Firewall attack defense method

A firewall and attack detection technology, which is applied in the field of network security, can solve problems such as the lack of, the inability to guarantee the normal operation of the network, and the lack of overall security solutions for firewalls.

Inactive Publication Date: 2019-02-12
白令海
View PDF6 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] (3) Flooding attack
[0013] Although the existing firewalls have functions such as configuration management, packet management, and session management based on security zones, they all lack comprehensive defense functions that can detect various types of attacks and take reasonable preventive measures against them. Defense technology actively defends against various common network attacks, and cannot guarantee the normal operation of the network under more and more frequent attacks
That is, the overall security solution of the firewall is still lacking in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Firewall attack defense method
  • Firewall attack defense method
  • Firewall attack defense method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0054] The present invention will be described in further detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0055] The present invention provides a firewall defense method, which can realize network attack detection and accurately detect single-packet attacks by applying an attack prevention module to a firewall that has functions such as configuration management, message management, and session management based on security areas. , scanning attacks and flooding attacks. Single-packet attacks specifically include: ICMP redirection attack, ICMP unreachable attack, IP source station routing option attack, routing record option attack, Land attack, Smurf attack, Fraggle attack, and WinNuke attack. Scanning attacks specifically include: address scanning attacks and port scanning attacks. Flood attacks...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a firewall attack defense method which achieves a network attack detection function and can accurately detect a single-packet attack, a scanning attack and a flood attack by applying an attack defense module to a firewall with functions of configuration management, message management, session management and the like based on a security zone. The single-packet attack particularly comprises: an ICMP redirection attack, an ICMP inaccessible attack, an IP source routing option attack, a route record option attack, a Land attack, a Smurf attack, a Fraggle attack and a WinNukeattack. The scanning attack particularly comprises: an address scanning attack and a port scanning attack. The flood attack comprises: a TCP SYN Flood attack, an ICMP Flood attack and a UDPFlood attack. After a network attack is detected out, corresponding defense measures of abandoning a message, adding into a blacklist, outputting an alarm log and the like for example are adopted according to configuration. A Safe Reset technology under a TCP agent linkage mechanism is implemented, and the TCP SYN Flood attack is effectively defended.

Description

technical field [0001] The invention belongs to the field of network security, and in particular relates to a firewall attack defense method. Background technique [0002] A network attack refers to an attack on the hardware, software and data in the network system by using the loopholes and security flaws in the network. With the widespread application of computer networks, network attack techniques are also developing. The way and method of network attack has developed from the early rough and single attack method to today's refined and comprehensive attack method. Currently, common network attacks on the Internet are divided into the following three categories: single packet attack, scanning attack and flood attack: [0003] (1) Single packet attack [0004] Single packet attack is also called malformed packet attack. The attacker sends defective IP packets (such as IP packets with overlapping fragments, TCP packets with illegal flags, etc.) to the target machine,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/0227H04L63/0263H04L63/0281H04L63/1416H04L63/1425H04L63/1441H04L63/1458H04L63/1466H04L67/56
Inventor 白令海
Owner 白令海
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap