Flow detection method and equipment in unidirectional flow detection mode
A technology for detecting equipment and detection modes, which is applied in the field of communication, can solve problems such as DDoS attacks, difficulty in effective identification, and impact on normal applications, and achieve the effects of improved effects, low cost, and simple implementation methods
Active Publication Date: 2010-08-04
NEW H3C TECH CO LTD
View PDF3 Cites 8 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
However, when the attack source IP is legal, this detection mechanism is difficult to work
[0013] An attacker can initiate a connection request to a protected Hypertext Transfer Protocol (HyperText Transfer Protocol, HTTP) server through a legal source IP, and recursively obtain all image or page resources on the HTTP server at a lower rate. Specifically, It can be easily implemented by writing page scripts, which may lead to a decrease in server processing performance, and cannot normally process legitimate user connection requests, resulting in DDoS attacks
[0014] It is difficult to effectively identify the above attack methods in a one-way flow environment. At this time, if the threshold packet loss is simply performed by limiting the flow rate and other methods, it will easily affect normal applications on the one hand, and may cause did not achieve the expected preventive effect
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0059] In actual application scenarios, the TCP protocol works at the OSI transport layer, which is a reliable connection-oriented data stream protocol. The reason why TCP is reliable is that it guarantees the sequence of transmitting data packets, and the sequence uses one The serial number and confirmation number are guaranteed.
[0060] The serial number and the confirmation number are both 32-bit unsigned integers, which can represent the range of 0-4G (232) bytes. Among them, the sequence number represents the sequence number of the first byte of the data part, and the confirmation number represents the sequence number of the next byte that the receiver of the datagram wants the other party to send. Based on this setting, it can be confirmed that the sequence number is less than The data of the confirmation number has been received correctly.
[0061] The present invention proposes a flow detection method in a unidirectional flow detection mode based on such a sequence number...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a flow detection method and equipment in the unidirectional flow detection mode. The bidirectional flow can be detected under unidirectional flow environment according to the message sequence number and the acknowledgment number in the unidirectional flow, thereby providing analysis basis for effectively identifying attack occurrence under unidirectional flow environment. The technical scheme has simple implementation method and low cost, has no need for changing network topology and better improves the effect of preventing DDoS attack under unidirectional flow environment.
Description
Technical field [0001] The present invention relates to the field of communication technology, in particular to a flow detection method and equipment in a unidirectional flow detection mode. Background technique [0002] Distribution Denial of Service (DDoS) attacks generally have the characteristics of large attack traffic, multiple attack sources, difficult to filter, difficult to distinguish the authenticity of the attack source IP, and the attacker's indirect attack on identity concealment. [0003] At present, common attack detection modes include one-way flow detection and two-way flow detection. [0004] One-way flow detection only detects the traffic whose destination IP address is the protected IP, and does not detect the traffic sent by the protected IP. However, since this mode can only see the flow in one direction, it is difficult to determine whether an attack has occurred in some cases. [0005] The two-way flow detection detects the traffic sent to the protected IP an...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/56H04L12/26
Inventor 陈光辉杨宏会
Owner NEW H3C TECH CO LTD