A method and device for preventing tcp insertion denial of service attack

A denial of service attack and plug-in technology, applied in the field of Internet transmission, can solve the problems of protocol principle attack and failure to consider, and achieve the effect of ensuring reliability

Active Publication Date: 2015-12-16
XIAMEN MEIYA PICO INFORMATION
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Since the initial design of the TCP / IP protocol did not take into account such a large-scale application and the resulting various attack methods, generally the attack on the principle of the protocol is beyond the power of TCP / IP itself.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for preventing tcp insertion denial of service attack
  • A method and device for preventing tcp insertion denial of service attack
  • A method and device for preventing tcp insertion denial of service attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] At present, the TCP insertion denial of service attack needs to meet three conditions: 1) the attacker must be able to monitor all the TCP communication data packets between the client and the server; 2) the attacker can write his forged data packets to the network 3) According to the requirements of the TCP protocol, if a TCP connection receives the RST end packet sent by the other party, this connection must be closed.

[0029] Such as figure 1 As shown, we analyze the TCP insertion denial-of-service attack. First, let’s look at the process of ending the connection normally initiated by the client. The TCP connection should be closed without sending any notification.

[0030] Such as figure 2 It is a TCP communication process of a normal communication packet. The data packet No.7 in the figure is the RST packet initiated by the client (the TCP data packet is marked as AR). After the data packet is sent, the TCP connection is directly closed.

[0031] Let's take a ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for preventing the TCP (Transmission Control Protocol) plug-in type denial of service attack. The method comprises the following steps of: receiving a TCP data packet sent by a network card driver; judging whether the TCP data packet is an RST (Reset) data packet or not, and if SO, putting the data packet and a tetrad thereof in an RST data packet queue, wherein the tetrad comprises a source IP address, a target IP address, a source port and a target port of the RST data packet; and inspecting the RST data packet queue periodically, and if the existence time of the RST data packet in the queue is over a preset threshold, releasing the RST data packet. By the method disclosed by the invention, the TCP plug-in type denial of service attack is effectively prevented.

Description

technical field [0001] The invention relates to the technical field of Internet transmission, in particular to a method and device for preventing TCP insertion denial of service attacks. Background technique [0002] With the high-speed development of the Internet, various network attacks, especially DoS (Denial of Service attack, Denial of Service) have become one of the most serious threats that the Internet currently faces. Since the initial design of the TCP / IP protocol did not take into account such a large-scale application and the resulting various attack methods, generally the attack on the principle of the protocol is powerless for TCP / IP itself. Contents of the invention [0003] The inventor of the present invention proposes a method and device for preventing TCP-insert denial-of-service attacks after conducting in-depth research on the prior art. [0004] A device for preventing TCP plug-in denial-of-service attacks disclosed by the present invention mainly in...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
Inventor 张永光吴鸿伟赵庸
Owner XIAMEN MEIYA PICO INFORMATION
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap