Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Efficient SYN Flood attack identification and disposal method

A technology of attack identification and disposal method, applied in the field of efficient SYNFlood attack identification and disposal, which can solve the problems of exhaustion of server-side resources, failure to receive client ACK packets for SYN+ACK packets, and inability to respond to requests, etc. Achieving the effect of low attack impact

Inactive Publication Date: 2017-02-22
北京知道未来信息技术有限公司
View PDF2 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] The problem lies in this "three-way handshake" process: if a user suddenly crashes or drops offline after sending a SYN message to the server, the SYN+ACK message sent by the server cannot receive the ACK message from the client, which means At this time, the server will generally retry sending the SYN+ACK message and discard the unfinished connection after waiting for a period of time. This period is SYNTimeout, but the server will maintain a half-connection table during this period.
During a SYN Foold attack, a large number of fake IPs will send SYN packets to the server. At this time, the server will maintain a huge semi-connected table, causing the server to run out of resources and unable to respond to normal requests.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Efficient SYN Flood attack identification and disposal method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0033] 1. The client initiates a TCP connection establishment request to the server.

[0034] 2. The server discards the first SYN packet of the connection request and records the client IP in the SYN packet to the New table.

[0035] 3. After the timeout retransmission time is reached, the client does not receive a response from the server, and will send the connection request again.

[0036] 4. The server finds that the client IP of the connection request is in the New table, the request is passed, and at the same time, the client IP is moved from the New table to the White table.

Embodiment 2

[0038] 1. The malicious client initiates a TCP connection establishment request to the server through a forged random source IP.

[0039] 2. The server discards the first SYN packet of the connection request and records the client IP of the SYN packet into the New table.

[0040] 3. After 20 seconds, if the server finds that there is no reconnection request with the same IP, the server will move the fake source IP from the New list to the Black list.

[0041] 4. If a malicious client forges a random source IP and repeats it after a timeout of 20 seconds, the request will be directly discarded by the server.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an efficient SYN Flood attack identification and disposal method. The method comprises the steps that: 1, a New table for storing a to-be-classified IP list, a White table for storing an IP white list and a Black table for storing an IP black list are set at a server side; 2, the server side abandons a first SYN data packet on each connection request and records a source address of each SYN data packet into the New table; and 3, the server side acquires the source address of the SYN data packet for the received SYN data packet of each connection request, transfers the source addresses into the White table if the source addresses are positioned in the New table, and directly abandons the SYN data packets if the source addresses are positioned in the Black table. The efficient SYN Flood attack identification and disposal method disclosed by the invention has an identification rate of 98%, and can minimize attack influence.

Description

technical field [0001] The invention relates to an efficient SYN Flood attack identification and treatment method, which belongs to the field of network technology. Background technique [0002] SYN Flood is currently a very popular DDoS attack method. It is a method that uses TCP protocol flaws to forge a large number of TCP connection requests, so that the resources of the attacked party are exhausted (CPU exhaustion, memory shortage, bandwidth is full, etc.) attack method. [0003] TCP is the abbreviation of Transmission Control Protocol, which is translated into Chinese as Transmission Control Protocol. TCP is a connection-oriented communication protocol that provides a stable and reliable data stream service. [0004] TCP needs to establish a connection through a "three-way handshake": [0005] The first handshake: the client sends a SYN packet (syn=j) to the server and enters the SYN_SEND state [0006] The second handshake: After receiving the SYN packet sent by t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1458
Inventor 毛帅
Owner 北京知道未来信息技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com