Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network security protection method and apparatus in uni-direction environment

A technology of network security and protective devices, applied in the field of communication, can solve problems such as increased server load, affecting normal business of customers, failure to reach, etc., to prevent SYN_ACK attacks and improve network security defense capabilities

Active Publication Date: 2012-01-04
CHENGDU HUAWEI TECH
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The normal SYN_ACK data packet belongs to the second step in the TCP three-way handshake phase, that is, after the protected server actively sends a SYN data packet, the client will return a SYN_ACK data packet as a response, and when a SYN_ACK attack occurs, the protected server will send out a SYN data packet in a short time Received a large number of SYN_ACK data packets, resulting in increased server load
[0004] In the process of implementing the present invention, the inventor found that due to load and stability considerations, in practical applications, a one-way environment is often used to deploy a network, but in a one-way environment, DDOS (Distributed Denial of Service, Distributed Denial of Service) equipment Only data traffic in one direction can be obtained, so the effect of using this proxy technology to resist attacks in a one-way environment is relatively poor
And although there are not many cases where the internal network actively connects to the external network, if the speed limit or the complete prohibition of SYN_ACK packets are used to make the SYN_ACK attack fail to meet the traffic requirements and fail to a certain extent, it still affects the normal business of customers

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network security protection method and apparatus in uni-direction environment
  • Network security protection method and apparatus in uni-direction environment
  • Network security protection method and apparatus in uni-direction environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0016] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0017] figure 1 A schematic diagram of a network security protection method in a one-way environment provided by Embodiment 1 of the present invention, as shown in figure 1 As shown, the network security protection methods in the unidirectional environment include:

[0018] Step 101: receiving the SYN_ACK response packet sent by the second node to the first node, the SYN_ACK response packet carrying the IP address and port number of the second node;

[0019]...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a network safety protection method in a unidirectional environment comprising: receiving SYN_ACK responsion data packet transmitted to a first node by a second node; verifying the second node IP address and port number according to a presetting data sheet, if the verification is passed, transmitting the SYN_ACK responsion data packet to the first node; if the verification is not passed, judging whether the second node IP address and port number are legal according to the ACK value in the SYN_ACK responsion data packet, if legal, storing the second node IP address and port number in the data sheet, else transmitting the structural SYN request data packet containing feature values to the second node to verify the second node. The method effectively stops the SYN_ACK attack to an in-house network appliance from an outer network appliance in the unidirectional environment and improves the network security defense ability in the unidirectional environment.

Description

technical field [0001] The present invention relates to the communication field, in particular to a network security protection method and device in a one-way environment. Background technique [0002] One-way environment means that in the network, the communication between the client and the server, the request and the reply are on different lines, that is, the data sent by the client to the server is on link A, and the data sent by the server to the client is on link B , link A and link B are not the same link. [0003] Normally, in a normal TCP connection, when the client requests the server to establish a connection by sending a data packet with the SYN flag set in the TCP header, the server will return a SYN_ACK set according to the source address in the IP header. The data packet is sent to the client as a response, and the client returns an ACK to the server to complete a complete connection. The normal SYN_ACK data packet belongs to the second step in the TCP three...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L1/16H04L12/56
Inventor 蒋武槐昱
Owner CHENGDU HUAWEI TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com