Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method and device for preventing synchronous packet attack

A technology of synchronizing packets and synchronizing data packets, applied in the field of communication, can solve the problems of poor performance of main components, downtime of the host, loss of user data, etc., to ensure the effect of network paralysis

Active Publication Date: 2018-07-31
台州市吉吉知识产权运营有限公司
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] After the above three-way handshake is completed, the client can communicate with the server. From the perspective of the three-way handshake steps, if the client does not send a SYN+ACK packet during the third handshake, the server will not receive this packet. Under the circumstances, the server will generally retry to send SYN+ACK to the client again and discard the unfinished connection after waiting for a period of time. The length of this period of time is called SYN Timeout. Generally speaking, this time is on the order of minutes (approximately 30 seconds - 2 minutes), at this time the waiting process will occupy a certain amount of system resources, if the SYN+ACK packets from multiple ports cannot be received, then multiple threads will be waiting for connections, so system resources may eventually be exhausted Exhausted, crashes or system restarts, this kind of attack is a SYN flood attack. It can be seen that the SYN packet attack uses the third handshake vulnerability of the TCP / IP protocol TCP to establish a connection to implement an attack on the server
[0008] If a machine in the intranet acts as a server to provide some application services to the outside world, without a firewall, a large number of SYN packets from outside attack the host under the router. In severe cases, it may lead to host downtime or network paralysis
[0009] In the prior art, the solution on the router is to directly execute some commands to limit the number of SYN packets through the iptables command line in the user space, but if it is detected that the threshold is reached, the user data will be discarded, and there is no correction for user misoperation room for

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for preventing synchronous packet attack
  • A method and device for preventing synchronous packet attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0034] figure 1 It is a schematic flowchart of the method for preventing synchronous packet attacks provided by the present invention. Such as figure 1 Shown, method of the present invention comprises:

[0035] Step 101, pre-registering a hook (HOOK) function in the kernel, creating a tracking and monitoring linked list and a blacklist linked list, and setting a SYN packet threshold parameter and a recheck interval time parameter.

[0036] The present invention is based on the netfilter architecture. Netfilter is a Linux kernel firewall framework, which is concise and flexible, and can realize many functions in the application of security policies, such as packet filtering, packet processing, address masquerade, transparent proxy, dynamic network address translation (NAT, Network Address Translation) , and filter based on user and Media Access Control (MAC, Media Access Control) address, state-based filter, packet rate limit, etc.

[0037] Specifically, netfilter places so...

Embodiment 2

[0060] The present invention also provides a device for preventing synchronous packet attacks, such as figure 2 As shown, it includes: a setting module 201, a first processing module 202, a second processing module 203 and a third processing module 204, wherein,

[0061] The setting module 201 is used to pre-register the hook function in the kernel, create a tracking monitoring linked list and a blacklist linked list, and set the synchronization packet threshold and recheck interval time;

[0062] Specifically, the tracking and monitoring linked list includes an IP address field and a TCP connection data packet field; the length of the tracking and monitoring linked list is the number of IP addresses to be tracked and detected.

[0063] The blacklist linked list includes an IP address field and a blacklist flag field; when the blacklist flag is the first value, it means that the IP address is permanently added to the blacklist linked list, and the TCP connection packet sent b...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method and device for preventing synchronous packet attack. The method comprises: pre-registering a hook function in a core, creating a tracking monitoring linked list and a blacklist linked list, and setting a synchronous packet threshold valve and a redetection interval time; parsing a TCP connection data packet sent by a client to a server by utilizing the hook function, wherein the TCP connection data packet transmitted in first handshake of the client and the server is the synchronous data packet; when the number of the synchronous data packets from a same IP address reaches the synchronous packet threshold value, adding the IP address into the tracking monitoring linked list, and tracking the TCP connection data packet subsequently sent by the corresponding client to the IP address; and parsing the tracked TCP connection data packet, and if the TCP connection data packet is determined to be an attack data packet, adding the IP address corresponding to the TCP connection data packet into the blacklist linked list. By adopting the method and device, the attack from a synchronous (SYN) packet can be prevented.

Description

technical field [0001] The invention relates to the technical field of communications, in particular to a method and device for preventing synchronous (SYN, synchronous) packet attacks. Background technique [0002] In the Transmission Control Protocol / Internet Protocol (TCP / IP, Transmission Control Protocol / Internet Protocol) protocol, the TCP protocol provides a reliable connection service and uses a three-way handshake to establish a connection. [0003] Suppose a client communicates with a server, the three-way handshake process is as follows: [0004] The first handshake, when the connection is established, the client sends a TCP packet (identification bit SYN=j) to the server, and enters the SYN_SEND state, at this time, the client waits for the server to confirm the TCP packet; [0005] The second handshake, when the server receives the TCP packet, it must confirm the client's SYN (ack=j+1), and at the same time send a TCP packet (syn=k), that is, the SYN+ACK packet,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1408H04L63/1458H04L69/16
Inventor 张德黎
Owner 台州市吉吉知识产权运营有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com