Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method and device for defending against ddos ​​attacks

A device and message technology, applied in the direction of electrical components, transmission systems, etc., can solve the problems of loss of defense function, inability to completely distinguish attacking devices from normal devices, etc., and achieve the effect of defending against DDoS attacks

Inactive Publication Date: 2011-12-21
NEW H3C TECH CO LTD
View PDF2 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] DDoS attack, the existing defense method has lost its defensive effect, and it is impossible to completely distinguish the attacking device (that is, the puppet machine) from the normal device

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for defending against ddos ​​attacks
  • A method and device for defending against ddos ​​attacks
  • A method and device for defending against ddos ​​attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] In the existing Internet, for security reasons, most E-mail servers require the client to be authenticated, for example, the client is required to enter a correct user name and password. And the puppet machine controlled by the attacker cannot grasp a large number of real users to attack, so the server fails in the authentication of the puppet machine (that is, the attacking device). Therefore, through the authentication result, it can be distinguished whether the client is an attacking device or a normal device, thereby defending against DDoS attacks on the attacking device. Moreover, for the same server, the lengths of the authentication success message and the authentication failure message sent to the client are fixed, by calculating the length of the authentication response message, and comparing the length of the authentication response message with the pre-saved By comparing the lengths of the authentication success packet and the authentication failure packet, i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a distributed deny of service (DDoS) attack defense method and a device, wherein the method comprises the following step of computing the length of an authentication response message which is sent to a client side through a server. The computation pattern comprises the following steps of: respectively obtaining the values of transmission control protocol (TCP) acknowledgement numbers acknowledgement (ACK) in the last message and the next message of the authentication response message, computing the difference of the TCP ACK value in the next message and the TCP ACK value in the last message, wherein the difference is the length of the authentication response message; and comparing the length of the authentication response message with the length of a successfully authenticated message or an unsuccessfully authenticated message which is stored in advance, identifying whether the authentication response message is the unsuccessfully authenticated message, and if the answer is yes, the server dropping a connection request of the client side. Through the DDoS attack defense method and the device, an attacked device and a normal device can be distinguished, and consequently the DDoS attack on an E-mail server can be defended.

Description

technical field [0001] The present invention relates to the technical field of Distributed Deny of Service (DDoS, Distributed Deny of Service), in particular to a method and equipment for defending against DDoS attacks. Background technique [0002] With the development of the Internet, there are more and more network applications. Due to the openness of the Internet design, various network applications are threatened by security. Among them, DDoS attack is a common means of attacking the server. The attacker controls a large number of puppet machines (at this time, the puppet machine is used as an attack device) to initiate a large number of connections to the attacked server, occupying the resources of the server and causing the server to fail. of service to normal equipment. [0003] In this context, a traffic cleaning device is produced, which is specially used to identify whether the client is an attack device or a normal device, and filter out the attack traffic so th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 陈光辉孙志强
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com