

Description

technical field [0001] The invention relates to the field of network security, in particular to a denial of service attack protection method, a network system and a proxy server. Background technique [0002] With the further popularization of broadband networks, many network service providers such as government websites, information service providers (Internet Server Provider, ISP), hosting computer rooms, commercial sites, game servers, and chatting sites have been attacked by Denial of Service (DOS) or Troubled by Distributed Denial of Service (DDOS), the main impact of DOS and DDOS attacks is that the network database cannot be used normally, the server is invaded, the confidential information is lost, and some related problems, even some large websites Totally paralyzed. [0003] DOS is the abbreviation of Denial Of Service, that is, denial of service. The attack behavior that causes DOS is called DOS attack, and its purpose is to make the computer or network unable to...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/56H04L29/06H04L9/00H04L12/24
Inventor 许世强赵昌林
Owner FORTINET
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap