A method of attack defense, network equipment and computer storage medium

Abstract

The invention discloses an attack defense method, network equipment and a computer storage medium, which are used for improving attack defense capability of the network equipment. The method comprisesthe steps that the network equipment respectively acquires a historical actual new establishment rate of IP equipment in each specified sampling period according to historical session records, wherein the historical actual new establishment rate in one sampling period is the number of new establishment sessions of the network equipment and the IP equipment in one sampling period; the network equipment computes an estimated new establishment rate of the IP equipment within a specified time range based on all acquired actual new establishment rates; the network equipment selects a target rate threshold of the IP equipment from a preset rate threshold set according to a preset value rule and the estimated new establishment rate, wherein the rate threshold set comprises N rate thresholds; andwhen the network equipment determines that the current actual new establishment rate of the IP equipment exceeds the target rate threshold, the network equipment discards a data packet needing to beforwarded to the IP equipment.

Description

technical field [0001] The invention relates to the technical field of network communication, in particular to an attack defense method, network equipment and computer storage medium. Background technique [0002] With the increasing popularity of the network, the security of the network has become an issue that people are more and more concerned about. This makes the gateway device responsible for data interaction with the external network, sometimes called the egress gateway device, more and more equipped with certain functions in the case of integrated behavior management, flow control, application identification and other functions. Attack defense capabilities to protect devices in the LAN from network threats from the external network as little as possible. [0003] In the prior art, there are two main ways for the egress gateway device to defend against attacks: [0004] The first method is to select packets at the network layer according to an access control list (A...

AI Technical Summary

Problems solved by technology

[0007] For the first method, the source address, destination address, and IP port number of the network attack may be forged, so all attack packets cannot be filtered through the ACL; and maintenance is difficult; and with the increase in the number of ACL increase, the processing performance of the egress gateway device will gradually decrease

[0008] For the second method, the situation of each IP may be different, so how many limit values ​​to set for each IP cannot be determined, and it also brings about abnormal network problems caused by improper configuration

[0009] Obviously, no matter whether the above-mentioned first method or the second method is adopted, due to the performance degradation of the egress gateway device or the problem of network abnormality during the attack defense, the attack defense capability of the egress gateway device will be reduced, or even useless.

Images