Attack prevention method and equipment

Abstract

The embodiment of the invention provides an attack prevention method and equipment which relate to the field of communication and are used for effectively preventing an SSL DoS attack behavior. The method comprises the following steps that a password negotiation request message which is sent by a client terminal is received after transmission control protocol (TCP) connection with the client terminal is established; if a conversation monitoring table of the client terminal exists, the condition that whether conversation identifies exist in the conversation monitoring table of the client terminal or not is judged, and the conversion identifiers are recorded in the conversation monitoring table if a conversation identification does not exist; the condition that whether the number of the conversion identifiers of the client terminal is more than a first preset value or not is judged; and if the number of the conversation identifiers of the client terminal is more than the first preset value, the TCP connection is disconnected.

Description

technical field [0001] The present invention relates to the communication field, in particular to a method and equipment for defending against attacks. Background technique [0002] In recent years, Denial of Service (DoS) attacks against Secure Sockets Layer (Secure Sockets Layer, SSL) are more and more, because in the SSL protocol, the SSL handshake protocol is very computationally intensive for the server, the server To perform the private key decryption operation, its computational complexity can usually reach the exponential times of the computational complexity of the client. Therefore, the SSL DoS attack uses the characteristics of the SSL protocol to connect an ordinary computer to the Digital Subscriber Line (DSL), and consumes the CPU of the SSL server by frequently re-requesting the encryption key in a short period of time. resources to launch an attack on the SSL server. [0003] Specifically, the client can continuously initiate a key negotiation request Clien...

AI Technical Summary

Problems solved by technology

Therefore, the SSL DoS attack uses the characteristics of the SSL protocol to connect an ordinary computer to the Digital Subscriber Line (DSL), and consumes the CPU of the SSL server by frequently re-requesting the encryption key in a short period of time. resources, launching an attack on the SSL server

[0003] Specifically, the client can continuously initiate a key negotiation request ClientHello message to the server, and the ClientHello message initiated by the client to the server includes a session ID (Session Identity, SessionID), wherein the SessionID can be reused. If the SessionID in the ClientHello message sent by the client exists in the local SessionID table of the server, the server sends a key negotiation response SeverHello message including the SessionID to the client; SessionID, the server will randomly generate a new SessionID and send it to the client. In this way, both the client and the server will continue to complete the SSL key negotiation process. In this case, when the client can continuously send ClientHello messages to the server, When constantly negotiating SSL keys with the server, it is easy to exhaust the server resources, resulting in the server being inaccessible to normal business

Currently there is no effective method to prevent SSL DoS attacks

Images