Method of guarding network attack

Abstract

This invention relates to a method for preventing network from attack includes firstly, setting network address and interface information correspondent relationship list in network equipment, namely, network addresses of other network equipment connected with the said network equipment interface and applied interface information correspondent relation list of other network equipment connected on the said network; the route transferred list can be used in a router then the network equipment looks for the said correspondent relationship list according to the original address of the received message and makes judgment in terms of the result it is fake to determine the addressability of the message.

Description

Technical field [0001] The invention relates to a network access control technology, in particular to a method for preventing network attacks. Background technique [0002] At present, there are two ways to implement network access control: a network access control method is to define a series of access control rules, the access control rules include control rules based on network addresses, etc. The rules specify which packets can pass , Which packets cannot pass, so that when the packets enter the router, they will match these rules, the packets that do not meet the rules are discarded, and the packets that meet the rules can continue to be transmitted; the other is based on An access control method for traffic statistics. This method can count traffic according to certain characteristics of packets. If the traffic of packets with corresponding characteristics exceeds a specified value, the router can restrict the traffic of this type of packet or refuse to receive this type of...

AI Technical Summary

Problems solved by technology

[0003] In the current network access, there are a large number of source address spoofing attacks

The attacker sends a request to the server by forging the source address of other users on the network, occupying a lot of server resources. If the server responds to the request, it will send a response message to the actual user of the source address, and the response message occupies a large amount of the server. The resources of the actual user of the source address. In severe cases, the server and the actual user of the source address will not be able to respond to other requests, or even crash

[0004] In view of the problems existing in the above-mentioned prior art, if the first network access control method is adopted, the access control rules cannot be detected because the access control rules are not dynamic, and the configuration of the rules can only target known illegal and legal packets. Unknown packets forged as legal source addresses

If the second network access control method based on traffic statistics is adopted, although it has the characteristics of dynamic statistics and can adapt to changes in attacks, the statistical method is complicated to implement, takes up more router resources, and still cannot fundamentally solve the forged source address The problem with conducting cyberattacks

Therefore, at present, there is no direct and effective solution to the network attack behavior of forging the source address

Images