Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and device for preventing UDP Flood attack

A message and terminal technology, applied in the direction of digital transmission system, electrical components, transmission system, etc., can solve the problem of ineffective protection.

Active Publication Date: 2017-12-08
NSFOCUS INFORMATION TECHNOLOGY CO LTD +1
View PDF6 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The embodiment of the present invention provides a method and device for protecting against UDP Flood attacks, which are used to solve the problem in the prior art that effective protection cannot be performed when the source IP scale is large when protecting against UDP Flood attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for preventing UDP Flood attack
  • Method and device for preventing UDP Flood attack
  • Method and device for preventing UDP Flood attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0035] figure 1 A schematic diagram of the protection process of a UDP Flood attack provided by the embodiment of the present invention, the process includes the following steps:

[0036] S101: Receive a UDP packet sent by a terminal, and judge whether information about the terminal is recorded in a trust list or a restriction list saved by itself.

[0037] The protection method against UDP Flood attack provided by the embodiment of the present invention is applied to the cleaning device, and the cleaning device stores a trust list and a restriction list, and the trust list and the restriction list record terminal information, and the terminal information can be terminal IP address. The cleaning device may be a product that resists UDP Flood attacks, for example: NSFOCUS Anti-DDoS System (NSFOCUS ADS) of NSFOCUS Technology, and may also be a device such as a gateway with protection functions. In addition, the embodiments of the present invention The terminal in can be a devi...

Embodiment 2

[0052] Since the protection method provided in this case is aimed at UDP Flood attacks, before the protection, it can be judged whether there is a UDP Flood attack. If it is judged that there is no UDP Flood attack, no protection is required. Protect against UDP Flood attacks. In order to save the protection resources of the cleaning equipment, on the basis of the above-mentioned embodiments, in the embodiments of the present invention, before the judging whether the information of the terminal is recorded in the trust list or restriction list saved by itself, the method further includes :

[0053] Acquiring the current traffic of the server, judging whether the current traffic is greater than a preset traffic threshold, and if so, determining that there is a UDP Flood attack, and performing subsequent steps.

[0054] After the cleaning device receives the UDP message sent by the terminal, before judging whether the information of the terminal is recorded in the trust list or...

Embodiment 3

[0064] In order to improve the accuracy of determining the authenticity of the terminal, on the basis of the above embodiments, in the embodiment of the present invention, the judging whether the response message sent by the terminal is received includes:

[0065] Judging whether the response message sent by the terminal is received within the first set time period.

[0066] According to the rules of the TCP protocol and the ICMP protocol, after the cleaning device sends a detection message to the terminal based on the TCP protocol or ICMP protocol, the terminal will send a response message to the cleaning device within a set period of time, that is to say, the cleaning device The device will receive the response message sent by the terminal within the set time period. If the response message sent by the terminal is received within the set time length, it can be considered that the terminal satisfies the TCP protocol or the ICMP protocol, and therefore, it can be determined th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and a device for preventing a UDP Flood attack. The method and the device for preventing the UDP Flood attack are applied to a cleaning device; and the method comprises the steps of receiving a UDP message sent by a terminal; judging whether the information of the terminal is recorded in a trust list or a restriction list; if not, sending a detection message to the terminal based on a TCP or an ICMP; judging whether a response message sent by the terminal is received; if so, forwarding a UDP message to a server; and otherwise, carrying out speed-limiting processing for the UDP message. As the trust list and the restriction list are stored in the cleaning device in the embodiment, the cleaning device sends the detection message to the terminal based on the TCP or the ICMP if the terminal is not recorded in any one of the trust list and the restriction list, thereby determining whether to record the terminal in the lists and carrying out corresponding processing for the UDP message. Therefore, the purpose of effective prevention can be realized when the terminal is large in scale.

Description

technical field [0001] The invention relates to the field of network communication security, in particular to a method and device for protecting against User Datagram Protocol Flood (UDP Flood) attacks. Background technique [0002] User Datagram Protocol (UDP Flood) is an increasingly rampant traffic-type denial of service (Denial of Service, DoS) attack, the common situation is to use a large number of User Datagram Protocol (User Datagram Protocol, UDP) small packets to impact the DNS server or Radius authentication server, streaming video server. 100k pps UDP Flood often paralyzes the backbone devices on the line, such as firewalls, causing paralysis of the entire network segment. Since the UDP protocol is a connectionless protocol, in a UDP Flood attack, the attacker can send a large number of small UDP packets with false source IP addresses. However, since the UDP protocol is a connectionless protocol, the source IP does not need to be connected to the server before ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/26H04L12/801
CPCH04L43/10H04L43/16H04L47/10H04L63/1416H04L63/1458
Inventor 赵跃明叶晓虎
Owner NSFOCUS INFORMATION TECHNOLOGY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com