CN102404345A - Distributed attack prevention method and device - Google Patents
Distributed attack prevention method and device Download PDFInfo
- Publication number
- CN102404345A CN102404345A CN201110442248XA CN201110442248A CN102404345A CN 102404345 A CN102404345 A CN 102404345A CN 201110442248X A CN201110442248X A CN 201110442248XA CN 201110442248 A CN201110442248 A CN 201110442248A CN 102404345 A CN102404345 A CN 102404345A
- Authority
- CN
- China
- Prior art keywords
- sends
- request message
- cookie value
- client
- webserver
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 230000002265 prevention Effects 0.000 title claims abstract description 19
- 235000014510 cooky Nutrition 0.000 claims abstract description 84
- 230000004044 response Effects 0.000 claims abstract description 32
- 230000005540 biological transmission Effects 0.000 claims description 9
- 238000012217 deletion Methods 0.000 claims description 9
- 230000037430 deletion Effects 0.000 claims description 9
- 238000005516 engineering process Methods 0.000 description 6
- 238000004364 calculation method Methods 0.000 description 5
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 239000012141 concentrate Substances 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012797 qualification Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a distributed attack prevention method and a distributed attack prevention device, wherein the method comprises the steps of: responding to a message pre-sent by a client, and sending a response message carrying a first COOKIE value to the client; receiving a request message post-sent by the client, wherein the request message carries a second COOKIE value; and sending the post-sent request message to a network server according to the second COOKIE value. The distributed attack prevention method and the distributed attack prevention device ensure common users to normally access websites.
Description
Technical field
The present invention relates to the communications field, in particular to a kind of distributed attack prevention method and device.
Background technology
It is a kind of of DDOS (distributed denial of service) that CC attacks, the DDOS that compares other attack CC as if more have technology content some.False IP is can not see in this attack, can not see king-sized abnormal flow, but causes server normally to connect, and this shows its harmfulness.Let most the head of a station worried be that this attack technology content is low, utilize one of instrument and some IP agency at the beginning of, the user of the computer level of middle rank just can implement attack.
In CC attacked, the assailant controlled some main frame and ceaselessly sends the mass data bag and cause server resource to take fully for the other side's server, until the machine collapse of delaying.CC mainly is used for attacking the page; When the number of a web page access was many especially, it was just slow to open webpage, and CC simulates a plurality of users (having how many threads just can simulate how many users) exactly and ceaselessly visits those and need mass data to operate the page of (a large amount of CPU times of needs); Cause taking of server resource; CPU is in 100% utilization rate for a long time, the not intact connection of processing is all arranged until network congestion forever, and normal visit is ended.
CC attacks can be divided into two kinds of attack patterns, and first kind is to act on behalf of CC to attack: the hacker generates the legal web-page requests of pointing to victim host by acting server, realizes DDOS and camouflage.Second kind is that fryer CC attacks: the hacker utilizes CC to attack software, controls a large amount of fryer attack.
In Network Security Device, traditional anti-CC attack means all limits based on the frequency configuration threshold value to server access basically.Roughly there are following two kinds.
A kind of restriction that mainly is based on the threshold value of access frequency after access frequency reaches user's preset threshold, just abandons follow-up data.Fig. 1 is the anti-CC attack means sketch map one according to prior art, and as shown in Figure 1, wherein the dotted line lines are represented attack traffic, and the solid line lines are represented normal discharge.If the threshold value that the user is provided with is N (inferior)/second, after Get number of the http of the Firewall that flows through reached this frequency N time/second, Firewall can abandon the http Get request above this threshold value; As shown above, he whether can not go to discern be the attack traffic of CC.The maximum shortcoming of this technology is when abandoning http Get request, only is responsible for abandoning above the threshold value partial discharge, comprises attack traffic and normal discharge in this part flow, causes the part attack traffic to be let slip; The part normal discharge is dropped simultaneously.
Another kind is on server, to limit through software, and common way is the restriction of in the Web engine, developing based on the threshold value of access frequency.This technology mainly is based on the restriction of the threshold value of access frequency, after access frequency reaches user's preset threshold, just abandons follow-up data.Fig. 2 is the anti-CC attack means sketch map two according to prior art; It is as shown in Figure 2: if the threshold value that the user is provided with is N (inferior)/second; After Get number of http of anti-CC attack module statistics reached this frequency N time/second, engine can abandon the http Get request above this threshold value; As shown above, he whether can not go to discern be the attack traffic of CC.The shortcoming of this technology maximum when abandoning http Get request, only is responsible for abandoning above the threshold value partial discharge exactly, comprises attack traffic and normal discharge in this part flow, causes the part attack traffic to be let slip; The part normal discharge is dropped simultaneously.In addition, because the engine that the Web server of different user is used is different, causes and need attack module for each user develops independent anti-CC, versatility is relatively poor.
Summary of the invention
The invention provides a kind of distributed attack prevention method and device,, directly abandon flow, influence the problem of normal access website above threshold value to solve at least in the correlation technique when reaching preset visit capacity or access frequency.
According to an aspect of the present invention, a kind of distributed attack prevention method is provided, has comprised: the request message in response to client is formerly sent, send the response message that carries a COOKIE value to client; Receive the request message that client is sent in the back, wherein carry the 2nd COOKIE value in the request message; Be sent in the request message that send the back according to the 2nd COOKIE value to the webserver.
Preferably, being sent in the request message that sends the back according to the 2nd COOKIE value to the webserver comprises: verify whether the 2nd COOKIE value is correct; If the checking result is for being the request message that then after the webserver is sent in, sends.
Preferably, being sent in the request message that sends the back according to the 2nd COOKIE value to the webserver comprises: verify whether a COOKIE value is consistent with the 2nd COOKIE value; If the checking result is for being the request message that then after the webserver is sent in, sends.
Preferably, a COOKIE value is to generate according to the key of system's selection and/or the client-side information of client.
Preferably, the key of system's selection generates at random.
Preferably, client-side information is that the URI according to client, the Internet protocol IP address of client, the port address of client and the browser type of client generate.
Preferably, before carrying the response message of a COOKIE value to the client transmission, also comprise: in response message, carry the execution script, wherein this execution script is used for triggering automatically the operation that client executing is sent in the request message that sends the back.
Preferably, sending request message to the webserver comprises: deletion COOKIE value in the request message that sends in the back; The request message that sends in the back after the webserver sends deletion.
According to another aspect of the present invention, a kind of distributed attack holdout device is provided, has comprised: first sending module, be used for the request message that the customer in response end formerly sends, send the response message that carries a COOKIE value to client; Receiver module is used to receive the request message that client is sent in the back, wherein carries the 2nd COOKIE value in the request message; Second sending module is used for according to said the 2nd COOKIE value, sends the said request message that sends in the back to the webserver.
Preferably, second sending module comprises: the first checking submodule is used to verify whether the 2nd COOKIE value is correct; First sends submodule, is used for indicating the request message that after the webserver is sent in, sends under the correct situation of the 2nd COOKIE value in the checking result.
Preferably, second sending module comprises: the second checking submodule is used to verify whether a COOKIE value is consistent with the 2nd COOKIE value; Second sends submodule, is used for indicating the request message that after the webserver is sent in, sends under the COOKIE value situation consistent with the 2nd COOKIE value in the checking result.
Through the present invention, distributed attack holdout device sends to client and carries the response message of COOKIE value, when the COOKIE value that the secondary request of having only client to send is carried meets the demands; Just can send this request message to the webserver;, solved when reaching preset visit capacity or access frequency, directly abandon flow above threshold value; Influence the problem of normal access website, and then guaranteed domestic consumer's access websites normally.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, and illustrative examples of the present invention and explanation thereof are used to explain the present invention, do not constitute improper qualification of the present invention.In the accompanying drawings:
Fig. 1 is the anti-CC attack means sketch map one according to prior art;
Fig. 2 is the anti-CC attack means sketch map two according to prior art;
Fig. 3 is the flow chart one according to the distributed attack prevention method of the embodiment of the invention;
Fig. 4 is the flowchart 2 according to the distributed attack prevention method of the embodiment of the invention;
Fig. 5 is the sketch map of distributed according to the preferred embodiment of the invention attack prevention method;
Fig. 6 is the structured flowchart according to the distributed attack holdout device of the embodiment of the invention;
Fig. 7 is the structured flowchart one of distributed according to the preferred embodiment of the invention attack holdout device;
Fig. 8 is the structured flowchart two of distributed according to the preferred embodiment of the invention attack holdout device;
Fig. 9 is the structured flowchart three of distributed according to the preferred embodiment of the invention attack holdout device.
Embodiment
Need to prove that under the situation of not conflicting, embodiment and the characteristic among the embodiment among the application can make up each other.Below with reference to accompanying drawing and combine embodiment to specify the present invention.
The invention provides a kind of distributed attack prevention method, Fig. 3 is the flow chart one according to the distributed attack prevention method of the embodiment of the invention, and is as shown in Figure 3, comprises that following step S302 is to step S306.
Step S302, the request message in response to client is formerly sent sends the response message that carries a COOKIE value to client.
Step S304 receives the request message that client is sent in the back, wherein carries the 2nd COOKIE value in the request message.
Step S306 is sent in the request message that send the back according to the 2nd COOKIE value to the webserver.
In the correlation technique, when the request message that receives from client, distributed attack holdout device directly abandons the flow above threshold value when reaching preset visit capacity or access frequency, thus the normal visit of influence part.Pass through the embodiment of the invention; Distributed attack holdout device sends to client and carries the response message of COOKIE value; When the COOKIE value that the secondary request of having only client to send is carried meets the demands; Just can send this request message to the webserver, distributed attack can't be carried out secondary request, thereby has avoided distributed attack and guaranteed normal visit.
Preferably, being sent in the request message that sends the back according to the 2nd COOKIE value to the webserver comprises: verify whether the 2nd COOKIE value is correct; If the checking result is for being the request message that then after the webserver is sent in, sends.In this preferred embodiment, whether correct through checking COOKIE value, can judge whether this visit is the normal access of domestic consumer, if request message is then sent in normal visit, between the user and the webserver, connect.
Preferably, being sent in the request message that sends the back according to the 2nd COOKIE value to the webserver comprises: verify whether a COOKIE value is consistent with the 2nd COOKIE value; If the checking result is for being the request message that then after the webserver is sent in, sends.In this preferred embodiment, whether consistent through verifying twice COOKIE value, can judge whether this visit is the normal access of domestic consumer, if request message is then sent in normal visit, between the user and the webserver, connect.
Preferably, a COOKIE value is to generate according to the key of system's selection and/or the client-side information of client.
Preferably, the key of system's selection generates at random.Through this preferred embodiment, system need too much not calculate can generate required key, has practiced thrift the resource of system.
Preferably, client-side information is that the URI according to client, the Internet protocol IP address of client, the port address of client and the browser type of client generate.
Preferably, before carrying the response message of a COOKIE value to the client transmission, also comprise: in response message, carry the execution script, wherein this execution script is used for triggering automatically the operation that client executing is sent in the request message that sends the back.This preferred embodiment is carried out script through in response message, embedding one section, its objective is that automatically performing script through client is sent in the request message that send the back, thereby makes things convenient for the operation of client, improves user experience.
Preferably, sending request message to the webserver comprises: deletion COOKIE value in the request message that sends in the back; The request message that sends in the back after the webserver sends deletion.Consider that when the webserver sent request message, the COOKIE value of carrying is effect not, this preferred embodiment is deletion COOKIE value before sending the request response to the webserver.
Fig. 4 is the flow chart one according to the distributed attack prevention method of the embodiment of the invention, and is as shown in Figure 4, comprises that following step S402 is to step S412.
Step S402, client is sent http request message.
Step S404, the response message that Firewall replaces Web server to respond.
Step S406, (request+checking) once more request message of client.
Step S408, Firewall handles the back and transmits request message.
Step S410, Web Server sends the response message.
Step S412, Firewall transmits the response message of Web Server.
Adopt http to ask verification technique once more; When receiving a http request message, server process is not submitted in this request, but emulating server sends a response message through structure to request segment; Embed COOKIE value in the response message through the current connection of the unique sign of ability of calculating; In response message, embed one section JavaScript script simultaneously, its objective is through client to automatically perform the JavaScript script, do request for the second time; In request for the second time, come COOKIE value band, and verify.
Therefore TCP is the bottom bearing protocol of http agreement, is carrying out when CC attacks, and also can take the connection in the protocol stack of server; In our solution, be not the agency of TCP.Promptly allow the foundation of three-way handshake.
The request that client is sent, GET/xxx HTTP/1.1 for example is when being sent out to Firewall; Firewall is according to the URI calculating K ey value of request; Key=hash (URI+srouceIP+sourcePort) is then according to Key value structure COOKIE value, COOKIE={PRIVATEKEY+Key}.
The page of replying that the distributed attack holdout device of fire compartment wall is constructed a 200OK immediately sends to client, replys the Set-Cookie=COOKIE in the page, and in the page, embeds a JavaScript.The function of JavaScript script is to replace the user to do request once more.
Client is after obtaining replying, and browser can be carried out JavaScript.And be directed to the connection of returning to him (this is connected to the URL that the user asks for the first time).
Distributed attack holdout device can verify whether the COOKIE value of the connection request page is identical with expected value after receiving request for the second time.If consistent, then remove the COOKIE in secondary request after, request is sent to HTTP Server.
If utilize automation tools to carry out distributed attack, because instrument is not carried out the function of JavaScript, just can not carry out so construct the operation of replying the page of a 200OK, so just filtered out all attack traffics.
Technical problem to be solved by this invention comprise following some.
1, tradition is attacked maximum problem with the anti-CC of limiting speed mode and is limited inaccurately exactly, can let slip a large amount of attack traffics, can abandon a part of normal discharge simultaneously; Utilize the method can 100% the identification attack traffic, and all filter out.
2, the CC that starts through acting server attacks and can all filter.
3, the CC that starts through fryer attacks and can all filter.
4, need not the user and be provided with, discern attack and filtration automatically.
To combine instance that the implementation procedure of the embodiment of the invention is described in detail below.
The Web server of certain company is attacked by a large amount of CC frequently, causes regular traffic to interrupt, dispose the anti-CC attack equipment of tradition after, still have the certain customers can't this server of normal access.Demand is following:
1) CC that effectively protects to Web server attacks;
2) False Rate of reduction Protection Product does not allow to abandon the visit of normal users;
3) need not carry out complex configurations to safeguard.
Fig. 5 is the sketch map of distributed according to the preferred embodiment of the invention attack prevention method.As shown in Figure 5, the representative of dotted line lines is from the attack traffic of real IP, and the representative of dotted line lines is from the attack traffic of false source IP, and the solid line lines are represented normal discharge.
Through this preferred embodiment,, guaranteed the visit of normal users simultaneously safeguard not being carried out having stoped distributed attack effectively under the situation of complex configurations.
Need to prove; Can in computer system, carry out in the step shown in the flow chart of accompanying drawing such as a set of computer-executable instructions; And; Though logical order has been shown in flow chart, in some cases, can have carried out step shown or that describe with the order that is different from here.
The embodiment of the invention provides a kind of distributed attack holdout device, and this device can be used to realize above-mentioned distributed attack prevention method.Fig. 6 is the structured flowchart according to the distributed attack holdout device of the embodiment of the invention, as shown in Figure 6 comprising: first sending module 62, receiver module 64 and second sending module 66.Be described in detail in the face of its structure down.
First sending module 62 is used for the request message that the customer in response end formerly sends, and sends the response message that carries a COOKIE value to client; Receiver module 64 is connected to first sending module 62, is used to receive the request message that client is sent in the back, wherein carries the 2nd COOKIE value in the request message; Second sending module 66 is connected to receiver module 64, is used for according to said the 2nd COOKIE value, is sent in the request message that send the back to the webserver.Pass through the embodiment of the invention; Distributed attack holdout device sends to client and carries the response message of COOKIE value; Have only client to send when carrying the secondary request of COOKIE value; Just can send this request message to the webserver, distributed attack can't be carried out secondary request, thereby has avoided distributed attack and guaranteed normal visit.
Preferably, said apparatus also comprises: carry module, be used for carrying the execution script at response message, wherein this execution script is used for triggering automatically the operation that client executing is sent in the request message that sends the back.
Fig. 7 is the structured flowchart one of distributed according to the preferred embodiment of the invention attack holdout device, and is as shown in Figure 7, and second sending module 66 comprises: the first checking submodule 662 is used to verify whether said the 2nd COOKIE value is correct; First sends submodule 664, is connected to the first checking submodule 662, is used for indicating under the correct situation of said the 2nd COOKIE value to the said request message that sends in the back of said webserver transmission in the checking result.
Fig. 8 is the structured flowchart two of distributed according to the preferred embodiment of the invention attack holdout device, and is as shown in Figure 8, and second sending module 66 comprises: the second checking submodule 666 is used to verify whether a said COOKIE value is consistent with said the 2nd COOKIE value; Second sends submodule 668, is connected to the second checking submodule 666, is used for indicating under the said COOKIE value situation consistent with said the 2nd COOKIE value to the said request message that sends in the back of said webserver transmission in the checking result.
Fig. 9 is the structured flowchart three of distributed according to the preferred embodiment of the invention attack holdout device, and is as shown in Figure 9, and second sending module 66 comprises:, deletion submodule 6610 is used for deleting the COOKIE value at the request message that sends in the back; The 3rd sends submodule 6612, is connected to deletion submodule 6610, is used for the request message that sends in the back after the webserver sends deletion.
In sum, according to the foregoing description provided by the invention, a kind of distributed attack prevention method and device are provided.Through the present invention; Distributed attack holdout device sends to client and carries the response message of COOKIE value, when the COOKIE value that the secondary request of having only client to send is carried meets the demands, just can send this request message to the webserver; Solved when reaching preset visit capacity or access frequency; Directly abandon flow, influence the problem of normal access website, and then guaranteed domestic consumer's access websites normally above threshold value.
Need to prove that the distributed attack holdout device of describing among the device embodiment is corresponding to above-mentioned method embodiment, its concrete implementation procedure had been carried out detailed description in method embodiment, repeat no more at this.
Obviously, it is apparent to those skilled in the art that above-mentioned each module of the present invention or each step can realize with the general calculation device; They can concentrate on the single calculation element; Perhaps be distributed on the network that a plurality of calculation element forms, alternatively, they can be realized with the executable program code of calculation element; Thereby; Can they be stored in the storage device and carry out, perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize by calculation element.Like this, the present invention is not restricted to any specific hardware and software combination.
The above is merely the preferred embodiments of the present invention, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.All within spirit of the present invention and principle, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (11)
1. distributed attack prevention method is characterized in that comprising:
Request message in response to client is formerly sent sends the response message that carries a COOKIE value to said client;
Receive the request message that said client is sent in the back, carry the 2nd COOKIE value in the wherein said request message;
Send the said request message that sends in the back according to said the 2nd COOKIE value to the webserver.
2. method according to claim 1 is characterized in that, sends the said request message that sends in the back according to said the 2nd COOKIE value to the webserver and comprises:
Verify whether said the 2nd COOKIE value is correct;
If the checking result is for being, then to the said request message that sends in the back of said webserver transmission.
3. method according to claim 1 is characterized in that, sends the said request message that sends in the back according to said the 2nd COOKIE value to the webserver and comprises:
Verify whether a said COOKIE value is consistent with said the 2nd COOKIE value;
If the checking result is for being, then to the said request message that sends in the back of said webserver transmission.
4. method according to claim 1 is characterized in that, a said COOKIE value is that the key selected according to system and/or the client-side information of said client generate.
5. method according to claim 4 is characterized in that, the key that said system is selected generates at random.
6. method according to claim 4 is characterized in that, said client-side information is that the port address of the Internet protocol IP address of the URI according to said client, said client, said client and the browser type of said client generate.
7. according to each described method in the claim 1 to 6; It is characterized in that; Before carrying the response message of a COOKIE value to said client transmission; Also comprise: in said response message, carry the execution script, wherein said execution script is used for triggering automatically the operation that said client executing is sent the said request message that sends in the back.
8. according to each described method in the claim 1 to 6, it is characterized in that, send the said request message that sends in the back according to said the 2nd COOKIE value to the webserver and comprise:
In the request message that send the back, delete said COOKIE value said;
The said request message that sends in the back after the said webserver sends deletion.
9. distributed attack holdout device is characterized in that comprising:
First sending module is used for the request message that the customer in response end formerly sends, and sends the response message that carries a COOKIE value to said client;
Receiver module is used to receive the request message that said client is sent in the back, carries the 2nd COOKIE value in the wherein said request message;
Second sending module is used for according to said the 2nd COOKIE value, sends the said request message that sends in the back to the webserver.
10. device according to claim 9 is characterized in that, said second sending module comprises:
The first checking submodule is used to verify whether said the 2nd COOKIE value is correct;
First sends submodule, is used for indicating under the correct situation of said the 2nd COOKIE value to the said request message that sends in the back of said webserver transmission in the checking result.
11. device according to claim 9 is characterized in that, said second sending module comprises:
The second checking submodule is used to verify whether a said COOKIE value is consistent with said the 2nd COOKIE value;
Second sends submodule, is used for indicating under the said COOKIE value situation consistent with said the 2nd COOKIE value to the said request message that sends in the back of said webserver transmission in the checking result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110442248XA CN102404345A (en) | 2011-12-26 | 2011-12-26 | Distributed attack prevention method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110442248XA CN102404345A (en) | 2011-12-26 | 2011-12-26 | Distributed attack prevention method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102404345A true CN102404345A (en) | 2012-04-04 |
Family
ID=45886131
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110442248XA Pending CN102404345A (en) | 2011-12-26 | 2011-12-26 | Distributed attack prevention method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102404345A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103391272A (en) * | 2012-05-08 | 2013-11-13 | 深圳市腾讯计算机系统有限公司 | Method and system for detecting false attack sources |
| CN103888490A (en) * | 2012-12-20 | 2014-06-25 | 上海天泰网络技术有限公司 | Automatic WEB client man-machine identification method |
| CN104618404A (en) * | 2015-03-10 | 2015-05-13 | 网神信息技术(北京)股份有限公司 | Processing method, device and system for preventing network attack to Web server |
| CN106452888A (en) * | 2016-10-24 | 2017-02-22 | 广州华多网络科技有限公司 | Business service remote detection method and device |
| CN108400955A (en) * | 2017-02-06 | 2018-08-14 | 腾讯科技(深圳)有限公司 | A kind of means of defence and system of network attack |
| CN109391600A (en) * | 2017-08-10 | 2019-02-26 | 东软集团股份有限公司 | Distributed denial of service attack means of defence, device, system, medium and equipment |
| CN115085957A (en) * | 2021-03-12 | 2022-09-20 | 中国电信股份有限公司 | Malicious access data determination method, device, medium and electronic equipment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050256968A1 (en) * | 2004-05-12 | 2005-11-17 | Johnson Teddy C | Delaying browser requests |
| CN101030889A (en) * | 2007-04-18 | 2007-09-05 | 杭州华为三康技术有限公司 | Method and apparatus against attack |
| CN101436958A (en) * | 2007-11-16 | 2009-05-20 | 太极计算机股份有限公司 | Method for resisting abnegation service aggression |
| CN101572700A (en) * | 2009-02-10 | 2009-11-04 | 中科正阳信息安全技术有限公司 | Method for defending HTTP Flood distributed denial-of-service attack |
| CN101789947A (en) * | 2010-02-21 | 2010-07-28 | 成都市华为赛门铁克科技有限公司 | Method and firewall for preventing HTTP POST flooding attacks |
| US20100235632A1 (en) * | 2006-05-12 | 2010-09-16 | International Business Machines Corporation | Protecting against denial of service attacks using trust, quality of service, personalization, and hide port messages |
-
2011
- 2011-12-26 CN CN201110442248XA patent/CN102404345A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050256968A1 (en) * | 2004-05-12 | 2005-11-17 | Johnson Teddy C | Delaying browser requests |
| US20100235632A1 (en) * | 2006-05-12 | 2010-09-16 | International Business Machines Corporation | Protecting against denial of service attacks using trust, quality of service, personalization, and hide port messages |
| CN101030889A (en) * | 2007-04-18 | 2007-09-05 | 杭州华为三康技术有限公司 | Method and apparatus against attack |
| CN101436958A (en) * | 2007-11-16 | 2009-05-20 | 太极计算机股份有限公司 | Method for resisting abnegation service aggression |
| CN101572700A (en) * | 2009-02-10 | 2009-11-04 | 中科正阳信息安全技术有限公司 | Method for defending HTTP Flood distributed denial-of-service attack |
| CN101789947A (en) * | 2010-02-21 | 2010-07-28 | 成都市华为赛门铁克科技有限公司 | Method and firewall for preventing HTTP POST flooding attacks |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103391272A (en) * | 2012-05-08 | 2013-11-13 | 深圳市腾讯计算机系统有限公司 | Method and system for detecting false attack sources |
| CN103391272B (en) * | 2012-05-08 | 2015-12-16 | 深圳市腾讯计算机系统有限公司 | The method and system of detection of false attack source |
| CN103888490A (en) * | 2012-12-20 | 2014-06-25 | 上海天泰网络技术有限公司 | Automatic WEB client man-machine identification method |
| CN104618404A (en) * | 2015-03-10 | 2015-05-13 | 网神信息技术(北京)股份有限公司 | Processing method, device and system for preventing network attack to Web server |
| CN106452888A (en) * | 2016-10-24 | 2017-02-22 | 广州华多网络科技有限公司 | Business service remote detection method and device |
| CN108400955A (en) * | 2017-02-06 | 2018-08-14 | 腾讯科技(深圳)有限公司 | A kind of means of defence and system of network attack |
| CN108400955B (en) * | 2017-02-06 | 2020-12-22 | 腾讯科技(深圳)有限公司 | Network attack protection method and system |
| CN109391600A (en) * | 2017-08-10 | 2019-02-26 | 东软集团股份有限公司 | Distributed denial of service attack means of defence, device, system, medium and equipment |
| CN115085957A (en) * | 2021-03-12 | 2022-09-20 | 中国电信股份有限公司 | Malicious access data determination method, device, medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10826872B2 (en) | Security policy for browser extensions | |
| EP3481029B1 (en) | Internet defense method and authentication server | |
| CN102404345A (en) | Distributed attack prevention method and device | |
| CN102571547B (en) | Method and device for controlling hyper text transport protocol (HTTP) traffic | |
| CN104980419B (en) | A kind of agent communication method and device | |
| CN100589489C (en) | Defense method and device for DDOS attack on web server | |
| CN102571846A (en) | Method and device for forwarding hyper text transport protocol (HTTP) request | |
| CN109413060A (en) | Message processing method, device, equipment and storage medium | |
| CN104079557A (en) | CC attack protection method and device | |
| CN104322001A (en) | Transport layer security traffic control using service name identification | |
| Maksutov et al. | Detection and prevention of DNS spoofing attacks | |
| CN104283903A (en) | Downloading method for files and device thereof | |
| CN104954386A (en) | Network anti-hijacking methods and device | |
| CN102739684A (en) | Portal authentication method based on virtual IP address, and server thereof | |
| CN110557358A (en) | Honeypot server communication method, SSLStrip man-in-the-middle attack perception method and related device | |
| CN107800723A (en) | CC attack guarding methods and equipment | |
| CN108600145B (en) | Method and device for determining DDoS attack equipment | |
| CN102510386B (en) | Distributed attack prevention method and device | |
| CN107508822A (en) | Access control method and device | |
| CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
| CN106131078A (en) | A kind of method and device processing service request | |
| CN101707598B (en) | Method, device and system for identifying flood attack | |
| CN104009999B (en) | Prevent method, device and network access server that ARP is cheated | |
| CN102045310B (en) | Industrial Internet intrusion detection as well as defense method and device | |
| CN104462242A (en) | Webpage reflow quantity counting method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20120404 Assignee: Suzhou Shanshi Network Co., Ltd. Assignor: Hillstone Networks Communication Technology (Beijing) Co., Ltd. Contract record no.: 2012990000129 Denomination of invention: Distributed attack prevention method and device License type: Exclusive License Record date: 20120326 |
|
| LICC | Enforcement, change and cancellation of record of contracts on the licence for exploitation of a patent or utility model | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20120404 |