Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Attack prevention method and equipment

A technology for attacking devices and preset values, applied in the field of communications, can solve the problems of consuming the CPU resources of the SSL server, inaccessible server services, and SSL server attacks.

Active Publication Date: 2013-04-17
HUAWEI TECH CO LTD
View PDF2 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, the SSL DoS attack uses the characteristics of the SSL protocol to connect an ordinary computer to the Digital Subscriber Line (DSL), and consumes the CPU of the SSL server by frequently re-requesting the encryption key in a short period of time. resources, launching an attack on the SSL server
[0003] Specifically, the client can continuously initiate a key negotiation request ClientHello message to the server, and the ClientHello message initiated by the client to the server includes a session ID (Session Identity, SessionID), wherein the SessionID can be reused. If the SessionID in the ClientHello message sent by the client exists in the local SessionID table of the server, the server sends a key negotiation response SeverHello message including the SessionID to the client; SessionID, the server will randomly generate a new SessionID and send it to the client. In this way, both the client and the server will continue to complete the SSL key negotiation process. In this case, when the client can continuously send ClientHello messages to the server, When constantly negotiating SSL keys with the server, it is easy to exhaust the server resources, resulting in the server being inaccessible to normal business
Currently there is no effective method to prevent SSL DoS attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack prevention method and equipment
  • Attack prevention method and equipment
  • Attack prevention method and equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0050] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0051] The defense attack method provided by this embodiment can be implemented on gateway products such as router 101 or firewall 102, and can be applied to distributed denial of service (Distributed Denial of service; hereinafter referred to as: DDoS) cleaning equipment, wherein router 101, firewall 102, etc. The gateway product or the DDoS cleaning device is deployed at the front end of the Secure Socket Layer (Secure Socket Layer; hereinafter referred to as...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention provides an attack prevention method and equipment which relate to the field of communication and are used for effectively preventing an SSL DoS attack behavior. The method comprises the following steps that a password negotiation request message which is sent by a client terminal is received after transmission control protocol (TCP) connection with the client terminal is established; if a conversation monitoring table of the client terminal exists, the condition that whether conversation identifies exist in the conversation monitoring table of the client terminal or not is judged, and the conversion identifiers are recorded in the conversation monitoring table if a conversation identification does not exist; the condition that whether the number of the conversion identifiers of the client terminal is more than a first preset value or not is judged; and if the number of the conversation identifiers of the client terminal is more than the first preset value, the TCP connection is disconnected.

Description

technical field [0001] The present invention relates to the communication field, in particular to a method and equipment for defending against attacks. Background technique [0002] In recent years, Denial of Service (DoS) attacks against Secure Sockets Layer (Secure Sockets Layer, SSL) are more and more, because in the SSL protocol, the SSL handshake protocol is very computationally intensive for the server, the server To perform the private key decryption operation, its computational complexity can usually reach the exponential times of the computational complexity of the client. Therefore, the SSL DoS attack uses the characteristics of the SSL protocol to connect an ordinary computer to the Digital Subscriber Line (DSL), and consumes the CPU of the SSL server by frequently re-requesting the encryption key in a short period of time. resources to launch an attack on the SSL server. [0003] Specifically, the client can continuously initiate a key negotiation request Clien...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1458H04L69/16H04L63/0254H04L63/045H04L63/166H04L63/06H04L63/02H04L63/10
Inventor 孙宏
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products