Unlock instant, AI-driven research and patent intelligence for your innovation.
Method and device for blocking TCP connection
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A technology for connecting information and purposes, applied in the field of network security protection, can solve the problems of random assignment of RST packets, new serial numbers that expire and cannot be blocked, etc.
Inactive Publication Date: 2013-11-06
BEIJING VENUS INFORMATION TECH +1
View PDF0 Cites 0 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
[0003] At present, many main bypass network security devices have random assignment of RST packets; a small number of accurate calculations also have the problem that the new serial number generated under heavy traffic conditions expires and cannot be blocked
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0051] Embodiment 1, a method for blocking a TCP connection, comprising:
[0052] Save the connection information of each TCP connection; the connection information of the TCP connection includes this TCP connection: client information, server information, request direction TCP wait sequence number and response direction TCP wait sequence number;
[0053] Grab the TCP packet, find the connection information of the TCP connection to which the TCP packet belongs, update the request direction TCP waiting sequence number and the response direction TCP waiting sequence number in the connection information according to the captured TCP packet;
[0054] If the captured TCP packet is a TCP packet that needs to be blocked, an RST packet is generated according to the updated connection information of the TCP connection to which the TCP packet belongs, and is sent to the client and the server of the TCP connection.
[0055] It can be seen that after sending the RST packet, if there is a ...
Embodiment 2
[0099] Embodiment 2, a device for blocking TCP connections, such as Figure 5 shown, including:
[0100] The storage unit is used to save the connection information of each TCP connection; the connection information of the TCP connection includes the TCP connection: client information, server information, request direction TCP waiting sequence number and response direction TCP waiting sequence number;
[0101] A grabbing unit, configured to grab the TCP packet, and find the connection information of the TCP connection to which the TCP packet belongs in the storage unit;
[0102] The update unit is used to update the request direction TCP waiting sequence number and the response direction TCP waiting sequence number in the connection information found according to the captured TCP packet;
[0103] A judging unit, configured to judge whether the captured TCP packet is a TCP packet that needs to be blocked, and if so, send a blocking instruction;
[0104] The blocking unit is c...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
PUM
Login to View More
Abstract
The invention provides a method and a device for blocking TCP connection. The method comprises the following steps of: saving the connection information of each TCP connection, wherein the connection information of the TCP connection comprises client information, server information, request direction TCP waiting serial number and response direction TCP waiting serial number of the TCP connection; grabbing a TCP packet, finding the connection information of the TCP connection to which the TCP packet belongs, and updating the request direction TCP waiting serial number and the response direction TCP waiting serial number in the connection information according to the grabbed TCP packet; and if the grabbed TCP packet is a TCP packet to be blocked, generating an RST packet according to the updated connection information of the TCP connection to which the TCP packet belongs, and transmitting the RST packet to the client and the server of the TCP connection. The method for blocking the TCP connection can accurately and continuously block the connection. Therefore, the method can efficiently block illegal TCP connection under a high traffic environment.
Description
technical field [0001] The invention relates to network security protection, in particular to a method and device for blocking TCP connections. Background technique [0002] There are a large number of illegal TCP (Transmission Control Protocol, Transmission Control Protocol) connections on the network, for example, some connections with attack packets, or some unauthorized accesses. For bypass devices, blocking these illegal TCP connections is a very important function. Sending RST packets (TCP reset packets) is recognized as the most effective method of blocking TCP connections. The function of the RST packet must ensure that the sequence number of the RST packet must be equal to the sequence number waiting for the protocol stack of the target host, otherwise the protocol stack of the target host will ignore the RST packet. [0003] At present, many major bypass network security devices have random assignment of RST packets; a few with accurate calculations also have the...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to View More 
Login to View More