Network security protection method and apparatus in uni-direction environment

Abstract

The invention discloses a network safety protection method in a unidirectional environment comprising: receiving SYN_ACK responsion data packet transmitted to a first node by a second node; verifying the second node IP address and port number according to a presetting data sheet, if the verification is passed, transmitting the SYN_ACK responsion data packet to the first node; if the verification is not passed, judging whether the second node IP address and port number are legal according to the ACK value in the SYN_ACK responsion data packet, if legal, storing the second node IP address and port number in the data sheet, else transmitting the structural SYN request data packet containing feature values to the second node to verify the second node. The method effectively stops the SYN_ACK attack to an in-house network appliance from an outer network appliance in the unidirectional environment and improves the network security defense ability in the unidirectional environment.

Description

technical field [0001] The present invention relates to the communication field, in particular to a network security protection method and device in a one-way environment. Background technique [0002] One-way environment means that in the network, the communication between the client and the server, the request and the reply are on different lines, that is, the data sent by the client to the server is on link A, and the data sent by the server to the client is on link B , link A and link B are not the same link. [0003] Normally, in a normal TCP connection, when the client requests the server to establish a connection by sending a data packet with the SYN flag set in the TCP header, the server will return a SYN_ACK set according to the source address in the IP header. The data packet is sent to the client as a response, and the client returns an ACK to the server to complete a complete connection. The normal SYN_ACK data packet belongs to the second step in the TCP three...

AI Technical Summary

Problems solved by technology

The normal SYN_ACK data packet belongs to the second step in the TCP three-way handshake phase, that is, after the protected server actively sends a SYN data packet, the client will return a SYN_ACK data packet as a response, and when a SYN_ACK attack occurs, the protected server will send out a SYN data packet in a short time Received a large number of SYN_ACK data packets, resulting in increased server load

[0004] In the process of implementing the present invention, the inventor found that due to load and stability considerations, in practical applications, a one-way environment is often used to deploy a network, but in a one-way environment, DDOS (Distributed Denial of Service, Distributed Denial of Service) equipment Only data traffic in one direction can be obtained, so the effect of using this proxy technology to resist attacks in a one-way environment is relatively poor

And although there are not many cases where the internal network actively connects to the external network, if the speed limit or the complete prohibition of SYN_ACK packets are used to make the SYN_ACK attack fail to meet the traffic requirements and fail to a certain extent, it still affects the normal business of customers

Images