Improvement method for traditional ddos ​​firewall syn flood protection in industrial network

A DDOS and industrial network technology, applied in transmission systems, electrical components, etc., can solve problems such as denial of service, insufficient CPU processing speed, and small memory capacity of SYNFlood attack targets, and achieve the effect of reducing memory usage time

Active Publication Date: 2021-06-29
江苏亨通工控安全研究院有限公司
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] However, in an industrial network environment, SYN Flood attack targets often have small memory capacity and insufficient CPU processing speed. Traditional firewalls do not process the attack traffic before exceeding the threshold, causing the attack traffic to reach the attacked target, causing the memory of the attacked target to The consumption of a certain period of time or the phenomenon of denial of service for a certain period of time

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Improvement method for traditional ddos ​​firewall syn flood protection in industrial network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments, so that those skilled in the art can better understand the present invention and implement it, but the examples given are not intended to limit the present invention.

[0025] figure 1 It is a flow chart of the present invention, comprising the steps:

[0026] Step 1: Capture packets in the Ethernet network.

[0027] Step 2: Analyze the TCP protocol SYN message, and perform quantity statistics for the destination IP address.

[0028] Step 3: compare the preset threshold with the statistical number of SYN packets, if the statistical number does not exceed the threshold, go to step 4, and if it exceeds the threshold, go to step 8.

[0029] Step 4: Perform session state statistics for the destination IP address.

[0030] Step 5: If the session state is changed to successfully established, delete it from the statistical table.

[0031] Step 6: Es...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an improved method for traditional DDOS firewall SYN FLOOD protection in industrial networks. The present invention is aimed at the improved method of traditional DDOS firewall SYN FLOOD protection in the industrial network, comprising: step 1: capture the data packet in the Ethernet; : Compare the preset threshold with the statistics of SYN packets. If the statistics do not exceed the threshold, go to step 4, and if they exceed the threshold, go to step 8. Beneficial effects of the present invention: this patent performs active release processing on the part of SYN Flood attack traffic that does not exceed the threshold, reduces the memory occupation time of the attacked target, and makes the attacked target recover to the normal working state when it is not attacked, thereby Industrial equipment achieves the effect of safety protection.

Description

technical field [0001] The invention relates to the field of firewalls, in particular to an improved method for traditional DDOS firewall SYN FLOOD protection in industrial networks. Background technique [0002] Network state synchronization flood attack (hereinafter referred to as: SYN Flood attack) is a kind of network attack generated by using the irrationality of TCP protocol. The TCP protocol stipulates that the TCP connection must exchange information after three handshakes between the two parties, and only after the confirmation is correct can the data be exchanged; that is to say, the subsequent data exchange is based on the trust relationship generated by the three-way handshake. The specific data exchange process: According to the TCP protocol, when the host B receives the SYN data packet with the SYN flag bit sent by the host A, it should reply a SYN / ACK data packet with the SYN and ACK flag bits to the host A, Then the B host starts to enter the state of waitin...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/0218H04L63/0236H04L63/1425H04L63/1458
Inventor 董超陈夏裕孙杨蔡艳林杨明勋
Owner 江苏亨通工控安全研究院有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products