CN109802937B - Method for discovering IP spoofing attack under TCP of intelligent terminal equipment - Google Patents
Method for discovering IP spoofing attack under TCP of intelligent terminal equipment Download PDFInfo
- Publication number
- CN109802937B CN109802937B CN201811448541.5A CN201811448541A CN109802937B CN 109802937 B CN109802937 B CN 109802937B CN 201811448541 A CN201811448541 A CN 201811448541A CN 109802937 B CN109802937 B CN 109802937B
- Authority
- CN
- China
- Prior art keywords
- tcp
- internet
- header
- data packet
- record
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method for discovering IP spoofing attack under an intelligent terminal device TCP, which is based on the fact that a security module is connected in series with an Internet communication port of an Internet of things intelligent terminal, the security module is communicated with an Internet of things system server through an information transmission network, a communication white list based on source/target IP addresses, port numbers, service types, mac addresses and the like is arranged in the security module, the security module analyzes header information of communication data packets of the Internet of things device and a network layer and is matched and filtered with the communication white list, data packets conforming to the communication white list can pass through, if not, the data packets are blocked by the security module, and the occurrence of IP spoofing attack under the intelligent terminal device TCP is timely discovered in a mode of receiving, sending, recording and checking, so that the security of the system is effectively improved.
Description
[ technical field ] A method for producing a semiconductor device
The invention relates to the technical field of communication safety of Internet of things equipment, in particular to a method for discovering IP spoofing attack under TCP of intelligent terminal equipment.
[ background of the invention ]
With the development of information technology, more and more internet of things devices with intelligent sensing functions are accessed to a network and become targets of network attack. After being invaded by hackers, viruses and the like, the devices become a great amount of controlled network attack tools, and great hidden dangers are brought to network security burying.
A safety module is connected in series with an internet access communication end of the internet of things intelligent terminal device, and a communication white list which is based on a TCP/IP protocol and comprises a source/target IP address, a port number, a service type and a mac address is arranged in the safety module. The safety module analyzes the packet head information of the communication data packet of the Internet of things equipment and the network layer and matches and filters the communication white list, the data packet which accords with the communication white list can pass through, and the data packet which does not accord with the communication white list is blocked by the safety module, so that the safety of the network communication of the Internet of things intelligent terminal equipment can be effectively improved.
However, the security module filters the communication security mechanism based on the communication white list data packet including the IP address, port number, service type, mac address, etc. of the source/destination, and has no protection capability against the TCP/IP address spoofing attack. TCP/IP address spoofing is a form of attack by hackers using a computer to access the internet, spoofing the source IP address and source port number of another machine in outgoing IP packets, and impersonating the identity of other systems or senders to communicate with the communicating party. Therefore, it is necessary to provide a method for discovering IP spoofing attacks on the intelligent terminal device under TCP.
[ summary of the invention ]
The invention aims to overcome the defects of the prior art and provides a method for discovering IP spoofing attack under the TCP of the intelligent terminal equipment, which can improve the security of the system.
In order to achieve the purpose, the invention provides a method for discovering IP spoofing attack under an intelligent terminal device TCP, which is based on the fact that a security module is connected in series with an internet communication port of an internet of things intelligent terminal, the security module is communicated with an internet of things system server through an information transmission network, a communication white list is arranged in the security module, the security module analyzes header information of communication data packets of the internet of things device and a network layer and is matched and filtered with the communication white list, data packets conforming to the communication white list can pass through, and if the data packets do not conform to the communication white list, the data packets are blocked by the security module, and the method comprises the following steps:
the first step is as follows: the safety module records the characteristic information of the data packet header from the server of the Internet of things system with the address marked as the address one by one, and forms a data packet header characteristic information log received by the system server, and the data packet header characteristic information log is recorded as: { passing a downstream packet header characteristic information log };
the second step is that: the characteristic information of the head of the data packet sent to the safety module by the server of the Internet of things system is recorded one by one to form a data packet head characteristic information log sent to the safety module, and the log is recorded as: { sending packet header characteristic information log };
the third step: and (3) discovering IP spoofing attack under the TCP of the intelligent terminal equipment by adopting a receiving and sending record checking mode: and (4) checking each record in the (through downlink data packet header characteristic information log), and when the corresponding sending record cannot be found in the time period corresponding to the (sending data packet header characteristic information log), determining that IP deception behavior under TCP is carried out on the security module by the address and the port of a counterfeit Internet of things system server, otherwise, IP deception behavior under TCP does not occur.
The method specifically comprises the following steps:
s1, establishing a { through a downlink data packet header characteristic information log } record of the security module: { N } and { Send packet header characteristics information Log } are written: { M }:
the safety module analyzes the header information of the data packet, wherein the source address of the data packet is marked as the address of the system server of the internet of things, and a timestamp t2, a TCP packet header Seq # value and a TCP packet header Ack # value when the data packet reaches the safety module are taken out to form a record and are logged, and the record is counted respectively as follows: t2, Seq2#, Ack2 #; after a plurality of data packets pass through, accumulating to form { N };
the internet of things system server analyzes the header information of a data packet with a target address as an internet of things intelligent terminal address, and a timestamp t1, a TCP packet header Seq # value and a TCP packet header Ack # value when the data packet is sent out are taken out to form a record and are logged, and the record is counted as follows: t1, Seq1#, Ack1 #; after a plurality of data packets pass through, accumulating to form { M };
s2, timestamp synchronization:
the security module sends the { N } to the server of the Internet of things system, and takes the timestamp of the server of the Internet of things system as a reference, t2 security module timestamp values in the log are synchronized to be the timestamp value t1syn of the server of the Internet of things system, and the record items of the { N } after time synchronization are respectively counted as: t1syn, Seq2#, Ack2 #;
s3, comparing the header characteristic information of the receiving and sending data packets one by one:
according to the time sequence, taking out records in { N } one by one to serve as comparison reference items, comparing the records with header characteristic information records of the sending data packet in the corresponding time period T in { M } one by one, and when finding out records in which the values of Seq2# and Ack2# are completely consistent with the values of the reference items Seq1# and Ack1# respectively, sending out the data packet corresponding to the record for a system server, determining that the IP fake address condition does not occur, and recording in the comparison in { M } to not participate in subsequent comparison any more; if the consistent item can not be found, the situation of IP address impersonation is possible to occur;
the time period T is a time window determined according to a reference item time parameter T1syn in { N }, the ending value of the time window is equal to T1syn, the initial value is equal to T1syn-T ', the T' is the maximum network delay value of a data packet sent by an Internet of things system server until an Internet of things intelligent terminal receives the data packet, the T 'is a constant, and the value of the T' is adjusted according to a network extension communication environment.
Preferably, in step S1, the { N } entries further include a TCP header SYN value and a TCP header ACK value, and the { N } entries respectively count as follows: t2, SYN2, ACK2, Seq2#, ACK2 #; the entry of { M } further includes a TCP header SYN value and a TCP header ACK value, and the entry of { M } counts respectively as: t1, SYN1, ACK1, Seq1#, ACK1 #; in the step S2, the time stamp values of the t2 security modules in the log are synchronized to the time stamp value t1syn of the internet of things system server, and the record items of { N } after the time synchronization process are respectively counted as: t1SYN, SYN2, ACK2, Seq2#, ACK2 #.
Preferably, the step S3, the extracting of the records in { N } one by one as the comparison reference item, and the comparing of the records in { M } with the header characteristic information of the transmission data packet in the corresponding time period T further includes: comparing the values of SYN2 and ACK2 with the values of the reference entries SYN1 and ACK1, respectively, and when the values of the entries SYN2, ACK2, Seq2#, and ACK2# are completely consistent with the values of the reference entries SYN1, ACK1, Seq1#, and ACK1#, respectively, determining that the data packet corresponding to the record is sent out by the system server and the IP address impersonation condition does not occur; otherwise, the situation that the IP address is forged may occur.
Preferably, in step S1, only when the packet header flag satisfies the condition "SYN is 1 and ACK is 0", the packet header feature information timestamp t, the TCP header Seq # value, and the TCP header ACK # are extracted, and records are formed and listed in the logs { M } and { N }.
Preferably, the communication white list is a communication white list including an IP address, a port number, a service type and a mac address of a source/destination based on a TCP/IP protocol.
The invention has the beneficial effects that: compared with the prior art, the method and the system have the advantages that on the basis that the security module provides a communication white list data packet filtering communication security mechanism based on the IP address, the port number, the service type and the mac address of the source/target for the Internet of things system, IP spoofing attack under the TCP of the intelligent terminal equipment is found in time in a receiving, sending, recording and checking mode, and the security of the system is improved.
The features and advantages of the present invention will be described in detail by embodiments in conjunction with the accompanying drawings.
[ description of the drawings ]
Fig. 1 is a technical schematic diagram of a method for discovering IP spoofing attack under TCP for an intelligent terminal device according to the present invention.
[ detailed description ] embodiments
Referring to fig. 1, the present invention provides a method for discovering IP spoofing attack under TCP for an intelligent terminal device, which is characterized in that: the method is based on that a security module 3 is connected in series with an internet access communication end of an internet of things intelligent terminal 2, the security module 3 is in communication with an internet of things system server 1 through an information transmission network, a TCP/IP protocol-based communication white list including source/target IP addresses, port numbers, service types and mac addresses is built in the security module 3, the security module 3 analyzes header information of communication data packets of internet of things equipment and a network layer and is matched and filtered with the communication white list, data packets conforming to the communication white list can pass through, and if the data packets do not conform to the communication white list, the data packets are blocked by the security module 3, and the method comprises the following steps:
the first step is as follows: the safety module 3 records the characteristic information of the data packet header from the address marked as the server 1 of the internet of things system one by one to form a data packet header characteristic information log received by the system server, and the data packet header characteristic information log is recorded as: { passing a downstream packet header characteristic information log };
the second step is that: the internet of things system server 1 records the characteristic information of the data packet head sent to the security module 3 one by one to form a data packet head characteristic information log sent to the security module 3, and the log is recorded as: { sending packet header characteristic information log };
the third step: and (3) discovering IP spoofing attack under the TCP of the intelligent terminal equipment by adopting a receiving and sending record checking mode: and (4) checking each record in the (passing downlink data packet header characteristic information log), and when the corresponding sending record cannot be found in the time period corresponding to the (sending data packet header characteristic information log), determining that IP cheating behavior under TCP (Transmission control protocol) is carried out on the security module 3 by the address and the port of the fake Internet of things system server 1, otherwise, no IP cheating behavior under TCP occurs.
Example 1:
the method comprises the following specific steps:
s1, establishing a { through a downlink data packet header characteristic information log } record of the security module: { N } and { Send packet header characteristics information Log } are written: { M }:
the security module 3 analyzes the header information of the data packet with the passing source address marked as the address of the internet of things system server 1, and a timestamp t2, a TCP packet head SYN value, a TCP packet head ACK value, a TCP packet head Seq # value and a TCP packet head ACK # value when the data packet reaches the security module 3 are taken out to form a record and are recorded in a log; after a plurality of data packets pass through, the data packets are accumulated to form { N }, and the table structure is as follows:
t2 | SYN2 | ACK2 | Seq2# | Ack2# |
the internet of things system server 1 analyzes the header information of the data packet which is sent by the internet of things system server and has the target address of the intelligent terminal device 2, and a time stamp t1, a TCP packet head SYN value, a TCP packet head ACK value, a TCP packet head Seq # value and a TCP packet head ACK # value when the data packet is sent are taken out to form a record and are recorded in a log. After a plurality of data packets pass through, the data packets are accumulated to form { M }, and the table structure is as follows:
t1 | SYN1 | ACK1 | Seq1# | Ack1# |
s2, timestamp synchronization:
the security module 3 sends { N } to the system server, and takes the timestamp of the system server as a reference, synchronizes the timestamp values of t2 security modules 3 in the log to the timestamp value t1syn of the system server, and the { N } table after time synchronization has the following structure:
t1syn | SYN2 | ACK2 | Seq2# | Ack2# |
s3, comparing the header characteristic information of the receiving and sending data packets one by one:
and (3) taking out records in { N } one by one in time sequence, taking the records as comparison reference items, and comparing the records with header characteristic information records of the sending data packets in the corresponding time period T in { M } one by one until the records of SYN2, ACK2, Seq2#, ACK2# which are completely consistent with the values of the reference items SYN1, ACK1, Seq1#, ACK1# are found, so that the data packets corresponding to the records are really sent out by the system server and IP address impersonation does not occur, the records in the comparison in { M } do not participate in subsequent comparison, and if the consistent items are not found, the IP address impersonation situation can occur.
Wherein, the time period T is a time window determined according to the reference item time parameter T1syn in { N }. The ending value of the time window is equal to t1syn, the starting value is equal to t1syn-t ', t' is a constant, theoretically, the maximum network delay value from the time when the system server 1 sends a data packet to the time when the intelligent terminal device 2 receives the data packet is obtained, and the specific value can be adjusted according to the network extension communication environment;
example 2:
the difference from the above example 1 is that:
in step S1, the entry of { N } includes only the timestamp t2, the TCP header Seq # value, and the TCP header Ack # value, and the table structure is simplified as follows:
t2 | Seq2# | Ack2# |
the entry corresponding to { M } includes only timestamp t1, TCP header Seq1# value, and TCP header Ack1# value, and the table structure is simplified as follows:
t1 | Seq2# | Ack2# |
in step S1, only when the packet header flag satisfies the condition "SYN is 1 and ACK is 0", the packet header feature information timestamp t, the TCP header Seq # value, and the TCP header ACK # are extracted to form a record, which is listed in the logs { M } and { N }.
The above embodiments are illustrative of the present invention, and are not intended to limit the present invention, and any simple modifications of the present invention are within the scope of the present invention.
Claims (5)
1. A method for discovering IP spoofing attack under the TCP of an intelligent terminal device is characterized in that: the method is based on the fact that a safety module (3) is connected in series with an internet communication port of an internet of things intelligent terminal (2) and is in communication with an internet of things system server (1) through an information transmission network, a communication white list is arranged in the safety module (3), the safety module (3) analyzes header information of communication data packets of internet of things equipment and a network layer and is matched and filtered with the communication white list, data packets conforming to the communication white list can pass through, and if the data packets do not conform to the communication white list, the data packets are blocked by the safety module (3), and the method comprises the following steps:
the first step is as follows: the safety module (3) records the characteristic information of the data packet head from the Internet of things system server (1) with the address as a record one by one, and a data packet head characteristic information log received by the system server is formed and recorded as: { passing a downstream packet header characteristic information log };
the second step is that: the characteristic information of the data packet head part sent to the safety module (3) is recorded one by the Internet of things system server (1) to form a data packet head part characteristic information log sent to the safety module (3) and recorded as: { sending packet header characteristic information log };
the third step: and (3) discovering IP spoofing attack under the TCP of the intelligent terminal equipment by adopting a receiving and sending record checking mode: checking each record in the { through downlink data packet header characteristic information log }, and when the corresponding sending record cannot be found in the time period corresponding to the { sending data packet header characteristic information log }, determining that IP cheating behavior under TCP is carried out on the security module (3) by an address and a port of a fake internet of things system server (1), or else, IP cheating behavior under TCP does not occur;
the method specifically comprises the following steps:
s1, establishing a { through a downlink data packet header characteristic information log } record of the security module: { N } and { Send packet header characteristics information Log } are written: { M }:
the safety module (3) analyzes the header information of the data packet, wherein the passing source address is marked as the address of the Internet of things system server (1), and the timestamp t2, the TCP packet header Seq # value and the TCP packet header Ack # value when the data packet reaches the safety module (3) are taken out to form a record and are logged, and the record is counted respectively: t2, Seq2#, Ack2 #; after a plurality of data packets pass through, accumulating to form { N };
the internet of things system server (1) analyzes the header information of a data packet with a target address as the address of the internet of things intelligent terminal (2), and a timestamp t1, a TCP packet header Seq # value and a TCP packet header Ack # value when the data packet is sent are taken out to form a record, and the record is recorded in a log and respectively counted as: t1, Seq1#, Ack1 #; after a plurality of data packets pass through, accumulating to form { M };
s2, timestamp synchronization:
the security module (3) sends the { N } to the Internet of things system server (1), and takes the time stamp of the Internet of things system server (1) as a reference, t2 items of security module (3) time stamp values in the log are synchronized to be the time stamp value t1syn of the Internet of things system server (1), and the record items of the { N } after time synchronization are respectively counted: t1syn, Seq2#, Ack2 #;
s3, comparing the header characteristic information of the receiving and sending data packets one by one:
according to the time sequence, taking out records in { N } one by one to serve as comparison reference items, comparing the records with header characteristic information records of the sending data packet in the corresponding time period T in { M } one by one, and when finding out records in which the values of Seq2# and Ack2# are completely consistent with the values of the reference items Seq1# and Ack1# respectively, sending out the data packet corresponding to the record for a system server, determining that the IP fake address condition does not occur, and not participating in subsequent comparison any more in the records in { M }; if the consistent item can not be found, the situation of IP address impersonation is possible to occur;
the time period T is a time window determined according to a reference item time parameter T1syn in { N }, the ending value of the time window is equal to T1syn, the starting value is equal to T1syn-T ', and T' is the maximum network delay value of a data packet sent by an Internet of things system server (1) to an Internet of things intelligent terminal (2) and received by the data packet.
2. The method for discovering IP spoofing attacks on intelligent terminal devices under TCP as claimed in claim 1, wherein: in step S1, the { N } entry further includes a TCP header SYN value and a TCP header ACK value, and the { N } entries respectively count as follows: t2, SYN2, ACK2, Seq2#, ACK2 #; the entry of { M } further includes a TCP header SYN value and a TCP header ACK value, and the entry of { M } counts respectively as: t1, SYN1, ACK1, Seq1#, ACK1 #; in the step S2, time stamp values of the t2 security modules (3) in the log are synchronized to a time stamp value t1syn of the internet of things system server (1), and record items of { N } after time synchronization are counted respectively: t1SYN, SYN2, ACK2, Seq2#, ACK2 #.
3. The method for discovering IP spoofing attacks on intelligent terminal devices under TCP as claimed in claim 2, wherein: the step S3 of taking out the records one by one as a comparison reference item, and the step S of comparing the records of the header feature information of the transmission data packet in the corresponding time period T in the { M } further includes: comparing the values of SYN2 and ACK2 with the values of the reference entries SYN1 and ACK1, respectively, and when the values of the entries SYN2, ACK2, Seq2#, and ACK2# are completely consistent with the values of the reference entries SYN1, ACK1, Seq1#, and ACK1#, respectively, determining that the data packet corresponding to the record is sent out by the system server and the IP address impersonation condition does not occur; otherwise, the situation that the IP address is forged may occur.
4. The method for discovering IP spoofing attacks on intelligent terminal equipment under TCP according to claim 3, characterized in that: in step S1, only when the header flag bits of the packet satisfy the conditions "SYN =1 and ACK = 0", the packet header feature information timestamp t, the TCP header Seq # value, and the TCP header ACK # are extracted to form a record, and the record is listed in the logs { M } and { N }.
5. The method for discovering IP spoofing attacks on intelligent terminal devices under TCP as claimed in claim 1, wherein: the communication white list is based on a TCP/IP protocol and comprises IP addresses, port numbers, service types and mac addresses of a source/target.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811448541.5A CN109802937B (en) | 2018-11-30 | 2018-11-30 | Method for discovering IP spoofing attack under TCP of intelligent terminal equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811448541.5A CN109802937B (en) | 2018-11-30 | 2018-11-30 | Method for discovering IP spoofing attack under TCP of intelligent terminal equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109802937A CN109802937A (en) | 2019-05-24 |
CN109802937B true CN109802937B (en) | 2021-08-17 |
Family
ID=66556318
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811448541.5A Active CN109802937B (en) | 2018-11-30 | 2018-11-30 | Method for discovering IP spoofing attack under TCP of intelligent terminal equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109802937B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110740144B (en) * | 2019-11-27 | 2022-09-16 | 腾讯科技(深圳)有限公司 | Method, device, equipment and storage medium for determining attack target |
CN111918284B (en) * | 2020-07-24 | 2022-02-11 | 郑州信大捷安信息技术股份有限公司 | Safe communication method and system based on safe communication module |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101582833A (en) * | 2008-05-15 | 2009-11-18 | 成都市华为赛门铁克科技有限公司 | Method and device for processing spoofed IP data packet |
CN105337929A (en) * | 2014-06-24 | 2016-02-17 | 阿里巴巴集团控股有限公司 | Verification method and apparatus of IP address |
CN105959308A (en) * | 2016-06-30 | 2016-09-21 | 中电长城网际系统应用有限公司 | Internal network IP data packet management method and system, and devices |
CN106101161A (en) * | 2016-08-26 | 2016-11-09 | 网宿科技股份有限公司 | A kind of method and system of the tcp data bag for processing forgery |
CN107070851A (en) * | 2015-11-09 | 2017-08-18 | 韩国电子通信研究院 | The system and method that the generation of connection fingerprint and stepping-stone based on network flow are reviewed |
CN108718320A (en) * | 2018-06-14 | 2018-10-30 | 浙江远望信息股份有限公司 | A method of forming data packet communication white list to close rule data packet intersection with similar configuration internet of things equipment |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060265506A1 (en) * | 2004-04-08 | 2006-11-23 | World Extend Llc | Systems and methods for establishing and validating secure network sessions |
-
2018
- 2018-11-30 CN CN201811448541.5A patent/CN109802937B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101582833A (en) * | 2008-05-15 | 2009-11-18 | 成都市华为赛门铁克科技有限公司 | Method and device for processing spoofed IP data packet |
CN105337929A (en) * | 2014-06-24 | 2016-02-17 | 阿里巴巴集团控股有限公司 | Verification method and apparatus of IP address |
CN107070851A (en) * | 2015-11-09 | 2017-08-18 | 韩国电子通信研究院 | The system and method that the generation of connection fingerprint and stepping-stone based on network flow are reviewed |
CN105959308A (en) * | 2016-06-30 | 2016-09-21 | 中电长城网际系统应用有限公司 | Internal network IP data packet management method and system, and devices |
CN106101161A (en) * | 2016-08-26 | 2016-11-09 | 网宿科技股份有限公司 | A kind of method and system of the tcp data bag for processing forgery |
CN108718320A (en) * | 2018-06-14 | 2018-10-30 | 浙江远望信息股份有限公司 | A method of forming data packet communication white list to close rule data packet intersection with similar configuration internet of things equipment |
Also Published As
Publication number | Publication date |
---|---|
CN109802937A (en) | 2019-05-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN100508449C (en) | Protection against denial of service attacks | |
US7478429B2 (en) | Network overload detection and mitigation system and method | |
CN102143143B (en) | Method and device for defending network attack, and router | |
US7992208B2 (en) | Detection of nonconforming network traffic flow aggregates for mitigating distributed denial of service attacks | |
CN101136922B (en) | Service stream recognizing method, device and distributed refusal service attack defending method, system | |
US7865945B2 (en) | System and method for detecting and eliminating IP spoofing in a data transmission network | |
CN101848197B (en) | Detection method and device and network with detection function | |
CN102739683B (en) | A kind of network attack filter method and device | |
CN109587167B (en) | Message processing method and device | |
CN101505218A (en) | Detection method and apparatus for attack packet | |
US9143528B2 (en) | Method and device for countering fingerprint forgery attacks in a communication system | |
CN101175013A (en) | Method, network system and proxy server for preventing denial of service attack | |
US20080127324A1 (en) | DDoS FLOODING ATTACK RESPONSE APPROACH USING DETERMINISTIC PUSH BACK METHOD | |
CN102098305A (en) | Upper-level protocol authentication | |
KR20090094236A (en) | Methods and apparatus for delivering control messages during a malicious attack in one or more packet networks | |
CN109802937B (en) | Method for discovering IP spoofing attack under TCP of intelligent terminal equipment | |
CN107360182A (en) | One kind is used for Embedded Active Networks system of defense and its defence method | |
CN102427460A (en) | Multi-stage detection and defense method for ARP spoofing | |
CN106487790A (en) | Cleaning method and system that a kind of ACK FLOOD is attacked | |
CN110022303B (en) | ARP bidirectional defense system and method | |
RU2307392C1 (en) | Method (variants) for protecting computer networks | |
CN110831009B (en) | Wireless AP test method and test system for preventing wireless DOS attack | |
CN113765849A (en) | Abnormal network traffic detection method and device | |
CN109688136A (en) | A kind of detection method, system and the associated component of spoofed IP attack | |
CN108521413A (en) | A kind of network of Future Information war is resisted and defence method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |