Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and network appliance for preventing network attack

A network device and network attack technology, applied in the field of communication, can solve the problems of legitimate users' normal communication interruption, message crowding, and messages that don't care what type of message is

Active Publication Date: 2012-05-23
HUAWEI TECH CO LTD
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, at present, the use of CAR technology to prevent attacks generally imposes a unified rate limit on all packets sent for processing, regardless of where the packets come from, what type of packets, etc.
If the flow of attack packets from a certain port is too large, even if CAR is used to control the flow, the packets normally sent from other ports may still be squeezed out.
Similarly, if the traffic of attack packets from a certain protocol is too large, even if CAR is used for traffic control, the normally sent packets from other protocols may still be squeezed out.
Both of these situations result in interruption of normal communication for legitimate users

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and network appliance for preventing network attack
  • Method and network appliance for preventing network attack
  • Method and network appliance for preventing network attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0019] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the embodiments of the present invention will be further described in detail below with reference to the accompanying drawings.

[0020] In an embodiment of the present invention, at least two CAR rate channels are preset for packets of each protocol entering the network device, and at least one rate threshold is preset for packets of each protocol; According to the relationship between the sending rate of each protocol message on each port and the pre-set rate threshold for each protocol message, select the corresponding CAR rate channel to send each protocol message.

[0021] In the embodiment of the present invention, the CAR rate channel refers to a data channel that can guarantee that the packet is sent at a rate not higher than a specified CAR rate.

[0022] Generally, when pre-setting the rate threshold for packets of each protocol, the normal tra...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the communication field and discloses a method for preventing network attack and a network device solving the bad network attack effect problem in the prior art. The method arranges at least two committed access rate CAR channels and at least one rate threshold for each protocol packet in the network device, and selects corresponding CAR channel to up transmit each protocol packet based on the relation between an up-transmitting rate of each protocol packet at each port of the network device and the presetting rate threshold for each protocol packet. The method of theinvention can effectively solve the communication interrupt defect caused by that the normal up-transmitting packet of a legal client is edged off by an attack packet and the packet is limited rate by only one CAR in the prior network device. The invention also discloses the network for preventing network attack.

Description

technical field [0001] The invention relates to the communication field, in particular to a method and network equipment for preventing network attacks. Background technique [0002] With the rapid development of the Internet, network attacks are becoming more and more frequent. Attacks not only target terminal devices but also network devices, such as routers, switches, etc. Attackers generally send a large number of forged messages to them in a short period of time. This causes the system to be busy processing these packets, and other normal task processing is affected to achieve the purpose of the attack. In severe cases, this attack can cause system resources to be exhausted and equipment to go down. [0003] In order to prevent such network attacks, it is a relatively common method to use CAR (Committed Access Rate, agreed access rate) to limit network devices. CAR is a flow control technology often used in the communication field. Usually, network devices set CAR to ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/56
Inventor 王勇
Owner HUAWEI TECH CO LTD