Unlock instant, AI-driven research and patent intelligence for your innovation.

A method and firewall for preventing attacks

A firewall and purpose technology, applied in the network field, can solve problems such as threatening the security of the intranet, and the security of intranet devices cannot be effectively guaranteed.

Active Publication Date: 2019-02-19
NEW H3C TECH CO LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

That is to say, devices on the internal network or external network can use the external network address information to freely access the internal network device corresponding to the internal network address information after the external network address information is transferred through the EIM table on the firewall, so that the attacker can easily pass the EIM The table carries out DDOS (Distributed Denial of service) attacks on intranet devices, so that the security of intranet devices cannot be effectively guaranteed, and at the same time, it may threaten the security of the entire intranet

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and firewall for preventing attacks
  • A method and firewall for preventing attacks
  • A method and firewall for preventing attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] The technical solutions in this application will be clearly and completely described below in conjunction with the drawings in this application. Apparently, the described embodiments are part of the embodiments of this application, not all of them. Based on the embodiments in this application, other embodiments obtained by those skilled in the art all belong to the protection scope of this application.

[0022] Embodiments of the present invention provide a method for preventing attacks, such as figure 1 The flow chart of a method for preventing attacks is shown. This method is applied to a firewall. The NAT hairpin function is enabled on the interface on the internal network side of the firewall. The outgoing address translation mode on the external network side is configured as PAT translation mode, and EIM is enabled. In this mode, packets are forwarded in P2P mode.

[0023] The method includes the following steps:

[0024] Step 101, receiving a message.

[0025] ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for preventing attacks, which is applied to a firewall in an enable EIM mode in a network address translation NAT network, and comprises the steps of: receiving a message; looking up an EIM table item with an external network address and an external network port number which are matched with a destination address and a destination port number of the message in an Endpoint-Independent Mapping (EIM) table; determining whether a conversation to which the message belongs is established by internal network equipment corresponding to an internal network address and an internal network port number in the EIM table item; if the conversation to which the message belongs is not established by the internal network equipment, then determining number of conversations established by the internal network equipment; and discarding the message when the number of conversations is greater than a first conversation number threshold value preset in the EIM table item. The method and the firewall are used for preventing malicious attacks by controlling the number of conversations corresponding to the internal network equipment.

Description

technical field [0001] The present application relates to the field of network technology, in particular to a method for preventing attacks and a firewall. Background technique [0002] After the NAT (Network Address Translation) hairpin function is enabled on the internal network side interface of the firewall, if the P2P method is used for packet forwarding, each internal network device on the internal network first registers its own internal network with the external network server. Address information to obtain its corresponding external network address information, and then intranet devices exchange visits by using the external network address information obtained by registering with each other with the external network server. In this mode, the outbound address translation on the external network side must be configured as PAT (Port Address Translation, port address translation) translation mode, and the EIM (Endpoint-Independent Mapping, endpoint independent mapping) ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/02
Inventor 王国利
Owner NEW H3C TECH CO LTD