CN1321511C - Proxy service detection method for user terminal - Google Patents
Proxy service detection method for user terminal Download PDFInfo
- Publication number
- CN1321511C CN1321511C CNB2004101041715A CN200410104171A CN1321511C CN 1321511 C CN1321511 C CN 1321511C CN B2004101041715 A CNB2004101041715 A CN B2004101041715A CN 200410104171 A CN200410104171 A CN 200410104171A CN 1321511 C CN1321511 C CN 1321511C
- Authority
- CN
- China
- Prior art keywords
- message
- address
- sampling
- user terminal
- threshold value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 31
- 238000005070 sampling Methods 0.000 claims abstract description 59
- 238000000034 method Methods 0.000 claims abstract description 37
- 230000005540 biological transmission Effects 0.000 claims description 24
- 230000008859 change Effects 0.000 claims description 7
- 238000004321 preservation Methods 0.000 claims description 2
- 239000003795 chemical substances by application Substances 0.000 description 10
- 230000006399 behavior Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000013507 mapping Methods 0.000 description 2
- 101150012579 ADSL gene Proteins 0.000 description 1
- 102100020775 Adenylosuccinate lyase Human genes 0.000 description 1
- 108700040193 Adenylosuccinate lyases Proteins 0.000 description 1
- 239000000654 additive Substances 0.000 description 1
- 230000000996 additive effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 210000001503 joint Anatomy 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012797 qualification Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention discloses a detection method for proxy services of a user terminal, which comprises the following steps that a message sampling condition is set; address characteristic data is stored according to a destination address for transmitted messages which satisfy the sampling condition, and text part characteristic data of the transmitted messages is stored; address characteristic data is stored according to a source address for received messages which satisfy the sampling condition, and text part characteristic data of the received messages is stored; the total number of message pairs which have the same text part characteristic data and the different address characteristic data in the stored transmitted messages and the stored received messages is counted; the method judges whether the total number of the message pairs exceed a critical value set in advance, if true, then the method determines that the user terminal provides the proxy services. The method of the present invention is irrelevant to proxy programs and hardware setting of the user terminal, has no existence of undetected problems, and can realize the very low fallout ratio.
Description
Technical field
The present invention relates to wired and access authentication of user field wireless network, relate in particular to a kind of method of proxy service detection of user terminal.
Background technology
In cable network and wireless network were used, the network service provider was chargeed by access authentication of user and the management of secure context.Especially will to each user's internet behavior charge very widely by broadband networks, campus network, network service provider for current application, also will be controlled at aspects such as access profiles some users simultaneously, this user who just requires each to obtain the network service should be by the authentication of operator.
In some network environments, the user of a certain authentication by operator can provide the network agent service, make the user of other unauthenticated can the service of free access network, cause the loss of network service provider income aspect and the leak on the network security management.As shown in Figure 1, the user terminal 111,112,113 of unauthenticated is connected with user terminal 120 through local area network (LAN) in the internal network, if user terminal 120 has passed through the authentication of certificate server 130, and moving the network insertion agency service on user terminal 120, then the user terminal 111,112,113 of unauthenticated can both be with the name visit external network of user terminal 120.
For supervising the network effectively, must the agency service of moving on the user terminal be detected.Current have following several method of proxy service detection that is applied to user terminal:
The first is carried out user terminal Agent title and is detected, and promptly lists the title that all provide the program of agency service, if the identical program of title is arranged in the program of the current operation of user terminal, thinks that then user terminal provides agency service.The accuracy of this method depends on the coverage rate of Agent tabulation, promptly allow to frequent update agent program listing, also can not all Agents of limit, especially just complete powerless to user oneself programming, the own Agent that uses, do not propagate.Therefore this method is safeguarded inconvenience, and exists many omission problems.
It two is to carry out IP (Internet Protocol, Internet protocol) address field detects, promptly check the source address and the destination address of all IP messages that user terminal is received, if its source address is not the IP address of this terminal, and its destination address is the IP address of external network, thinks that then user terminal is moving agency service.The essence of this method is not to detect this user terminal whether to move Agent, is the gateway access external network but whether detection has other-end with this user terminal, and therefore this method is easy under attack.Other equipment of Intranet can directly be that the message of outer net IP is issued the user terminal of acting on behalf of detection with destination address, although do not provide the user terminal of agency service can abandon this message, this detection method can think that still this user terminal has moved Agent.That is to say that this method is vulnerable and have a false retrieval phenomenon.
It three is to carry out the network equipment to detect, if this number of number of the network equipment that promptly detects the user terminal current active greater than 1, and the network segment difference at different network equipment places thinks that then user terminal provides agency service.The false retrieval phenomenon of this method is even more serious, for example in the office network of some small companies, have only indivedual terminals need connect external network, therefore often adopt the lower modes such as dial-up connection ADSL of expense, not only be connected with Modem (modulator-demodulator) but also have the network interface card that inserts inner Ethernet in running order on the terminal of access external network like this, and be to be in the different network segments.
Summary of the invention
The technical problem to be solved in the present invention provides a kind of method of proxy service detection, the hardware setting of the Agent that moves on this method and the user terminal, the network settings of other-end, user terminal is irrelevant, there is not the omission problem, and can realizes extremely low fallout ratio.
The method of proxy service detection of user terminal of the present invention may further comprise the steps:
A) the packet sampling condition is set;
B) to satisfying the transmission message of sampling condition, preserve the address characteristic according to destination address, and the body part characteristic of preserving this transmission message; To satisfying the reception message of sampling condition, preserve the address characteristic according to source address, and the body part characteristic of preserving this reception message:
C) the transmission message of the described preservation of statistics and the reception message that the body part characteristic is identical, the address characteristic is different in the message are to sum;
D) judge whether described message surpasses predetermined critical value to sum, if determine that then this user terminal provides agency service.
The described packet sampling condition that is provided with of step a) comprises:
A1) the message length threshold value is set;
A2) judge whether to adopt timing sampling, if, the length of its sampling time section is set, change step b); If not, change step a3);
A3) adopt quantitative sampling, the predetermined quantity of its sampling is set.
Preferably, under the situation of timing sampling, the described transmission message that satisfies sampling condition of step b) is: length surpasses the non-internet control messages agreement ICMP transmission message of message length threshold value in the sampling time section; The described reception message that satisfies sampling condition of step b) is: length surpasses the non-ICMP agreement reception message of message length threshold value in the sampling time section;
Under the situation of quantitative sampling, the described transmission message that satisfies sampling condition of step b) is: the length of predetermined quantity surpasses the non-ICMP protocol massages that sends at first of message length threshold value; The described reception message that satisfies sampling condition of step b) is: the length of predetermined quantity surpasses the non-ICMP protocol massages that receives at first of message length threshold value.
Preferably, the described body part characteristic of step b) can be the cryptographic Hash that surpasses the part message of message length threshold value.
Preferably, the described body part characteristic of step b) also can be the part message that surpasses the message length threshold value.
Above-mentioned message length threshold value is not less than the length of Internet protocol IP message header part.
Preferably, the described address of step b) characteristic is the IP address.
Preferably, comprise between step a) and the step b):
The duration of sense cycle is set;
When each sense cycle begins, execution in step b), d c)).
Preferably, the predetermined quantity that described quantitative sampling can be set is 32, and described message length threshold value is 1024 bytes, and described sense cycle is 5 seconds, and described critical value is 3, and the cryptographic Hash length of described body part characteristic is 16 bytes.
Preferably, the described address of step b) characteristic is the subnet address of IP address.
The present invention is identical but to receive the source address of the message messages different with the destination address of transmission message right by searching and add up user terminal and send message and receive body part characteristic in the message, whether the supervisory user terminal will receive that the body part of message has carried out the original text forwarding, thereby determine whether this user terminal has moved agency service.What the method for the invention detected in fact is the function of agency service, no matter thereby which kind of Agent what move on the user terminal is, no matter which type of network configuration is the terminal of other unauthenticated have, no matter which type of hardware user terminal has disposed, the method for the invention can be accomplished not omission and extremely low fallout ratio.And,, can accomplish not false retrieval basically when critical value is provided with when reasonable.
Description of drawings
Figure 1 shows that the structure chart of the user terminal of unauthenticated by the agency service access network;
Figure 2 shows that the flow chart of the method for the invention.
Embodiment
As shown in Figure 1, the user terminal 120 by authentication is connected with external network with internal network simultaneously.Then on user terminal 120, have at least two network equipments to be in active state, wherein the network equipment that is connected with internal network has Intranet IP address, the network equipment that is connected with external network has outer net IP address when moving agency service on the user terminal 120, the user terminal 111 by authentication is not that the message of outer net IP address sends to user terminal 120 with destination address, agency service on the user terminal 120 is transmitted to external network after the header portion of this message is rewritten, be the outer net IP address of this machine by the IP address change of user terminal 111 for example, the body part of this message is not then processed the source address in the header.Send in the internal network other during the message of the user terminal by authentication and receive external network when user terminal 120, also be to be transmitted to real purpose user terminal after by agency service the header portion of receiving message being rewritten, and receive that the body part of message can not change too.
No matter which kind of Agent of operation on the user terminal, no matter also how the hardware of user terminal disposes, the work that agency service will be finished is to carry out the IP message forwarding.Each IP message all is made up of header portion and body part, and header portion is used for satisfying the needs of transmission course, and body part is only the content of communication.For the message that guarantees that real communicating pair (being the user terminal of serving unauthenticated in provider and the internal network of external network) can correct understanding be received, agency service can not changed the body part of message.
As seen, provide the user terminal of agency service to all, certainly exist on all four body part in the message of its reception and the message of its transmission, and the reception of the message of identical body part is relevant with external network with one of transmission, another is relevant with internal network.And to the user terminal of agency service is not provided, under normal circumstances hardly this phenomenon can take place.Simultaneously, because agency service should guarantee reasonable response time of communicating by letter, the agency transmits and carries out immediately, that is to say, the reception of the message of identical body part is to finish in succession in the extremely short time with sending.
So, whether exist body part identical by detecting in the message that user terminal in the very short time period receives and send, but the message of net address and outer net address was right in the source address that receives message belonged to respectively with the destination address that sends message, can find the agency service of all operations.The sampling of butt joint receiving literary composition and transmission message also can be limited with quantity, promptly compares with preceding several messages that send after the start detection and receive.Simultaneously, this detection should repeat with some cycles.
Relate to comparison in the right condition of above-mentioned detection messages to two contents, the comparison of first body part content, it two is the corresponding source address and the comparison of destination address, below discusses the implementation of these two kinds of comparisons of the present invention respectively.
To the text partial content comparatively speaking, consider the total length of IPv4 (4, the 4 editions IP agreements of IP version) message the longest be 65,536 bytes, wherein header portion is the longest is 60 bytes, so the length of body part can reach 64K.And, also can need longer IP message along with the appearance of following giant grid.But, generally the disposal ability of user terminal a little less than, the body part that reaches thousands of even tens thousand of bytes compared can consume more system resources.Need be when agency service detects the influencing of the user terminal speed of service, can adopt the content that can fully reflect body part, but the less data of byte number are as the body part characteristic, if the body part characteristic of two messages is identical, think that then the body part content of these two messages is identical.
When being undertaken the significant network behavior of user by agency service, the IP message of secured transmission of payload data can be long.Therefore, a message length threshold value can be set, get message and surpass the part of message length threshold value as the body part characteristic.Consider the convenience of enforcement, header portion can be included when the message length threshold value is set, so the message length threshold value is greater than or equals the length of IP protocol header part at least.Higher message length threshold value is set can saves overhead, but can miss short the E-Packeting of some length like this, for omission does not take place, should adopt the method for sampling of setting quantity this moment.
Another kind method is the cryptographic Hash that draws body part by Hash (Hash) algorithm, with cryptographic Hash as the body part characteristic.
Hash algorithm is the hash function that meets following specific (special) requirements:
The message data of input does not have length restriction;
Any incoming message data are generated the summary output of regular length;
Can calculate summary easily by message;
Be difficult to the summary of appointment is generated a message, can draw the summary of appointment by this message:
Be difficult to generate two different messages and have identical summary.
As seen, hash algorithm is used for the message of random length is mapped as the summary of regular length, and this summary is called cryptographic Hash.Cryptographic Hash is representation with numerical value, and data are unique and very compact.Even content of message is only changed a letter, all will produce different cryptographic Hash.So cryptographic Hash can reflect the content of incoming message well, the cryptographic Hash that calculates as input with the body part of message is well suited for as the body part characteristic.
When the input of hash algorithm was longer, it was also longer to calculate the required time of cryptographic Hash.Because body part is longer, for the processing time of the system of saving, the message length threshold value can be set, the IP message is surpassed the input of the part of message length threshold value as hash algorithm, with the cryptographic Hash that draws as the body part characteristic.Equally, the message length threshold value is greater than or equals the length of IP protocol header part at least.
The length of hash algorithm output is unsuitable too short, exports identical possibility in order to avoid increase input content difference.
Except that hash algorithm, other can reduce the length of incoming message effectively, and Shu Chu data can reflect that the mapping method of message content variation can be used as the generation method of body part characteristic in the present invention simultaneously.
To source address and destination address comparatively speaking, the most accurate Rule of judgment is net address and an outer net address in the source address that receives message belongs to respectively with the destination address that sends message.In actual applications, may exist the internal network of agency service all to have only a subnet basically, whether the source address that therefore can dock the receiving literary composition is in different subnets with the destination address that sends message compares, and needn't distinguish interior net address and outer net address.Further, transmission and the reception of carrying out the identical content message with same object are a kind of nonsensical behaviors, compare with the purpose IP address that sends message so also can dock the source IP address of the literary composition of receiving telegraph, need only difference and just can think that source address that receives message and the destination address that sends message belong to interior net address and outer net address respectively.
Other body part characteristics adopt removing complete IP message text part are as a comparison during object, the false retrieval problem that must consideration may so cause.Though be the body part that adopt to surpass the message length threshold value, body part cryptographic Hash, surpass the cryptographic Hash of the body part of message length threshold value, or the body part characteristic that additive method generates, owing in the process that generates above-mentioned data, reduced the byte number that is used to represent content, originally all be many between body part and the above-mentioned data, that is to say identical and the situation that body part is actual different of above-mentioned data that exists to one mapping relations.
Simultaneously, when the source address that adopt to receive message is made comparisons with the network segment at the destination address that sends message or the two place, also should consider such scope that detects agency service that more in fact enlarged.
However, only under very rare situation (unusual network configuration, unusual transfer of data behavior or the collision phenomenon of minimum probability takes place when adopting hash algorithm) uses the method for the invention just can have the false retrieval phenomenon.In order to reduce fallout ratio as much as possible, a critical value should be set, have only after meeting the right quantity of the message that imposes a condition and surpassing this critical value, just think that user terminal has moved agency service.The setting of this critical value should be taken all factors into consideration time or quantity, the comparison condition of message text part and the comparison condition of address of sampling and determine.Reduce more in short-term when the more and body part characteristic of message of sampling, this critical value can suitably be provided with ground more greatly.Even, also often need a plurality of IP messages just can finish, so as long as this critical value is not excessive, the present invention just can guarantee not take place the situation of omission owing to browse a network application that webpage is such.
Fig. 2 is the flow chart of the method for the invention.As shown in Figure 2, at step S10, the sampling condition of detection messages is set.When sampling condition is set, the message length threshold value is set, the message length threshold value should be not less than the length of IP message header part; Also to determine timing sampling or quantitative sampling simultaneously,, the length of sampling time section is set timing sampling; To quantitative sampling, the predetermined quantity of sampling is set.
At step S20, the duration of sense cycle is set, promptly be provided with and start one-time detection every how long.After user terminal is by authentication, its with might provide agency service for the user terminal of other unauthenticated at any time during external network is connected, so detection should periodically be carried out.The duration in this cycle can be set the degrees of tolerance of agency service according to the network of network service provider.
At step S30, judge and whether arrive the start-up time that starts the agency service detection, if change step 40, otherwise wait for.
At step S40, the user terminal that desire is detected sends message and receives the sampling of message, generates address characteristic and the body part characteristic that receives and send respectively by the message of sampling, and preserves the above-mentioned characteristic that generates.
According to the setting of step S10, may be a kind of in the following situation to the sampling of message to sampling condition:
When A. sampling condition is timing sampling, gets interior length of start detection post-sampling time period and surpass the transmission message of message length threshold value and receive message;
When B. sampling condition was quantitative sampling, the length of getting the predetermined quantity that receives at first after the start detection surpassed the message of message length threshold value and the length of the predetermined quantity that sends at first surpasses the message of message length threshold value.
Wherein, the body part characteristic may be the part that this message surpasses the message length threshold value, or this message surpasses the cryptographic Hash of the part of message length threshold value, or serves as according to other data that generate with the part that this message surpasses the message length threshold value.When the message length threshold value equaled the length of IP message header part, the body part characteristic was exactly the body part of this message, or the cryptographic Hash of this message text part, or partly served as according to other data that generate with this message text.
The address characteristic may be the destination address that receives the source address of message and send message, also may be the network segment that receives the network segment at place, message source address and send message destination address place.
When preserving the above-mentioned data that generate, be divided into transmission group and reception group and preserve, transmission group and reception group all can adopt the structure shown in the following table:
| The body part characteristic | The address characteristic |
Not it should be noted that ICMP (Internet Control Message Protocol, internet control message protocol) protocol massages is sampled.The ICMP protocol massages is used for transmitting control message between IP main frame, router, and control messages is meant the message of logical obstructed, the network such as whether main frame can reach, route is whether available of network itself.These control messages are transmitting user data not, therefore whether detection is carried out agency service and does not judge value.
At step S50, each message in the transmission group and each message in the reception group are compared, to organize the body part characteristic of certain message identical and the address characteristic is different if certain message and reception are organized in transmission, then thinks above-mentioned two messages coupling.The right sum of statistics coupling message.
At step S60, judge whether the right sum of coupling message surpasses predetermined critical value, if do not surpass, determine that then this user terminal does not provide agency service, waits for the next cycle start detection; If surpass, determine that then this user terminal provides agency service, and report network network service provider, handle accordingly by the network of network service provider.
Preferred implementation of the present invention is: sample mode is a quantitative sampling, and quantitative values is 32, and the message length threshold value is 1024 bytes; The body part characteristic is the cryptographic Hash that surpasses the message part of message length threshold value, and cryptographic Hash length is 16 bytes; The address characteristic is the IP address; Sense cycle is 5 seconds; Critical value is 3.
In the actual motion environment, implement the method for the invention with above-mentioned parameter, in the test more than 1000 times, detect the agency service of all operations, and do not had the situation of false retrieval to take place.
The above embodiments of the present invention does not constitute the qualification to protection range of the present invention.Any any modification of being done within the spirit and principles in the present invention, be equal to and replace and improvement etc., all should be included within the claim protection range of the present invention.
Claims (10)
1. the method for proxy service detection of a user terminal is characterized in that, may further comprise the steps:
A) the packet sampling condition is set;
B) to satisfying the transmission message of sampling condition, preserve the address characteristic according to destination address, and the body part characteristic of preserving this transmission message; To satisfying the reception message of sampling condition, preserve the address characteristic according to source address, and the body part characteristic of preserving this reception message:
C) the transmission message of the described preservation of statistics and the reception message that the body part characteristic is identical, the address characteristic is different in the message are to sum;
D) judge whether described message surpasses predetermined critical value to sum, if determine that then this user terminal provides agency service.
2. according to the described method of proxy service detection of claim 1, it is characterized in that: the described packet sampling condition that is provided with of step a) comprises:
A1) the message length threshold value is set;
A2) judge whether to adopt timing sampling, if, the length of its sampling time section is set, change step b); If not, change step a3);
A3) adopt quantitative sampling, the predetermined quantity of its sampling is set.
3. according to the described method of proxy service detection of claim 2, it is characterized in that, under the situation of timing sampling, the described transmission message that satisfies sampling condition of step b) is: length surpasses the non-internet control messages agreement ICMP transmission message of message length threshold value in the sampling time section; The described reception message that satisfies sampling condition of step b) is: length surpasses the non-ICMP agreement reception message of message length threshold value in the sampling time section;
Under the situation of quantitative sampling, the described transmission message that satisfies sampling condition of step b) is: the length of predetermined quantity surpasses the non-ICMP protocol massages that sends at first of message length threshold value; The described reception message that satisfies sampling condition of step b) is: the length of predetermined quantity surpasses the non-ICMP protocol massages that receives at first of message length threshold value.
4. according to the described method of proxy service detection of claim 3, it is characterized in that: the described body part characteristic of step b) is the cryptographic Hash that surpasses the part message of message length threshold value.
5. according to the described method of proxy service detection of claim 3, it is characterized in that: the described body part characteristic of step b) is the part message that surpasses the message length threshold value.
6. according to any described method of proxy service detection of claim 2 to 5, it is characterized in that: described message length threshold value is not less than the length of Internet protocol IP message header part.
7. according to the described method of proxy service detection of claim 6, it is characterized in that: the described address of step b) characteristic is the IP address.
8. according to the described method of proxy service detection of claim 7, it is characterized in that, comprise between step a) and the step b):
The duration of sense cycle is set;
When each sense cycle begins, execution in step b), d c)).
9. according to the described method of proxy service detection of claim 8, it is characterized in that: the predetermined quantity of described quantitative sampling is 32, and described message length threshold value is 1024 bytes, and described sense cycle is 5 seconds, described critical value is 3, and the cryptographic Hash length of described body part characteristic is 16 bytes.
10. according to the described method of proxy service detection of claim 6, it is characterized in that: the described address of step b) characteristic is the subnet address of IP address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004101041715A CN1321511C (en) | 2004-12-30 | 2004-12-30 | Proxy service detection method for user terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004101041715A CN1321511C (en) | 2004-12-30 | 2004-12-30 | Proxy service detection method for user terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1722680A CN1722680A (en) | 2006-01-18 |
| CN1321511C true CN1321511C (en) | 2007-06-13 |
Family
ID=35912654
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004101041715A Expired - Lifetime CN1321511C (en) | 2004-12-30 | 2004-12-30 | Proxy service detection method for user terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1321511C (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101938428B (en) * | 2010-09-28 | 2013-06-05 | 杭州华三通信技术有限公司 | Message transmission method and equipment |
| CN107786622A (en) * | 2016-08-31 | 2018-03-09 | 阿里巴巴集团控股有限公司 | Recognition methods, device and the cloud platform of proxy server |
| CN107656849B (en) * | 2017-09-28 | 2021-12-07 | 新华三技术有限公司 | Method and device for positioning performance problem of software system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1349336A (en) * | 2000-10-18 | 2002-05-15 | 日本电气株式会社 | Goal filtering method, and customer device using same |
| CN1542636A (en) * | 2003-10-08 | 2004-11-03 | 中国科学院长春光学精密机械与物理研 | A Method of Automatically Selecting a Proxy Server to Share the Internet |
-
2004
- 2004-12-30 CN CNB2004101041715A patent/CN1321511C/en not_active Expired - Lifetime
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1349336A (en) * | 2000-10-18 | 2002-05-15 | 日本电气株式会社 | Goal filtering method, and customer device using same |
| CN1542636A (en) * | 2003-10-08 | 2004-11-03 | 中国科学院长春光学精密机械与物理研 | A Method of Automatically Selecting a Proxy Server to Share the Internet |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1722680A (en) | 2006-01-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100566294C (en) | Unicast Reverse Path Forwarding Method | |
| US7672245B2 (en) | Method, device, and system for detecting layer 2 loop | |
| CN101589595B (en) | Pinning mechanism for potentially contaminated end systems | |
| EP0986229B1 (en) | Method and system for monitoring and controlling network access | |
| US6654796B1 (en) | System for managing cluster of network switches using IP address for commander switch and redirecting a managing request via forwarding an HTTP connection to an expansion switch | |
| US20140189861A1 (en) | System and method for correlating network information with subscriber information in a mobile network environment | |
| US7555774B2 (en) | Inline intrusion detection using a single physical port | |
| CN101841442A (en) | Method for detecting network anomaly in name-address separated network | |
| US20170134957A1 (en) | System and method for correlating network information with subscriber information in a mobile network environment | |
| CN110519265B (en) | Method and device for defending attack | |
| US9961163B2 (en) | Method and system for notifying subscriber devices in ISP networks | |
| US8301712B1 (en) | System and method for protecting mail servers from mail flood attacks | |
| US11700271B2 (en) | Device and method for anomaly detection in a communications network | |
| CN100561954C (en) | Method, system and device for controlling connectivity detection | |
| CN101635720A (en) | Filtering method of unknown flow rate and bandwidth management equipment | |
| CN108512816B (en) | A method and device for detecting traffic hijacking | |
| CN110191104A (en) | A kind of method and device of security protection | |
| CN100349421C (en) | Detecting and positioning method of spam server | |
| US20040233849A1 (en) | Methodologies, systems and computer readable media for identifying candidate relay nodes on a network architecture | |
| CN1321511C (en) | Proxy service detection method for user terminal | |
| CN108650237B (en) | Message security check method and system based on survival time | |
| EP1617619B1 (en) | Method for securing communication in a local area network switch | |
| CN112769694B (en) | Address checking method and device | |
| US20080104688A1 (en) | System and method for blocking anonymous proxy traffic | |
| Peuhkuri | Internet traffic measurements–aims, methodology, and discoveries |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: HANGZHOU HUASAN COMMUNICATION TECHNOLOGY CO., LTD. Free format text: FORMER NAME OR ADDRESS: HANGZHOU HUAWEI 3COM TECHNOLOGY CO., LTD. |
|
| CP03 | Change of name, title or address |
Address after: 310053, Hangzhou hi tech Industrial Development Zone, Zhejiang hi tech Industrial Park, No. six and No. 310 HUAWEI Hangzhou production base Patentee after: HANGZHOU H3C TECHNOLOGIES Co.,Ltd. Address before: 310053, Jiang hi tech Industrial Development Zone, Zhejiang, Hangzhou hi tech Industrial Park six and Lu Donghua as the 3Com headquarters Patentee before: New H3C Technologies Co.,Ltd. |
|
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: NEW H3C TECHNOLOGIES Co.,Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: HANGZHOU H3C TECHNOLOGIES Co.,Ltd. |
|
| CP03 | Change of name, title or address | ||
| CX01 | Expiry of patent term |
Granted publication date: 20070613 |
|
| CX01 | Expiry of patent term |