Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for resisting abnegation service aggression

A denial of service attack and server technology, applied in digital transmission systems, electrical components, transmission systems, etc., can solve problems such as connection interruption and gateway failure, and achieve the effect of improving access speed and system efficiency

Active Publication Date: 2009-05-20
TAIJI COMP
View PDF1 Cites 54 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] With the development of network technology, gateway devices with state detection and NAT functions are widely used. Once an attack breaks out, not only the attacker will fail, but the gateway will also fail due to overwhelm. Once the gateway fails, the entire intranet The connection to the outside will be interrupted

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for resisting abnegation service aggression
  • Method for resisting abnegation service aggression
  • Method for resisting abnegation service aggression

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0036] figure 1 Shows the configuration that realizes the method for resisting denial of service attack of the present invention, from figure 1 As can be seen in the figure, the present invention sets a device for resisting denial of service attack in the gateway, and uses the device to resist denial of service attack.

[0037] Such as image 3 As shown, the device of the denial of service attack resists the denial of service attack by performing the following steps:

[0038] (1) Intercept the syn connection request sent by the client that includes source IP, source port, destination IP, destination port, and TCP serial number;

[0039] (2) for the syn connection request, utilize a local key to generate a proxy TCP serial number x associated with the syn;

[0040] (3) return the syn / ack data packet that comprises proxy TCP serial number to client;

[0041] (4) receiving the ack data packet containing the serial number x+1 which is responded by the client after receiving th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a method for defending a syn flooding attack, which is realized based on netfilter and syn-cookie. In the method, a netfilter is set in a gateway, and the authenticity of a syn packet can be authenticated by syn-cookie mechanism, and a syn request passing the authentication can be released, while the request which does not pass the authentication is intercepted.

Description

technical field [0001] The invention relates to a method for defending against denial of service attacks on gateway equipment, in particular to a method for realizing defense against syn flooding attacks based on netfilter and syn-cookie. Background technique [0002] Denial of Service attack (Denial of Service, DoS) is a network attack method that is relatively effective but very difficult to defend at present. Its purpose is to make the server unable to provide services for normal access users. Therefore, DoS poses a fatal threat to some enterprises and organizations that closely rely on the Internet to conduct business. [0003] Syn flooding is the most effective and popular form of DoS attack. It uses the defect of the TCP three-way handshake protocol to send a large number of SYN connection requests with forged source addresses to the target host, consuming the resources of the target host, so that it cannot provide services for normal users. [0004] Syn flooding is ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/24H04L29/06
Inventor 王睿申龙哲李有永马洁涂福恩
Owner TAIJI COMP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com