Flood attack prevention method and device

Abstract

The embodiment of the invention provides a flood attack prevention method comprising the following steps of: carrying out CAR (Committed Access Rate) limitation on messages sent to different IP addresses, and respectively arranging CAR channels; and carrying out Hash processing on messages sent by all IP addresses based on IP addresses. The embodiment also provides a flood attack prevention device comprising a CAR limitation unit and a Hash processing unit based on IP addresses. According to the embodiment, normal flow messages can be separated from attach flow messages, so that the attach flow messages are filtered by the CAR channels due to large flow rate, and the normal flow messages are sent to a CPU to be processed through the CAR channels. The normal business running of attached equipment is ensured.

Description

technical field

[0001] The invention relates to the fields of computers and communications, in particular to a method and device for preventing flooding attacks. Background technique

[0002] Flood attack, also known as flood attack and flood attack, refers to the use of flooding / flooding (flood / flooding) to attack networked communication node devices, generally by adding additional network traffic load to achieve denial of service (Denial of Service, DoS) attack, causing the computer or communication equipment to be paralyzed. Common flooding attack methods include ARP (Address Resolution Protocol, Address Resolution Protocol) packet flooding attack, ICMP (Internet Control Messages Protocol, Internet Control Information Protocol) packet flooding attack, TCP SYN (Transfer Control Protocol Synchronization, transmission control protocol synchronization) packet flood attack, etc.

[0003] There is a common problem in the processing of flooding attack packets in the prior art,...

Images