Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and device for preventing denial service attack in access network

A denial of service attack, access device technology, applied in the field of communication technology security, can solve the problem that the attacked host cannot communicate with the outside world normally, does not really eliminate the security impact of illegal DOS attack hosts, and the attacked host cannot process other normal requests in time. And other issues

Active Publication Date: 2009-12-16
ALCATEL LUCENT SHANGHAI BELL CO LTD
View PDF0 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This kind of attack will lead to the lack of resources, no matter how fast the computer's processing speed, how big the memory capacity is, and how fast the network bandwidth is, the consequences of this kind of attack cannot be avoided.
[0003] Representative DoS attack methods include Ping of Death, TearDrop, SYNFlood, Land Attack, IP Spoofing DoS, etc. Although the specific implementation methods are ever-changing, they all have the same thing as above, that is, their fundamental purpose is to prevent the victim host or network from receiving And handle external requests, or fail to respond to external requests in a timely manner
Its specific manifestations are as follows: 1). Create a large flow of useless data, causing network congestion to the attacked host, making the attacked host unable to communicate with the outside world normally
2). Utilize the service provided by the attacked host or the defect of handling repeated connections in the transmission protocol, and repeatedly send out aggressive repeated service requests at high frequency, so that the attacked host cannot process other normal requests in time
In addition, after the user port isolation is restored, the illegal DOS attacking host can continue to launch DOS attacks and affect the communication under the user port, so this method does not really eliminate the potential security impact of the illegal DOS attacking host

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for preventing denial service attack in access network
  • Method and device for preventing denial service attack in access network
  • Method and device for preventing denial service attack in access network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment approach

[0040] In one embodiment, the judgment processing unit 312 records the user host 23 corresponding to port N in the port configuration table 311 (the corresponding IP / MAC address is 192.168.1.120->06:0F:B8:88:21:2D) Delete, set the “dynamic port address learning” option of the user port to “No”, and start the corresponding timer 313 to restore the option to “Yes” after a certain period of time, then the control device 33 will The address learning of all user hosts under the user port is prohibited within the time range; this method may affect the joining of new legal user hosts under the user port within the set time range, but it will not affect the legitimate user hosts that are communicating. Prevents DOS attacks. The user host 23 continues to attack through IP / MAC address spoofing or access to other IP addresses.

[0041] In another embodiment, the judgment processing unit 312 sets the "blacklist" option of the corresponding user host 23 in the port configuration table 311 to "...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method and a device for preventing denial service attack in communication network access equipment. The method comprises the following steps: (a) detecting a data communication protocol message from a user port; (b) recognizing an illegal user host generating denial service attack at the user port and updating user port configuration so as to isolate the illegal user host; and (c) supplying communication service to a legal user host according to the user port configuration. The invention can effectively distinguish a real DOS attack user host at the user port of network access equipment and isolate the DOS attack user host and can not influence the communication service of other normal user hosts.

Description

Technical field [0001] The present invention relates to the field of communication technology security, in particular to a method and corresponding device for preventing DOS (Denial of Service Attack) in access network equipment. Background technique [0002] DoS attack refers to deliberately attacking network protocol implementation flaws to exhaust the resources of the attacked object. The purpose is to make the target computer or network unable to provide normal services or resource access, so that the target system service system stops responding or even crashes. These service resources include the network. Bandwidth, file system space capacity, open processes or allowed connections. This kind of attack will lead to a lack of resources. No matter how fast the computer is processing, how large the memory capacity is, or how fast the network bandwidth is, the consequences of this attack cannot be avoided. [0003] The typical attack methods of DoS include Ping of Death, TearDro...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L29/06H04L12/56H04L12/28
Inventor 郑大勇赵喜鸿吕小鹏
Owner ALCATEL LUCENT SHANGHAI BELL CO LTD