CN104702560A - Method and device for preventing message attack - Google Patents
Method and device for preventing message attack Download PDFInfo
- Publication number
- CN104702560A CN104702560A CN201310645648.XA CN201310645648A CN104702560A CN 104702560 A CN104702560 A CN 104702560A CN 201310645648 A CN201310645648 A CN 201310645648A CN 104702560 A CN104702560 A CN 104702560A
- Authority
- CN
- China
- Prior art keywords
- message
- protocol
- protocol massages
- priority
- port
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the invention discloses a method and a device for preventing message attack, relating to the field of communication. The situation in which messages of a normal protocol of which the number of messages per unit time exceeds a threshold may be published by mistaken is avoided. According to the specific scheme, the method comprises the steps of acquiring a first protocol message, determining that the first protocol message is an attack message, and setting the up-sending priority of the first protocol message to a first priority, wherein the first priority is lower than the normal up-sending priority of the first protocol message, and the normal up-sending priority of the first protocol message is determined according to the message type of the first protocol message. The method and the device of the invention are used in the process of preventing message attack.
Description
Technical field
The present invention relates to the communications field, particularly relate to one and prevent message aggression method and device.
Background technology
Along with the development of the communication technology, the every nook and cranny that network communicating system has been found everywhere through the world, different users uses to run to be had different operating system, has a computer of different model, communicated mutually by transmission control protocol/Internet protocol (Transmission Control Protocol/InternetProtocol, TCP/IP).People are while utilizing procotol to intercom mutually, also there is a part and feel people's utilization of malice as address resolution protocol (AddressResolution Protocol, ARP), Internet protocol (Internet Protocol, IP), Internet Control Message agreement (Internet Control Messages Protocol, etc. ICMP) defect of procotol itself and leak are attacked network, make monitored by the network attacked, destroyed even paralysis, to reach the object to network attack.
Common attack pattern is based on extensive aggression, when certain Single port adopts the message of certain agreement to produce extensive aggression, the network equipment is busy with processing attack message, the message of the normal users of the employing same protocol of other ports is tied up, thus the message of normal users can not be processed in time, the business of normal users is had a strong impact on.In the prior art, in order to prevent utilizing the defect of procotol and leak to adopt the mode of extensive aggression to occur the situation that the network equipment is attacked, the network equipment delivers to central processing unit (Central Processing Unit to needing in the unit interval automatically, the quantity of message CPU) carries out analytic statistics, and judge whether statistics is greater than the threshold value pre-set, when statistics is greater than threshold value, judge that this type of message is as attack message, then direct by this type of packet loss.
State in realization and prevent in the process of message aggression, inventor finds that in prior art, at least there are the following problems: for attack message, the network equipment simply can only carry out discard processing, and the normal message that the message amount in the unit interval can be caused like this to exceed threshold value is occurred by the situation of punishing by mistake.
Summary of the invention
Embodiments of the invention provide one to prevent message aggression method and device, and the normal protocol message that the message amount avoided in the unit interval exceedes threshold value is occurred by the situation of punishing by mistake.
For achieving the above object, embodiments of the invention adopt following technical scheme:
A first aspect of the present invention, provides one to prevent message aggression method, comprising:
Obtain the first protocol massages;
Determine that described first protocol massages is attack message;
Priority is sent to be set to the first priority by described first protocol massages; Described first priority be less than described first protocol massages normal on send priority, described first protocol massages normal on send priority to determine according to the type of message of described first protocol massages.
In conjunction with first aspect, in a kind of possible implementation, described determine that described first protocol massages is attack message after, also comprise:
Separately safety speed-limit is carried out to described first protocol massages.
In conjunction with first aspect and above-mentioned possible implementation, in the implementation that another kind is possible, before described acquisition first protocol massages, also comprise:
That determines employing first agreement is greater than predetermined threshold by the uploading rate of the message the first port being delivered to central processor CPU; Described uploading rate be described employing first agreement by message unit time of the first port being delivered to CPU by described first port being delivered to the message amount of described CPU;
Describedly determine that described first protocol massages is attack message, comprising:
When determining that the protocol type of described first protocol massages is described first agreement, and when sending described first protocol massages to the port of described CPU to be described first port on determining, determine that described first protocol massages is described attack message.
In conjunction with first aspect and above-mentioned possible implementation, in the implementation that another kind is possible, will described first protocol massages send after priority is set to the first priority described, also comprises:
That determines employing first agreement is less than predetermined threshold by the uploading rate of the message the first port being delivered to CPU;
Obtain second protocol message;
When determining that the protocol type of described second protocol message is described first agreement, and when sending described second protocol message to the port of described CPU to be described first port on determining, by described second protocol message send priority be set to described second protocol message normal on send priority.
In conjunction with first aspect and above-mentioned possible implementation, in the implementation that another kind is possible, described determine employing first agreement be greater than predetermined threshold by the uploading rate of the message the first port being delivered to central processor CPU, comprising:
That determines described employing first agreement is greater than described predetermined threshold within a predetermined period of time by the described uploading rate of the message the first port being delivered to CPU.
In conjunction with first aspect and above-mentioned possible implementation, in the implementation that another kind is possible, described determine employing first agreement be less than predetermined threshold by the uploading rate of the message the first port being delivered to CPU, comprising:
That determines described employing first agreement is less than described predetermined threshold within a predetermined period of time by the described uploading rate of the message the first port being delivered to CPU.
In conjunction with first aspect and above-mentioned possible implementation, in the implementation that another kind is possible, will described first protocol massages send after priority is set to the first priority described, also comprises:
Determine that described first protocol massages is described attack message, or, obtain the identification information of described first protocol massages, and determine that described first protocol massages of described identification information mark is described attack message; Whether described identification information is described attack message for identifying described first protocol massages;
Described first protocol massages is stored to and attacks in queue; Wherein, described strike team is classified as the queue storing described attack message, and the processing priority of described attack queue is less than the processing priority of the corresponding queue of all protocol types in described CPU.
A second aspect of the present invention, provides one to prevent message aggression device, comprising:
Acquiring unit, for obtaining the first protocol massages;
Determining unit, for determining that described first protocol massages that described acquiring unit obtains is attack message;
Setting unit, for described first protocol massages that obtained by described acquiring unit send priority to be set to the first priority; Described first priority be less than described first protocol massages normal on send priority, described first protocol massages normal on send priority to determine according to the type of message of described first protocol massages.
In conjunction with second aspect, in a kind of possible implementation, also comprise:
Speed limit unit, after determining that in described determining unit described first protocol massages is attack message, carries out safety speed-limit to described first protocol massages separately.
In conjunction with second aspect and above-mentioned possible implementation, in the implementation that another kind is possible,
Described determining unit, also for before obtaining the first protocol massages at described acquiring unit, that determines employing first agreement is greater than predetermined threshold by the uploading rate of the message the first port being delivered to central processor CPU; Described uploading rate be described employing first agreement by message unit time of the first port being delivered to CPU by described first port being delivered to the message amount of described CPU;
Described determining unit, specifically for:
When determining that the protocol type of described first protocol massages is described first agreement, and when sending described first protocol massages to the port of described CPU to be described first port on determining, determine that described first protocol massages is described attack message.
In conjunction with second aspect and above-mentioned possible implementation, in the implementation that another kind is possible,
Described determining unit, also for will described first protocol massages sending after priority is set to the first priority at described setting unit, that determines employing first agreement be less than predetermined threshold by the uploading rate of the message the first port being delivered to CPU;
Described acquiring unit, also for obtaining second protocol message;
Described setting unit, also determine that the protocol type of described second protocol message is described first agreement for working as, and when sending described second protocol message to the port of described CPU to be described first port on determining, by described second protocol message send priority be set to described second protocol message normal on send priority.
In conjunction with second aspect and above-mentioned possible implementation, in the implementation that another kind is possible,
Described determining unit, is greater than described predetermined threshold specifically for what determine described employing first agreement within a predetermined period of time by the described uploading rate of the message the first port being delivered to CPU.
In conjunction with second aspect and above-mentioned possible implementation, in the implementation that another kind is possible,
Described determining unit, is less than described predetermined threshold specifically for what determine described employing first agreement within a predetermined period of time by the described uploading rate of the message the first port being delivered to CPU.
In conjunction with second aspect and above-mentioned possible implementation, in the implementation that another kind is possible,
Described determining unit, also for will described first protocol massages sending after priority is set to the first priority at described setting unit, determine that described first protocol massages is described attack message, or, described determining unit, also at described setting unit by described first protocol massages sending after priority is set to the first priority, obtain the identification information of described first protocol massages, and determine that described first protocol massages of described identification information mark is described attack message; Whether described identification information is described attack message for identifying described first protocol massages;
Describedly prevent message aggression device, also comprise:
Memory cell, attacks in queue for being stored to by described first protocol massages; Wherein, described strike team is classified as the queue storing described attack message, and the processing priority of described attack queue is less than the processing priority of the corresponding queue of all protocol types in described CPU.
What the embodiment of the present invention provided prevents message aggression method and device, the network equipment is after the first protocol massages determining to get is attack message, not simple the protocol massages being identified as attack message is carried out discard processing, but by by protocol massages send priority be reduced to more normal than it on send priority low the first priority, make when ensureing normal protocol Message processing, process is identified as the protocol massages of attack message as much as possible, thus the normal protocol message that the message amount avoided in the unit interval exceedes threshold value is occurred by the situation of punishing by mistake, improve the service efficiency of the network equipment.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 prevents message aggression method flow diagram for the one that the embodiment of the present invention 1 provides;
Fig. 2 prevents message aggression method flow diagram for the one that the embodiment of the present invention 2 provides;
Fig. 3 prevents message aggression device from forming schematic diagram for one that the embodiment of the present invention 3 provides;
Fig. 4 prevents message aggression device from forming schematic diagram for another kind that the embodiment of the present invention 3 provides;
Fig. 5 prevents message aggression device from forming schematic diagram for one that the embodiment of the present invention 4 provides.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
In addition, term " system " and " network " are often used interchangeably in this article herein.Term "and/or" herein, being only a kind of incidence relation describing affiliated partner, can there are three kinds of relations in expression, and such as, A and/or B, can represent: individualism A, exists A and B simultaneously, these three kinds of situations of individualism B.In addition, character "/" herein, general expression forward-backward correlation is to the relation liking a kind of "or".
Embodiment 1
The embodiment of the present invention 1 provides one to prevent message aggression method, and as shown in Figure 1, the method can comprise:
101, the network equipment obtains the first protocol massages.
102, the network equipment determines that the first protocol massages is attack message.
Wherein, after the network equipment gets the first protocol massages, the network equipment can judge whether the first protocol massages got is attack message, and after the first protocol massages determining to get is attack message, performs following steps 103.
103, the network equipment is set to the first priority by the first protocol massages sending priority.
Wherein, due to attack message can take normal protocol message on send bandwidth, therefore in order to ensure normal protocol message on send bandwidth can not the tying up of message under attack, after the network equipment determines that the first protocol massages is attack message, the network equipment can be set to the first priority by the first protocol massages sending priority, this first priority be less than the first protocol massages normal on send priority, such network equipment just can preferentially on send normal protocol message, thus ensure that normal protocol message preferential on give.First protocol massages normal on send priority to determine according to the type of message of the first protocol massages.
It should be noted that, the network equipment described in the embodiment of the present invention refers to the network equipment such as switch, router, and the embodiment of the present invention does not do concrete restriction at this to the network equipment.
What the embodiment of the present invention provided prevents message aggression method, the network equipment is after the first protocol massages determining to get is attack message, not simple the protocol massages being identified as attack message is carried out discard processing, but by by protocol massages send priority be reduced to more normal than it on send priority low the first priority, make when ensureing normal protocol Message processing, process is identified as the protocol massages of attack message as much as possible, thus the normal protocol message that the message amount avoided in the unit interval exceedes threshold value is occurred by the situation of punishing by mistake, improve the service efficiency of the network equipment.
Embodiment 2
The embodiment of the present invention 2 provides one to prevent message aggression method, and as shown in Figure 2, the method can comprise:
What 201, the network equipment determined employing first agreement is greater than predetermined threshold by the uploading rate of the message the first port being delivered to CPU.
Wherein, uploading rate be employing first agreement by message unit time of the first port being delivered to CPU by the first port being delivered to the message amount of CPU.Concrete, when the chain of command of the network equipment determine employing first agreement be greater than predetermined threshold by the uploading rate of the message the first port being delivered to CPU time, the chain of command of the network equipment then can determine the situation that be there is extensive aggression by the message the first port being delivered to CPU of this employing first agreement, and what now can think employing first agreement is attack message by the first port being delivered to the message of CPU.
Optionally, in a kind of possible implementation of the embodiment of the present invention, whether what the chain of command of the network equipment can determine employing first agreement is greater than predetermined threshold within a predetermined period of time by the uploading rate of the message the first port being delivered to CPU, and determine employing first agreement be greater than predetermined threshold within a predetermined period of time by the uploading rate of the message the first port being delivered to CPU time, determine the situation that be there is extensive aggression by the message the first port being delivered to CPU of this employing first agreement.
It should be noted that, predetermined threshold described is in embodiments of the present invention determine that whether protocol massages is the foundation of attack message, and its concrete size can be arranged according to the demand of practical application scene, and the embodiment of the present invention does not do concrete restriction at this.And in embodiments of the present invention, to employing first agreement equal predetermined threshold by the uploading rate of the message the first port being delivered to CPU time, whether being judged as attack message by the message the first port being delivered to CPU and not doing concrete restriction of this employing first agreement, namely the protocol massages equaling predetermined threshold by the uploading rate of the message the first port being delivered to CPU for employing first agreement can be judged as attack message, also attack message can not be judged as, concrete can select according to the demand of practical application scene, the embodiment of the present invention does not limit at this.
Wherein, it should be noted that, the first agreement in the embodiment of the present invention is ARP, IP, ICMP, OSPF (Open Shortest Path First InteriorGateway Protocol, OSPF), DHCP (Dynamic hostconfiguration protocol, DHCP), IGMP (Internet GroupManagement Protocol, etc. IGMP) any one in procotol, the embodiment of the present invention does not do concrete restriction at this to the first agreement.
202, the network equipment obtains the first protocol massages.
Wherein, the forwarding face of the network equipment can obtain the first protocol massages needs being delivered to CPU.
The chain of command of the network equipment determine employing first agreement be greater than predetermined threshold by the uploading rate of the message the first port being delivered to CPU after, the chain of command of the network equipment can generate and comprise the first agreement, the indication information of the first port, and indication information is sent to the forwarding face of this network equipment, so that the forwarding face of the network equipment is after getting the first protocol massages, the indication information that can send according to the chain of command of the network equipment judges whether the first protocol massages is attack message, concrete, whether the protocol type that can judge the first protocol massages is the first agreement, and send the first protocol massages whether to be the first port to the port of CPU on judging.If the forwarding face of the network equipment determines that the protocol type of the first protocol massages is the first agreement, and on determining, send the first protocol massages to be the first port to the port of CPU, then the forwarding face of the network equipment can perform following steps 203, if the forwarding face of the network equipment determines that the protocol type of the first protocol massages is not the first agreement, or, the forwarding face of the network equipment send the first protocol massages not to be the first port to the port of CPU on determining, or, the forwarding face of the network equipment determines that the protocol type of the first protocol massages is not the first agreement, and on determining, send the first protocol massages not to be the first port to the port of CPU, the forwarding face of the network equipment then can send priority to deliver to CPU by the first protocol massages on corresponding to the protocol type of the first protocol massages.
203, when the network equipment determines that the protocol type of the first protocol massages is the first agreement, and when sending the first protocol massages to the port of CPU to be the first port on determining, determine that the first protocol massages is attack message.
Wherein, determine that when the forwarding face of the network equipment protocol type of the first protocol massages is the first agreement, and when sending the first protocol massages to the port of CPU to be the first port on determining, the forwarding face of the network equipment then can determine that the first protocol massages is attack message.
Further alternative, VLAN (the Virtual Local Area Network of the first protocol massages can also be determined in the forwarding face of the network equipment, VLAN) whether whether identical with the VLAN of the message being judged as attack message, and determining that the VLAN of the first protocol massages determines time identical with the VLAN of the message being judged as attack message that the first protocol massages is attack message.
204, the network equipment is set to the first priority by the first protocol massages sending priority, and carries out safety speed-limit to the first protocol massages separately.
Wherein, after the forwarding face of the network equipment determines that the first protocol massages is attack message, the forwarding face of the network equipment can be set to the first priority by the first protocol massages sending priority, and according to this first priority, the first protocol massages is sent to the chain of command of the network equipment, namely the CPU of the network equipment is delivered on, and safety speed-limit is carried out to this first protocol massages, the normal speed limit of its speed limit and the first protocol massages separately.Wherein, the first priority be less than the first protocol massages normal on send priority, the first protocol massages normal on send priority to determine according to the type of message of the first protocol massages.
Optionally, the chain of command of the network equipment determine employing first agreement be greater than predetermined threshold by the uploading rate of the message the first port being delivered to CPU after, can also comprise in the indication information that the chain of command of the network equipment generates the message by the first port being delivered to CPU of employing first agreement on send priority to be the first priority, like this, determine in the forwarding face of the network equipment the first protocol massages be employing first agreement by after the attack message of the first port being delivered to CPU, the indication information that can send according to the chain of command of the network equipment is set to the first priority by the first protocol massages sending priority.
205, the network equipment determines that the first protocol massages is attack message, or obtains the identification information of the first protocol massages, and to determine that identification information identifies the first protocol massages be attack message.
Wherein, to the first protocol massages send priority be set to the first priority in the forwarding face of the network equipment, and after according to this first priority the first protocol massages being sent to the chain of command of the network equipment, in a kind of possible implementation of the embodiment of the present invention, the chain of command of the network equipment can determine whether the first protocol massages is attack message, the chain of command of the concrete network equipment can determine that the protocol type of the first protocol massages is the first agreement, and when giving the first protocol massages to the port of CPU to be the first port on determining, determine that the first protocol massages is attack message.In the implementation that the another kind of the embodiment of the present invention is possible, the chain of command of the network equipment can obtain the identification information of the first protocol massages from the forwarding face of the network equipment, and determine whether the first protocol massages is attack message according to the identification information of the first protocol massages, whether this identification information is attack message for identifying the first protocol massages, concrete, the chain of command of the network equipment when determining identification information to identify the first protocol massages being attack message, can determine that the first protocol massages is attack message.
206, the first protocol massages is stored to and attacks in queue by the network equipment.
Wherein, strike team is classified as the queue storing attack message, and the processing priority of attacking queue is less than the processing priority of the corresponding queue of all protocol types in CPU.Concrete, determine that the first protocol massages is attack message at the chain of command of the network equipment, or obtain the identification information of the first protocol massages, and determine that identification information identifies after the first protocol massages is attack message, first protocol massages can be stored to and attack in queue, such first protocol massages then can be stored in the process waiting for CPU in this attack queue, the concrete processing priority due to attack queue is minimum, therefore after CPU processes all normal protocol messages, just can process the first protocol massages being stored in and attacking in queue, ensure that the priority treatment of normal protocol message, reduce the impact of attack message on the chain of command of the network equipment.
Optionally, the memory space of the queue that the corresponding protocol type of normal protocol messages all in CPU that the memory space attacking queue can be arranged in embodiments of the present invention is corresponding is little, and when attacking queue and filling up, initiatively will the packet loss in queue be attacked.
What 207, the network equipment determined employing first agreement is less than predetermined threshold by the uploading rate of the message the first port being delivered to CPU.
Wherein, when the chain of command of the network equipment determine employing first agreement be less than predetermined threshold by the uploading rate of the message the first port being delivered to CPU time, the chain of command of the network equipment can determine the situation that there is not attack by the message the first port being delivered to CPU of this employing first agreement, now just can punish being removed by the message the first port being delivered to CPU of employing first agreement.
Optionally, in a kind of possible implementation of the embodiment of the present invention, whether what the chain of command of the network equipment can determine employing first agreement is less than predetermined threshold within a predetermined period of time by the uploading rate of the message the first port being delivered to CPU, and determine employing first agreement be less than predetermined threshold within a predetermined period of time by the uploading rate of the message the first port being delivered to CPU time, remove the punishment of the message by the first port being delivered to CPU to employing first agreement.
208, the network equipment obtains second protocol message.
Wherein, the forwarding face of the network equipment can obtain second protocol message needs being delivered to CPU.
The chain of command of the network equipment determine employing first agreement be less than predetermined threshold by the uploading rate of the message the first port being delivered to CPU after, the chain of command of the network equipment can generate and comprise the first agreement, the indication information of the first port, and indication information is sent to the forwarding face of this network equipment, so that the forwarding face of the network equipment is after getting second protocol message, the indication information that can send according to the chain of command of the network equipment removes the punishment to the message by the first port being delivered to CPU of employing first agreement, concrete, whether the protocol type that can judge second protocol message is the first agreement, and send second protocol message whether to be the first port to the port of CPU on judging.If the forwarding face of the network equipment determines that the protocol type of second protocol message is the first agreement, and on determining, send second protocol message to be the first port to the port of CPU, then being removed by the punishment of the second protocol message the first port being delivered to CPU employing first agreement can be determined in the forwarding face of the network equipment, namely performs following steps 209.
209, when the protocol type of network equipment determination second protocol message is the first agreement, and when sending second protocol message to the port of CPU to be the first port on determining, by second protocol message send priority be set to second protocol message normal on send priority.
Wherein, the punishment to the message by the first port being delivered to CPU of employing first agreement is removed at the chain of command of the network equipment, and determine that in the forwarding face of the network equipment protocol type of second protocol message is the first agreement, and when giving second protocol message to the port of CPU to be the first port on determining, the forwarding face of the network equipment can by second protocol message send priority be set to second protocol message normal on send priority (what second protocol message and the first protocol massages all adopted be the first agreement, therefore, first protocol massages normal on send priority and second protocol message normal on send priority identical), and send priority that second protocol message is sent to the chain of command of the network equipment on normal, namely the CPU of the network equipment is delivered on.Certainly, owing to relieving the punishment of the message by the first port being delivered to CPU to employing first agreement, therefore second protocol message should be stored in queue corresponding to the protocol type of this second protocol message.
For the ease of the understanding of those skilled in the art, the embodiment of the present invention is illustrated specific embodiment of the invention process at this.
The chain of command of the network equipment is determined to adopt IGMP's to be attack message by the first port being delivered to the message of CPU, then generate and comprise IGMP, the indication information of the first port, and indication information is sent to the forwarding face of the network equipment, after the forwarding face of the network equipment receives new protocol massages, can judge whether new protocol massages is attack message according to indication information, when determining that the protocol type of new protocol massages is the first agreement, and when giving new protocol massages to the port of CPU to be the first port on determining, then determine that new protocol massages is attack message, now the forwarding face of the network equipment can be set to the first priority by new protocol massages sending priority, and separately to adopting, IGMP's carry out speed limit by the new protocol massages the first port being delivered to CPU, then new protocol massages will be delivered to the CPU of the network equipment according to the first priority, and, after the chain of command of the network equipment determines that new protocol massages is attack message, new protocol massages is stored in and attacks in queue, such network equipment just can process the message of the employing IGMP of normal users in time, thus ensure that in time for normal users provides corresponding business service, and after the Message processing of the network equipment to normal users completes, the message attacked in queue can be processed, thus when ensureing the Message processing of normal users, process is identified as the protocol massages of attack message as much as possible.
And, if the chain of command of the network equipment determines that employing IGMP's is less than predetermined threshold by the uploading rate of the message the first port being delivered to CPU, then can remove the punishment of the message by the first port being delivered to CPU to adopting IGMP, in order to adopt, IGMP's provide normal service quality by the message the first port being delivered to CPU.
It should be noted that, the network equipment described in the embodiment of the present invention refers to the network equipment such as switch, router, and the embodiment of the present invention does not do concrete restriction at this to the network equipment.
What the embodiment of the present invention provided prevents message aggression method, the network equipment is after the first protocol massages determining to get is attack message, not simple the protocol massages being identified as attack message is carried out discard processing, but by by protocol massages send priority be reduced to more normal than it on send priority low the first priority, make when ensureing normal protocol Message processing, process is identified as the protocol massages of attack message as much as possible, thus the normal protocol message that the message amount avoided in the unit interval exceedes threshold value is occurred by the situation of punishing by mistake, improve the service efficiency of the network equipment.
And, determine to adopt a certain agreement be less than predetermined threshold by the uploading rate of the message certain port being delivered to CPU after, remove the punishment of the message by this port being delivered to CPU to adopting this agreement, what it is such that the network equipment can be more intelligent punishes attack message.
Embodiment 3
The embodiment of the present invention 3 provides one to prevent message aggression device, as shown in Figure 3, comprising: acquiring unit 31, determining unit 32, setting unit 33.
Acquiring unit 31, for obtaining the first protocol massages.
Determining unit 32, for determining that described first protocol massages that described acquiring unit 31 obtains is attack message.
Setting unit 33, for described first protocol massages that obtained by described acquiring unit 31 send priority to be set to the first priority; Described first priority be less than described first protocol massages normal on send priority, described first protocol massages normal on send priority to determine according to the type of message of described first protocol massages.
In embodiments of the present invention, further alternative, as shown in Figure 4, described in prevent message aggression device from can also comprise: speed limit unit 34.
Speed limit unit 34, after determining that described first protocol massages is attack message in described determining unit 32, carries out safety speed-limit to described first protocol massages separately.
In embodiments of the present invention, further alternative, described determining unit 32, also for before obtaining the first protocol massages at described acquiring unit 31, that determines employing first agreement is greater than predetermined threshold by the uploading rate of the message the first port being delivered to central processor CPU; Described uploading rate be described employing first agreement by message unit time of the first port being delivered to CPU by described first port being delivered to the message amount of described CPU.
Described determining unit 32, determine that the protocol type of described first protocol massages is described first agreement specifically for working as, and when sending described first protocol massages to the port of described CPU to be described first port on determining, determine that described first protocol massages is described attack message.
In embodiments of the present invention, further alternative, described determining unit 32, also for will described first protocol massages sending after priority is set to the first priority at described setting unit 33, that determines employing first agreement be less than predetermined threshold by the uploading rate of the message the first port being delivered to CPU.
Described acquiring unit 31, also for obtaining second protocol message.
Described setting unit 33, also determine that the protocol type of described second protocol message is described first agreement for working as, and when sending described second protocol message to the port of described CPU to be described first port on determining, by described second protocol message send priority be set to described second protocol message normal on send priority.
In embodiments of the present invention, further alternative, described determining unit 32, is greater than described predetermined threshold specifically for what determine described employing first agreement within a predetermined period of time by the described uploading rate of the message the first port being delivered to CPU.
In embodiments of the present invention, further alternative, described determining unit 32, is less than described predetermined threshold specifically for what determine described employing first agreement within a predetermined period of time by the described uploading rate of the message the first port being delivered to CPU.
In embodiments of the present invention, further alternative, described determining unit 32, also for will described first protocol massages sending after priority is set to the first priority at described setting unit 33, determine that described first protocol massages is described attack message, or, described determining unit 32, also for will described first protocol massages sending after priority is set to the first priority at described setting unit 33, obtain the identification information of described first protocol massages, and determine that described first protocol massages of described identification information mark is described attack message; Whether described identification information is described attack message for identifying described first protocol massages;
The described message aggression device that prevents can also comprise: memory cell 35.
Memory cell 35, attacks in queue for being stored to by described first protocol massages; Wherein, described strike team is classified as the queue storing described attack message, and the processing priority of described attack queue is less than the processing priority of the corresponding queue of all protocol types in described CPU.
It should be noted that, the specific descriptions of each functional module in message aggression device that what the embodiment of the present invention provided prevent can the specific descriptions of corresponding content in reference method embodiment, and in this not go into detail for the embodiment of the present invention.
What the embodiment of the present invention provided prevents message aggression device, the network equipment is after the first protocol massages determining to get is attack message, not simple the protocol massages being identified as attack message is carried out discard processing, but by by protocol massages send priority be reduced to more normal than it on send priority low the first priority, make when ensureing normal protocol Message processing, process is identified as the protocol massages of attack message as much as possible, thus the normal protocol message that the message amount avoided in the unit interval exceedes threshold value is occurred by the situation of punishing by mistake, improve the service efficiency of the network equipment.
And, determine to adopt a certain agreement be less than predetermined threshold by the uploading rate of the message certain port being delivered to CPU after, remove the punishment of the message by this port being delivered to CPU to adopting this agreement, what it is such that the network equipment can be more intelligent punishes attack message.
Embodiment 4
The embodiment of the present invention 4 provides one to prevent message aggression device, as shown in Figure 5, comprise: at least one processor 41, memory 42, communication interface 43 and bus 44, this at least one processor 41, memory 42 and communication interface 43 are connected by bus 44 and complete mutual communication, wherein:
Described bus 44 can be industry standard architecture (Industry StandardArchitecture, ISA) bus, peripheral component interconnect (Peripheral ComponentInterconnect, PCI) bus or extended industry-standard architecture (Extended IndustryStandard Architecture, EISA) bus etc.This bus 44 can be divided into address bus, data/address bus, control bus etc.For ease of representing, only representing with a thick line in Fig. 5, but not representing the bus only having a bus or a type.
Described memory 42 is for stores executable programs code, and this program code comprises computer-managed instruction.Memory 42 may comprise high-speed RAM memory, still may comprise nonvolatile memory (non-volatile memory), such as at least one magnetic disc store.
Described processor 41 may be a central processing unit (Central Processing Unit, CPU), or specific integrated circuit (Application Specific Integrated Circuit, or be configured to implement one or more integrated circuits of the embodiment of the present invention ASIC).
Described communication interface 43, is mainly used in the communication realized between the equipment of the present embodiment.
Described processor 41, for performing the executable program code stored in described memory 42, concrete for performing following operation:
Described processor 41, for obtaining the first protocol massages; Determine that described first protocol massages is attack message; Priority is sent to be set to the first priority by described first protocol massages; Described first priority be less than described first protocol massages normal on send priority, described first protocol massages normal on send priority to determine according to the type of message of described first protocol massages.
In embodiments of the present invention, further alternative, described processor 41, also for described determine that described first protocol massages is attack message after, separately safety speed-limit is carried out to described first protocol massages.
In embodiments of the present invention, further alternative, described processor 41, also for before described acquisition first protocol massages, that determines employing first agreement is greater than predetermined threshold by the uploading rate of the message the first port being delivered to central processor CPU; Described uploading rate be described employing first agreement by message unit time of the first port being delivered to CPU by described first port being delivered to the message amount of described CPU.
Described processor 41, determine that the protocol type of described first protocol massages is described first agreement specifically for working as, and when sending described first protocol massages to the port of described CPU to be described first port on determining, determine that described first protocol massages is described attack message.
In embodiments of the present invention, further alternative, described processor 41, also for will described first protocol massages sending after priority is set to the first priority described, that determines employing first agreement be less than predetermined threshold by the uploading rate of the message the first port being delivered to CPU; Obtain second protocol message; When determining that the protocol type of described second protocol message is described first agreement, and when sending described second protocol message to the port of described CPU to be described first port on determining, by described second protocol message send priority be set to described second protocol message normal on send priority.
In embodiments of the present invention, further alternative, described processor 41, is greater than described predetermined threshold specifically for what determine described employing first agreement within a predetermined period of time by the described uploading rate of the message the first port being delivered to CPU.
In embodiments of the present invention, further alternative, described processor 41, is less than described predetermined threshold specifically for what determine described employing first agreement within a predetermined period of time by the described uploading rate of the message the first port being delivered to CPU.
In embodiments of the present invention, further alternative, described processor 41, also for will described first protocol massages sending after priority is set to the first priority described, determine that described first protocol massages is described attack message, or, obtain the identification information of described first protocol massages, and determine that described first protocol massages of described identification information mark is described attack message; Whether described identification information is described attack message for identifying described first protocol massages.
Described memory 42, also attacks in queue for being stored to by described first protocol massages; Wherein, described strike team is classified as the queue storing described attack message, and the processing priority of described attack queue is less than the processing priority of the corresponding queue of all protocol types in described CPU.
It should be noted that, the specific descriptions of each functional module in message aggression device that what the embodiment of the present invention provided prevent can the specific descriptions of corresponding content in reference method embodiment, and in this not go into detail for the embodiment of the present invention.
What the embodiment of the present invention provided prevents message aggression device, the network equipment is after the first protocol massages determining to get is attack message, not simple the protocol massages being identified as attack message is carried out discard processing, but by by protocol massages send priority be reduced to more normal than it on send priority low the first priority, make when ensureing normal protocol Message processing, process is identified as the protocol massages of attack message as much as possible, thus the normal protocol message that the message amount avoided in the unit interval exceedes threshold value is occurred by the situation of punishing by mistake, improve the service efficiency of the network equipment.
And, determine to adopt a certain agreement be less than predetermined threshold by the uploading rate of the message certain port being delivered to CPU after, remove the punishment of the message by this port being delivered to CPU to adopting this agreement, what it is such that the network equipment can be more intelligent punishes attack message.
Through the above description of the embodiments, those skilled in the art can be well understood to, for convenience and simplicity of description, only be illustrated with the division of above-mentioned each functional module, in practical application, can distribute as required and by above-mentioned functions and be completed by different functional modules, the internal structure by device is divided into different functional modules, to complete all or part of function described above.The specific works process of the device of foregoing description, with reference to the corresponding process in preceding method embodiment, can not repeat them here.
In several embodiments that the application provides, should be understood that disclosed apparatus and method can realize by another way.Such as, device embodiment described above is only schematic, such as, the division of described module or unit, be only a kind of logic function to divide, actual can have other dividing mode when realizing, such as multiple unit or assembly can in conjunction with or another device can be integrated into, or some features can be ignored, or do not perform.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, and the indirect coupling of device or unit or communication connection can be electrical, machinery or other form.
The described unit illustrated as separating component or can may not be and physically separates, and the parts as unit display can be a physical location or multiple physical location, namely can be positioned at a place, or also can be distributed to multiple different local.Some or all of unit wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, also can be that the independent physics of unit exists, also can two or more unit in a unit integrated.Above-mentioned integrated unit both can adopt the form of hardware to realize, and the form of SFU software functional unit also can be adopted to realize.
If described integrated unit using the form of SFU software functional unit realize and as independently production marketing or use time, can be stored in a read/write memory medium.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words or all or part of of this technical scheme can embody with the form of software product, this software product is stored in a storage medium, comprise all or part of step of some instructions in order to make an equipment (can be single-chip microcomputer, chip etc.) or processor (processor) perform method described in each embodiment of the present invention.And aforesaid storage medium comprises: USB flash disk, portable hard drive, read-only memory (ROM, Read-Only Memory), random access memory (RAM, RandomAccess Memory), magnetic disc or CD etc. various can be program code stored medium.
The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, is anyly familiar with those skilled in the art in the technical scope that the present invention discloses; change can be expected easily or replace, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should described be as the criterion with the protection range of claim.
Claims (14)
1. prevent a message aggression method, it is characterized in that, comprising:
Obtain the first protocol massages;
Determine that described first protocol massages is attack message;
Priority is sent to be set to the first priority by described first protocol massages; Described first priority be less than described first protocol massages normal on send priority, described first protocol massages normal on send priority to determine according to the type of message of described first protocol massages.
2. according to claim 1ly prevent message aggression method, it is characterized in that, described determine that described first protocol massages is attack message after, also comprise:
Separately safety speed-limit is carried out to described first protocol massages.
3. according to claim 1 and 2ly prevent message aggression method, it is characterized in that, before described acquisition first protocol massages, also comprise:
That determines employing first agreement is greater than predetermined threshold by the uploading rate of the message the first port being delivered to central processor CPU; Described uploading rate be described employing first agreement by message unit time of the first port being delivered to CPU by described first port being delivered to the message amount of described CPU;
Describedly determine that described first protocol massages is attack message, comprising:
When determining that the protocol type of described first protocol massages is described first agreement, and when sending described first protocol massages to the port of described CPU to be described first port on determining, determine that described first protocol massages is described attack message.
4. according to claim 1 and 2ly prevent message aggression method, it is characterized in that, will described first protocol massages send after priority is set to the first priority described, also comprise:
That determines employing first agreement is less than predetermined threshold by the uploading rate of the message the first port being delivered to CPU;
Obtain second protocol message;
When determining that the protocol type of described second protocol message is described first agreement, and when sending described second protocol message to the port of described CPU to be described first port on determining, by described second protocol message send priority be set to described second protocol message normal on send priority.
5. according to claim 3ly prevent message aggression method, it is characterized in that, described determine employing first agreement be greater than predetermined threshold by the uploading rate of the message the first port being delivered to central processor CPU, comprising:
That determines described employing first agreement is greater than described predetermined threshold within a predetermined period of time by the described uploading rate of the message the first port being delivered to CPU.
6. according to claim 4ly prevent message aggression method, it is characterized in that, described determine employing first agreement be less than predetermined threshold by the uploading rate of the message the first port being delivered to CPU, comprising:
That determines described employing first agreement is less than described predetermined threshold within a predetermined period of time by the described uploading rate of the message the first port being delivered to CPU.
7. according to claim 1 and 2ly prevent message aggression method, it is characterized in that, will described first protocol massages send after priority is set to the first priority described, also comprise:
Determine that described first protocol massages is described attack message, or, obtain the identification information of described first protocol massages, and determine that described first protocol massages of described identification information mark is described attack message; Whether described identification information is described attack message for identifying described first protocol massages;
Described first protocol massages is stored to and attacks in queue; Wherein, described strike team is classified as the queue storing described attack message, and the processing priority of described attack queue is less than the processing priority of the corresponding queue of all protocol types in described CPU.
8. prevent a message aggression device, it is characterized in that, comprising:
Acquiring unit, for obtaining the first protocol massages;
Determining unit, for determining that described first protocol massages that described acquiring unit obtains is attack message;
Setting unit, for described first protocol massages that obtained by described acquiring unit send priority to be set to the first priority; Described first priority be less than described first protocol massages normal on send priority, described first protocol massages normal on send priority to determine according to the type of message of described first protocol massages.
9. according to claim 8ly prevent message aggression device, it is characterized in that, also comprise:
Speed limit unit, after determining that in described determining unit described first protocol massages is attack message, carries out safety speed-limit to described first protocol massages separately.
10. according to claim 8 or claim 9 prevent message aggression device, it is characterized in that,
Described determining unit, also for before obtaining the first protocol massages at described acquiring unit, that determines employing first agreement is greater than predetermined threshold by the uploading rate of the message the first port being delivered to central processor CPU; Described uploading rate be described employing first agreement by message unit time of the first port being delivered to CPU by described first port being delivered to the message amount of described CPU;
Described determining unit, specifically for:
When determining that the protocol type of described first protocol massages is described first agreement, and when sending described first protocol massages to the port of described CPU to be described first port on determining, determine that described first protocol massages is described attack message.
11. according to claim 8 or claim 9 prevent message aggression device, it is characterized in that,
Described determining unit, also for will described first protocol massages sending after priority is set to the first priority at described setting unit, that determines employing first agreement be less than predetermined threshold by the uploading rate of the message the first port being delivered to CPU;
Described acquiring unit, also for obtaining second protocol message;
Described setting unit, also determine that the protocol type of described second protocol message is described first agreement for working as, and when sending described second protocol message to the port of described CPU to be described first port on determining, by described second protocol message send priority be set to described second protocol message normal on send priority.
12. according to claim 10ly prevent message aggression device, it is characterized in that,
Described determining unit, is greater than described predetermined threshold specifically for what determine described employing first agreement within a predetermined period of time by the described uploading rate of the message the first port being delivered to CPU.
13. according to claim 11ly prevent message aggression device, it is characterized in that,
Described determining unit, is less than described predetermined threshold specifically for what determine described employing first agreement within a predetermined period of time by the described uploading rate of the message the first port being delivered to CPU.
14. according to claim 8 or claim 9 prevent message aggression device, it is characterized in that,
Described determining unit, also for will described first protocol massages sending after priority is set to the first priority at described setting unit, determine that described first protocol massages is described attack message, or, described determining unit, also at described setting unit by described first protocol massages sending after priority is set to the first priority, obtain the identification information of described first protocol massages, and determine that described first protocol massages of described identification information mark is described attack message; Whether described identification information is described attack message for identifying described first protocol massages;
Describedly prevent message aggression device, also comprise:
Memory cell, attacks in queue for being stored to by described first protocol massages; Wherein, described strike team is classified as the queue storing described attack message, and the processing priority of described attack queue is less than the processing priority of the corresponding queue of all protocol types in described CPU.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310645648.XA CN104702560A (en) | 2013-12-04 | 2013-12-04 | Method and device for preventing message attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310645648.XA CN104702560A (en) | 2013-12-04 | 2013-12-04 | Method and device for preventing message attack |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104702560A true CN104702560A (en) | 2015-06-10 |
Family
ID=53349337
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310645648.XA Pending CN104702560A (en) | 2013-12-04 | 2013-12-04 | Method and device for preventing message attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104702560A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106911590A (en) * | 2017-03-15 | 2017-06-30 | 迈普通信技术股份有限公司 | Message processing method, device and distributed apparatus |
| CN107948157A (en) * | 2017-11-24 | 2018-04-20 | 锐捷网络股份有限公司 | A kind of message processing method and device |
| CN108243100A (en) * | 2016-12-27 | 2018-07-03 | 北京华为数字技术有限公司 | The method and apparatus of detection messages loop |
| CN108429731A (en) * | 2018-01-22 | 2018-08-21 | 新华三技术有限公司 | Anti-attack method, device and electronic equipment |
| CN109379356A (en) * | 2018-10-16 | 2019-02-22 | 盛科网络(苏州)有限公司 | The method and device of automatic capture cpu attack message |
| WO2020063853A1 (en) * | 2018-09-28 | 2020-04-02 | 新华三信息安全技术有限公司 | Message processing |
| CN113037691A (en) * | 2019-12-24 | 2021-06-25 | 中国移动通信集团浙江有限公司 | Message processing method, device and system |
| WO2021227674A1 (en) * | 2020-05-13 | 2021-11-18 | 华为技术有限公司 | Processing method for protocol message, network device, and computer storage medium |
| WO2022057647A1 (en) * | 2020-09-15 | 2022-03-24 | 华为技术有限公司 | Packet processing method, system, and device |
| WO2023109669A1 (en) * | 2021-12-17 | 2023-06-22 | 华为技术有限公司 | Overload processing method, network device, and system |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1716868A (en) * | 2004-06-29 | 2006-01-04 | 华为技术有限公司 | Method for combatting rejection service attack |
| CN101083563A (en) * | 2007-07-20 | 2007-12-05 | 杭州华三通信技术有限公司 | Method and apparatus for preventing distributed refuse service attack |
| CN101257379A (en) * | 2008-03-31 | 2008-09-03 | 华为技术有限公司 | Collocating method for preventing attack of network, method and apparatus for preventing attack |
| CN101478539A (en) * | 2008-12-31 | 2009-07-08 | 华为技术有限公司 | Method and network appliance for preventing network attack |
| CN102447711A (en) * | 2012-01-18 | 2012-05-09 | 中兴通讯股份有限公司 | Method and device for sending protocol messages |
| CN102487339A (en) * | 2010-12-01 | 2012-06-06 | 中兴通讯股份有限公司 | Attack preventing method for network equipment and device |
| US8255515B1 (en) * | 2006-01-17 | 2012-08-28 | Marvell Israel (M.I.S.L.) Ltd. | Rate limiting per-flow of traffic to CPU on network switching and routing devices |
-
2013
- 2013-12-04 CN CN201310645648.XA patent/CN104702560A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1716868A (en) * | 2004-06-29 | 2006-01-04 | 华为技术有限公司 | Method for combatting rejection service attack |
| US8255515B1 (en) * | 2006-01-17 | 2012-08-28 | Marvell Israel (M.I.S.L.) Ltd. | Rate limiting per-flow of traffic to CPU on network switching and routing devices |
| CN101083563A (en) * | 2007-07-20 | 2007-12-05 | 杭州华三通信技术有限公司 | Method and apparatus for preventing distributed refuse service attack |
| CN101257379A (en) * | 2008-03-31 | 2008-09-03 | 华为技术有限公司 | Collocating method for preventing attack of network, method and apparatus for preventing attack |
| CN101478539A (en) * | 2008-12-31 | 2009-07-08 | 华为技术有限公司 | Method and network appliance for preventing network attack |
| CN102487339A (en) * | 2010-12-01 | 2012-06-06 | 中兴通讯股份有限公司 | Attack preventing method for network equipment and device |
| CN102447711A (en) * | 2012-01-18 | 2012-05-09 | 中兴通讯股份有限公司 | Method and device for sending protocol messages |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108243100A (en) * | 2016-12-27 | 2018-07-03 | 北京华为数字技术有限公司 | The method and apparatus of detection messages loop |
| CN106911590A (en) * | 2017-03-15 | 2017-06-30 | 迈普通信技术股份有限公司 | Message processing method, device and distributed apparatus |
| CN107948157A (en) * | 2017-11-24 | 2018-04-20 | 锐捷网络股份有限公司 | A kind of message processing method and device |
| CN108429731A (en) * | 2018-01-22 | 2018-08-21 | 新华三技术有限公司 | Anti-attack method, device and electronic equipment |
| WO2020063853A1 (en) * | 2018-09-28 | 2020-04-02 | 新华三信息安全技术有限公司 | Message processing |
| CN109379356A (en) * | 2018-10-16 | 2019-02-22 | 盛科网络(苏州)有限公司 | The method and device of automatic capture cpu attack message |
| CN113037691A (en) * | 2019-12-24 | 2021-06-25 | 中国移动通信集团浙江有限公司 | Message processing method, device and system |
| WO2021227674A1 (en) * | 2020-05-13 | 2021-11-18 | 华为技术有限公司 | Processing method for protocol message, network device, and computer storage medium |
| WO2022057647A1 (en) * | 2020-09-15 | 2022-03-24 | 华为技术有限公司 | Packet processing method, system, and device |
| WO2023109669A1 (en) * | 2021-12-17 | 2023-06-22 | 华为技术有限公司 | Overload processing method, network device, and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104702560A (en) | Method and device for preventing message attack | |
| US10742682B2 (en) | Attack data packet processing method, apparatus, and system | |
| CN103401726A (en) | Network path detecting method, device and system | |
| US11689501B2 (en) | Data transfer method and virtual switch | |
| JP2011170656A (en) | Relay apparatus, virtual machine system, and relay method | |
| CN105474602A (en) | Method, device and equipment of identifying attack flow in software defined network | |
| CN105306368B (en) | A kind of transmission method and device of data message | |
| CN111224897A (en) | Flow forwarding method and device, switch equipment and intelligent network card | |
| CN103581042A (en) | Method and device for sending data package | |
| CN111431871B (en) | Processing method and device of TCP (Transmission control protocol) semi-transparent proxy | |
| CN104683428A (en) | Network service processing method and device | |
| CN103347031B (en) | A kind of method and apparatus taking precautions against ARP message aggression | |
| CN104735176A (en) | PXE booting method and device and server single board | |
| EP3240251A1 (en) | Line card determination, determination processing method and device, and line card determination system | |
| CN104160735A (en) | Packet processing method, forwarder, packet processing device and packet processing system | |
| US20190036827A1 (en) | Traffic control method and device in software defined network | |
| CN116566752A (en) | Safety drainage system, cloud host and safety drainage method | |
| CN106357652A (en) | Method and device for preventing attack of VXLAN message | |
| EP3618371B1 (en) | Routing path analysis method and device | |
| CN111224898A (en) | Message forwarding method and device, switch equipment and intelligent network card | |
| CN106357688B (en) | A kind of method and apparatus for defending ICMP flood attack | |
| CN106533882B (en) | Message processing method and device | |
| CN112612670B (en) | Session information statistical method, device, exchange equipment and storage medium | |
| CN111130816B (en) | Message forwarding processing equipment, method, device and storage medium | |
| CN112153027B (en) | Counterfeit behavior identification method, apparatus, device and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150610 |