Method and network address translation device preventing network attacks

A network address translation and network attack technology, which is applied to a method of preventing network attacks and the field of network address translation equipment, can solve problems such as NAT device attacks, NAT table entries are full, and NAT messages cannot be forwarded, so as to prevent network The effect of the attack

Inactive Publication Date: 2010-06-23
BEIJING XINWANG RUIJIE NETWORK TECH CO LTD
View PDF0 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0029] Aiming at the problem that NAT devices are often attacked by a large number of illegal source IPs, causing NAT entries to be full, and normal NAT messages cannot be forwarded, the present invention is proposed. For this reason, the main purpose of the present invention is to provide a method for preventing network attacks and NAT device to solve the above problems

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and network address translation device preventing network attacks
  • Method and network address translation device preventing network attacks
  • Method and network address translation device preventing network attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0053] Considering that NAT devices are often attacked by a large number of illegal source IPs, resulting in full NAT entries and failure to forward normal NAT messages, the present invention is proposed. The embodiments of the present invention provide a method for preventing network attacks and a NAT device.

[0054] In order to better describe the embodiments of the present invention, the following description is now made:

[0055] The meaning of data flow in this article is the same packet flow of the five-tuple of the packet. According to different protocols, data streams are usually defined in the following different categories: TCP stream, UDP stream, ICMP stream, RawIP stream. The five-tuples of these types of agreements are respectively set in Table 1:

[0056] Table 1

[0057] Stream category

5-tuple ID

TCP stream

Source IP Address|Destination IP Address|IP Protocol|TCP Source Port|TCP Destination

Port of

UDP stream

Source IP Address|Destination IP Address|I...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a network address translation device preventing network attacks, wherein the method comprises the following steps: the network address translation device receives a data stream; the NAT device judges whether a source IP address in the data stream is legitimate or not; and the NAT device creates an NAT table entry for the data stream under the situation that the source IP address is legitimate, and the NAT device refuses to create the NAT table entry for the data stream under the situation that the source IP address is illegitimate. The method can protect the NAT table entry of the NAT device and further prevent the network attacks.

Description

Technical field [0001] The present invention relates to the field of network communication, and in particular to a method for preventing network attacks and network address translation equipment. Background technique [0002] Network Address Translator (NAT), which realizes the mutual conversion between the IP address of the internal network and the address of the public network, converts a large number of internal network IP addresses into one or a small number of public network IP addresses, reducing Occupation of the public IP address. [0003] The most typical application of NAT is: In a local area network, only one computer is connected to the Internet, and NAT can be used to share the Internet connection, so that other computers in the local area network can also access the Internet. Using the NAT protocol, computers on the LAN can access computers on the Internet, but computers on the Internet cannot access computers on the LAN. [0004] Almost all intranet Internet access m...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/12
Inventor 陈朝晖
Owner BEIJING XINWANG RUIJIE NETWORK TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap