Method, system and equipment for defending attack message

A technology for attacking packets and packets, which is applied in the direction of transmission systems and electrical components, can solve problems such as impact, impact on user network access, exhaustion of NAT entry resources, etc., to achieve defense against attack packets, simplify network deployment, and reduce cost effect

Active Publication Date: 2019-07-02
FENGHUO COMM SCI & TECH CO LTD
View PDF6 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The messages on the user side of the BRAS device are all from ordinary PCs. Due to the outbreak of ransomware viruses in recent years, personal computers (Personal Computers, PCs) infected with viruses have been sending a large number of invalid Transmission Control Protocol (Transmission Control Protocol, TCP) connection requests, resulting in NAT entry resources are quickly exhausted, even if a user's PC has a virus, it will affect all other PCs connected to the BRAS device to access the Internet
On the BRAS device, the general solution to NAT attack defense is to limit the number of NAT entries for each user, but this method will affect the normal network access of the user itself.
If the method of adding firewall equipment is used, the cost of network deployment will be increased. Therefore, an effective and low-cost NAT attack defense mechanism is urgently needed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, system and equipment for defending attack message
  • Method, system and equipment for defending attack message
  • Method, system and equipment for defending attack message

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0030] The first embodiment of the present invention provides a method for defending against attack messages, which is used in a NAT device. The NAT device includes a broadband access server BRAS. This embodiment uses the BRAS device as an example to describe the method in detail.

[0031] Specifically, the process of establishing a TCP connection between the client and the BRAS device includes 3 TCP message interactions:

[0032] 1) The client sends a synchronous (Synchronous, SYN) message to the BRAS device;

[0033] 2) The BRAS device responds to the client with a response (Synchronous Acknowledgment, SYNACK) message;

[0034] 3) The client sends an acknowledgment (Acknowledgment, ACK) message to the BRAS device.

[0035] The above three message exchanges are the three-way handshake of the TCP connection. In the case of an attac...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method, a system and equipment for defending against an attack message, and relates to the technical field of communication. The method for defending against the attack message comprises the following steps: recording mark information of a received TCP message in a corresponding entry in a network address translation (NAT) table in a process of establishing transmission control protocol (TCP) connection with a client; and according to the destination information, statistics is carried out on entries which only record the mark information of the SYN message in the NATconversion table, so that an access control list ACL entry can be generated. Attack messages are effectively defended, the network deployment is simplified, and the cost is reduced.

Description

technical field [0001] The present invention relates to the technical field of communications, in particular to a method, system and equipment for defending against attack messages. Background technique [0002] Network Address Translation (NAT) technology is a technology for translating internal private network addresses (Internet Protocol (Internet Protocol, IP) addresses) into legal network IP addresses. On a NAT device with NAT function, such as a broadband access server (Broadband Remote Access Server, BRAS) as a new access gateway for broadband network applications, there are three ways to implement NAT: static conversion, dynamic conversion and port multiplexing Multiplexed port address translation (Port-address-translation, PAT). [0003] For dynamic translation and port multiplexing, especially port multiplexing, NAT entry resources are limited. The messages on the user side of the BRAS device are all from ordinary PCs. Due to the outbreak of ransomware viruses in...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L61/2517H04L63/101H04L63/1458
Inventor 滕飞
Owner FENGHUO COMM SCI & TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap