WO2016177131A1 - Procédé, appareil et système pour prévenir les attaques dos - Google Patents

Procédé, appareil et système pour prévenir les attaques dos Download PDF

Info

Publication number
WO2016177131A1
WO2016177131A1 PCT/CN2016/076649 CN2016076649W WO2016177131A1 WO 2016177131 A1 WO2016177131 A1 WO 2016177131A1 CN 2016076649 W CN2016076649 W CN 2016076649W WO 2016177131 A1 WO2016177131 A1 WO 2016177131A1
Authority
WO
WIPO (PCT)
Prior art keywords
bmp
packet
ttl
bmp packet
dos
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2016/076649
Other languages
English (en)
Chinese (zh)
Inventor
周广腾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Publication of WO2016177131A1 publication Critical patent/WO2016177131A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming

Definitions

  • the present invention relates to the field of communications, and in particular, to a method, apparatus, and system for preventing DOS attacks.
  • DOS Denial of Service
  • a Denial of Service (DOS) attack is a form of attack that causes a computer or network to fail to provide normal service by sending a large number of packets. It may exhaust all available network resources or system resources of the attacked object in a short period of time, so that legitimate users cannot pass or be processed, thereby hindering normal communication in the network, causing great harm to the attacker and even the network. .
  • BMP BGP Monitoring Protocol draft-ietf-grow-bmp-07
  • BGP protocol draft-ietf-grow-bmp-07 monitoring defines the method for establishing link and packet interaction between devices, and interacting between devices. Processing. Most of the control protocol peer processes are established between adjacent or directly connected routers. In the process of packet interaction between routers, the attacker simulates real BMP packets and sends packets to the nodes. After receiving the packets, the interface board of the device directly sends the BMP protocol to the control plane, instead of discriminating the "legality" of the packets, and not discriminating whether the packets are DOS attack packets. Because the device handles these "legitimate" packets, that is, the packets that are subject to the DOS attack by the Internet Protocol (Internet Protocol), the system is extremely busy and the CPU (Central Processing Unit) has a high occupancy rate.
  • Internet Protocol Internet Protocol
  • CPU Central Processing Unit
  • the main object of the embodiments of the present invention is to provide a method, device and device for preventing DOS attacks, and to solve the technical problem of preventing DOS attacks against masquerading IP.
  • a method for preventing DOS attacks includes the following steps:
  • the BMP packet is determined to be DOS attacked, and the BMP packet is discarded.
  • the method further includes:
  • the BMP packet is determined to be a normal BMP packet, and the BMP packet is processed.
  • the method before the step of receiving the BMP packet sent by the sending end, the method further includes:
  • the preset TTL threshold is set according to a universal TTL security protection mechanism.
  • the method before the step of setting the preset TTL threshold according to the universal TTL security protection mechanism, the method further includes:
  • the present invention also provides a DOS attack prevention device, the device comprising:
  • a receiving module configured to receive a border gateway monitoring protocol BMP packet sent by the sending end
  • the determining module is configured to determine that the BMP packet is subjected to a DOS attack and discard the BMP packet when the TTL value of the BMP packet is less than the preset TTL threshold.
  • the determining module is further configured to: when the TTL value of the BMP packet is greater than or equal to the preset TTL threshold, determine that the BMP packet is a normal BMP packet, and continue Processing the BMP packet.
  • the DOS attack prevention device further includes:
  • the setting module is set to set the preset TTL threshold according to a universal TTL security protection mechanism.
  • the DOS attack prevention device further includes:
  • a module is set up to establish a link with the sender through a network communication protocol.
  • the present invention also provides a DOS attack prevention system, where the transmitting end and the receiving end are:
  • the receiving end is configured to receive a border gateway monitoring protocol BMP packet sent by the sending end;
  • the receiving end is further configured to obtain a TTL value of the lifetime of the BMP packet
  • the receiving end is further configured to: when the TTL value of the BMP packet is less than the preset TTL threshold, determine that the BMP packet is attacked by a DOS, and discard the BMP packet;
  • the sending end is configured to send a border gateway monitoring protocol BMP message to the receiving end.
  • the receiving end is further configured to: when the TTL value of the BMP packet is greater than or equal to the preset TTL threshold, determine that the BMP packet is a normal BMP packet, and continue Processing the BMP packet;
  • the receiving end is further configured to set the preset TTL threshold according to a universal TTL security protection mechanism
  • the sending end is further configured to modify the TTL value of the BMP packet to a maximum value of 255 of 255 when the BMP packet is sent to the receiving end.
  • a computer storage medium is further provided, and the computer storage medium may store an execution instruction for executing the DOS prevention method in the foregoing embodiment.
  • the TTL value of the received BMP packet is obtained, and when the TTL value of the received BMP packet is less than the preset TTL threshold, the BMP packet is discarded, and the TTL value is implemented. To prevent DOS attacks that are subject to masquerading IP.
  • FIG. 1 is a schematic flow chart of a preferred embodiment of a method for preventing DOS attacks according to the present invention
  • FIG. 2 is a schematic diagram of functional modules of a preferred embodiment of the DOS attack prevention apparatus of the present invention
  • FIG. 3 is a schematic diagram of functional modules of a preferred embodiment of the DOS attack prevention system of the present invention.
  • the main solution of the embodiment of the present invention is: receiving a border gateway monitoring protocol BMP packet sent by the sending end; obtaining a TTL value of the BMP packet lifetime; and when the TTL value of the BMP packet is smaller than the preset TTL When the threshold is exceeded, the BMP packet is determined to be DOS attacked, and the BMP packet is discarded. The TTL value of the received BMP packet is obtained. When the TTL value of the received BMP packet is less than the preset TTL threshold, the BMP packet is discarded, and the TTL value is used to prevent camouflage. IP DOS attack.
  • the present invention provides a method for preventing DOS attacks.
  • FIG. 1 is a schematic flowchart of a first embodiment of a method for preventing DOS attacks according to the present invention.
  • the method for preventing DOS attacks includes:
  • Step S10 receiving a border gateway monitoring protocol BMP packet sent by the sending end
  • the receiving end and the transmitting end establish a link through the TCP/IP protocol.
  • the TCP/IP protocol is the most basic protocol of the Internet and is the basis of the Internet international Internet. It consists of the IP protocol of the network layer and the TCP protocol of the transport layer.
  • the receiving end may also establish a link with the sending end by using an IPX/SPX (Internetwork Packet Exchange/Sequences Packet Exchange) protocol or the like.
  • IPX/SPX Internetwork Packet Exchange/Sequences Packet Exchange
  • IPX mainly implements establishment and termination of connection between network devices
  • SPX protocol is an auxiliary protocol of IPX, which mainly implements packet sending and tracking packet transmission to ensure complete transmission of information.
  • the receiving end receives the BMP data packet sent by the sending end, and the receiving end and the sending end are configured with a GTSM (Generalized TTL Security Mechanism).
  • the GTSM is a mechanism for protecting a service on an IP by checking whether a TTL value in an IP packet header is within a predefined specific range.
  • the GTSM is mainly used to protect a control plane protocol based on TCP/IP (Transmission Control Protocol/Internet Protocol, also known as a network communication protocol) from DOS attacks. For example, an attacker simulates a real communication protocol and continuously sends a packet to a device. As a result, the device is abnormally busy due to processing of these "legal (attack packets)", and the CPU usage is too high.
  • the TTL value of the BMP data packet sent by the sender is modified through its data plane.
  • the TTL value is the maximum number of network segments allowed to pass before the IP packet is discarded by the router.
  • the TTL is used to limit the existence time of the IP packet in the computer network.
  • the maximum value of the TTL is 255, and the TTL field is determined by
  • the sender of the IP data packet is set. On the entire forwarding path of the IP data packet from the source destination, every time a router on a forwarding path passes, the router on the forwarding path modifies the TTL value.
  • the TTL value is decremented by 1, and then the IP packet is forwarded out.
  • the sending end modifies the TTL value of the BMP data packet to be sent to the receiving end to 255.
  • the transmitting end is preferably a gateway device, such as a router, a network switch having a three-layer switching function
  • the receiving end includes, but is not limited to, a device capable of providing a computing service, such as a server.
  • the transmitting end is a router.
  • the receiving end is a server. That is, the server and the router establish a link through the TCP/IP protocol. Both the server and the router are configured with GTSM.
  • the router modifies the TTL value of the BMP data packet to be sent to the server to 255.
  • the server receives a BMP data packet sent by the router.
  • Step S20 Obtain a TTL value of the lifetime of the BMP packet.
  • the receiving end When the receiving end receives the BMP data packet sent by the sending end, the receiving end obtains the TTL value of the BMP data packet through the data plane.
  • the server receives the BMP data packet sent by the router, the TTL value of the BMP data packet is obtained through the data plane.
  • step S30 when the TTL value of the BMP packet is less than the preset TTL threshold, the BMP packet is determined to be DOS attacked, and the BMP packet is discarded.
  • the preset TTL threshold is a GTSM setting configured by the receiving end.
  • the receiving end sets the preset TTL threshold according to a network topology between the receiving end and the sending end by using a GTSM configured by the receiving end, where the network topology refers to interconnecting various types by using a transmission medium.
  • the physical layout of a device refers to the specific physical, ie, real, or logical, virtual arrangement of the members that make up the network.
  • the preset TTL threshold is set to 245.
  • the TTL value is decremented by 1 for each TTL value of the BMP data packet sent by the sending end.
  • the TTL value of the BMP data packet is reduced to 245, so the preset TTL threshold is set to 245, that is, the TTL value of the BMP data packet received by the receiving end should be in the range of 245 to 255. .
  • the receiving end When receiving the BMP data packet sent by the sending end, the receiving end simultaneously receives the receiving of the other device.
  • the BMP data packet of the DOS attack, and the TTL value of the BMP data packet sent by the other device is generally 64 or 100, and does not reach 255, so when the BMP is sent by the sender
  • the TTL value of the BMP data packet sent by the other device is less than the pre- Set the TTL threshold. For example, when the preset TTL threshold is 245, when the TTL value of the BMP data packet received by the receiving end is less than 245, it is determined that the BMP data packet received by the receiving end is illegal BMP data.
  • the packet discards the illegal BMP data packet. For example, when there are 10 routers that forward BMP data packets between the server and the router, when the server receives the TTL value of the BMP data packet sent by the router is less than 245, it indicates that the server receives The BMP data packet is an illegal BMP data packet, and the server discards the BMP data packet.
  • the TTL value of the BMP data packet received by the receiving end is greater than or equal to the preset TTL threshold, it is determined that the BMP data packet is not subjected to a DOS attack, and is a normal BMP data packet, and The normal BMP data message continues to be transmitted to the upper layer of the data layer, for example, to the control plane, that is, the normal BMP data message is processed.
  • the preset TTL threshold is 245
  • the TTL value of the BMP data packet received by the server is greater than or equal to 245
  • it is determined that the BMP data packet received by the server is normal BMP data.
  • the packet continues to process the normal BMP data packet.
  • the TTL value of the received BMP packet is obtained.
  • the BMP packet is discarded, and the TTL value is used. Prevent DOS attacks from spoofing IP, reduce the CPU usage of the device, and improve the service life of the device.
  • the present invention further provides a DOS attack prevention device.
  • FIG. 2 is a schematic diagram of functional modules of a preferred embodiment of the DOS attack prevention apparatus of the present invention.
  • the DOS attack prevention device includes:
  • the receiving module 10 is configured to receive a border gateway monitoring protocol BMP packet sent by the sending end;
  • the receiving end and the transmitting end establish a link through the TCP/IP protocol.
  • the TCP/IP protocol is the most basic protocol of the Internet and is the basis of the Internet international Internet. It consists of the IP protocol of the network layer and the TCP protocol of the transport layer.
  • the receiving end may also establish a link with the sending end by using an IPX/SPX protocol or the like.
  • IPX mainly implements establishment and termination of connection between network devices;
  • SPX protocol is an auxiliary protocol of IPX, which mainly implements packet sending and tracking packet transmission to ensure complete transmission of information.
  • the receiving end receives the BMP data packet sent by the sending end, and the receiving end and the sending end both configure the GTSM.
  • the TTL value of the BMP data packet sent by the sender is modified through its data plane.
  • the TTL value is the maximum number of network segments allowed to pass before the IP packet is discarded by the router.
  • the TTL is used to limit the existence time of the IP packet in the computer network.
  • the maximum value of the TTL is 255, and the TTL field is determined by
  • the sender of the IP data packet is set. On the entire forwarding path of the IP data packet from the source destination, every time a router on a forwarding path passes, the router on the forwarding path modifies the TTL value. Describe the TTL value minus 1, and then put the IP packet Forward it out.
  • the sender modifies the TTL value of the BMP data message to be sent to the receiving end to 255.
  • the transmitting end is preferably a gateway device, such as a router, a network switch having a three-layer switching function, and the receiving end includes, but is not limited to, a device capable of providing a computing service, such as a server.
  • the transmitting end is a router.
  • the receiving end is a server. That is, the server and the router establish a link through the TCP/IP protocol. Both the server and the router are configured with GTSM.
  • the router modifies the TTL value of the BMP data packet to be sent to the server to 255.
  • the server receives a BMP data packet sent by the router.
  • the obtaining module 20 is configured to obtain a time-to-live TTL value of the BMP packet.
  • the receiving end When the receiving end receives the BMP data packet sent by the sending end, the receiving end obtains the TTL value of the BMP data packet through the data plane.
  • the server receives the BMP data packet sent by the router, the TTL value of the BMP data packet is obtained through the data plane.
  • the determining module 30 is configured to determine that the BMP packet is subjected to a DOS attack and discard the BMP packet when the TTL value of the BMP packet is less than the preset TTL threshold.
  • the preset TTL threshold is a GTSM setting configured by the receiving end.
  • the receiving end sets the preset TTL threshold according to a network topology between the receiving end and the sending end by using a GTSM configured by the receiving end, where the network topology refers to interconnecting various types by using a transmission medium.
  • the physical layout of a device refers to the specific physical, ie, real, or logical, virtual arrangement of the members that make up the network.
  • the preset TTL threshold is set to 245.
  • the TTL value is decremented by 1 for each TTL value of the BMP data packet sent by the sending end.
  • the TTL value of the BMP data packet is reduced to 245, so the preset TTL threshold is set to 245, that is, the TTL value of the BMP data packet received by the receiving end should be in the range of 245 to 255. .
  • the receiving end When receiving the BMP data packet sent by the sending end, the receiving end receives the BMP data packet sent by the other device and is subjected to the DOS attack, and the BMP data packet sent by the other device is attacked by the DOS attack.
  • the TTL value is generally 64 or 100, and does not reach 255. Therefore, when the BMP data packet sent by the sender and the BMP data packet sent by the other device are DOS attacked, the same number is forwarded.
  • the TTL value of the DOS attacked BMP data packet sent by the other device is smaller than the preset TTL threshold.
  • the preset TTL threshold is 245, when the TTL value of the BMP data packet received by the receiving end is less than 245, it is determined that the BMP data packet received by the receiving end is illegal BMP data.
  • the packet discards the illegal BMP data packet. For example, when there are 10 routers that forward BMP data packets between the server and the router, when the server receives the TTL value of the BMP data packet sent by the router is less than 245, it indicates that the server receives The BMP data packet is an illegal BMP data packet, and the server discards the BMP data packet.
  • the BMP data packet When the TTL value of the BMP data packet received by the receiving end is greater than or equal to the preset TTL threshold, The BMP data packet is not subjected to a DOS attack, and is a normal BMP data packet, and the normal BMP data packet is continuously transmitted to the upper layer of the data layer, for example, to the control plane, that is, the normal operation is continued.
  • the BMP data message is processed. For example, when the preset TTL threshold is 245, when the TTL value of the BMP data packet received by the server is greater than or equal to 245, it is determined that the BMP data packet received by the server is normal BMP data. The packet continues to process the normal BMP data packet.
  • the TTL value of the received BMP packet is obtained.
  • the BMP packet is discarded, and the TTL value is used. Prevent DOS attacks from spoofing IP, reduce the CPU usage of the device, and improve the service life of the device.
  • the present invention further provides a DOS attack prevention system.
  • FIG. 3 is a schematic diagram of functional modules of a preferred embodiment of the DOS attack prevention system of the present invention.
  • the DOS attack system prevents the sender 110 and the receiver 220 from:
  • the receiving end 220 is configured to receive a border gateway monitoring protocol BMP packet sent by the sending end;
  • the sending end 110 is configured to send a border gateway monitoring protocol BMP message to the receiving end.
  • the transmitting end 110 is preferably a router
  • the receiving end 220 is preferably a server.
  • the server and the router establish a link through a TCP/IP protocol.
  • the TCP/IP protocol is the most basic protocol of the Internet and is the basis of the Internet international Internet. It consists of the IP protocol of the network layer and the TCP protocol of the transport layer.
  • the server may also establish a link with the router through an IPX/SPX protocol or the like.
  • IPX mainly implements establishment and termination of connection between network devices; SPX protocol is an auxiliary protocol of IPX, which mainly implements packet sending and tracking packet transmission to ensure complete transmission of information.
  • the router sends a BMP data packet to the server, and the server receives the BMP data packet sent by the router.
  • both the server and the router are configured with a GTSM.
  • the sending end 220 is further configured to modify the TTL value of the BMP packet to a maximum value of 255 of 255 when the BMP packet is sent to the receiving end.
  • the TTL value of the BMP data packet sent by the router is modified through its data plane.
  • the TTL value specifies the maximum number of network segments that the IP packet is allowed to pass before being discarded by the router.
  • the role of the TTL is to limit the existence time of the IP data packet in the computer network.
  • the maximum value of the TTL is 255, and the TTL field is determined by The sender of the IP data packet is set.
  • the router on the forwarding path modifies the TTL value.
  • the TTL value is decremented by 1, and then the IP packet is forwarded out. Therefore, preferably, the router modifies the TTL value of the BMP data message to be sent to the server to 255.
  • the receiving end 220 is further configured to obtain a lifetime TTL value of the BMP packet.
  • the server When the server receives the BMP data packet sent by the router, the TTL value of the BMP data packet is obtained through the data plane.
  • the receiving end 220 is further configured to: when the TTL value of the BMP packet is less than the preset TTL threshold, determine that the BMP packet is subjected to a DOS attack, and discard the BMP packet;
  • the BMP data packet When the TTL value of the BMP data packet received by the server is less than the preset TTL threshold, the BMP data packet is determined to be an audible BMP data packet, and the server discards the packet. The illegal BMP data message will not continue to pass the illegal BMP data message to the upper layer of the data layer.
  • the receiving end 220 is further configured to set the preset TTL threshold according to a universal TTL security protection mechanism
  • the preset TTL threshold is a GTSM setting configured by the server.
  • the server sets the preset TTL threshold according to a network topology between the server and the router through a GTSM configured by the server, where the network topology refers to a medium that interconnects various devices by using a transmission medium.
  • Layout refers to the specific physical, ie, real, or logical, virtual arrangement of the members that make up the network. If there are 10 routers on the forwarding path in the network between the server and the router, the preset TTL threshold is set to 245. The TTL value is decremented by 1 when the TTL value of the BMP data packet sent by the router passes through a router on a forwarding path.
  • the preset TTL threshold is set to 245, that is, the TTL value of the BMP data packet received by the server should be in the range of 245 to 255.
  • the server When receiving the BMP data packet sent by the router, the server simultaneously receives the TTL of the BMP data packet sent by the DOS attack, and the TTL of the BMP data packet sent by the other device.
  • the value is generally 64 or 100, etc., and does not reach 255. Therefore, when the BMP data packet sent by the router and the BMP data packet sent by the other device are subjected to the DOS attack, the same number of forwarding paths are used.
  • the TTL value of the DOS attacked BMP data packet sent by the other device is smaller than the preset TTL threshold. For example, when the preset TTL threshold is 245, when the TTL value of the BMP data packet received by the server is less than 245, it is determined that the BMP data packet received by the server is an illegal BMP data packet. Discard the illegal BMP data packet.
  • the receiving end 220 is further configured to: when the TTL value of the BMP packet is greater than or equal to the preset TTL threshold, determine that the BMP packet is a normal BMP packet, and continue to the BMP packet.
  • the TTL value of the BMP data packet received by the server is greater than or equal to the preset TTL threshold, it is determined that the BMP data packet is not subjected to a DOS attack, and is a normal BMP data packet, and the The normal BMP data packet continues to be transmitted to the upper layer of the data layer, for example, to the control plane, that is, the normal BMP data packet is processed.
  • the preset TTL threshold is 245
  • the TTL value of the BMP data packet received by the server is greater than or equal to 245
  • the packet continues to process the normal BMP data packet.
  • the foregoing embodiment method can be implemented by means of software plus a necessary general hardware platform, and of course, can also be through hardware, but in many cases, the former is better.
  • Implementation Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, may be embodied in the form of a software product stored in a storage medium (such as ROM/RAM, disk,
  • the optical disc includes a number of instructions for causing a terminal device (which may be a cell phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the methods described in various embodiments of the present invention.
  • the foregoing technical solution provided by the embodiment of the present invention can be applied to the TTL of the received BMP packet, and the TTL value of the received BMP packet is less than the preset TTL threshold.
  • the BMP packet is discarded, and the TTL value is used to prevent DOS attacks against the spoofed IP.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

La présente invention concerne un procédé pour prévenir les attaques DOS, le procédé comprenant les étapes suivantes : recevoir un paquet de protocole de surveillance de passerelle frontière BMP envoyé par un terminal émetteur ; acquérir la valeur de durée de vie TTL du paquet BMP ; et lorsque la valeur TTL du paquet BMP est inférieure à une valeur seuil de TTL prédéfinie, déterminer que le paquet BMP a subi une attaque DOS et abandonner le paquet BMP. La présente invention concerne également un appareil et un système pour prévenir les attaques DOS par paquets BMP. La présente invention permet d'éviter les attaques DOS par usurpation d'IP au moyen des valeurs TTL.
PCT/CN2016/076649 2015-08-17 2016-03-17 Procédé, appareil et système pour prévenir les attaques dos Ceased WO2016177131A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510504850.X 2015-08-17
CN201510504850.XA CN106470187A (zh) 2015-08-17 2015-08-17 防止dos攻击方法、装置和系统

Publications (1)

Publication Number Publication Date
WO2016177131A1 true WO2016177131A1 (fr) 2016-11-10

Family

ID=57218130

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/076649 Ceased WO2016177131A1 (fr) 2015-08-17 2016-03-17 Procédé, appareil et système pour prévenir les attaques dos

Country Status (2)

Country Link
CN (1) CN106470187A (fr)
WO (1) WO2016177131A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112448912A (zh) * 2019-08-27 2021-03-05 中兴通讯股份有限公司 一种防报文攻击方法、装置及存储介质
CN113709156A (zh) * 2021-08-27 2021-11-26 哈尔滨工业大学 一种nids网络渗透检测方法、计算机及存储介质
US11916783B2 (en) 2020-04-29 2024-02-27 Huawei Technologies Co., Ltd. Information reporting method, information processing method, apparatus, and device
US12328248B2 (en) 2019-11-15 2025-06-10 Huawei Technologies Co., Ltd. Information reporting method, information processing method, and device

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110213254A (zh) * 2019-05-27 2019-09-06 北京神州绿盟信息安全科技股份有限公司 一种识别伪造互联网协议ip报文的方法和设备
CN114531270B (zh) * 2021-12-31 2023-11-03 网络通信与安全紫金山实验室 针对分段路由标签探测的防御方法及装置

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006345347A (ja) * 2005-06-10 2006-12-21 Matsushita Electric Ind Co Ltd 通信装置、ネットワーク構成調査方法、およびプログラム
CN101674312A (zh) * 2009-10-19 2010-03-17 中兴通讯股份有限公司 一种在网络传输中防止源地址欺骗的方法及装置
CN104125242A (zh) * 2014-08-18 2014-10-29 北京阅联信息技术有限公司 识别伪装ldns请求的ddos攻击的防护方法及装置
CN104348749A (zh) * 2014-07-28 2015-02-11 湖北誉恒科技有限公司 一种流量控制方法、装置及系统

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7415018B2 (en) * 2003-09-17 2008-08-19 Alcatel Lucent IP Time to Live (TTL) field used as a covert channel
CN101582833B (zh) * 2008-05-15 2011-10-05 成都市华为赛门铁克科技有限公司 一种伪造ip数据包的处理方法及装置

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2006345347A (ja) * 2005-06-10 2006-12-21 Matsushita Electric Ind Co Ltd 通信装置、ネットワーク構成調査方法、およびプログラム
CN101674312A (zh) * 2009-10-19 2010-03-17 中兴通讯股份有限公司 一种在网络传输中防止源地址欺骗的方法及装置
CN104348749A (zh) * 2014-07-28 2015-02-11 湖北誉恒科技有限公司 一种流量控制方法、装置及系统
CN104125242A (zh) * 2014-08-18 2014-10-29 北京阅联信息技术有限公司 识别伪装ldns请求的ddos攻击的防护方法及装置

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112448912A (zh) * 2019-08-27 2021-03-05 中兴通讯股份有限公司 一种防报文攻击方法、装置及存储介质
US12328248B2 (en) 2019-11-15 2025-06-10 Huawei Technologies Co., Ltd. Information reporting method, information processing method, and device
US11916783B2 (en) 2020-04-29 2024-02-27 Huawei Technologies Co., Ltd. Information reporting method, information processing method, apparatus, and device
CN113709156A (zh) * 2021-08-27 2021-11-26 哈尔滨工业大学 一种nids网络渗透检测方法、计算机及存储介质
CN113709156B (zh) * 2021-08-27 2022-09-27 哈尔滨工业大学 一种nids网络渗透检测方法、计算机及存储介质

Also Published As

Publication number Publication date
CN106470187A (zh) 2017-03-01

Similar Documents

Publication Publication Date Title
US10931711B2 (en) System of defending against HTTP DDoS attack based on SDN and method thereof
Geva et al. Bandwidth distributed denial of service: Attacks and defenses
Liu et al. To filter or to authorize: Network-layer DoS defense against multimillion-node botnets
CN107710680B (zh) 网络攻击防御策略发送、网络攻击防御的方法和装置
US10749897B2 (en) Short term certificate management during distributed denial of service attacks
US7930740B2 (en) System and method for detection and mitigation of distributed denial of service attacks
WO2016177131A1 (fr) Procédé, appareil et système pour prévenir les attaques dos
CN107135187A (zh) 网络攻击的防控方法、装置及系统
CN106161333A (zh) 基于sdn的ddos攻击防护方法、装置及系统
US7596097B1 (en) Methods and apparatus to prevent network mapping
KR20120060655A (ko) 서버 공격을 탐지할 수 있는 라우팅 장치와 라우팅 방법 및 이를 이용한 네트워크
CN100420197C (zh) 一种实现网络设备防攻击的方法
CN101299765B (zh) 抵御ddos攻击的方法
CN106487790B (zh) 一种ack flood攻击的清洗方法及系统
US7818795B1 (en) Per-port protection against denial-of-service and distributed denial-of-service attacks
CN101136917B (zh) 一种传输控制协议拦截模块及其软切换方法
Kumarasamy et al. An active defense mechanism for TCP SYN flooding attacks
JP2010193083A (ja) 通信システムおよび通信方法
CN101494536B (zh) 一种防arp攻击的方法、装置和系统
WO2019096104A1 (fr) Prévention contre les attaques
CN107332810A (zh) 攻击防御方法及装置、系统
CN102045302A (zh) 网络攻击的防范方法、业务控制节点及接入节点
JP2006501527A (ja) ネットワーク・サービスプロバイダおよびオペレータのサーバシステムに対する攻撃の確認と防御のための方法、データキャリア、コンピュータシステム、およびコンピュータプログラム
Fallah et al. TDPF: a traceback‐based distributed packet filter to mitigate spoofed DDoS attacks
Bossardt et al. Enhanced Internet security by a distributed traffic control service based on traffic ownership

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16789125

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16789125

Country of ref document: EP

Kind code of ref document: A1