Attack defense method

An attacker and encryption algorithm technology, applied in the field of network security, can solve the problem that the server cannot effectively identify and defend against SYNFlood attacks, and achieve the effect of avoiding SYNFlood attacks

Inactive Publication Date: 2013-10-09
天津汉柏汉安信息技术有限公司
View PDF9 Cites 35 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The existing TCP connection method makes the server unable to effectively identify and defend against SYN Flood attacks. Therefore, it is necessary to propose a method to effectively prevent the server from being attacked by SYN Flood

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack defense method
  • Attack defense method

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment approach

[0037] figure 1 Represent a specific implementation of the defense method of the attack proposed by the present invention, the method includes the following steps:

[0038] When the network security device receives the TCP SYN message sent by the client to the server, it calculates the cookie value, adds the cookie value to the SYN / ACK message, and then sends the SYN / ACK message back to the client;

[0039] After receiving the SYN / ACK message, the client sends an ACK message to the network security device;

[0040] After the network security device receives the ACK message, it uses the cookie value to verify the ACK message, and if the verification is successful, the source IP address of the ACK message is marked as a legitimate user, The network security device establishes a first TCP connection with the client, and establishes a second TCP connection with the server on behalf of the client, or marks the source IP address of the ACK message as an attacker.

[0041] In the ...

Embodiment 1

[0052] figure 2 It is the system schematic diagram of embodiment 1. like figure 2 As shown, the process of establishing a TCP connection between the client and the server is:

[0053] In the first step, the client first sends a TCP SYN message (that is, message a);

[0054] In the second step, after the network security device receives the message a, it starts the proxy function, and according to the local time in the TCP header of the message a, uses the md5 encryption algorithm to calculate the cookie value, and then fills the cookie value as SYN / The serial number in the TCP header of the ACK message (that is, message b), and then send the message b back to the client;

[0055] In the third step, after receiving message b, the client calculates a new serial number based on the received cookie value, then adds the new serial number to the TCP header of the ACK message (that is, message c), and puts Packet c is sent to the network security device;

[0056] Step 4: Afte...

Embodiment 2

[0060] The first three steps of embodiment 2 are identical with embodiment 1, difference is:

[0061] Step 4: After receiving message c, the network security device checks whether the sequence number in the TCP header of message c and the cookie value generated by itself can be verified according to a certain algorithm. When the verification fails, the network security device Mark the source IP address of message c as an attacker and add it to the blacklist;

[0062] In the fifth step, the network security device establishes a first TCP connection with the client, and establishes a second TCP connection with the server on behalf of the client, and adopts the traditional three-way handshake mechanism when establishing the second TCP connection;

[0063] In the sixth step, when the network security device receives the request message sent by the client to the server, it first judges whether the IP address of the client is in the blacklist, and if it is found, it directly interce...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an attack defense method, and relates to the technical field of network security. When a network security device receives TCP SYN messages sent by a client side to a server, an agency function is started, TCP connecting requests are verified based on a cookie verification mechanism, a source IP address is marked to be a valid user if the successful verification is achieved, a first TCP connection is built between a network security device and the client side, a second TCP connection is built between an agency client side and the server, or the source IP address is marked to be an attack party. The network security device conducts judgment on the TCP connecting requests of the client side based on the cookie verification mechanism, and SYN Flood attacks can be effectively identified. After the verification is finished, interaction with all client sides are finished by the network security device in an agency mode, the server cannot be influenced, and therefore the server can be prevented from undergoing the SYN Flood attacks.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to an attack defense method. Background technique [0002] In network communication, the standard process of establishing a TCP connection between the client and the server is as follows: first, the client sends a TCP SYN message containing the Synchronize (SYN) flag, and the synchronization message will indicate the port used by the client and The initial serial number of the TCP connection; in the second step, after receiving the TCP SYN message from the client, the server returns a SYN / ACK message, indicating that the client's request is accepted, and the TCP serial number is increased by one, and ACK is the confirmation (Acknowledgment) ; In the third step, the client also returns an ACK confirmation message to the server, and the TCP sequence number is also increased by one, and a TCP connection is completed at this point. The above connection process is called a thre...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
Inventor 徐振兵朱正路田洋朱鹏飞王智民
Owner 天津汉柏汉安信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap