Method for defensing transmission control protocol synchronous flooding attack and transmission control protocol agent

A technology of transmission control protocol and flooding attack, which is applied in the field of synchronous flooding attack, which can solve the problems of CPU resource occupation, affecting the establishment of normal connection, and affecting the speed of establishing normal connection, so as to achieve the effect of improving defense and speeding up

Inactive Publication Date: 2009-12-02
NEW H3C TECH CO LTD
View PDF0 Cites 30 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

All SYN packets will be sent to the CPU and processed by the software TCP agent. It is also implemented by software to verify whether the client’s request is a SYN Flood attack. SYN Flood attack packets will occupy CPU resources. When the SYN Flood attack packets are fast enough , most of the CPU resources are occupied by attack packets, af...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for defensing transmission control protocol synchronous flooding attack and transmission control protocol agent
  • Method for defensing transmission control protocol synchronous flooding attack and transmission control protocol agent
  • Method for defensing transmission control protocol synchronous flooding attack and transmission control protocol agent

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0081] The core idea of ​​the present invention is: because the interface of TCP agent is usually realized by FPGA, therefore, in the present invention, the legitimacy verification of client is completed by FPGA, after the legitimacy verification of client is passed, the software module of TCP agent end begins to establish client The TCP connection between the client and the server, and the session table is sent to the FPGA, and then the FPGA forwards the data message exchanged between the client and the server according to the session table.

[0082] The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0083] image 3 In the one-way proxy mode provided by Embodiment 1 of the present invention, the message flow diagram of defending against TCP SYN Flood attacks, such as image 3 As shown, the specific steps are as follows:

[0084] Step 301: the client sends a SYN message with sequence numbe...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for defensing a transmission control protocol synchronous flooding attack and a transmission control protocol agent. The method comprises that: FPGA on a TCP agent and a client perform TCP three-way handshake to verify the legality of the client; after the client passes the legality verification, a software module on the TCP agent begins establishing TCP connection between the client and a server, and transmits a session table to the FPGA; and the FPGA forwards data messages interacted between the client and the server according to the session table. The method improves the effect of defensing the TCP synchronous flooding attack.

Description

technical field [0001] The invention relates to the technical field of synchronous flooding attacks, in particular to a method for defending against transmission control protocol (TCP, Transferring Control Protocol) synchronous flooding attacks and a TCP agent. Background technique [0002] Denial of Service (DoS, Denial of Service) attack is a common security threat faced by the network at present. This attack uses a large number of data packets to attack the target system and consumes the target system resources to prevent legitimate users from using network services normally. The main DoS attacks include synchronous flooding (SYNFlood), Fraggle, etc., and the most typical and frequently used DoS attack is the SYN Flood attack. [0003] SYN Flood attacks use the asymmetric relationship between the server and the client in the Transmission Control Protocol (TCP) connection to allocate TCB resources, aiming at the server system that does not limit connection requests, making...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/56
CPCH04L63/1458H04L63/1466H04L69/163
Inventor 蔡自彬王飓
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap