Method and device for processing ACK (Acknowledgement) flooding attack

A technology for flooding attacks and legitimate users. It is applied in the field of dealing with ACK flooding attacks. It can solve problems such as wasting network resources, save network resources, reduce impact, and improve network experience.

Inactive Publication Date: 2016-05-25
TENCENT TECH (SHENZHEN) CO LTD
View PDF7 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In the triggered retransmission mode, these data packets will be discarded until the terminal sends

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for processing ACK (Acknowledgement) flooding attack
  • Method and device for processing ACK (Acknowledgement) flooding attack
  • Method and device for processing ACK (Acknowledgement) flooding attack

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0025] The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, not all the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of the present invention.

[0026] figure 1 It is a flowchart of a method for processing an ACK flooding attack provided by an embodiment of the present invention. In the embodiment of the present invention, a network device, such as a server, is pre-configured with a defense device for processing ACK flooding attacks. Such as figure 1 As shown, the method includes the following steps.

[0027] Step 11: After receiving the first ACK packet from the terminal, the defense dev...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a device for processing an ACK (Acknowledgement) flooding attack. The method comprises the following steps that: defense equipment stores information of a first ACK message after the first ACK message is received from a terminal; the defense equipment sends an ACK message for instructing retransmission to the terminal; the defense equipment determines whether a received second ACK message is matched with the first ACK message or not according to information of the first ACK message; when the received second ACK message is matched with the first ACK message, the defense equipment determines the terminal as a valid user, and sends the second ACK message to network equipment corresponding to the defense equipment; and the defense equipment sends a third ACK message to the network equipment corresponding to the defense equipment when the third ACK message from the valid user is received. According to the embodiment of the invention, the valid user can be distinguished in time during processing of the ACK flooding attack, so that the network experience of the valid user is improved.

Description

technical field [0001] The invention relates to the technical field of computer communication, in particular to a method and device for processing ACK flood attacks. Background technique [0002] Currently, network devices are often subject to distributed denial of service (Distributed Denial of Service, DDoS) attacks. In a DDoS attack, multiple attack sources use reasonable service requests to occupy too many service resources of the same network device, so that the network device cannot process legitimate user instructions. Among them, Transmission Control Protocol / Internet Protocol (Transmission Control Protocol / Internet Protocol, TCP / IP) is widely used by network devices. According to the TCP / IP protocol, during connection establishment and data transmission, network devices will receive ACK messages for different service requests. Therefore, ACK flood attack is a common form of DDoS attack. In an ACK flood attack, multiple attack sources can send a large number of AC...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1458
Inventor 张浩浩
Owner TENCENT TECH (SHENZHEN) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products