Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Method for guarding against attack realized for networked devices

A network device and anti-attack technology, which is applied in the network field, can solve problems such as poor anti-attack capabilities and affect normal business, and achieve the effect of preventing attacks, enhancing defense capabilities, and maintaining network order

Active Publication Date: 2008-09-17
HUAWEI TECH CO LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0012] The purpose of the present invention is to provide a method for realizing the anti-attack of network equipment, so as to solve the problems of poor anti-attack and affecting normal business in the existing anti-attack method

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for guarding against attack realized for networked devices

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] The invention prevents TCP SYN Flood and UDP Flood attacks by limiting the number of transmission control protocol / user datagram protocol (TCP / UDP) connections of each user.

[0025] The network storm (SYN Flood) attack is that the attacker sends a large number of first packet packets SYN to the server, and the server will send the first packet response packet SYN ACK after receiving each first packet packet, and establish the transmission control protocol (TCP) Half-open the connection, and then wait for the response message ACK from the client side. But the attacker will not send the response message ACK that the server is waiting for, causing the server to be full of half-open connections. Because the server keeps sending out the first packet response message SYN ACK without any response, the server is in an abnormally busy state, making it difficult to process normal connection requests, and eventually causing normal business interruption.

[0026] Since the transm...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The method includes following steps: When receiving message, network device looks up corresponding connection list item based on relevant information in message; if finding connection list item, forwarding message according to corresponding forwarding list item; otherwise, based on IP address in message, obtaining number of connection built by the user of sending message, and determining whether the number is less than presetting value; if yes, building connection list item and forwarding list item for the user as well as carrying out service treatment; other wise discarding out the said message. Through restricting number of connection from same user, the invention prevents attacks. Moreover, if the said number exceeds specific number, new connection message from the user is discarded. Thus, the invention guarantees that resources will not be exhausted when system encounters attacks from network storm, and system still is able to provide normal operation so as to raise ability of system for anti attack.

Description

technical field [0001] The invention relates to network technology, in particular to a method for realizing network equipment attack prevention. Background technique [0002] In recent years, the application of the network has been popularized rapidly, and the rapid development of the network has left a large number of system and protocol loopholes. While enjoying the convenience brought by the network, users also face the threats it brings. The following are some commonly used attack methods and principles: [0003] TCP SYN Flood: When a user makes a standard Transmission Control Protocol (TCP) connection, there will be a 3-way handshake process. The first is to request the server to send a synchronization message. After receiving the synchronization message, the server will send a synchronization confirmation message back to the requester to indicate confirmation. When the requester receives the synchronization confirmation message, it will send a reception confirmation m...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/24H04L12/56H04L29/06
Inventor 朱克楚
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com