CC (Challenge Collapsar) attack protection method and device

A protective device and client technology, applied in the field of network security, can solve problems such as poor protection effect and denial of service requests, and achieve the effect of improving protection effect and reducing usage

Inactive Publication Date: 2017-01-11
GUANGDONG EFLYCLOUD COMPUTING CO LTD
View PDF5 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, when the number of SYN messages initiated by the server in response to the client reaches the limit, this protection method will also cause the server to reject normal service requests initiated by the client, and the protection effect is poor.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • CC (Challenge Collapsar) attack protection method and device
  • CC (Challenge Collapsar) attack protection method and device
  • CC (Challenge Collapsar) attack protection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0023] figure 1 It is a schematic flowchart of a CC attack protection method provided by Embodiment 1 of the present invention. This embodiment can be applied to any situation that needs to defend against CC attacks. This method can be executed by a CC attack protection device. The CC attack protection The device can be configured in the server, and the method specifically includes the following steps:

[0024] Step 110, obtaining the IP address of the client that initiates the TCP connection request;

[0025] Among them, TCP (Transmission Control Protocol, transmission control protocol) is a connection-oriented reliable transport layer communication protocol. The TCP connection process includes a three-way handshake process. In the first handshake, the client sends a SYN message to the server, waiting for the server to confirm; in the second handshake, the server receives the SYN message sent by the client, sends a confirmation message to the client, that is, an ACK message...

Embodiment 2

[0035] figure 2 It is a schematic flowchart of a CC attack protection method provided by Embodiment 2 of the present invention. This embodiment is a further optimization of the above-mentioned embodiment. In this embodiment, it is determined whether the TCP connection request of the client is a CC attack based on the IP address. The TCP connection request at the end is a CC attack, and the method specifically includes:

[0036] Step 210, obtaining the IP address of the client that initiates the TCP connection request;

[0037] Step 220, if the IP address is an IP address in a non-preset area, determine that the TCP connection request of the client is a CC attack.

[0038] Exemplarily, according to the obtained IP address, the region to which the obtained IP address belongs can be obtained by querying the IP geographic location.

[0039] Exemplarily, the preset region is China, and if it is found that the obtained IP address is a non-Chinese IP address, it is determined tha...

Embodiment 3

[0044] image 3 It is a schematic flowchart of a CC attack protection method provided by Embodiment 3 of the present invention. This embodiment is a further optimization of the foregoing embodiment. In this embodiment, determining whether the TCP connection request of the client according to the IP address is a CC attack is optimized as follows: obtain the time to establish a connection with the client according to the IP address; If the current connection establishment time of the client is greater than the first threshold, it is determined that the client's TCP connection request is a CC attack. The method specifically includes:

[0045]Step 310, obtaining the IP address of the client that initiates the TCP connection request;

[0046] Step 320, obtain the time of establishing the connection with the client according to the IP address;

[0047] Step 330, if the current time for establishing a connection with the client is greater than the first threshold, determine that t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a CC (Challenge Collapsar) attack protection method and device. The method comprises the steps of obtaining IP (Internet Protocol) address of a client which initiates a transmission control protocol TCP connection request; determining whether the TCP connection request of the client is a CC attack or not according to the IP address; and rejecting an access of the client if the TCP connection request of the client is the CC attack. According to the technical solution provided by the embodiment of the method and the device, the request initiated by an abnormal client can be recognized and filtered, thereby rejecting the access of the client, reducing the use of server resources and improving a CC attack protection effect.

Description

technical field [0001] The embodiments of the present invention relate to network security technologies, and in particular to a CC attack protection method and device. Background technique [0002] With the continuous development and improvement of science and technology, the Internet has become an indispensable part of people's lives. The maintenance of Internet security is the focus of Internet technology. [0003] CC (Challenge Collapsar, challenge black hole) attack is a distributed denial of service (Distributed Denial Of Service, DDOS) attack that takes website pages as the main attack target. CC attacks usually initiate requests to the attacked server through a large number of puppet machines. Since these requests are valid and conform to network communication protocols, traditional network security devices cannot identify and filter them, making these requests occupy A large amount of resources on the server prevents the server from responding to service requests i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1458H04L63/1416
Inventor 曾宪力史伟关志来彭国柱
Owner GUANGDONG EFLYCLOUD COMPUTING CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap