Flood attack prevention method and device

A flooding attack and illegal technology, applied in the direction of digital transmission system, electrical components, transmission system, etc., can solve the problems of normal traffic packet discarding, exceeding, and the total amount of ARP packets sent

Inactive Publication Date: 2011-04-13
HUAWEI TECH CO LTD
View PDF1 Cites 23 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

like Figure 4 The shown solution isolates the range of ARP packet flooding attacks in each VLAN through the CAR channel of each VLAN. However, for each VLAN, normal traffic packets and attack traffic packets inside CAR restrictions for each VLAN are discarded
In addition, the ARP packets of each VLAN still have to be aggregated to the CPU through the sending channel 203. If the number of VLANs is large, although the sending rate of the ARP packets of each VLAN under attack does not exceed the rate for the VLAN. The limit threshold of the CAR channel, but at the upload channel 203 that is aggregated to the CPU, the total amount of ARP packets sent is still large, and may still exceed the threshold limit of the CAR channel limit for the entire upload channel 203
At this time, some normal traffic packets will still be discarded together with the attack traffic packets, thus affecting the normal operation of the business

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Flood attack prevention method and device
  • Flood attack prevention method and device
  • Flood attack prevention method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0035] Such as Figure 5 As shown, this embodiment provides a method for preventing flooding attacks, including:

[0036] Step 501: Carry out CAR restrictions on packets sent from different IP addresses, and set CAR channels respectively.

[0037] In step 501, according to the rate range of the normal traffic packets sent by the same IP address, CAR restrictions are performed on the packets sent by each IP address, and the CAR channel is set. The threshold of the CAR channel limitation is set according to the rate range of normal traffic packets sent by the same IP address, so as to filter attack traffic packets exceeding the rate range of normal traffic packets. The rate range of normal traffic packets sent by the same IP address can be calculated according to specific application situations. Taking the ARP application as an example, for an IP address with a subnet mask of 255.255.255.0, up to 254 hosts can share one IP address. Since the length of a single ARP message is g...

Embodiment 2

[0046] This embodiment provides a method for preventing flooding attacks, and its application scenario is an ARP packet flooding attack. Such as figure 1 As shown, the terminals PC1 and PC2 form a virtual local area network VLAN1, the terminals PC3 and PC4 form a virtual local area network VLAN2, and the terminals PC5 and PC6 form a virtual local area network VLAN3. Each terminal is aggregated to the gateway device through a layer 2 switch. The internal situation of the gateway device is as follows: figure 2 As shown, including the central processing unit CPU, the network processor Network Processor, and the ARP cache table. Such as Figure 8 As shown, the flood attack prevention method provided in this embodiment includes:

[0047] Step 801: Check the validity of the sent ARP message.

[0048] In step 801, the network processor first checks the validity of the ARP message, and preliminarily filters some illegal ARP messages. The legality check includes presetting the ca...

Embodiment 3

[0067] This embodiment provides a method for preventing flooding attacks, and its application scenario is the situation of ICMP message flooding attacks. Such as figure 1 As shown, the terminals PC1 and PC2 form a virtual local area network VLAN1, the terminals PC3 and PC4 form a virtual local area network VLAN2, and the terminals PC5 and PC6 form a virtual local area network VLAN3. Each terminal is aggregated to the gateway through a layer 2 switch, and the gateway device includes a central processing unit CPU and a network processor NetworkProcessor. Such as Figure 10 As shown, the flood attack prevention method provided in this embodiment includes:

[0068] Step 1001: Check the validity of the ICMP message sent.

[0069]In step 1001, the network processor first checks the validity of ICMP messages, and preliminarily filters some illegal ICMP messages. The legality check includes presetting the category of the illegal ICMP message, and judging whether the ICMP message b...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention provides a flood attack prevention method comprising the following steps of: carrying out CAR (Committed Access Rate) limitation on messages sent to different IP addresses, and respectively arranging CAR channels; and carrying out Hash processing on messages sent by all IP addresses based on IP addresses. The embodiment also provides a flood attack prevention device comprising a CAR limitation unit and a Hash processing unit based on IP addresses. According to the embodiment, normal flow messages can be separated from attach flow messages, so that the attach flow messages are filtered by the CAR channels due to large flow rate, and the normal flow messages are sent to a CPU to be processed through the CAR channels. The normal business running of attached equipment is ensured.

Description

technical field [0001] The invention relates to the fields of computers and communications, in particular to a method and device for preventing flooding attacks. Background technique [0002] Flood attack, also known as flood attack and flood attack, refers to the use of flooding / flooding (flood / flooding) to attack networked communication node devices, generally by adding additional network traffic load to achieve denial of service (Denial of Service, DoS) attack, causing the computer or communication equipment to be paralyzed. Common flooding attack methods include ARP (Address Resolution Protocol, Address Resolution Protocol) packet flooding attack, ICMP (Internet Control Messages Protocol, Internet Control Information Protocol) packet flooding attack, TCP SYN (Transfer Control Protocol Synchronization, transmission control protocol synchronization) packet flood attack, etc. [0003] There is a common problem in the processing of flooding attack packets in the prior art,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
Inventor 杜晟
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap