Method and device for preventing denial service attack in access network

Abstract

The invention provides a method and a device for preventing denial service attack in communication network access equipment. The method comprises the following steps: (a) detecting a data communication protocol message from a user port; (b) recognizing an illegal user host generating denial service attack at the user port and updating user port configuration so as to isolate the illegal user host; and (c) supplying communication service to a legal user host according to the user port configuration. The invention can effectively distinguish a real DOS attack user host at the user port of network access equipment and isolate the DOS attack user host and can not influence the communication service of other normal user hosts.

Description

Technical field [0001] The present invention relates to the field of communication technology security, in particular to a method and corresponding device for preventing DOS (Denial of Service Attack) in access network equipment. Background technique [0002] DoS attack refers to deliberately attacking network protocol implementation flaws to exhaust the resources of the attacked object. The purpose is to make the target computer or network unable to provide normal services or resource access, so that the target system service system stops responding or even crashes. These service resources include the network. Bandwidth, file system space capacity, open processes or allowed connections. This kind of attack will lead to a lack of resources. No matter how fast the computer is processing, how large the memory capacity is, or how fast the network bandwidth is, the consequences of this attack cannot be avoided. [0003] The typical attack methods of DoS include Ping of Death, TearDro...

AI Technical Summary

Problems solved by technology

This kind of attack will lead to the lack of resources, no matter how fast the computer's processing speed, how big the memory capacity is, and how fast the network bandwidth is, the consequences of this kind of attack cannot be avoided.

[0003] Representative DoS attack methods include Ping of Death, TearDrop, SYNFlood, Land Attack, IP Spoofing DoS, etc. Although the specific implementation methods are ever-changing, they all have the same thing as above, that is, their fundamental purpose is to prevent the victim host or network from receiving And handle external requests, or fail to respond to external requests in a timely manner

Its specific manifestations are as follows: 1). Create a large flow of useless data, causing network congestion to the attacked host, making the attacked host unable to communicate with the outside world normally

2). Utilize the service provided by the attacked host or the defect of handling repeated connections in the transmission protocol, and repeatedly send out aggressive repeated service requests at high frequency, so that the attacked host cannot process other normal requests in time

In addition, after the user port isolation is restored, the illegal DOS attacking host can continue to launch DOS attacks and affect the communication under the user port, so this method does not really eliminate the potential security impact of the illegal DOS attacking host

Images