A method for preventing network address translation (NAT) device from being attacked by network user
A network address translation and network user technology, applied in the field of preventing network users from attacking network address translation devices, can solve the problems of occupying NAT resources, slowing down the access rate of other network users, and consuming NAT processing capacity, etc., to improve security, The effect of preventing attacks
Inactive Publication Date: 2004-11-03
HUAWEI TECH CO LTD
View PDF0 Cites 10 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
At present, considering network security issues, many NAT devices have adopted Traffic Regulation (CAR) restriction, that is, the method of restricting the total flow of packets entering NAT to protect against the phenomenon that some private network users may maliciously attack public network servers. Network Address Translation (NAT) devices are protected from malicious attacks caused by heavy traffic, as shown in the attached figure 1 As shown, the threshold of the total traffic is set in advance. After the total number of online users exceeds the set threshold, when there is a connection again, the packet data will be discarded.
Although this has played a role in protecting network security to a certain extent, this method cannot identify which network users have attack tendencies and which are legitimate users. Therefore, the following two methods are used for network users to attack network address translation (NAT) devices. Helpless:
[0004] (1) Network users maliciously occupy NAT resources by establishing a large number of links, so that other users cannot perform normal network access;
[0005] (2) Network users maliciously consume the processing power of NAT by continuously establishing links and then disconnecting them quickly, slowing down the access rate of other network users
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0030] Below in conjunction with accompanying drawing and embodiment the present invention is described in further detail:
[0031] refer to figure 2 , figure 2 Described the flow process of the step of the method that the preferred embodiment of the present invention prevents the network user from attacking the Network Address Translation (NAT) device:
[0032] At first in step 21, adopt HASH algorithm, search the linked network user by source IP address, count the link information of network user, the link information of described network user comprises the source IP address of network user, total number of links, time mark, average Link rate, store these link information in a network user statistics table, which will be referred to below Figure 5 Describe in detail the content and structure of the network user statistics table;
[0033] Refer again figure 2 After the link information of the statistical network users is completed, proceed to step 22, set up a restric...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
This invention provides a method for preventing network users from attacking NAT devices including: calculating link information of network users to be stored in a network-user-statistical list and setting up a limited-user-statistical list reflecting the information of said network users needing to be limited and requesting to link to the public network server, listing or withdrawing from the limited user statistical list based on the information in the network user statistical list, controlling the link of network users in light of the limited user statistical list to give up the newly built link for users having overlarge links and apply effective flow control algorithm to control the user's new link for users having too quick link rate.
Description
technical field [0001] The invention relates to network security technology, in particular to a method for preventing network users from attacking network address translation (NAT) equipment. Background technique [0002] With the rapid development of the network, the number of network users also increases rapidly, but the address resources of the public network are limited after all. NAT (Network Address Translation) technology is usually used to solve the problem of shortage of address resources in the public network, so that network resources can be fully utilized, but it also creates a network security problem of malicious attacks on Network Address Translation (NAT) devices. This kind of attack usually manifests itself in the form that the attacker continuously applies for the public network address and port number to establish a link, consumes NAT resources and processing performance, and achieves the purpose of malicious attack. [0003] Usually, NAT does not conside...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More IPC IPC(8): H04N7/173C07C67/52C07C67/54C07C69/82G01S1/02G01S5/02G01S5/06G01S5/12G01S19/27G02B26/10G03B11/00G03B17/02G04G7/02G06F1/16G06F11/10G06F13/00G06F13/36G06F13/362G06F15/00G06F21/24G06K17/00G06K19/00G06T9/00G08C19/16G09C1/00G09G3/02G10L19/00G11B20/10G11B20/14G11B20/18G11B20/22H01Q1/24H01Q21/24H03L7/091H03M13/03H03M13/13H03M13/23H03M13/27H03M13/29H04B1/16H04B1/707H04B7/005H04B7/24H04B7/26H04B14/00H04H60/72H04J3/06H04J13/00H04J13/16H04L1/00H04L7/00H04L9/00H04L9/08H04L9/10H04L9/32H04L12/24H04L12/26H04L12/28H04L12/417H04L12/54H04L25/02H04L25/03H04L25/49H04L25/497H04L27/10H04L27/156H04L27/18H04L29/06H04L29/12H04M1/66H04M1/724H04M1/72415H04M1/73H04M3/22H04M11/00H04N5/225H04N5/38H04N5/44H04N5/46H04N5/64H04N5/66H04N5/74H04N5/76H04N5/765H04N5/775H04N5/85H04N5/907H04N5/92H04N7/01H04N7/08H04N7/16H04N7/26H04N7/36H04N7/52H04N9/31H04N9/64H04N9/79H04N9/804H04N17/00H04N21/41H04N21/414H04Q3/00H04W4/06H04W4/10H04W4/12H04W4/14H04W4/16H04W8/02H04W8/06H04W8/08H04W8/16H04W8/20H04W8/24H04W8/26H04W12/102H04W24/00H04W24/04H04W24/08H04W24/10H04W28/02H04W28/04H04W28/08H04W28/16H04W28/22H04W36/02H04W36/04H04W36/18H04W36/30H04W40/22H04W48/06H04W48/08H04W48/16H04W52/02H04W52/24H04W56/00H04W60/00H04W64/00H04W68/00H04W68/02H04W72/04H04W72/08H04W72/12H04W72/14H04W76/02H04W76/04H04W76/06H04W80/06H04W84/04H04W84/08H04W84/12H04W84/18H04W88/02H04W88/04H04W88/06H04W88/12H04W88/18
CPCH04L47/822H04L1/0066G01S5/021H04N7/17327H04W4/14H04W8/265H04M1/72533H04L1/1841Y02B60/43H04L12/4641H04B10/25754H04L25/03038H03M13/2903H04N21/47211H03L7/091G11B20/22G06F21/6209H03M7/4006H04N7/163H04W74/0833H04W88/085H04W76/02H04L51/04H04W24/00H04J3/0655H04W88/16G11B20/10009H03M13/23G06F21/305H04L47/72H04W40/00H04N19/00884H04L51/28H04W76/064G06F3/0481H04N5/4448H04L47/15H04N2201/3222H04W84/08H04N9/642G01S5/06H04N5/907H04N7/0122H04N5/64H04N5/85H03M13/6362H04L63/126H04W28/18H04L27/156H04L29/12471Y10S370/906H04L47/765G06F21/74H04N21/4181H04W8/26H03M13/6356H04N19/00951G06F2221/2115H04Q3/0025H04N19/00812Y02B60/50H04N19/00593H04N5/2257H04W28/26H04L12/417H04L47/824H04J13/0077H04W52/0274H04L2012/40273H04W52/0225H04W72/042H04L25/4904H04W76/06G06F21/88H04L25/4902G11B20/10425H04L65/1006H04N21/6582H04N5/66H04N9/7925H04L65/4061H04W68/00H04N2201/3274H04W84/12H04N21/433Y10S707/99943H04L47/745H04L2012/40215H04N19/00036H04N5/45H04N21/6175H04L65/1043H04N5/76H04N21/4623H04M1/72519H04J3/0658H04L41/5009H04W4/10H04N5/775Y10S370/907H04L51/38H04J13/16G06F2221/2105H04W74/008H04N9/8042H04L61/2553H04M3/42221H04W4/12H04W88/06H04N19/00587H03M13/2771H04L1/0068H04W56/00H04N9/3129H04L65/1016G06F1/1626H04N5/2251H04N19/00151H04L9/304H04W48/08H04L41/06H04N5/46H04N7/0112H04W64/00H04N21/6187H04W76/027H04L29/06027H04N1/40G06F1/1639H04N1/32106H04N19/0069H04L1/1685H04L25/497H03M13/2993H04N5/445H04B7/2687H04L9/085H04M7/0057H04W36/02H04L12/5695H04N1/00957H04W12/10H04N2201/3212G01S1/026H04W76/005H04N5/4401H04W28/04H04B7/2628H03M13/2764H04N5/38H04W52/30H04W84/042H04W8/245H04M7/1295H04N21/2543H04W76/022H04W28/00H04N2201/0094H04L43/0829H04N19/139H04N19/70H04N19/51H04N19/109H04N19/91H04N19/527H04N19/517H04N19/625H04L47/70H04W76/18H04W76/45H04W76/30H04W76/34H04W76/12H04W76/10H04N21/426Y02D30/70H04M1/72415H04M1/724H04W12/102H04L51/48H04L51/58H04L65/1104H04N23/57H04W72/23
Inventor 业苏宁郭勇宋端智
Owner HUAWEI TECH CO LTD