CN105337959B - Network load anti-attack processing method and system and attack protection server - Google Patents
Network load anti-attack processing method and system and attack protection server Download PDFInfo
- Publication number
- CN105337959B CN105337959B CN201510622991.1A CN201510622991A CN105337959B CN 105337959 B CN105337959 B CN 105337959B CN 201510622991 A CN201510622991 A CN 201510622991A CN 105337959 B CN105337959 B CN 105337959B
- Authority
- CN
- China
- Prior art keywords
- packet
- signal packet
- response signal
- client
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
本发明公开了一种网络负载防攻击处理方法和系统及防攻击服务器。其中,交换机将来自客户端的握手信号包转发至防攻击服务器,其中,防攻击服务器用于根据握手信号包构造应答信号包;交换机然后转发应答信号包至客户端,其中,客户端用于根据应答信号包生成响应信号包;交换机再转发响应信号包至应用服务器,其中,应用服务器用于验证响应信号包的合法性并在验证响应信号包合法的情况下为客户端提供应用服务。通过本发明,提高了网络负载的防攻击性能。
The invention discloses a network load anti-attack processing method and system and an anti-attack server. Wherein, the switch forwards the handshake signal packet from the client to the anti-attack server, wherein the anti-attack server is used to construct a response signal packet according to the handshake signal packet; the switch then forwards the response signal packet to the client, wherein the client is used to The signal packet generates a response signal packet; the switch then forwards the response signal packet to the application server, wherein the application server is used to verify the legality of the response signal packet and provide application services for the client under the condition that the response signal packet is verified to be legal. Through the invention, the attack defense performance of the network load is improved.
Description
Technical field
The present invention relates to the communications fields, in particular to a kind of network load anti-attack processing method and system and prevent
Attack server.
Background technique
Virtual server refers to a virtual server cluster system, for example, Linux virtual server (Linux more
Virtual Server, abbreviation LVS).The LVS server can provide the interconnection protocol (Virtual between virtual network
Internet Protocol, referred to as VIP) for user's access.Client initiates the transmission control protocol of a VIP
The connection request of (Transmission Control Protocol, referred to as TCP), LVS server can act on behalf of the three of TCP
Secondary handshake procedure can effectively defend refusal service attack SYN Flood to attack.Fig. 1 is according to one in the related technology
The schematic diagram of kind server attack protection mode, as shown in Figure 1, the server attack protection mode includes client 10 ', interchanger
20 ', virtual server 30 ', non-virtual server 40 ' and virtual server connect back-end server 50 ', wherein client 10 ' and
Interchanger 20 ' can be in communication with each other, the data forwarding that interchanger 20 ' can send client 10 ' to non-virtual server
40 ', interchanger 20 ' and virtual server 30 ' can be in communication with each other, and virtual server connects back-end server 50 ' and can receive
The data of self-virtualizing server 30 '.The load in deployment of the firewall of the virtual server is convenient, for example, directly providing just
On the virtual server 30 ' of normal flow installation can realize firewall and allowed according to specific security strategy, be refused or
Detect the information flow into network.Therefore, SYN can not only effectively be defendd by being loaded with the virtual server after firewall
Flood attack, moreover it is possible to prevent SYN Flood from attacking the influence to normal service in a short time.
When normal service and attack service are on same server, system resource has disappeared when providing normal service
Most central processing unit (Central Processing Unit, referred to as CPU), input/output port (Input are consumed
Output, referred to as IO) and the normal discharges such as traps resource, if also to handle attack traffic, the defense of system
It can will be greatly reduced.With the increase of attack traffic, there is bottleneck in the ability to accept of system network interface card, can not receive and then handle institute
Some data request packets may cause the loss of normal data request packet, and normal service also will receive influence at this time.This kernel
The deployment scheme of firewall is only book server and provides defense function, that is, when installation kernel fire prevention on virtual server 30 '
When wall, kernel firewall is only the offer defense function of virtual server 30 ', and for other non-portions under same interchanger
The server for affixing one's name to firewall, that is, non-virtual server 40 ', then cannot play defense function.
For the problem of the attack protection performance attack protection performance difference of network load in the related technology, not yet propose have at present
The solution of effect.
Summary of the invention
The main purpose of the present invention is to provide a kind of network load anti-attack processing method and system and attack protection services
Device, the attack protection performance at least to solve the problems, such as network load are poor.
To achieve the goals above, according to an aspect of the invention, there is provided a kind of network load attack protection processing side
Method.The network load anti-attack processing method, which includes: interchanger, is forwarded to attack protection clothes for the handshake packet from client
Business device, wherein attack protection server is used to construct answer signal packet according to handshake packet;Interchanger forwards answer signal packet extremely
Client, wherein client is used to generate response signal packet according to answer signal packet;Interchanger transponder response signal packet is extremely applied
Server, wherein application server is used for the legitimacy of validation response signal packet and the case where validation response signal includes method
Application service is provided down for client.
Further, before the handshake packet from client is forwarded to attack protection server by interchanger, the net
Network loads anti-attack processing method further include: interchanger receives the data request packet from client;Interchanger judges that data are asked
Ask whether packet is handshake packet;Wherein, interchanger is when judging data request packet is handshake packet, to attack protection service
Device sends handshake packet, when judging data request packet is non-handshake packet, sends non-letter of shaking hands to application server
Number packet.
Further, interchanger transponder response signal packet to application server includes: that interchanger is received from client
Response signal packet, wherein response signal packet carries the characteristic value of construction algorithm, wherein attack protection server is for passing through structure
It makes algorithm and answer signal packet is obtained by handshake packet;And response signal packet is sent to application server by interchanger, wherein
Application server is used for according to the characteristic value of construction algorithm and the legitimacy of default proof rule validation response signal packet.
To achieve the goals above, according to another aspect of the present invention, a kind of network load attack protection processing is additionally provided
Method.The network load anti-attack processing method includes: the handshake packet of attack protection server desampler forwarding;It is anti-to attack
It hits server and answer signal packet is constructed according to handshake packet;And answer signal packet is sent to exchange by attack protection server
Machine, wherein interchanger is used to answer signal packet being forwarded to client, wherein client is used to be generated according to answer signal packet
Response signal packet, interchanger are used for validation response signal packet for transponder response signal packet to application server, application server
Legitimacy and provide application service in the case where validation response signal inclusion method for client.
Further, it includes: that attack protection server mentions that attack protection server, which constructs answer signal packet according to handshake packet,
Take the characteristic information of handshake packet;And attack protection server is according to the characteristic information of pre-set configuration rule and handshake packet
Construct answer signal packet.
To achieve the goals above, according to another aspect of the present invention, a kind of network load attack protection processing is additionally provided
Method.The network load anti-attack processing method includes: the response signal packet of application server desampler forwarding, wherein
Response signal packet is the response signal packet from client, and client is used to generate response signal packet according to answer signal packet, answer
Answering signal packet is the answer signal packet that the handshake packet that attack protection server is forwarded according to interchanger constructs;Application service
The legitimacy of device validation response signal packet;And application server mentions in the case where validation response signal inclusion method for client
For application service.
Further, application server is used for the legitimacy according to preset proof rule validation response signal packet, is answering
After legitimacy with server authentication response signal packet, the network load anti-attack processing method further include: application server
Response signal packet is abandoned in the illegal situation of validation response signal packet.
To achieve the goals above, according to another aspect of the present invention, a kind of interchanger is additionally provided.The interchanger packet
It includes: the first retransmission unit, for the handshake packet from client to be forwarded to attack protection server, wherein attack protection clothes
Device be engaged in for constructing answer signal packet according to handshake packet;Second retransmission unit, for forwarding answer signal packet to client,
Wherein, client is used to generate response signal packet according to answer signal packet;Third retransmission unit, extremely for transponder response signal packet
Application server, wherein application server is used for the legitimacy of validation response signal packet and in validation response signal inclusion method
In the case of for client provide application service.
To achieve the goals above, according to another aspect of the present invention, a kind of attack protection server is additionally provided.This prevents attacking
Hitting server includes: receiving unit, the handshake packet for desampler forwarding;Structural unit, for according to letter of shaking hands
Number packet construction answer signal packet;And transmission unit, for answer signal packet to be sent to interchanger, wherein interchanger is used for
Answer signal packet is forwarded to client, wherein client is used to generate response signal packet according to answer signal packet, and interchanger is used
In transponder response signal packet to application server, application server is used for the legitimacy of validation response signal packet and in auth response
Application service is provided in the case where signal inclusion method for client.
To achieve the goals above, according to another aspect of the present invention, a kind of application server is additionally provided.The application clothes
Business device includes: receiving unit, the response signal packet for desampler forwarding, wherein response signal packet is from client
Response signal packet, client be used for according to answer signal packet generate response signal packet, answer signal packet be attack protection server
The answer signal packet constructed according to the handshake packet that interchanger forwards;Authentication unit, for validation response signal packet
Legitimacy;And unit is provided, for providing application service in the case where validation response signal inclusion method for client.
To achieve the goals above, according to another aspect of the present invention, a kind of network load attack protection processing is additionally provided
System.The network load attack protection processing system includes: client, interchanger, attack protection server and application server,
In: client generates response signal packet for sending handshake packet, according to answer signal packet;Interchanger is used for handshake
Packet is forwarded to attack protection server, forwarding answer signal packet to client, transponder response signal packet to application server;Attack protection
Server is used to construct answer signal packet according to handshake packet;And application server is for the legal of validation response signal packet
Property simultaneously provides application service in the case where validation response signal inclusion method for client.
Further, an attack protection server of the network load attack protection processing system corresponds to multiple application services
Device.
Through the invention, the handshake packet from client is forwarded to by attack protection server using interchanger, wherein
Attack protection server is used to construct answer signal packet according to handshake packet;Then interchanger forwards answer signal packet to client
End, wherein client is used to generate response signal packet according to answer signal packet;Transponder response signal packet to application takes interchanger again
Business device, wherein application server is used for the legitimacy of validation response signal packet and in the case where validation response signal inclusion method
Application service is provided for client, solves the problems, such as that the attack protection performance of network load is poor, and then improve network load
Attack protection performance.
Detailed description of the invention
The attached drawing constituted part of this application is used to provide further understanding of the present invention, schematic reality of the invention
It applies example and its explanation is used to explain the present invention, do not constitute improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is the schematic diagram according to one of the relevant technologies server attack protection mode;
Fig. 2 is the schematic diagram of network load attack protection processing system according to a first embodiment of the present invention;
Fig. 3 is the schematic diagram of network load attack protection processing system according to a second embodiment of the present invention
Fig. 4 is the flow chart of network load anti-attack processing method according to a first embodiment of the present invention;
Fig. 5 is the flow chart of the processing method to data request packet of interchanger according to an embodiment of the present invention;
Fig. 6 is the flow chart of network load anti-attack processing method according to a second embodiment of the present invention;
Fig. 7 is the flow chart of network load anti-attack processing method according to a third embodiment of the present invention;
Fig. 8 is the flow chart of the method for application server validation response signal packet according to an embodiment of the present invention;
Fig. 9 is the schematic diagram of interchanger according to an embodiment of the present invention;
Figure 10 is the schematic diagram of attack protection server according to an embodiment of the present invention;And
Figure 11 is the schematic diagram of application server according to an embodiment of the present invention.
Specific embodiment
It should be noted that in the absence of conflict, the features in the embodiments and the embodiments of the present application can phase
Mutually combination.The present invention will be described in detail below with reference to the accompanying drawings and embodiments.
In order to make those skilled in the art more fully understand application scheme, below in conjunction in the embodiment of the present application
Attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is only
The embodiment of the application a part, instead of all the embodiments.Based on the embodiment in the application, ordinary skill people
Member's every other embodiment obtained without making creative work, all should belong to the model of the application protection
It encloses.
It should be noted that the description and claims of this application and term " first " in above-mentioned attached drawing, "
Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should be understood that using in this way
Data be interchangeable under appropriate circumstances, so as to embodiments herein described herein.In addition, term " includes " and " tool
Have " and their any deformation, it is intended that cover it is non-exclusive include, for example, containing a series of steps or units
Process, method, system, product or equipment those of are not necessarily limited to be clearly listed step or unit, but may include without clear
Other step or units listing to Chu or intrinsic for these process, methods, product or equipment.
The embodiment of the invention provides a kind of network load attack protection processing systems.
Fig. 2 is the schematic diagram of network load attack protection processing system according to a first embodiment of the present invention.As shown in Fig. 2,
The network load attack protection processing system includes: client 10, interchanger 20, attack protection server 30 and application server 40.
The client 10 of the system generates response signal packet for sending handshake packet, according to answer signal packet.
Client 10 provides local service program for server, can be web browser client, and receipts post Email
Email client, the client software etc. of instant messaging.Client 10 sends TCP request to server, with to service
Whether device request can carry out connection of shaking hands.Client 10 sends a plurality of types of data request packets, wherein a plurality of types of numbers
It include the handshake packet that client 10 sends TCP according to request packet, handshake packet includes the address about client, client
Port and address network protocol (Internet Protocol, referred to as IP) itself, the information such as connection of server.When
Server is after receiving the TCP request of the transmission of client 10, if client 10 is allowed to carry out connection of shaking hands, basis is shaken hands
Signal packet generates answer signal packet.Client 10 receives the answer signal packet from server, can clearly carry out connection of shaking hands,
Then response signal packet can be generated according to answer signal packet.Response signal packet is sent, having been received with tell the server can be with
Shake hands the answer signal packet of connection, so that client 10 and the TCP connection of server are successfully established, client 10 and service
Device can normal interaction data, that is, client 10 can be to the normal data request packet of server transport normal service.Work as visitor
Family end 10 does not generate response signal packet receiving answer signal packet, then client 10 and server only open half-connection, response
The corresponding handshake packet of signal packet consumes server resource, is considered as signal to attack packet.Wherein, response signal packet carries client
The characteristic value at end 10, this feature value is with attack protection server 30 according to the characteristic information structure of pre-set configuration rule and handshake packet
The answer signal made is related.
Client 10 sends multiple handshake packets, and the time that each handshake packet is sent is different, then server is to more
The response time that a handshake packet carries out response is different, that is, the time for being sent to the answer signal packet of client 10 is different,
To which response time of the client 10 to multiple answer signal packets is different, then the data request packet that client 10 is sent, which can have, to be worked as
Preceding handshake packet can also have the response signal packet responded to the corresponding answer signal packet of handshake packet before,
It is also possible to normal data request packet.Optionally, multiple client 10 sends multiple handshake packets in different times, service
Device responds multiple handshake packets of multiple client 10 in different time, to generate multiple responses in different time
Signal packet, client 10 may send current handshake packet in the same time, it is also possible to send to handshake packet before
The response signal packet that corresponding answer signal packet is responded.
The interchanger 20 of the system is used to for handshake packet being forwarded to attack protection server 30, and forwarding answer signal packet is extremely
Client 10, transponder response signal packet to application server 40.
Preferably, server includes attack protection server 30.Interchanger 20 turns the handshake packet from client 10
It is sent to attack protection server 30;Interchanger 20 forwards the answer signal packet from attack protection server 30 to client 10;Exchange
Machine 20 forwards the response signal packet from client 10 to application server 40.
Interchanger 20 is configured with routing policy, can carry out destination address routing according to the destination address of routing, can also
To carry out the source address of strategy implement according to routing source address by the request of data issued so as to given client end 10
Packet can only be forwarded to some specific interface.The handshake packet from client 10 is forwarded to attack protection clothes in interchanger 20
It is engaged in front of device 30, interchanger 20 receives the data request packet from client 10.The data request packet that client 10 is sent can be with
It is current handshake packet, is also possible to the response signal responded to the corresponding answer signal packet of handshake packet before
Packet, interchanger 20 judge whether data request packet is handshake packet according to routing policy;Interchanger 20 is judging that data ask
When to seek packet be handshake packet, handshake packet is sent to attack protection server 30, is judging that data request packet is non-shakes hands
When signal packet, for example, then non-handshake packet is sent to application server 40 when being response signal packet, so that attack be serviced
It is separated with normal service.Preferably, 20 transponder response signal packet of interchanger to application server 40 includes: that interchanger 20 receives
Response signal packet is sent to application server 40 by the response signal packet from client 10, interchanger 20.
The attack protection server 30 of the system is used to construct answer signal packet according to handshake packet.
Server includes attack protection server 30.The handshake packet of 30 desampler 20 of attack protection server forwarding;
Attack protection server 30 passes through the characteristic information for extracting handshake packet, according to the feature of pre-set configuration rule and handshake packet
Information structuring answer signal packet.Specifically, client ip address of the attack protection server 30 according to handshake packet, client
The information structurings answer signal packet such as port and itself port IP;It is anti-to attack after attack protection server 30 constructs answer signal packet
It hits server 30 and answer signal packet is sent to interchanger 20.Preferably, attack protection server 30 only one, have 10,000,000,000 nets
Card is configured with kernel firewall, all handshake packets is handled by kernel firewall, limit illegal handshake packet
Pass through, is protected system.
The systematic difference server 40 is used for the legitimacy of validation response signal packet and includes method in validation response signal
In the case where provide application service for client 10.
The response signal packet of 40 desampler 20 of application server forwarding, that is, application server 40 receives positive informal dress
The corresponding response signal packet of the handshake of business.After the response signal packet of 40 desampler 20 of application server forwarding,
The legitimacy of validation response signal packet.Application server 40 is verified according to the characteristic value of preset proof rule and construction algorithm to be rung
The legitimacy of induction signal packet, wherein attack protection server 30 is used to obtain answer signal by handshake packet by construction algorithm
Packet.Specifically, whether validation response signal packet meets the engagement arithmetic of application server 40 Yu attack protection server 30, this is about
Determining algorithm includes the response letter that attack protection server 30 is constructed according to the characteristic information of pre-set configuration rule and handshake packet
Number algorithm, if met, client 10 and application server are successfully established TCP connection, and response data request packet is to client
End 10, hereafter, client and server can provide phase with the normal data request packet of normal transmission normal service for client 10
The application service answered.Application service can be the application services such as access information, instant messaging, Web conference from webpage.No
With application service can correspond to different application servers 40, same application server 40 can there are many application service, than
Such as, when client is browser, application service can be the service content such as video, news on the different web pages page, different nets
The service content such as video, news on the page page can correspond to different servers, and same server can also both provide video,
The service content such as news can also be provided.When client 10 sends the attack handshake of attack service, then 20 turns of interchanger
Hair attack handshake packet is to attack protection server 30, so that application server is made only to handle the data request packet of normal service,
Influence of the attack service to normal service is avoided, the defending performance of network load is improved.
Preferably, application server 40 has multiple, can provide different application services for client 10.In application service
Corresponding application service is provided in the case where 40 validation response signal inclusion method of device for client 10.It is verified in application server 40
After the legitimacy of response signal packet, when application server 40 can abandon response signal when validation response signal packet is illegal
Packet does not provide corresponding application clothes that is, application server 40 is not responding to request data package to client 10 for client 10
Business.
Preferably, the corresponding multiple application servers 40 of an attack protection server 30.Attack protection server is attacked for handling
Hit the corresponding signal to attack packet of service, and multiple application servers 40 are for handling the corresponding response signal packet of normal service and just
Regular data request packet.
The embodiment sends handshake packet by client 10, generates response signal packet according to answer signal packet, passes through
Handshake packet is forwarded to attack protection server 30, forwarding answer signal packet to client 10, transmitted response letter by interchanger 20
Number packet constructs answer signal packet according to handshake packet by attack protection server 30, passes through application clothes to application server 40
The legitimacy of business 40 validation response signal packet of device simultaneously provides for client using clothes in the case where validation response signal inclusion method
Business, so that attack service and normal service separation by system, improve the attack protection performance of network load.
Fig. 3 is the schematic diagram of network load attack protection processing system according to a second embodiment of the present invention.As shown in figure 3,
The system includes client 10, interchanger 20, attack protection server 30 and application server 40.
Handshake packet is forwarded to attack protection server 30 by interchanger 20 by the embodiment, passes through attack protection server
30 construct answer signal packet according to handshake packet, which is the spy according to pre-set configuration rule and handshake packet
Levy information structuring answer signal packet.Interchanger 20 forwards the answer signal packet from attack protection server 30 to client 10, visitor
Family end 10 generates response signal packet according to answer signal packet, which carries the characteristic value of construction algorithm, wherein anti-
Attack server 30 is used to obtain answer signal packet by handshake packet by construction algorithm.Interchanger 20 is forwarded again from client
The response signal packet at end 10 passes through the legitimacy of 40 validation response signal packet of application server and is verifying to application server 40
In the case where response signal inclusion method, client 10 and attack protection server 30 are successfully established TCP connection, and client sends normal
Corresponding normal data request packet is serviced to application server 40, application server 40 is that client 10 provides application service;It holds
Hand signal packet includes that attack services corresponding attack handshake packet, when client sends attack handshake packet to interaction machine 20
When, 20 forwarding attack handshake packet of interchanger to attack protection server 30 a, it is preferable that correspondence of attack protection server 30 is more
A application service, multiple application servers are for providing different application services for client, thus by the attack service of system
It is separated with normal service, improves the attack protection performance of network load.
The embodiment of the invention also provides a kind of network load anti-attack processing methods.The network load attack protection processing side
Method can be used for the attack protection processing of server cluster.
Fig. 4 is the flow chart of network load anti-attack processing method according to a first embodiment of the present invention.As shown in figure 4,
The network load anti-attack processing method the following steps are included:
Handshake packet from client is forwarded to attack protection server by step S402, interchanger.
User end to server sends TCP request, whether can carry out connection of shaking hands to server request.Client hair
Send a plurality of types of data request packets, wherein a plurality of types of data request packets include the handshake that client sends TCP
Packet, handshake packet can be the normal handshake of request normal service, be also possible to only open the attack of half-connection service
Handshake packet, that is, expending the attack handshake packet of server resource.When server is receiving shaking hands for client transmission
After signal packet, if client is allowed to carry out connection of shaking hands, answer signal packet is generated according to handshake packet.Client's termination
The answer signal packet from server is received, connection of shaking hands can be clearly carried out, then can generate response letter according to answer signal packet
Number packet.
Interchanger is configured with routing policy, can carry out destination address routing according to the destination address of routing, can also be with
The source address of strategy implement is carried out according to routing source address by so that the data request packet that given client end issues can only turn
It is dealt into some specific interface, such as the interface of different server.Fig. 5 is interchanger according to an embodiment of the present invention to data
The flow chart of the processing method of request packet.As shown in figure 5, method includes the following steps:
Step S51 receives data request packet.
Interchanger receives various types of data request packets that client is sent, and the data request packet that client is sent includes
It attacks handshake packet, normal handshake packet, response signal packet and client and server is successfully established visitor after TCP connection
The normal data request packet that family end is sent.
Step S52 judges whether data request packet is handshake packet.
Interaction machine judges whether data request packet is handshake packet according to the routing policy of configuration, thus by different type
Request of data forward a packet on different servers, for example, attack protection server or application server.
Step S53, will be on handshake packet policybased routing to attack protection server.
If it is judged that data request packet is handshake packet, then interacts machine and only send anti-attack for handshake request packet
It hits on server, that is, interaction machine will include that normal handshake packet is sent to the handshake packet for attacking handshake packet
On attack server, wherein attack protection server is used to construct answer signal packet according to handshake packet.
Step S54, will be on non-handshake packet policybased routing to application server.
If it is judged that data request packet is non-handshake packet, then interacts machine and only send application for non-handshake packet
On server, that is, interaction machine will include response signal packet and client and service that client is generated according to answer signal packet
Device is successfully established the normal data request packet that client is sent after TCP connection and is sent on application server.Optionally, when non-
When handshake packet is response signal packet, interchanger sends response signal packet, application server auth response to application server
The legitimacy of signal packet provides application service in the case where validation response signal inclusion method for client.Application service can be with
It is the application services such as access information, instant messaging, Web conference from webpage, different application services can correspond to different
Application server, same application server can be there are many application services.
Interchanger judges whether data request packet is handshake packet by data request packet of the reception from client,
If interchanger judges that data request packet is handshake packet, handshake packet is sent to attack protection server, if handed over
It changes planes when judging that data request packet is non-handshake packet, sends non-handshake packet to application server, attacked to realize
Service and the separation of normal service are hit, the bearing capacity of network interface card is reduced, promotes the defending performance of network load.
Step S404, interchanger forward answer signal packet to client.
After handshake packet from client is forwarded to attack protection server by interchanger, attack protection server according to
Handshake packet constructs answer signal packet.Attack protection server passes through the characteristic information for extracting handshake packet, according to default structure
Make the characteristic information construction answer signal packet of rule and handshake packet.After attack protection server constructs answer signal packet,
Interchanger forwards answer signal packet to client.
After interchanger forwards answer signal packet to client, client generates response signal according to answer signal packet
Packet, response signal packet carry the characteristic value of construction algorithm, and attack protection server is used for through construction algorithm by handshake packet
Obtain answer signal packet.
Step S406, interchanger transponder response signal packet to application server, wherein application server is used for auth response
The legitimacy of signal packet simultaneously provides application service in the case where validation response signal inclusion method for client.
Interchanger transponder response signal packet is to application server.Specifically, interchanger receives the response from client
Signal packet, wherein response signal packet carries the characteristic value of construction algorithm, and attack protection server is used for through construction algorithm by holding
Hand signal packet obtains answer signal packet, and the response signal packet with characteristic value is sent to application server by interchanger, wherein is answered
With server according to the characteristic value of construction algorithm and the legitimacy of preset proof rule validation response signal packet.Application server
According to the legitimacy of the characteristic value of client and preset proof rule validation response signal packet, that is, response signal packet whether
Meet the engagement arithmetic of application server Yu attack protection server, which includes attack protection server according to pre-set configuration
The characteristic information of rule and handshake packet and the algorithm of answer signal constructed, if met, response data request packet is given
Client, to provide corresponding application service for client.
The embodiment of the network load anti-attack processing method is turned the handshake packet from client using interchanger
It is sent to attack protection server, wherein attack protection server constructs answer signal packet according to handshake packet, then forwards response letter
Number packet is to client, wherein client generates response signal packet according to answer signal packet, then transponder response signal packet is to application clothes
Business device, wherein application server is used for the legitimacy of validation response signal packet and in the case where validation response signal inclusion method
Application service is provided for client, so that attack service be made to separate with normal service, the corresponding data of normal service is reduced and asks
A possibility that seeking packet loss, to improve the attack protection performance of network load.
Fig. 6 is the flow chart of network load anti-attack processing method according to a second embodiment of the present invention.As shown in fig. 6,
The network load anti-attack processing method the following steps are included:
Step S602, the handshake packet of attack protection server desampler forwarding.
After interchanger forwards the handshake packet from client, attack protection server receives handshake packet, tool
For body, handshake packet carries the address about client, the port of client, the IP address of itself, the company of server
The information such as connect.Handshake packet can be the normal handshake of request normal service, be also possible to only open half-connection service
Attack handshake packet.Wherein, handshake packet is attacked, that is, taking when user end to server sends handshake packet
It is engaged in after device transmission answer signal packet, sends response signal packet without server, cause the system resource of server occupied
Handshake packet.Optionally, attack protection server is the server with ten thousand Broadcoms, is configured with kernel firewall, Ke Yiyong
Handshake packet is attacked in processing, reduces a possibility that network interface card carrying is transfinited.
Step S604, attack protection server construct answer signal packet according to handshake packet.
Attack protection server is after the handshake that desampler forwards, and attack protection server is according to handshake packet
Construction answer signal packet includes: the characteristic information that attack protection server extracts handshake packet, that is, attack protection server parses
Handshake packet, extracting includes the address of client, the port of client and the IP address of itself, the information such as connection of server
Characteristic information.
Attack protection server constructs answer signal packet according to the characteristic information of pre-set configuration rule and handshake packet,
In, the characteristic information of pre-set configuration rule and handshake packet is used to construct the particular algorithm of answer signal packet, and optionally, this is answered
Signal packet is answered to be calculated by the source address of handshake packet, port source order, destination address, target port and encryption seed.
Answer signal packet is sent to interchanger by step S606, attack protection server.
After attack protection server constructs answer signal packet according to handshake packet, attack protection server is by answer signal
Packet is sent to interchanger.Interchanger is used to answer signal packet being forwarded to client.
If client starts the normal handshake packet that the handshake packet sent is normal service, attack protection service
Device is that normal handshake establishes half-connection, and client generates response signal packet according to answer signal packet, and response signal packet carries
There is the characteristic value of construction algorithm, attack protection server is used to obtain answer signal packet by handshake packet by construction algorithm.Such as
It is to attack the attack handshake packet serviced that fruit client, which starts to send, then client believes the response that attack server is sent
Number packet not responds, at this point, attack protection server still waits the response of client and is the open memory of its half-connection.
After client generates response signal packet according to answer signal packet, interchanger transponder response signal packet to application clothes
Business device, in the legitimacy of application server validation response signal packet and in the case where validation response signal inclusion method, client
It is successfully established TCP connection with application server, application server responses data request packet provides application to client, for client
Service.Preferably, an attack protection server corresponds to multiple application servers.After being successfully established TCP connection, multiple applications
Server is served only for handling the corresponding data request packet of normal handshake, and different application services is provided for client.Work as visitor
When family end sends the attack handshake of attack service, then interchanger forwarding attack handshake packet gives attack protection server, from
And making attack server processing attack handshake packet, application server only handles the data request packet of normal service, avoids
Influence of the attack service to normal service, improves the defending performance of network load.
The embodiment of the network load anti-attack processing method is shaken hands by what attack protection server desampler forwarded
Signal packet, then attack protection server constructs answer signal packet according to handshake packet, then answer signal packet is sent to exchange
Machine, and then response signal packet is generated to the response for the answer signal packet that interchanger forwards by client, pass through interaction machine forwarding
Response signal packet makes application server only handle the data request packet of normal service to application server, and interacts machine forwarding and attack
The corresponding attack handshake packet of the service of hitting makes attack server processing attack handshake packet, avoids to attack server
Handling normal handshake on the same server causes the corresponding data request packet of normal handshake with attack handshake
A possibility that loss, prevents influence of the attack service to normal service in a short time, attacks to improve the anti-of network load
Hit performance.
Fig. 7 is the flow chart of network load anti-attack processing method according to a third embodiment of the present invention.As shown in fig. 7,
The network load anti-attack processing method the following steps are included:
Step S702, the response signal packet of application server desampler forwarding.
Answer signal packet, client are constructed according to the characteristic information of preset rules and handshake packet in attack protection server
After responding again to the answer signal packet from attack protection server of interaction machine forwarding, client generates response signal
Packet, the response signal packet of application server desampler forwarding, that is, application server receives the handshake of normal service
Corresponding response signal packet.
Preferably, application server has multiple, and different application services can be provided for client.It is tested in application server
Corresponding application service is provided in the case where card response signal inclusion method for client.In application server validation response signal packet
Legitimacy after, when application server can abandon response signal packet when validation response signal packet is illegal, that is, using
Server is not responding to request data package to client, does not provide corresponding application service for client.
Step S704, the legitimacy of application server validation response signal packet.
After the response signal packet of application server desampler forwarding, application server validation response signal packet
Legitimacy.Preferably, application server is according to the characteristic value of construction algorithm and preset proof rule validation response signal packet
Legitimacy, attack protection server is used to obtain answer signal packet by handshake packet by construction algorithm, specifically, verifying is rung
Whether induction signal packet meets the engagement arithmetic of application server Yu attack protection server, which includes attack protection server
The algorithm of the answer signal constructed according to the characteristic information of pre-set configuration rule and handshake packet is advised according to preset verifying
The then legitimacy of validation response signal packet.
Step S706, application server provide application service in the case where validation response signal inclusion method for client.
The legitimacy of application server validation response signal packet, it is preferable if meet attack protection server according to default
The characteristic information of construction rule and handshake packet and the algorithm of answer signal constructed, then client and application server success
TCP connection is established, response data request packet is to client, and hereafter, client and application server can transmit normal service
Normal data request packet provides corresponding application service for client.Application service can be access information from webpage, i.e.
When the application services such as communication, Web conference.Application server has multiple, and different application services can be provided for client.No
Same application service can correspond to different application servers, and same application server can there are many application services, for example, objective
When family end is browser, application service can be the service content such as video, news on the different web pages page, the different web pages page
On the service content such as video, news can correspond to different servers, same server can also both provide video, can also be with
The service content such as news are provided.When client sends the attack handshake of attack service, then interchanger forwarding attack is shaken hands
Signal packet gives attack protection server, so that application server is made only to handle the data request packet of normal service, it will not be under attack
The influence of service.On the other hand, to multiple application servers under same interchanger, attack protection server is configured with kernel
Firewall, all TCP request packets (SYN packet) for the application server under same interchanger are by equipped with kernel firewall
Attack protection machine handled, to make multiple application servers for being not configured with kernel firewall that also there is defense
Can, improve the defending performance of network load.
Application server is verified in application server and is rung according to the legitimacy of preset proof rule validation response signal packet
After the legitimacy of induction signal packet, it is preferable that application server abandons response in the illegal situation of validation response signal packet
Signal packet.
Fig. 8 is the flow chart of the method for application server validation response signal packet according to an embodiment of the present invention.Such as Fig. 8 institute
Show, method includes the following steps:
Step S81, application server receive response signal packet.
Application server receives the response signal packet from client of interaction machine forwarding, the response signal packet, wherein rings
Induction signal packet is the response signal packet from client, and client is used to generate response signal packet, response according to answer signal packet
Signal packet is the answer signal packet that the handshake packet that attack protection server is forwarded according to interchanger constructs.
Whether step S82, validation response signal packet meet preset proof rule.
Whether application server validation response signal packet meets default proof rule, it is preferable that application server is according to structure
Make the characteristic value of algorithm and the legitimacy of preset proof rule validation response signal packet, specifically, response signal packet whether
Meet the engagement arithmetic of application server Yu attack protection server, which includes attack protection server according to pre-set configuration
The characteristic information of rule and handshake packet and the algorithm of answer signal constructed, judge whether response signal packet is client root
The response signal packet generated according to the answer signal of attack protection server constructs.If validation response signal packet meets default verifying
Rule, then response signal packet is the response signal packet that client is generated according to the answer signal of attack protection server constructs, is held
Row step S83, response data request packet is to client;If validation response signal packet does not meet default proof rule, respond
The response signal packet that signal Bao Buwei client is generated according to the answer signal of attack protection server constructs executes step S84,
Abandon response signal packet.
Step S83, response data request packet is to client.
If validation response signal packet meets default proof rule, client and application server are successfully established TCP company
It connects, client and application server can transmit the corresponding normal data request packet of normal service, provide accordingly for client
Application service.
Step S84 abandons response signal packet.
If validation response signal packet does not meet default proof rule, which is not that client is attacked according to anti-
The response signal packet for hitting the answer signal of server constructs and generating, is not application server processes, and application server abandons should
Response signal packet.
The embodiment of the network load anti-attack processing method is believed using the response of application server desampler forwarding
Number packet, the legitimacy of application server then validation response signal packet, application server is again in validation response signal inclusion method
In the case of for client provide application service, asked so that application server be made only to handle the corresponding normal data of normal handshake
Packet is sought, the bearing capacity of network interface card is reduced, improves the attack protection performance of network load.
It should be noted that step shown in the flowchart of the accompanying drawings can be in such as a group of computer-executable instructions
It is executed in computer system, although also, logical order is shown in flow charts, and it in some cases, can be with not
The sequence being same as herein executes shown or described step.
The embodiment of the invention also provides a kind of network load attack protection processing units, including are used for network load attack protection
Interchanger, the attack protection server for network load attack protection and the application server for network load attack protection.It needs
It is noted that the device can be used for executing the network load anti-attack processing method of the embodiment of the present invention.
Fig. 9 is the schematic diagram of interchanger according to an embodiment of the present invention.As shown in figure 9, the interchanger includes: the first forwarding
Unit 21, the second retransmission unit 22 and third retransmission unit 23.
First retransmission unit 21, for the handshake packet from client to be forwarded to attack protection server, wherein anti-
Attack server is used to construct answer signal packet according to handshake packet.
The interchanger further include: receiving unit, judging unit, the first transmission unit and the second transmission unit.Receiving unit,
For receiving from visitor before the handshake packet from client is forwarded to attack protection server by the first retransmission unit 21
The data request packet at family end;Judging unit, for judging whether data request packet is handshake packet;First transmission unit is used
In when judging data request packet is handshake packet, handshake packet is sent to attack protection server;Second transmission unit,
For sending non-handshake packet to application server when judging data request packet is non-handshake packet.
Second retransmission unit 22, for forwarding answer signal packet to client, wherein client is used for according to answer signal
Packet generates response signal packet.
Third retransmission unit 23, for transponder response signal packet to application server, wherein application server is for verifying
The legitimacy of response signal packet simultaneously provides application service in the case where validation response signal inclusion method for client.
The third retransmission unit of the interchanger further include: receiving module, for receiving the response signal packet from client,
Wherein, response signal packet carries the characteristic value of construction algorithm, and attack protection server is used for through construction algorithm by handshake
Packet obtains answer signal packet;Sending module, for response signal packet to be sent to application server, wherein application server is used
According to the characteristic value of construction algorithm and the legitimacy of preset proof rule validation response signal packet.
Handshake packet from client is forwarded to anti-attack by the first retransmission unit 21 by the interchanger of the embodiment
Hit server, wherein attack protection server is used to construct answer signal packet according to handshake packet, passes through the second retransmission unit 22
Forward answer signal packet to client, wherein client is used to generate response signal packet according to answer signal packet, turns by third
Bill 23 transponder response signal packets of member are to application server, wherein application server is used for the legitimacy of validation response signal packet
And application service is provided for client in the case where validation response signal inclusion method, to improve the attack protection of network load
Performance.
Figure 10 is the schematic diagram of attack protection server according to an embodiment of the present invention.As shown in Figure 10, the attack protection service
Device includes: receiving unit 31, structural unit 32 and transmission unit 33.
Receiving unit 31, the handshake packet for desampler forwarding.
Structural unit 32, for constructing answer signal packet according to handshake packet.
The structural unit of the attack protection server includes: extraction module, extracts handshake packet for attack protection server
Characteristic information;Constructing module, for attack protection server according to the characteristic information structure of pre-set configuration rule and handshake packet
Make answer signal packet.
Transmission unit 33, for answer signal packet to be sent to interchanger, wherein interchanger is used to turn answer signal packet
It is sent to client, wherein client is used to generate response signal packet according to answer signal packet, and interchanger is used for transponder response signal
To application server, application server is used for the legitimacy of validation response signal packet and in the feelings of validation response signal inclusion method packet
Application service is provided under condition for client.
The attack protection server of the embodiment passes through the handshake packet that 31 desampler of receiving unit forwards, and passes through structure
It makes unit 32 and answer signal packet is constructed according to handshake packet, answer signal packet is sent to by interchanger by transmission unit 33,
Wherein, interchanger is used to answer signal packet being forwarded to client, wherein client is used to be generated according to answer signal packet and respond
Signal packet, interchanger are used for the conjunction of validation response signal packet for transponder response signal packet to application server, application server
Method simultaneously provides application service in the case where validation response signal inclusion method for client, to improve the anti-of network load
Attack performance.
Figure 11 is the schematic diagram of application server according to an embodiment of the present invention.As shown in figure 11, the application server packet
It includes: receiving unit 41, verifying single 42 and offer unit 43.
Receiving unit 41, the response signal packet for desampler forwarding, wherein response signal packet is from client
Response signal packet, client be used for according to answer signal packet generate response signal packet, answer signal packet be attack protection server
The answer signal packet constructed according to the handshake packet that interchanger forwards.
Authentication unit 42, the legitimacy for validation response signal packet, it is preferable that authentication unit 42 is according to preset verifying
The legitimacy of rule verification response signal packet.
The application server further includes discarding unit, after the legitimacy for 42 validation response signal packet of authentication unit,
Response signal packet is abandoned in the 42 illegal situation of validation response signal packet of authentication unit.
Unit 43 is provided, for providing application service in the case where validation response signal inclusion method for client.
The application server of the embodiment passes through the response signal packet that receiving unit 41 is forwarded by desampler,
In, response signal packet is the response signal packet from client, and client is used to generate response signal packet according to answer signal packet,
Answer signal packet is the answer signal packet that the handshake packet that attack protection server is forwarded according to interchanger constructs, by testing
The legitimacy for demonstrate,proving 42 validation response signal packet of unit is visitor in the case where validation response signal inclusion method by providing unit 43
Family end provides application service, to improve the attack protection performance of network load.
Configuration strategy routes the embodiment of the present invention on switches, is the handshake of this LAN server by destination IP
It wraps on whole policybased routings to attack protection server, attack is serviced into corresponding attack handshake packet and independently arrives attack protection service
On device, on other types packet policybased routing to application server.When application server and client be successfully established TCP connection it
Afterwards, the corresponding normal data request packet of normal service is only handled on the application server, and attack protection server does not have to consume money again
The corresponding normal data request packet of processing normal service is removed in source, normal data request packet will not service under attack influence.
With the increase of challenging dose, attack protection server receives processing signal to attack packet, and application server receives processing normal data and asks
A possibility that seeking packet, reducing normal data request packet loss improves the efficiency of normal service.On the other hand, in attack protection
Kernel services device is configured on server, and the application server of firewall is not disposed for other under same interchanger, is mentioned for it yet
For firewall functionality, normal service and attack service are handled on a different server to realize, improve net
The attack protection performance of network load.
Obviously, those skilled in the art should be understood that each module of the above invention or each step can be with general
Computing device realize that they can be concentrated on a single computing device, or be distributed in multiple computing devices and formed
Network on, optionally, they can be realized with the program code that computing device can perform, it is thus possible to which they are stored
Be performed by computing device in the storage device, perhaps they are fabricated to each integrated circuit modules or by they
In multiple modules or step be fabricated to single integrated circuit module to realize.In this way, the present invention is not limited to any specific
Hardware and software combines.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field
For art personnel, the invention may be variously modified and varied.All within the spirits and principles of the present invention, made any to repair
Change, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.
Claims (10)
1. a kind of network load anti-attack processing method characterized by comprising
Handshake packet from client is forwarded to attack protection server by interchanger, wherein the attack protection server is used
According to handshake packet construction answer signal packet;
The interchanger forwards the answer signal packet to the client, wherein the client is used for according to the response
Signal packet generates response signal packet;
The interchanger forwards the response signal packet to application server, wherein the application server is described for verifying
The legitimacy of response signal packet simultaneously provides application service in the case where verifying the response signal inclusion method for the client;
Wherein, the application server verifies the response signal packet according to the characteristic value of preset proof rule and construction algorithm
Legitimacy, verify the response signal packet and whether meet the agreement of the application server and the attack protection server and calculate
Method.
2. the method according to claim 1, wherein the handshake packet from client is forwarded in interchanger
To before attack protection server, the method also includes:
The interchanger receives the data request packet from the client;
The interchanger judges whether the data request packet is handshake packet;
Wherein, the interchanger is sent out when judging the data request packet is handshake packet to the attack protection server
The handshake packet is sent, when judging the data request packet is non-handshake packet, is sent to the application server
The non-handshake packet.
3. according to the method described in claim 2, it is characterized in that, the interchanger forwards the response signal packet to application clothes
Business device include:
The interchanger receives the response signal packet from the client, wherein the response signal packet carries structure
Make the characteristic value of algorithm, wherein the attack protection server by the construction algorithm by the handshake packet for being obtained
The answer signal packet;And
The response signal packet is sent to the application server by the interchanger, wherein the application server is used for root
The legitimacy of the response signal packet is verified according to the characteristic value and preset proof rule of the construction algorithm.
4. a kind of network load anti-attack processing method characterized by comprising
The handshake packet of attack protection server desampler forwarding;
The attack protection server constructs answer signal packet according to the handshake packet;And
The answer signal packet is sent to the interchanger by the attack protection server, wherein the interchanger is used for institute
It states answer signal packet and is forwarded to client, wherein the client is used to generate response signal packet according to the answer signal packet,
The interchanger is for forwarding the response signal packet to application server, and the application server is for verifying the response letter
Number packet legitimacy and provide application service in the case where verifying the response signal inclusion method for the client;
Wherein, the application server verifies the response signal packet according to the characteristic value of preset proof rule and construction algorithm
Legitimacy, verify the response signal packet and whether meet the agreement of the application server and the attack protection server and calculate
Method.
5. according to the method described in claim 4, it is characterized in that, the attack protection server is according to the handshake packet structure
Making answer signal packet includes:
The attack protection server extracts the characteristic information of the handshake packet;And
The attack protection server, which constructs the response according to the characteristic information of pre-set configuration rule and the handshake packet, to be believed
Number packet.
6. a kind of network load anti-attack processing method characterized by comprising
The response signal packet of application server desampler forwarding, wherein the response signal packet is the sound from client
Induction signal packet, the client are used to generate the response signal packet according to answer signal packet, and the answer signal packet is anti-attacks
Hit the answer signal packet that the handshake packet that server is forwarded according to the interchanger constructs;
The application server verifies the legitimacy of the response signal packet;And
The application server provides application service in the case where verifying the response signal inclusion method for the client;
Wherein, the application server verifies the response signal packet according to the characteristic value of preset proof rule and construction algorithm
Legitimacy, verify the response signal packet and whether meet the agreement of the application server and the attack protection server and calculate
Method.
7. a kind of interchanger characterized by comprising
First retransmission unit, for the handshake packet from client to be forwarded to attack protection server, wherein described to prevent attacking
Server is hit for constructing answer signal packet according to the handshake packet;
Second retransmission unit, for forwarding the answer signal packet to the client, wherein the client is used for according to institute
It states answer signal packet and generates response signal packet;And
Third retransmission unit, for forwarding the response signal packet to application server, wherein the application server is for testing
It demonstrate,proves the legitimacy of the response signal packet and is provided in the case where verifying the response signal inclusion method for the client and answered
With service;
Wherein, the application server verifies the response signal packet according to the characteristic value of preset proof rule and construction algorithm
Legitimacy, verify the response signal packet and whether meet the agreement of the application server and the attack protection server and calculate
Method.
8. a kind of attack protection server characterized by comprising
Receiving unit, the handshake packet for desampler forwarding;
Structural unit, for constructing answer signal packet according to the handshake packet;And
Transmission unit, for the answer signal packet to be sent to the interchanger, wherein the interchanger is used to answer by described in
It answers signal packet and is forwarded to client, wherein the client is used to generate response signal packet according to the answer signal packet, described
Interchanger is for forwarding the response signal packet to application server, and the application server is for verifying the response signal packet
Legitimacy and provide application service in the case where verifying the response signal inclusion method for the client;
Wherein, the application server verifies the response signal packet according to the characteristic value of preset proof rule and construction algorithm
Legitimacy, verify the response signal packet and whether meet the agreement of the application server and the attack protection server and calculate
Method.
9. a kind of application server characterized by comprising
Receiving unit, the response signal packet for desampler forwarding, wherein the response signal packet is from client
Response signal packet, the client are used to generate the response signal packet according to answer signal packet, and the answer signal packet is anti-
The answer signal packet that the handshake packet that attack server is forwarded according to the interchanger constructs;
Authentication unit, for verifying the legitimacy of the response signal packet;And
Unit is provided, for providing application service in the case where verifying the response signal inclusion method for the client;
Wherein, the legitimacy of the response signal packet is verified according to the characteristic value of preset proof rule and construction algorithm, is verified
Whether the response signal packet meets the engagement arithmetic of application server Yu the attack protection server.
10. a kind of network load attack protection processing system, which is characterized in that including client, interchanger, attack protection server and
Application server, in which:
The client generates response signal packet for sending handshake packet, according to answer signal packet;
The interchanger is used to the handshake packet being forwarded to the attack protection server, forwards the answer signal packet extremely
The client forwards the response signal packet to the application server;
The attack protection server is used to construct the answer signal packet according to the handshake packet;And
The application server is used to verify the legitimacy of the response signal packet and is verifying the response signal inclusion method
In the case of for the client provide application service;
Wherein, the application server verifies the response signal packet according to the characteristic value of preset proof rule and construction algorithm
Legitimacy, verify the response signal packet and whether meet the agreement of the application server and the attack protection server and calculate
Method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510622991.1A CN105337959B (en) | 2015-09-25 | 2015-09-25 | Network load anti-attack processing method and system and attack protection server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510622991.1A CN105337959B (en) | 2015-09-25 | 2015-09-25 | Network load anti-attack processing method and system and attack protection server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105337959A CN105337959A (en) | 2016-02-17 |
| CN105337959B true CN105337959B (en) | 2018-12-21 |
Family
ID=55288243
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510622991.1A Active CN105337959B (en) | 2015-09-25 | 2015-09-25 | Network load anti-attack processing method and system and attack protection server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105337959B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108650244A (en) * | 2018-04-24 | 2018-10-12 | 网宿科技股份有限公司 | A kind of domain name analytic method, terminal and recurrence dns server |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102780688A (en) * | 2012-04-26 | 2012-11-14 | 华为技术有限公司 | Method and device for preventing attack under transmission control protocol (TCP) |
| CN103347016A (en) * | 2013-06-28 | 2013-10-09 | 天津汉柏汉安信息技术有限公司 | Attack defense method |
| US8613089B1 (en) * | 2012-08-07 | 2013-12-17 | Cloudflare, Inc. | Identifying a denial-of-service attack in a cloud-based proxy service |
| CN104506482A (en) * | 2014-10-10 | 2015-04-08 | 香港理工大学 | Network attack detection method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8966619B2 (en) * | 2006-11-08 | 2015-02-24 | Verizon Patent And Licensing Inc. | Prevention of denial of service (DoS) attacks on session initiation protocol (SIP)-based systems using return routability check filtering |
-
2015
- 2015-09-25 CN CN201510622991.1A patent/CN105337959B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102780688A (en) * | 2012-04-26 | 2012-11-14 | 华为技术有限公司 | Method and device for preventing attack under transmission control protocol (TCP) |
| US8613089B1 (en) * | 2012-08-07 | 2013-12-17 | Cloudflare, Inc. | Identifying a denial-of-service attack in a cloud-based proxy service |
| CN103347016A (en) * | 2013-06-28 | 2013-10-09 | 天津汉柏汉安信息技术有限公司 | Attack defense method |
| CN104506482A (en) * | 2014-10-10 | 2015-04-08 | 香港理工大学 | Network attack detection method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105337959A (en) | 2016-02-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Dong et al. | A survey on distributed denial of service (DDoS) attacks in SDN and cloud computing environments | |
| Agrawal et al. | Defense mechanisms against DDoS attacks in a cloud computing environment: State-of-the-art and research challenges | |
| Jakaria et al. | Vfence: A defense against distributed denial of service attacks using network function virtualization | |
| Ekparinya et al. | Impact of man-in-the-middle attacks on ethereum | |
| EP3577589B1 (en) | Prevention of malicious automation attacks on a web service | |
| Dayal et al. | Research trends in security and DDoS in SDN | |
| Fichera et al. | OPERETTA: An OPEnflow-based REmedy to mitigate TCP SYNFLOOD Attacks against web servers | |
| Yao et al. | Source address validation solution with OpenFlow/NOX architecture | |
| Gelenbe et al. | A self-aware approach to denial of service defence | |
| CN101072106B (en) | Method and system for defending against denial of service attacks | |
| US20150089566A1 (en) | Escalation security method for use in software defined networks | |
| Sanmorino et al. | DDoS attack detection method and mitigation using pattern of the flow | |
| Saravanan et al. | A new framework to alleviate DDoS vulnerabilities in cloud computing. | |
| US12323458B2 (en) | Thwarting SYN flood DDoS attacks | |
| Dulik | Network attack using TCP protocol for performing DoS and DDoS attacks | |
| RU2576488C1 (en) | METHOD OF CONSTRUCTING DATA NETWORKS WITH HIGH LEVEL OF SECURITY FROM DDoS ATTACKS | |
| Sattar et al. | A delay-based countermeasure against the discovery of default rules in firewalls | |
| CN105337959B (en) | Network load anti-attack processing method and system and attack protection server | |
| CN108965309A (en) | A kind of data transmission processing method, device, system and equipment | |
| Tahir et al. | A novel DDoS floods detection and testing approaches for network traffic based on linux techniques | |
| Czubak et al. | Algorithmic complexity vulnerability analysis of a stateful firewall | |
| Alosaimi et al. | Mitigation of distributed denial of service attacks in the cloud | |
| Djalaliev et al. | Sentinel: hardware-accelerated mitigation of bot-based DDoS attacks | |
| Khirwadkar | Defense against network attacks using game theory | |
| Bossardt et al. | Enhanced Internet security by a distributed traffic control service based on traffic ownership |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201118 Address after: 100083 Beijing Haidian District 39 Xueyuan Road 6 real estate building. Patentee after: Beijing Mesh Technology Co.,Ltd. Address before: 200030 Shanghai Xuhui District Xietu Road No. 2899 Building 5 floor, a Kuangchi Cultural Square Patentee before: WANGSU SCIENCE & TECHNOLOGY Co.,Ltd. |