Method for preventing transmission control protocol synchronous package flood attack
    1.
    发明授权
    Method for preventing transmission control protocol synchronous package flood attack 有权
    防止传输控制协议同步包洪泛攻击的方法

    公开(公告)号:US07363652B2

    公开(公告)日:2008-04-22

    申请号:US10613159

    申请日:2003-07-03

    IPC分类号: G06F17/30 G06F17/00

    CPC分类号: H04L63/02 H04L63/145

    摘要: The invention relates to a method for preventing TCP SYN package flood attack, and belongs to the computer network security field. First, the firewall receives a client a TCP SYN connection request package, and responses, as an agent of the server, an acknowledgement of the TCP SYN connection request package with zero window size to the client. Then, the firewall records information about the TCP SYN connection request package and checks whether the connection request is legal. When the firewall has received a TCP SYN response package from the server, it returns an acknowledgement of said TCP SYN response package. At the same time, the firewall, as an agent of the server, sends an acknowledgement packet with nonzero window size to the client for initiating data transmission from the client. After that, data packets are transferred between the client and the server forwarded by the firewall as an agent. With the invention method, it can guarantee that protected servers in a computer network will not be destroyed by TCP SYN package flood attack.

    摘要翻译: 本发明涉及一种防止TCP SYN包洪泛攻击的方法,属于计算机网络安全领域。 首先,防火墙接收客户端TCP SYN连接请求包,响应作为服务器的代理,确认客户端具有零窗口大小的TCP SYN连接请求包。 然后,防火墙记录有关TCP SYN连接请求包的信息,并检查连接请求是否合法。 当防火墙从服务器接收到TCP SYN响应包时,它返回所述TCP SYN响应包的确认。 同时,防火墙作为服务器的代理,向客户端发送具有非零窗口大小的确认数据包,以从客户端发起数据传输。 之后,数据包在客户端和作为代理的防火墙转发的服务器之间传输。 利用本发明的方法,可以保证计算机网络中受保护的服务器不会被TCP SYN包洪泛攻击所破坏。