SYN Flood protection method and apparatus, cleaning device and medium

A technology for cleaning equipment and packets. It is applied in the fields of preventing errors, using return channels for error prevention/detection, and digital transmission systems. It can solve problems such as business interruption, high pressure on cleaning equipment protection performance, and impact on user experience.

Active Publication Date: 2017-11-24
NSFOCUS INFORMATION TECHNOLOGY CO LTD +1
View PDF7 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0015] The embodiment of the present invention provides a protection method, device, cleaning equipment and storage medium of a SYN Flood attack, to solve the existing problem of destroying the TCP protocol connection state between the terminal and the server when protecting the SYN Flood attack in the prior art. , leading to business interruption, af

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SYN Flood protection method and apparatus, cleaning device and medium
  • SYN Flood protection method and apparatus, cleaning device and medium
  • SYN Flood protection method and apparatus, cleaning device and medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0049] image 3 A schematic diagram of the protection process of a SYN Flood attack provided by the embodiment of the present invention, the process includes the following steps:

[0050] S101: Receive a SYN message sent by a terminal, and determine whether information about the terminal is recorded in a trust list or a restriction list saved by itself.

[0051] The SYN Flood attack protection method provided by the embodiment of the present invention is applied to a cleaning device. The cleaning device stores a trust list and a restriction list, and terminal information is recorded in the trust list and the restriction list. The cleaning device can be a product that resists SYN Flood attacks, such as: NSFOCUS Anti-DDoS System (NSFOCUS ADS) of NSFOCUS Technology, or a gateway with protection functions. In addition, the The terminal can be a device such as a tablet computer or a PC.

[0052] The cleaning device can receive the SYN message sent by the terminal based on the TCP...

Embodiment 2

[0066] On the basis of the foregoing embodiments, in the embodiments of the present invention, the sending sequence number and the confirmation sequence number in the ACK detection message satisfying a specific condition are random values.

[0067] The serial number of the message transmitted between the terminal and the server is related. For example, the serial number of the SYN message sent by the terminal to the server is the initial serial number. After receiving the SYN message, the server sends the serial number of the SYN+ACK message to the terminal. Add 1 to the initial sequence number automatically. In order to ensure that the ACK detection message sent by the cleaning device to the terminal does not affect the message transmitted between the terminal and the server, the ACK detection message constructed by the cleaning device meets specific conditions, that is, the sending sequence number and confirmation sequence number settings in the ACK detection message It is a r...

Embodiment 3

[0069] Since the protection method provided in this case is aimed at SYN Flood attacks, before the protection, it can be judged whether there is a SYN Flood attack. If it is judged that there is no SYN Flood attack, no protection is required. Protect against SYN Flood attacks. In order to save the protection resources of the cleaning equipment, on the basis of the above-mentioned embodiments, in the embodiments of the present invention, before the judging whether the information of the terminal is recorded in the trust list or restriction list saved by itself, the method further includes :

[0070] Acquiring the current traffic of the server, judging whether the current traffic is greater than a preset traffic threshold, if so, determining that there is a SYN Flood attack, and performing subsequent steps.

[0071] After the cleaning device receives the SYN message sent by the terminal, before judging whether the terminal information is recorded in the trust list or restrictio...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an SYN Flood (synchronize Flood) protection method and apparatus, a cleaning device and a medium. The SYN Flood protection method includes the steps: receiving an SYN message sent from a terminal, and determining whether the information of the terminal is recorded in a trust list or a restriction list; if not, abandoning the SYN message, and sending an ACK (acknowledgement) detection message to the terminal; and determining whether an RST (RESET) message is received, if so, adding the information to the trust list, and if not, adding the information of the terminal to the restriction list. In the SYN Flood protection method and apparatus, the trust list and the restriction list are saved in a cleaning device; if the terminal is not recorded in any one list, the ACK detection message is sent to the terminal, and the ACK detection message does not destroy the TCP (Transmission Control Protocol) protocol connection between the terminal and a server; according to whether the terminal sends the RST message, the SYN Flood protection method and apparatus can determine to add the terminal to which list; and the SYN message is abandoned, the resource is not occupied, so that the processing efficiency of the cleaning device can be improved.

Description

technical field [0001] The invention relates to the field of network communication security, in particular to a method, device, cleaning device and storage medium for protecting against a Synchronized Flood (SYNFlood) attack. Background technique [0002] The Transmission Control Protocol (TCP) establishes a connection through a three-way handshake process. The three-way handshake process is as follows: [0003] 1. The terminal sends a synchronization (synchronize, SYN) message to the server, and the SYN message will indicate the port used by the terminal and the initial serial number of the TCP protocol connection; [0004] 2. After receiving the SYN message, the server sends a synchronization confirmation (synchronize+acknowledgment, SYN+ACK) message corresponding to the SYN message to the terminal. The SYN+ACK message indicates that the connection request of the terminal is accepted, and at the same time, the TCP The serial number of the protocol connection is automatica...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L1/16
CPCH04L1/1607H04L63/0236H04L63/0263H04L63/1458H04L63/166H04L69/163
Inventor 赵跃明叶晓虎何坤
Owner NSFOCUS INFORMATION TECHNOLOGY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap