Improved method for SYN FLOOD protection of traditional DDOS firewall in industrial network

A DDOS, industrial network technology, applied in transmission systems, electrical components, etc., can solve problems such as consumption, insufficient CPU processing speed, and small memory capacity of SYNFlood attack targets

Active Publication Date: 2019-07-30
江苏亨通工控安全研究院有限公司
View PDF8 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, in an industrial network environment, SYN Flood attack targets often have small memory capacity and insufficient CPU processing speed. Traditional firewalls do not process the attack traffic before exceeding the threshold, causing the attack traffic to reach the attacked target, causing the memory of the attacked target to The consumption of a certain period of time or the phenomenon of denial of service for a certain period of time

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Improved method for SYN FLOOD protection of traditional DDOS firewall in industrial network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments, so that those skilled in the art can better understand the present invention and implement it, but the examples given are not intended to limit the present invention.

[0025] figure 1 It is a flow chart of the present invention, comprising the steps:

[0026] Step 1: Capture packets in the Ethernet network.

[0027] Step 2: Analyze the TCP protocol SYN message, and perform quantity statistics for the destination IP address.

[0028] Step 3: compare the preset threshold with the statistical number of SYN packets, if the statistical number does not exceed the threshold, go to step 4, and if it exceeds the threshold, go to step 8.

[0029] Step 4: Perform session state statistics for the destination IP address.

[0030] Step 5: If the session state is changed to successfully established, delete it from the statistical table.

[0031] Step 6: Es...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an improved method for SYN FLOOD protection of a traditional DDOS firewall in an industrial network. The invention relates to an improvement method for SYN FLOOD protection ofa traditional DDOS firewall in an industrial network. The method comprises the following steps: step 1, capturing a data packet in an Ethernet; 2, analyzing the SYN message of the TCP protocol, and counting the number of the target IP addresses; and step 3, comparing the threshold value of the preset value with the SYN message statistic number, if the statistic number does not exceed the thresholdvalue, entering the step 4, and if the statistic number exceeds the threshold value, entering the step 8. The method has the beneficial effects that the SYN FLood attack flow which does not exceed the threshold value part is actively released, the memory occupation time of the attacked target is reduced, the attacked target can be quickly recovered to the normal working state without being attacked, and therefore the effect of safety protection on industrial equipment is achieved.

Description

technical field [0001] The invention relates to the field of firewalls, in particular to an improved method for traditional DDOS firewall SYN FLOOD protection in industrial networks. Background technique [0002] Network state synchronization flood attack (hereinafter referred to as: SYN Flood attack) is a kind of network attack generated by using the irrationality of TCP protocol. The TCP protocol stipulates that the TCP connection must exchange information after three handshakes between the two parties, and only after the confirmation is correct can the data be exchanged; that is to say, the subsequent data exchange is based on the trust relationship generated by the three-way handshake. The specific data exchange process: According to the TCP protocol, when the host B receives the SYN data packet with the SYN flag bit sent by the host A, it should reply a SYN / ACK data packet with the SYN and ACK flag bits to the host A, Then the B host starts to enter the state of waitin...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/0218H04L63/0236H04L63/1425H04L63/1458
Inventor 董超陈夏裕孙杨蔡艳林杨明勋
Owner 江苏亨通工控安全研究院有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap