Method for determining TCP port scanning and device thereof

A port scanning and port technology, which is applied in digital transmission systems, electrical components, transmission systems, etc., and can solve the problems of narrow application scope and low efficiency.

Active Publication Date: 2014-02-05
KYLAND TECH CO LTD
View PDF4 Cites 27 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] Embodiments of the present invention provide a method and device for determining TCP port scanning, which are used to solve the problems of low efficiency and narrow application range in the prior art when performing port scanning detection

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for determining TCP port scanning and device thereof
  • Method for determining TCP port scanning and device thereof
  • Method for determining TCP port scanning and device thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] In order to improve the detection efficiency of TCP port scanning and expand the applicable scope of the detection method when the message is forwarded by the forwarding device, the embodiment of the present invention provides a method and device for determining TCP port scanning.

[0030] The present invention will be described in detail below in conjunction with the accompanying drawings.

[0031] figure 1 It is a schematic diagram of the process of exchanging SYN packets between the source device (attack device) and the destination device (attacked device). figure 1 When the source device and the destination device are exchanging SYN messages, the source device first sends a SYN message to the destination device, then the destination device returns a SYN plus ACK message to the source device, and then the source device returns a response message to the destination device for confirmation ACK message to establish a connection with the destination device. However, wh...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for determining TCP port scanning and a device thereof and aims to solve the problems of low efficiency and a narrow application range in the existing port scanning detection. A forwarding device identifies an SYN message in filtered port scanning messages to be determined. According to the source address information and target address information of the identified SYN message, SYN and ACK messages are constructed and are sent to equipment corresponding to the source address information of the message. When the equipment corresponding to the source address information sends the ACK message to equipment corresponding to the target address information, when the quantity of SYN messages of a target address or a target port which scan the existed and nonexistent target addresses and target ports of the equipment corresponding to the target address information at the same time is larger than a set threshold value N1, the equipment is determined to carry out TCP port scanning. According to the method and the device, since half hidden mode TCP port scanning and low speed TCP port scanning can be detected, the application range of the detection method is raised, the system resources are saved, and the determination efficiency of port scanning is raised.

Description

technical field [0001] The invention relates to the technical field of industrial Ethernet, in particular to a method and device for determining TCP port scanning. Background technique [0002] Port scanning refers to a method in which an attacker sends a group of port scanning packets in an attempt to intrude into a device and obtain various useful information about the device. By detecting the specific flag bits in the scanning packets through the detection technology, the port scanning behavior with known characteristics can be quickly and accurately detected, but the scanning behavior with unknown characteristics cannot be detected. [0003] During port scanning, whether the number of packets sent by each port exceeds the set threshold N within a fixed time length T (window value), when the number of packets sent by the port exceeds the set threshold N, Then it is determined that the port is being port scanned. However, in this method, the time length T is a fixed valu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/08H04L29/06H04L12/26
Inventor 丁杰马化一孔勇张俭锋薛百华
Owner KYLAND TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap