SYN attack defense method and device, and storage medium

A firewall and message technology, applied in the field of data processing, can solve problems such as the inability to guarantee normal traffic flow

Active Publication Date: 2018-03-30
NEUSOFT CORP
View PDF8 Cites 22 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] For this reason, the first object of the present invention is to propose a SYN attack defense method, which is used to solve the problem that the normal traffic flow cannot be guaranteed when the SYN attack is defended in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • SYN attack defense method and device, and storage medium
  • SYN attack defense method and device, and storage medium
  • SYN attack defense method and device, and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0067] Embodiments of the present invention are described in detail below, examples of which are shown in the drawings, wherein the same or similar reference numerals designate the same or similar elements or elements having the same or similar functions throughout. The embodiments described below by referring to the figures are exemplary and are intended to explain the present invention and should not be construed as limiting the present invention.

[0068] The following describes the SYN attack defense method and device, program product, and storage medium of the embodiments of the present invention with reference to the accompanying drawings.

[0069] figure 1 It is a schematic flowchart of a SYN attack defense method provided by an embodiment of the present invention. Such as figure 1 As shown, the SYN attack defense method is applied to the defense core in the multi-core processor, comprising the following steps:

[0070] S101. When the firewall is in the alarm mode, o...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a SYN attack defense method and device, and a storage medium, applied to a defense core of a multi-core processor. The SYN attack defense method comprises the following steps: obtaining a SYN message sent by a client when the firewall is in an alarm mode; confirming a corresponding forwarding core according to the five tuple information in the SYN message when the source address information in the SYN message is included in the white list, so that the forwarding core can process the SYN message normally; and adding the source address information to the blacklist and discarding the SYN message when the source address information is not included in the white list or blacklist; therefore, when the SYN attack is encountered by the firewall and the SYN attack is defended,the SYN message received by the firewall is processed by the defense core intensively, and the forwarding core only processes the SYN message and other message with legal source address information;therefore, the smooth flow of normal traffic is ensured, the forwarding efficiency of the firewall is improved, and the forwarding efficiency of the firewall can grow linearly with the increase of theforwarding core.

Description

technical field [0001] The invention relates to the technical field of data processing, in particular to a SYN attack defense method and device, and a storage medium. Background technique [0002] At present, there are two main defense methods for firewalls against SYN attacks: the first is to monitor the number of SYN semi-connections in real time, and directly disconnect when the number exceeds a certain threshold. This method will cause normal connections to be erroneous during SYN attacks If it is released, the smooth flow of normal traffic cannot be guaranteed. The second is to not rush to send a SYN message to the server after receiving the first packet of the TCP three-way handshake, but to reply a SYN-ACK, and create a dedicated hash table to record the semi-connection information such as the serial number of the reply, until the client receives After confirming that the source address information is valid and then forwarding the SYN message after the ACK message re...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/02H04L63/1408H04L63/1458
Inventor 刘健男
Owner NEUSOFT CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap