CN103200091A - Anti-interference method - Google Patents
Anti-interference method Download PDFInfo
- Publication number
- CN103200091A CN103200091A CN2013101060749A CN201310106074A CN103200091A CN 103200091 A CN103200091 A CN 103200091A CN 2013101060749 A CN2013101060749 A CN 2013101060749A CN 201310106074 A CN201310106074 A CN 201310106074A CN 103200091 A CN103200091 A CN 103200091A
- Authority
- CN
- China
- Prior art keywords
- message
- interference
- receives
- ttl value
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 69
- 230000005540 biological transmission Effects 0.000 claims abstract description 67
- 238000002372 labelling Methods 0.000 claims description 12
- 150000001875 compounds Chemical class 0.000 claims description 10
- 230000008569 process Effects 0.000 abstract description 28
- 238000010295 mobile communication Methods 0.000 abstract 1
- 238000004590 computer program Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 230000002452 interceptive effect Effects 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 239000003795 chemical substances by application Substances 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 101000658638 Arabidopsis thaliana Protein TRANSPARENT TESTA 1 Proteins 0.000 description 2
- 101100262183 Arabidopsis thaliana TTL2 gene Proteins 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 2
- 230000000903 blocking effect Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 241000931705 Cicada Species 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 239000012467 final product Substances 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to the technical field of mobile communication, in particular to an anti-interference method which is used for solving the interference problem in the process of network data transmission. The anti-interference method comprises a step of judging whether a received message in the process of data transmission between a server side and a client side is an interference message or not, wherein the interference message can cause the interference to the data transmitted between the client side and the server side, and a step of intercepting the interference message after the received message is confirmed to be the interference message, so that the interference problem occurring in the present network data transmission process can be effectively solved and normal transmission of the network data is maintained.
Description
Technical field
The present invention relates to field of network data transmission technology, relate in particular to a kind of anti-interference method.
Background technology
At present, along with popularizing of content recognition technology, be flooded with increasing network side in the network and connect DAF, these equipment not only can be analyzed the data of transmitting in the network, can also send interfering data, stop or change the transmission of normal data.
Transmission control protocol (Transmission Control Protocol, TCP) during the company of building, confirmation of synchronization (the Synchronize/Acknowledgement that client sends at server end, SYN/ACK) after bag has responded an ACK bag, will reply the ack msg message based on the sequence number in the SYN/ACK bag thereafter; No matter in the company's of building process still is transmission course, client or server end receive that (Reset the connection, RST) during bag, connection can be forced to disconnect correct the resetting of sequence number.
When some data jamming equipments that exist in the network are wanted to stop the proper communication of TCP/IP data, can be at certain network core node monitored data, when finding that data need be blocked, send interfering data to client and server end simultaneously, allow client, server end think that the opposite end no longer needs oneself, therefore both sides disconnect and being connected of the other side simultaneously, and whole connection will be interrupted; Perhaps, jamming equipment listens to after client sends to the data of server end, having precedence over server end responds in advance as 302 redirects, 404 files to client and does not exist, 403 haves no right improper HTTP (hypertext transport protocol such as visit, 500 internal server errors, HTTP) response message impels client to change next step treatment mechanism.
At the problem that can run into interference in the above network data transmission process, prior art is not relevant solution also.
Summary of the invention
The embodiment of the invention provides a kind of anti-interference method and device, in order to solve the interference problem in the network data transmission process.
A kind of anti-interference method that the embodiment of the invention provides comprises:
Judge whether the server end and the message in the data transmission procedure between the client that receive are the interference messages that can cause interference to the data of client and server end transmission;
For after disturbing message, tackle described interference message at the message of determining to receive.
Preferably, judge according to following steps whether the message that receives is the interference message that can cause interference to the data of client and server end transmission:
The life span ttl value of the message that receives is compared with the standard ttl value of determining, if the absolute value of the ttl value of the message that receives and the difference of standard ttl value determines then that greater than preset threshold the message that receives is the interference message.
Preferably, determine described standard ttl value according to following steps:
Will be after server end and client connect, the ttl value of the message of the band SYN mark of reception is as described standard ttl value;
The message of determining to receive comprises for disturbing message:
The ttl value and the described standard ttl value that described connection are disconnected the preceding message that receives compare, if the absolute value of the difference of the ttl value of the message that receives and described standard ttl value, determines then that the message of reception is for disturbing message greater than preset threshold.
Preferably, determine described standard ttl value according to following steps:
In preceding be connected for N time that will set up between server end and client, the mean value of the ttl value of the message of all band SYN marks of reception is as described standard ttl value; N is not less than 2 positive integer;
The message of determining to receive comprises for disturbing message:
The ttl value and the described standard ttl value that the N+1 time are reached the message that receives in the connection afterwards compare, and are the interference message if the absolute value of the difference of the ttl value of the message of follow-up reception and described standard ttl value, is then determined the message that receives greater than preset threshold.
Preferably, judge according to following steps whether the message that receives is the interference message that can cause interference to the data of client and server end transmission:
If do not have any one tcp option in the message of the band SYN mark that receives, determine that then this message is for disturbing message; Or,
If do not have mss option and/or do not have the WSCALE option in the message of the band SYN mark that receives, determine that then this message is for disturbing message.
Preferably, judge according to following steps whether the message that receives is the interference message that can cause interference to the data of client and server end transmission:
If the packet labeling compound mode of the message that receives does not belong to the TCP packet labeling compound mode of setting, determine that then this message is for disturbing message.
Preferably, judge according to following steps whether the message that receives is the interference message that can cause interference to the data of client and server end transmission:
After if connect between server end and client, disconnect before the connection, the absolute value of the sequence number difference of the message of adjacent twice reception determines then that greater than preset threshold the message that the back receives is the interference message.
Preferably, judge according to following steps whether the message that receives is the interference message that can cause interference to the data of client and server end transmission:
Round-trip delay RTT when determining normal transmission data between server end and the client;
At the message that receives, determine feedback time that should message; Described feedback time is after sending message, receives the corresponding time that sends the answer message of message;
If the message that the absolute value of the difference of described RTT and described feedback time greater than preset threshold, is then determined to receive is for disturbing message.
A kind of means for anti-jamming that the embodiment of the invention provides comprises:
Judge module be used for to judge whether the server end that receives and the message of the data transmission procedure between the client are the interference messages that can cause interference to the data that client and server end transmit;
Blocking module, the message that is used for determining to receive at judge module is tackled described interference message for after disturbing message.
Whether the embodiment of the invention is to disturb message by server end and the message in the data transmission procedure between the client that judgement receives, and after the message of determining to receive is for the interference message, tackle described interference message, thereby can effectively solve the interference problem that occurs in the current network transfer of data, the normal transmission of maintaining network data.
Description of drawings
The anti-interference method flow chart that Fig. 1 provides for the embodiment of the invention;
The means for anti-jamming structure chart that Fig. 2 provides for the embodiment of the invention.
Embodiment
Whether the embodiment of the invention is to disturb message by server end and the message in the data transmission procedure between the client that judgement receives, and after the message of determining to receive is for the interference message, tackle described interference message, thereby can effectively solve the interference problem that occurs in the current network transfer of data, the normal transmission of maintaining network data.
Below in conjunction with Figure of description the embodiment of the invention is described in further detail.
As shown in Figure 1, the anti-interference method flow chart for the embodiment of the invention provides may further comprise the steps:
S101: judge whether the server end and the message in the data transmission procedure between the client that receive are the interference messages that can cause interference to the data of client and server end transmission;
S102: for after disturbing message, message is disturbed in interception at the message of determining to receive.
In specific implementation process, the executive agent of the embodiment of the invention can be client, also can be server end; If executive agent is client, then the interference message determined of client is the data that jamming equipment sends to client, that is, jamming equipment emulating server end has precedence over server end and sends misdata to client; If executive agent is server end, then the interference message determined of server end is the jamming equipment simulant-client, has precedence over the misdata that the user end to server end sends.
In present network environment, jamming equipment can be between the link that is arranged in client and server end, read the data content that transmits between client and the server end, and have precedence over client or server end and send the interfering data that feeds back to server end or client, the interference that exists in the network at present mainly contains following several:
The first, TCP builds to connect and disturbs; Particularly, jamming equipment is after receiving that client is issued the SYN bag of server end, the Internet protocol of emulating server end (Internet Protocol, IP) address, port, sending the RST bag to client first races to be the first to answer a question, make client think that server end will not respond by mistake, thus the process of abandoning connecting; Simultaneously, jamming equipment is after receiving that server end is issued the SYN/ACK bag of client, and the IP of simulant-client, port preferentially send the RST bag to server end and race to be the first to answer a question, make server end think that client needs initiatively to disconnect to connect by mistake, thus the process of abandoning connecting.Thus, TCP can't be by the company of building, and the failure of shaking hands also just can't be carried out transfer of data between server end and the client; Or,
Jamming equipment after receiving that client is issued the SYN bag of server end, the IP of emulating server end, port, the SYN/ACK bag that sends wrong sequence number to client first is raced to be the first to answer a question, making client is that benchmark is replied the ACK bag with wrong sequence number; Server end will not respond after receiving ACK bag that client generates according to wrong sequence number and valid data load, continues the correct ACK handshake message of wait; After repeatedly wait was had no result, server end was abandoned the TCP handshake procedure.
The second, RST disturbs; Particularly, jamming equipment emulating server end sends the RST data to client, makes client think that server end initiatively disconnects connection by mistake, connects thereby cause client to disconnect; Jamming equipment is simulant-client simultaneously, sends the RST data to server end, makes server end think that client initiatively disconnects connection by mistake, connects thereby cause server end to disconnect.
The 3rd, (Finish FIN) disturbs to finish sign; Particularly, jamming equipment is emulating server end and client respectively, send the FIN data to both sides, make client or server end think that the opposite end can not send data to local terminal again by mistake, thereby local terminal TCP stack no longer receives the True Data of opposite end, and meeting sends RST and allows the opposite end disconnect connection after impelling local terminal to receive data.
The four, 302 redirect is disturbed; Particularly, jamming equipment is monitored HTTP (the HyperText Transport Protocol of client, HTTP) request, find that having precedence over server after the responsive solicited message returns 302 redirects to client, after client is received 302 redirects, the page that zero access is new, and after receiving the data that real server end sends, think that the data of receiving are wrong, the TCP layer abandons the data of receiving afterwards.This situation comes from (the Internet Service Provider of small-sized ISP more, ISP), they are in order to reduce rate of discharge, meet or be connected in series buffer memory (cache) system that disposed on side, data exit position, with the static content buffer memory, they often increase cache-time in order to reduce rate of discharge, data and actual content that the user is downloaded to are not inconsistent; In addition, the data that caching server might buffer memory should not be buffered can cause serious safety problem like this, reveal in case data appear in caching server, and client's information also can be gone out by leakage.
The five, 404 file do not exist, 403 have no right denials of service such as visit, 5xx server error and disturb; Particularly, jamming equipment is monitored the HTTP request of client, find to have precedence over after the responsive solicited message server end returns alert clients mistakes such as 404 files do not exist, 403 have no right to visit, 5xx internal server error to client information, impel client no longer to carry out next step correct operation, can not carry out correct processing again thereby arrive the back client in real data; The 5xx here comprises 500,500.12,500.13,503 etc., and the expression server end can not be finished the request of reception owing to run into mistake.
At above several disturbed conditions, the embodiment of the invention one or more in can be in the following ways judge whether the message that receives is the interference message that can cause interference to the data that client and server end transmit:
Judgment mode one, TTL analytic approach;
Preferably, among the step S101, judge the message receive whether be can cause the data that client and server end transmit interference the interference message step can for:
The life span ttl value of the message that receives is compared with the standard ttl value of determining, if the absolute value of the ttl value of the message that receives and the difference of standard ttl value determines then that greater than preset threshold the message that receives is the interference message.
In specific implementation process, can sample to the message in the normal data transmission course, standard ttl value when determining the normal transmission data, judge at needs whether the message that receives is when disturbing message, the ttl value of the message that receives is compared with the standard ttl value of determining, if the message that the absolute value of the ttl value of the message that receives and the difference of standard ttl value greater than the threshold value that arranges, is then determined to receive is for disturbing message.
Preferably, according to the following steps ttl value that settles the standard:
Will be after server end and client connect, the ttl value of the message of the band SYN mark of reception is as the standard ttl value;
The message of determining to receive comprises for disturbing message:
This is connected the ttl value and the standard ttl value that disconnect the preceding message that receives compare, if the absolute value of the difference of the ttl value of the message that receives and standard ttl value, determines then that the message of reception is for disturbing message greater than preset threshold.
In specific implementation process, can be with the TTL initial value as the standard ttl value, also be the ttl value of the SYN/ACK bag that sends of the ttl value of the SYN bag that sends of client that server end receives or server end that client receives; Server end is after connecting with client, note the initial ttl value of the message of reception, the ttl value of the SYN bag of the client transmission that also namely receives, and the ttl value of the message of follow-up reception compared with the initial ttl value that receives during this is connected, if the absolute value of the difference of the ttl value of the message of follow-up reception and the initial ttl value of reception is greater than preset threshold, the message of then determining this time to receive is for disturbing message, afterwards, the interference message that receives is carried out the interception operation, also namely abandon this interference message, the normal transmission of service data; In like manner, client is after connecting with server end, the initial ttl value of the message that receives under the client records, the ttl value of the SYN/ACK bag of the server end transmission that also namely receives, client compares the ttl value of the message of follow-up reception with the initial ttl value that receives during this is connected, if the absolute value of the difference of the ttl value of the message of follow-up reception and initial ttl value is greater than preset threshold, the message of then determining this time to receive is for disturbing message, afterwards, the interference message that receives is carried out the interception operation, also namely abandon this interference message, the normal transmission of service data; The threshold value here can be set to 2.
Preferably, according to the following steps ttl value that settles the standard:
In preceding be connected for N time that will set up between server end and client, the mean value of the ttl value of the message of all band SYN marks of reception is as the standard ttl value; N is not less than 2 positive integer;
The message of determining to receive comprises for disturbing message:
The ttl value and the standard ttl value that the N+1 time are reached the message that receives in the connection afterwards compare, and are the interference message if the absolute value of the difference of the ttl value of the message of follow-up reception and standard ttl value, is then determined the message that receives greater than preset threshold.
In specific implementation process, can also be in repeatedly connecting, the TTL initial value that receives is added up, the mean value of the TTL initial value of the message that receives in determining repeatedly to connect, the ttl value of the message of follow-up reception is compared with the TTL mean value of determining, if it is the interference message that the absolute value of the difference of the ttl value of the message of continued access receipts and the TTL mean value of determining, is then determined the message that receives greater than preset threshold; The TTL mean value threshold value here can be set to 5;
In specific implementation process, can utilize the identification of standard ttl value to disturb the mode of message to be used in combination with above two kinds, after receiving message, if not being this, this message do not connect the message of transmission first, can the TTL initial value of the message of transmission and the preceding mean value of determining of the TTL initial value of connection several times compare first simultaneously with during this is connected with the ttl value of this message, if the result of two kinds of comparisons is identified as the interference message with the message that receives, the message of then determining to receive is for disturbing message; If the ttl value of the message that receives is identical or close with the mean value of the preceding TTL initial value of determining that connects several times, namely the ttl value of the message of Jie Shouing does not surpass the threshold value that arranges with the absolute value of the difference of the TTL mean value of determining, then the message that receives can be confirmed as the message of normal transmission, and if, the ttl value of the message that receives with during this is connected first the absolute value of the difference of the TTL initial value of the message of transmission above the threshold value of setting, illustrate that then the TTL initial value of the message of transmission is probably for disturbing message first in this connection, this TTL initial value can not be used as whether the message of passing judgment on subsequent transmission is the standard of interference message.Certainly, the TTL initial value of the message that receives first in also this can being connected compares with the mean value of the preceding TTL initial value of determining that is connected several times, after confirming that this message that receives first in connecting is not to disturb message, can be with the TTL initial value of this connection as judging whether the message that transmits in the follow-up same connection is the standard of interference message.
Judgment mode two, SYN message option method of inspection;
Preferably, among the step S101, judge the message receive whether be can cause the data that client and server end transmit interference the interference message step can for:
If do not have any one tcp option in the message of the band SYN mark that receives, determine that then this message is for disturbing message; Or,
If do not have mss option and/or do not have the WSCALE option in the message of the band SYN mark that receives, determine that then this message is for disturbing message.
The tcp option here comprises mss option, WSCALE option etc., and MSS represents the largest block data length of TCP transmission, and WSCALE represents the slide coefficient of sliding window;
In specific implementation process, can be according to wanting to get rid of the different interference RM of arranging in various degree of interference; As, can arrange in the message of the band SYN mark that receives does not have any one tcp option, does not namely have mss option yet, or does not have the WSCALE option, or when not having other any one tcp option, just this message is confirmed as the interference message; Also can arrange and have only when not having mss option or WSCALE option in the message of the band SYN mark that receives, just the message that receives is identified as the interference message; Can also arrange in the message of the band SYN mark that receives had not both had mss option, when not having the WSCALE option, just the message that receives was identified as the interference message yet.
Judgment mode three, packet labeling detection method;
Preferably, among the step S101, judge the message receive whether be can cause the data that client and server end transmit interference the interference message step can for:
If the packet labeling compound mode of the message that receives does not belong to the TCP packet labeling compound mode of setting, determine that then this message is for disturbing message.
In specific implementation process, can add up the combinations of states of TCP message in the noiseless network, put out rational TCP packet labeling compound mode in order, form TCP message combination white list, utilize this white list that the TCP packet labeling of transmission is mated, the TCP message in this white list is not confirmed as the interference message; Such as, the TCP packet labeling compound mode of setting can for SYN, ACK, SYN+ACK, ACK+ push away sign (Push, PSH), FIN+ACK, FIN+ACK+PSH, RST, RST+ACK etc.
Judgment mode four, test serial number detection method;
Preferably, among the step S101, judge the message receive whether be can cause the data that client and server end transmit interference the interference message step can for:
After if connect between server end and client, disconnect before the connection, the absolute value of the sequence number difference of the message of adjacent twice reception determines then that greater than preset threshold the message that the back receives is the interference message.
In specific implementation process, can be after connecting between server end and the client, message at transmission in this connection carries out the analysis of test serial number continuity, if the message that the absolute value of the sequence number difference of the message of adjacent twice reception greater than preset threshold, is then determined to receive in the back is for disturbing message; Here, stipulate according to Transmission Control Protocol, each TCP message has the sequence number of oneself, and disturb the sequence number of message to generate at random, the sequence number difference of message that therefore can be by twice transmission before and after calculating confirms whether the sequence number at the message of back transmission is to forge sequence number, such as, find that No. three packet of transmission and the sequence number between No. four packet differ 9000000, this obviously is problematic, even if because packet loss occurred in the network data transmission process, therefore so much data can not be between two packets, abandoned, the data in No. four packet message can be considered as disturbing.
Judgment mode five, round-trip delay analytic approach;
Preferably, among the step S101, judge the message receive whether be can cause the data that client and server end transmit interference the interference message step can for:
Round-trip delay when determining normal transmission data between server end and the client (Round-Trip Time, RTT);
At the message that receives, determine feedback time that should message; Described feedback time is after sending message, receives the corresponding time that sends the answer message of message;
If the message that the absolute value of the difference of described RTT and described feedback time greater than preset threshold, is then determined to receive is for disturbing message.
In specific implementation process, if after data sending terminal sends out data message, the RTT when receiving feedback time at the affirmation message of the message that sends much smaller than the normal transmission data, the message of then confirming to receive is for disturbing message; A time threshold can be set, if the absolute value of the difference of the RTT of feedback time during with the normal transmission data determined is greater than the threshold value that arranges, the message of then determining to receive is for disturbing message.
In specific implementation process, can be according to actual needs, use in the above preferable interference RM one or more simultaneously, when using multiple interference RM, the message that might occur receiving disturbs under the RM at some and is confirmed to be the interference message, and under other disturbs RM, be confirmed to be the message of normal transmission, at this situation, can the interference mark be set for every kind of RM, also namely at a kind of interference RM, set if under this interference RM, the message that receives is confirmed to be the interference message, then how many interference marks of this message is, determines the interference RM at all application, the interference mark that the message of reception is total, can arrange one according to experience and disturb score threshold, the interference score threshold of this interference mark and setting is compared, and after the total interference mark of message that receives met or exceeded this threshold value, the message of determining to receive was for disturbing message.
Preferably, this anti-interference method also comprises:
After the message of determining to receive is for the interference message, the location interference source.
In specific implementation process, for after disturbing message, further the source that sends interfering data is found, so that handle accordingly at interference source in the location interference source at the message of determining to receive.
The mode in embodiment of the invention location interference source can be in the following mode one or more:
Preferably, can be according to following steps location interference source:
Poor according to the ttl value of the ttl value of the interference message that receives and the message of the band SYN mark of reception determined the hop count that interference source and an end of the message of this band of transmission SYN mark are separated by;
According to the hop count of determining, location interference source.
In specific implementation process, because the message of transmission is every through a router, its ttl value will subtract 1, and the TTL initial value of various operating systems has 64,128 and 255 3 kind, therefore can analyze interference source and the opposite end that receives message one end according to the ttl value of the message that receives, namely send middle what routers of being separated by of an end of the message of above-mentioned band SYN mark, such as, server end receives and disturbs the ttl value of message is TTL2, the TTL initial value of the message that server end receives in this connects first, also the ttl value of the message of the band SYN mark that namely receives is TTL1, then the difference of TTL2 and TTL1 is the hop count of being separated by between interference source and the client, according to the hop count of determining, can determine further that interference source and which router are in same network node or machine room.
Preferably, can also be according to following steps location interference source:
Half of the ttl value of the message of the band SYN mark that sends according to local terminal and the difference of the ttl value of the interference message of local terminal reception determined the hop count that interference source and local terminal are separated by;
According to the hop count of determining, location interference source.
Here, the difference of the ttl value of the message that the ttl value of the message of the band SYN mark that local terminal sends and interference source are tackled is the hop count that local terminal and interference source are separated by, if the interference message that interference source sends is to revise according to the message of interception, and interference source is not revised the ttl value of the message of interception, then the difference of the ttl value of the message of the band SYN mark that sends of local terminal and the ttl value of the interference message of local terminal reception is the twice of the hop count of being separated by between local terminal and the interference source, be half hop count for being separated by between local terminal and the interference source of difference of the ttl value of the interference message that receives of ttl value and the local terminal of the message of the band SYN mark that sends of local terminal, get final product the location interference source according to the route bar number of determining.
Preferably, can also be according to following steps location interference source:
Round-trip delay RTT when determining normal transmission data between server end and the client;
At the message that receives, determine feedback time that should message; Described feedback time is after sending message, receives the time of the answer message of the corresponding message that sends;
RTT during according to the normal transmission data determined and the difference of the feedback time of the corresponding message that receives, location interference source.
In specific implementation process, the RTT in the time of can at first calculating normal transmission data between server end and the client, by determining the feedback time at the message that receives, the measuring and calculating interference source is more near server end or client; For accurate location interference source, the mode in this location interference source can be combined utilization with above-mentioned mode by definite hop count location interference source.
In specific implementation process; according to judge with in the upper type one or more exist disturb message after; can be by the interference identification filter of disposing at disturbed both link ends; interception is sent to the interference message of client or server end, to reach the interference-free purpose of protection client and server end.
The 4th kind of conflicting mode at the jamming equipment of above-mentioned analysis: 302 redirects are disturbed, and confirm to disturb message and the location interference source except adopting above-mentioned several judgment mode and interference source locate mode, can also adopt following anti-interference mode:
Preferably, this anti-interference method also comprises:
Be after jamming equipment is forged the jump request message that server end sends at the message that determine to receive, the HTTP message that server end sends returns that the information relevant with buffer memory in the head is set to can not buffer memory.
In specific implementation process, can return Cache-Control field in the head by revising HTTP message that server end sends, make caching server think that data can not buffer memory; In http protocol, the buffer memory of webpage is to be controlled by the Cache-Control field that the HTTP message returns in the head, common value has private, no-cache, max-age, must-revalidate etc., if will allow the not buffer memory page such as browser, caching server, the Cache-Control field need be arranged to no-cache, concrete set-up mode has: revise the configuration of server, the data that server is sent all are no-cache; Or, by at the data packet matched processing unit of server disposition, before packet sends, find the Cache-Control field, the content of back is replaced with no-cache, recomputate packet verification and, continue to send data then.Need to prove that the embodiment of the invention is not limited only to this two kinds of set-up modes, the mode that any data that can realize avoiding server to send are buffered is all in the scope of the present invention.
Based on same inventive concept, a kind of means for anti-jamming corresponding with anti-interference method also is provided in the embodiment of the invention, because the principle of this device solves problem is similar to embodiment of the invention anti-disturbance method, therefore the enforcement of this device can repeat part and repeat no more referring to the enforcement of method.
As shown in Figure 2, the means for anti-jamming structure chart for the embodiment of the invention provides comprises:
Judge module 21 be used for to judge whether the server end that receives and the message of the data transmission procedure between the client are the interference messages that can cause interference to the data that client and server end transmit;
Blocking module 22, the message that is used for determining to receive at judge module is tackled the interference message of determining for after disturbing message.
Preferably, judge module 21 specifically is used for:
The life span ttl value of the message that receives is compared with the standard ttl value of determining, if the absolute value of the ttl value of the message that receives and the difference of standard ttl value determines then that greater than preset threshold the message that receives is the interference message.
Preferably, judge module 21 specifically is used for:
Will be after server end and client connect, the ttl value of the message of the band SYN mark of reception is as the standard ttl value; Compare connecting the ttl value and the standard ttl value that disconnect the preceding message that receives, if the absolute value of the difference of the ttl value of the message that receives and standard ttl value, determines then that the message of reception is for disturbing message greater than preset threshold.
Preferably, judge module 21 specifically is used for:
In preceding be connected for N time that will set up between server end and client, the mean value of the ttl value of the message of all band SYN marks of reception is as the standard ttl value; N is not less than 2 positive integer; The ttl value and the standard ttl value that the N+1 time are reached the message that receives in the connection afterwards compare, and are the interference message if the absolute value of the difference of the ttl value of the message of follow-up reception and standard ttl value, is then determined the message that receives greater than preset threshold.
Preferably, judge module 21 specifically is used for:
If do not have any one tcp option in the message of the band SYN mark that receives, determine that then this message is for disturbing message; Or, if do not have mss option and/or do not have the WSCALE option in the message of the band SYN mark that receives, determine that then this message is for disturbing message.
Preferably, judge module 21 specifically is used for:
If the packet labeling compound mode of the message that receives does not belong to the TCP packet labeling compound mode of setting, determine that then this message is for disturbing message.
Preferably, judge module 21 specifically is used for:
After if connect between server end and client, disconnect before the connection, the absolute value of the sequence number difference of the message of adjacent twice reception determines then that greater than preset threshold the message that the back receives is the interference message.
Preferably, judge module 21 specifically is used for:
Round-trip delay RTT when determining normal transmission data between server end and the client; At the message that receives, determine feedback time that should message; This feedback time is after sending message, receives the corresponding time that sends the answer message of message; If the absolute value of the RTT that determines and the difference of the feedback time of determining is greater than preset threshold, the message of then determining to receive is for disturbing message.
Preferably, this device can also comprise:
Interference source locating module 23 is used for determining the message that receives for after disturbing message at judge module, the location interference source.
Preferably, interference source locating module 23 specifically is used for:
Poor according to the ttl value of the ttl value of the interference message that receives and the message of the band SYN mark of reception determined the hop count that interference source and an end that sends the message of being with the SYN mark are separated by; According to the hop count of determining, location interference source.
Preferably, interference source locating module 23 specifically is used for:
Half of the difference of the ttl value of the interference message that the ttl value of the message of the band SYN mark that sends according to local terminal and local terminal receive determined the hop count that interference source and local terminal are separated by, and according to definite described hop count, location interference source.
Preferably, interference source locating module 23 specifically is used for:
Round-trip delay RTT when determining normal transmission data between server end and the client; At the message that receives, determine feedback time that should message; This feedback time is after sending message, receives the time of the answer message of the corresponding message that sends; According to the RTT that determines and the difference of feedback time, location interference source.
Preferably, this means for anti-jamming can also comprise:
Module 24 is set, is used for determining that at judge module the message that receives is after jamming equipment is forged the jump request message that server end sends, the HTTP message that server end sends returns that the information relevant with buffer memory in the head is set to can not buffer memory.
Those skilled in the art should understand that embodiments of the invention can be provided as method, system or computer program.Therefore, the present invention can adopt complete hardware embodiment, complete software embodiment or in conjunction with the form of the embodiment of software and hardware aspect.And the present invention can adopt the form of the computer program of implementing in one or more computer-usable storage medium (including but not limited to magnetic disc store, CD-ROM, optical memory etc.) that wherein include computer usable program code.
The present invention is that reference is described according to flow chart and/or the block diagram of method, device (system) and the computer program of the embodiment of the invention.Should understand can be by the flow process in each flow process in computer program instructions realization flow figure and/or the block diagram and/or square frame and flow chart and/or the block diagram and/or the combination of square frame.Can provide these computer program instructions to the processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device to produce a machine, make the instruction of carrying out by the processor of computer or other programmable data processing device produce to be used for the device of the function that is implemented in flow process of flow chart or a plurality of flow process and/or square frame of block diagram or a plurality of square frame appointments.
These computer program instructions also can be stored in energy vectoring computer or the computer-readable memory of other programmable data processing device with ad hoc fashion work, make the instruction that is stored in this computer-readable memory produce the manufacture that comprises command device, this command device is implemented in the function of appointment in flow process of flow chart or a plurality of flow process and/or square frame of block diagram or a plurality of square frame.
These computer program instructions also can be loaded on computer or other programmable data processing device, make and carry out the sequence of operations step producing computer implemented processing at computer or other programmable devices, thereby be provided for being implemented in the step of the function of appointment in flow process of flow chart or a plurality of flow process and/or square frame of block diagram or a plurality of square frame in the instruction that computer or other programmable devices are carried out.
Although described the preferred embodiments of the present invention, in a single day those skilled in the art get the basic creative concept of cicada, then can make other change and modification to these embodiment.So claims are intended to all changes and the modification that are interpreted as comprising preferred embodiment and fall into the scope of the invention.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.
Claims (13)
1. an anti-interference method is characterized in that, this method comprises:
Judge whether the server end and the message in the data transmission procedure between the client that receive are the interference messages that can cause interference to the data of client and server end transmission;
For after disturbing message, tackle described interference message at the message of determining to receive.
2. the method for claim 1 is characterized in that, judges according to following steps whether the message that receives is the interference message that can cause interference to the data of client and server end transmission:
The life span ttl value of the message that receives is compared with the standard ttl value of determining, if the absolute value of the ttl value of the message that receives and the difference of standard ttl value determines then that greater than preset threshold the message that receives is the interference message.
3. method as claimed in claim 2 is characterized in that, determines described standard ttl value according to following steps:
Will be after server end and client connect, the ttl value of the message of the band SYN mark of reception is as described standard ttl value;
The message of determining to receive comprises for disturbing message:
The ttl value and the described standard ttl value that described connection are disconnected the preceding message that receives compare, if the absolute value of the difference of the ttl value of the message that receives and described standard ttl value, determines then that the message of reception is for disturbing message greater than preset threshold.
4. the method for stating as claim 2 is characterized in that, determines described standard ttl value according to following steps:
In preceding be connected for N time that will set up between server end and client, the mean value of the ttl value of the message of all band SYN marks of reception is as described standard ttl value; N is not less than 2 positive integer;
The message of determining to receive comprises for disturbing message:
The ttl value and the described standard ttl value that the N+1 time are reached the message that receives in the connection afterwards compare, and are the interference message if the absolute value of the difference of the ttl value of the message of follow-up reception and described standard ttl value, is then determined the message that receives greater than preset threshold.
5. the method for claim 1 is characterized in that, judges according to following steps whether the message that receives is the interference message that can cause interference to the data of client and server end transmission:
If do not have any one tcp option in the message of the band SYN mark that receives, determine that then this message is for disturbing message; Or,
If do not have mss option and/or do not have the WSCALE option in the message of the band SYN mark that receives, determine that then this message is for disturbing message.
6. the method for claim 1 is characterized in that, judges according to following steps whether the message that receives is the interference message that can cause interference to the data of client and server end transmission:
If the packet labeling compound mode of the message that receives does not belong to the TCP packet labeling compound mode of setting, determine that then this message is for disturbing message.
7. the method for claim 1 is characterized in that, judges according to following steps whether the message that receives is the interference message that can cause interference to the data of client and server end transmission:
After if connect between server end and client, disconnect before the connection, the absolute value of the sequence number difference of the message of adjacent twice reception determines then that greater than preset threshold the message that the back receives is the interference message.
8. the method for claim 1 is characterized in that, judges according to following steps whether the message that receives is the interference message that can cause interference to the data of client and server end transmission:
Round-trip delay RTT when determining normal transmission data between server end and the client;
At the message that receives, determine feedback time that should message; Described feedback time is after sending message, receives the corresponding time that sends the answer message of message;
If the message that the absolute value of the difference of described RTT and described feedback time greater than preset threshold, is then determined to receive is for disturbing message.
9. the method for claim 1 is characterized in that, described method also comprises:
After the message of determining to receive is for the interference message, the location interference source.
10. method as claimed in claim 9 is characterized in that, according to following steps location interference source:
Poor according to the ttl value of the ttl value of the interference message that receives and the message of the band SYN mark of reception determined the hop count that interference source and an end of the message that sends the described SYN of being with mark are separated by;
According to the described hop count of determining, location interference source.
11. method as claimed in claim 9 is characterized in that, according to following steps location interference source:
Half of the ttl value of the message of the band SYN mark that sends according to local terminal and the difference of the ttl value of the interference message of local terminal reception determined the hop count that interference source and local terminal are separated by;
According to the described hop count of determining, location interference source.
12. method as claimed in claim 9 is characterized in that, according to following steps location interference source:
Round-trip delay RTT when determining normal transmission data between server end and the client;
At the message that receives, determine feedback time that should message; Described feedback time is after sending message, receives the time of the answer message of the corresponding message that sends;
According to the difference of described RTT and described feedback time, the location interference source.
13. the method for claim 1 is characterized in that, described method also comprises:
Be after jamming equipment is forged the jump request message that server end sends at the message that determine to receive, the HTTP message that server end sends returns that the information relevant with buffer memory in the head is set to can not buffer memory.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013101060749A CN103200091A (en) | 2013-03-29 | 2013-03-29 | Anti-interference method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013101060749A CN103200091A (en) | 2013-03-29 | 2013-03-29 | Anti-interference method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103200091A true CN103200091A (en) | 2013-07-10 |
Family
ID=48722455
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013101060749A Pending CN103200091A (en) | 2013-03-29 | 2013-03-29 | Anti-interference method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103200091A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103412898A (en) * | 2013-07-26 | 2013-11-27 | 华为技术有限公司 | Method and device for optimizing webpage |
| CN104023036A (en) * | 2014-06-25 | 2014-09-03 | 北京蓝汛通信技术有限责任公司 | TCP (transmission control protocol) bypass blocking method and device |
| CN106060023A (en) * | 2016-05-20 | 2016-10-26 | 汉柏科技有限公司 | Malicious data interception processing method and device |
| CN109587214A (en) * | 2018-11-01 | 2019-04-05 | 广州海之光通信技术股份有限公司 | A kind of transparent caching system and caching method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101582833A (en) * | 2008-05-15 | 2009-11-18 | 成都市华为赛门铁克科技有限公司 | Method and device for processing spoofed IP data packet |
| CN102469084A (en) * | 2010-11-10 | 2012-05-23 | 厦门市美亚柏科信息股份有限公司 | Method and device for preventing TCP (Transmission Control Protocol) plug-in type denial of service attack |
| CN102655509A (en) * | 2012-05-07 | 2012-09-05 | 福建星网锐捷网络有限公司 | Network attack identification method and device |
| US20130031605A1 (en) * | 2011-07-28 | 2013-01-31 | Arbor Networks, Inc. | Method and Apparatus for Probabilistic Matching to Authenticate Hosts During Distributed Denial of Service Attack |
| US20130074183A1 (en) * | 2011-09-16 | 2013-03-21 | Electronics And Telecommunications Research Institute | Method and apparatus for defending distributed denial-of-service (ddos) attack through abnormally terminated session |
-
2013
- 2013-03-29 CN CN2013101060749A patent/CN103200091A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101582833A (en) * | 2008-05-15 | 2009-11-18 | 成都市华为赛门铁克科技有限公司 | Method and device for processing spoofed IP data packet |
| CN102469084A (en) * | 2010-11-10 | 2012-05-23 | 厦门市美亚柏科信息股份有限公司 | Method and device for preventing TCP (Transmission Control Protocol) plug-in type denial of service attack |
| US20130031605A1 (en) * | 2011-07-28 | 2013-01-31 | Arbor Networks, Inc. | Method and Apparatus for Probabilistic Matching to Authenticate Hosts During Distributed Denial of Service Attack |
| US20130074183A1 (en) * | 2011-09-16 | 2013-03-21 | Electronics And Telecommunications Research Institute | Method and apparatus for defending distributed denial-of-service (ddos) attack through abnormally terminated session |
| CN102655509A (en) * | 2012-05-07 | 2012-09-05 | 福建星网锐捷网络有限公司 | Network attack identification method and device |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103412898A (en) * | 2013-07-26 | 2013-11-27 | 华为技术有限公司 | Method and device for optimizing webpage |
| CN103412898B (en) * | 2013-07-26 | 2017-03-01 | 华为技术有限公司 | A kind of method and device of front page optimization |
| CN104023036A (en) * | 2014-06-25 | 2014-09-03 | 北京蓝汛通信技术有限责任公司 | TCP (transmission control protocol) bypass blocking method and device |
| CN106060023A (en) * | 2016-05-20 | 2016-10-26 | 汉柏科技有限公司 | Malicious data interception processing method and device |
| CN109587214A (en) * | 2018-11-01 | 2019-04-05 | 广州海之光通信技术股份有限公司 | A kind of transparent caching system and caching method |
| CN109587214B (en) * | 2018-11-01 | 2021-11-30 | 广州海之光通信技术股份有限公司 | Transparent caching system and caching method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11418405B2 (en) | Systems and methods for determining a topology of a network comprising a plurality of intermediary devices and paths | |
| CN103856934B (en) | Establish the method and more home devices of multipath connection | |
| WO2014151428A1 (en) | System and method for choosing lowest latency path | |
| WO2015096149A1 (en) | Tcp link configuration method, apparatus and device | |
| CN101217429A (en) | Method for Determining Initiation Relationship Between TCP Messages Based on TCP Timestamp Options | |
| CN103200091A (en) | Anti-interference method | |
| TW201626759A (en) | Method for detecting the number of devices of a plurality of client terminals selected by a network server having an additional non-designated domain name for the Internet requesting service from the shared public IP address, and for Selective detection system | |
| CN104836743A (en) | Congestion control method and device | |
| US20170048124A1 (en) | Communication system, receiving-side apparatus and transmission-side apparatus | |
| CN105897452A (en) | Data retransmission method and device | |
| CN102271067A (en) | Network detection method, device and system | |
| CN104283716A (en) | Data transmission method, equipment and system | |
| Morton | Round-trip packet loss metrics | |
| US8593997B2 (en) | Full duplex/half duplex mismatch detecting method and full duplex/half duplex mismatch detecting apparatus applicable with the method | |
| US9363696B2 (en) | Analyzing device, analyzing method, and analyzing program | |
| CN104219168B (en) | Control message processing method and device based on UDP transmission | |
| US9742819B2 (en) | System and method for reliable messaging between application sessions across volatile networking conditions | |
| US20180077065A1 (en) | Transmitting packet | |
| CN105141476B (en) | A kind of acquisition methods and device of TCP message error message | |
| CN105991629B (en) | TCP connection method for building up and device | |
| Liu et al. | Modeling multi-path TCP throughput with coupled congestion control and flow control | |
| US9455911B1 (en) | In-band centralized control with connection-oriented control protocols | |
| EP3068079A1 (en) | Device and method for monitoring communication in network including a plurality of nodes | |
| CN105515896B (en) | A kind of judgment method and device of mobile terminal network obstruction | |
| Guduru | Priority Queuing Strategy for Self-Overload Control in SIP Servers |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130710 |
|
| RJ01 | Rejection of invention patent application after publication |