WO2014000303A1 - 一种报文接收方法、深度包检测设备及*** - Google Patents
一种报文接收方法、深度包检测设备及*** Download PDFInfo
- Publication number
- WO2014000303A1 WO2014000303A1 PCT/CN2012/077994 CN2012077994W WO2014000303A1 WO 2014000303 A1 WO2014000303 A1 WO 2014000303A1 CN 2012077994 W CN2012077994 W CN 2012077994W WO 2014000303 A1 WO2014000303 A1 WO 2014000303A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- domain name
- address
- server
- terminal device
- terminal
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 238000007689 inspection Methods 0.000 title claims abstract description 6
- 230000002159 abnormal effect Effects 0.000 description 16
- 238000010586 diagram Methods 0.000 description 4
- 230000005856 abnormality Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2441—Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
Definitions
- the present invention relates to the field of communications, and in particular, to a message receiving method, a deep packet detecting device and a system.
- the websites that user terminals can access include video websites and game websites. These websites are free of charge and charged according to the needs of operators. User terminals can be based on their own. Demand selection access.
- the business server that the user wants to access the website corresponds to one.
- IP Internet Protocol
- the DPI Deep Packet Inspection
- the service server only detects the path information in the URL of the packet, and does not detect the host field, so that the service server can return the access result according to the path information, without determining whether the path information is consistent with the path provided by the host field, that is, whether the user cannot be determined. Tampered with the host field. This will cause the user to successfully access the charging service by tampering with the message, but the DPI device cannot identify whether the user terminal has modified the host field in the message to achieve the purpose of fraudulently free access to the charging website.
- URL Uniform Resource Location
- the embodiments of the present invention provide a packet receiving method, a deep packet detecting device, and a system, which can improve the ability of the deep packet detecting device to identify the packet and prevent loopholes due to insufficient recognition.
- a method for receiving a message including:
- a deep packet inspection DPI device including:
- a receiving unit configured to receive a message of a service request sent by the terminal device, where the message carries a domain name of the terminal indicating the terminal device and a server domain name of the service server indicating the service request of the terminal device;
- a parsing unit configured to parse the server domain name received by the receiving unit to obtain a service server network protocol IP address
- a processing unit configured to: if the IP address of the service server that is parsed by the parsing unit does not belong to the preset service server IP address corresponding to the terminal domain name received by the receiving unit in the preset list, Lose the package.
- a system comprising:
- a terminal device configured to send a service request message to the DPI device, where the message carries a server domain name indicating a terminal domain name of the terminal device and a service server indicating the service request of the terminal device.
- the DPI device receives the service request packet sent by the terminal device, and the packet carries the domain name of the terminal indicating the terminal device and the server domain name of the service server indicating the service request.
- the server domain name is obtained by the service server network protocol IP address. If the service server IP address does not belong to the preset service server IP address corresponding to the terminal domain name in the preset list, the packet is lost. In this way, the DPI device can determine whether the packet is a normal packet by comparing the IP address of the service server of the packet with the IP address of the preset service server corresponding to the terminal domain name of the terminal device in the preset table.
- the abnormal packet is also used to discard the abnormal packet. This improves the ability of the DPI device to identify the packet and prevent the server from processing the abnormal packet due to insufficient identification.
- FIG. 1 is a schematic flowchart of a packet receiving method according to an embodiment of the present invention
- FIG. 2 is a schematic diagram of a comparison between a real message and a falsified message according to an embodiment of the present invention
- FIG. 3 is a schematic flowchart of a method for receiving a message according to another embodiment of the present invention.
- FIG. 4 is a schematic structural diagram of a DPI device according to an embodiment of the present invention.
- FIG. 5 is a schematic structural diagram of a DPI device according to another embodiment of the present invention.
- FIG. 6 is a schematic structural diagram of a system according to an embodiment of the present invention.
- the method for receiving a message according to the embodiment of the present invention is as shown in FIG. 1.
- the method includes the following steps: S101: A DPI device receives a service request packet sent by a terminal device, where the packet carries a terminal domain name and an indication indicating the terminal device. The server domain name of the service server requested by the terminal device service.
- the network to which this embodiment is applied may be based on TCP/IP (Transmission Control Protocol/Internet Protocol) for communication and connection.
- TCP/IP Transmission Control Protocol/Internet Protocol
- Both the terminal device and the service server connected to the network have a unique identifier to distinguish Thousands of terminal devices and service servers on the network.
- this unique identifier can be a character address, that is, a domain name. Since each terminal device and service server have their own unique domain name, when the terminal device requests the service from the DPI device, it only needs to inform the DPI device of its own domain name, which is recorded as the terminal domain name, and the DPI device can find this through the terminal domain name.
- the terminal device forwards and provides the service required by the terminal device to the terminal device.
- the terminal device can implement the service server required for the service request by writing the domain name of the service server in the message and recording the domain name of the server. Access.
- the terminal device needs to access resources available on the network, such as hypertext markup language documents, images, video clips, programs, etc., because the service server supporting different websites can be identified by the server domain name as a unique identifier,
- the terminal device accesses the website as needed, it needs to send a URL message of the server domain name of the service server corresponding to the website, where the server domain name is a character address of the service server that the terminal device needs to access the website, such as when the user When you need to use a terminal device to access company A's website, the URL can be written as www.A.com, etc.
- the DPI device parses the received server domain name to obtain a service server IP address. Further, the DPI device performs DNS on the server domain name (Domain Name
- Domain name service parsing, such as through local query, cache query and iterative query, so that users can easily convert domain names, such as www.***.com, www.***.com, etc. i only has another ll ⁇ IP address, such as 1. 1. 1. 10, 2.2.2.2, etc., and is recorded as the service server IP address, which in turn enables the DPI device to help the terminal device access the service server through the service server IP address, so that the service The server provides services for the terminal device.
- the packet is lost.
- a preset list is preset in the DPI device, as shown in Table 1.
- the terminal domain name of each terminal device in the preset list corresponds to the accessible service server IP under the access authority of the terminal device.
- Address, recorded as a default business server IP address, a terminal device can correspond to multiple preset service server IP addresses.
- the terminal domain name of terminal device A is www.huawei.com, and terminal device A can only access two preset service servers 1.1.1.1 and 2.2.2.20, assuming these two preset services.
- the server is a non-billing service
- the terminal domain name of the terminal device B is www.***.com
- the terminal device B can access 2.2.2.2.
- the preset service server corresponding to the IP address is charged.
- Com's default service server but can't access the default service server of www.***.com, but due to the prior art, when processing the URL in the message, the service server only pays attention to the path after the GET request. Instead of detecting the host field, the result of the access is returned according to the path after the GET, without determining whether the path information is consistent with the path provided by the host field, the service server reads only the address after the host and then accesses, but does not check the host.
- terminal device A After the field is the correct free access to the field of the website, if the terminal device A changes the domain name after the host from www.***.com to www.huawei.com, ⁇ terminal device A can, The fee is accessed by www.***.com, and the result of the visit can be returned to the terminal device A through the GET after www.huawei.com, so that the terminal device succeeds by tampering with the message.
- Q. fee-based businesses, but DPI device does not recognize whether the terminal device through the host field modify packets and achieve the goal of free access to fraudulent websites charge of.
- the DPI device records the terminal domain name of the terminal device A, www.huawei.com, and the service server that can be accessed as a preset service server, and is set in a preset list, if the terminal device A is parsed.
- Server domain name correspondence The service server IP address does not belong to the terminal domain name www.huawei.com in Table 1, that is, the IP address of the default service server corresponding to the terminal device A.
- the server domain name resolution is 2.2.2.2, neither 1.1.1.1 nor 2.2.2.20, the packet is abnormal, and the abnormal packet is discarded to prevent the terminal device A from tampering with the packet to achieve successful access to the charging service.
- the server domain name resolution is 2.2.2.20, it belongs to 1.1. .1.1 and 2.2.2.20, the message can be considered as normal. Then, according to the service request of the message, the terminal device A and the service server whose IP address is 2.2.2.20 are connected, so that the service server is the terminal device A. A service that provides business requests.
- the DPI device receives the service request packet sent by the terminal device, and the packet carries the domain name of the terminal indicating the terminal device and the server domain name of the service server indicating the service request, and the server domain name is obtained.
- the IP address of the server network protocol If the IP address of the service server does not belong to the IP address of the preset service server corresponding to the terminal domain name in the preset list, the packet is lost. In this way, the DPI device can determine whether the packet is a normal packet or an abnormal report by comparing the IP address of the service server of the packet with the IP address of the preset service server corresponding to the terminal domain name of the terminal device in the preset table. If the abnormality packet is discarded, the DPI device can improve the ability to identify the packet and prevent the DPI device from processing the abnormal text normally.
- a packet receiving method provided by another embodiment of the present invention is exemplified by a gateway device having a DNS resolution function, and other devices having a DNS resolution function are also protected. As shown in FIG. 3, the method steps include:
- the gateway device receives the DNS certificate sent by the terminal device, and the DNS port carries the real domain name of the at least one accessible service server that indicates the terminal domain name of the terminal device and the terminal domain name.
- the gateway device can send a DNS query request to the terminal device in a relatively idle time, so that each terminal device sends a DNS packet to the gateway device, or does not send the query request, but receives the DNS of the terminal device.
- the terminal domain name of the terminal device and the real domain name of the at least one accessible service server corresponding to the terminal domain name carried by the DNS packet are obtained.
- the gateway device parses the received real domain name to obtain at least one accessible service server IP address.
- the gateway device resolves the real domain name to obtain the IP address of the server that the terminal device has the right to access, such as an IP address that can be accessed for free.
- the gateway device uses the at least one accessible service server IP address to be the default service server IP address, and is set in the preset list corresponding to the terminal domain name.
- the gateway device sets the IP address of the accessible service server of the resolved terminal device A, such as 2.2.2.20 and 1.1.1.1 corresponding to the terminal domain name HTTP/1.1 l ⁇ r ⁇ n in the preset list, where
- the IP address of the accessible service server is recorded as the default service server IP address
- the IP address of the accessible service server of the resolved terminal device B such as 2.2.2.2 corresponding terminal domain name HTTP/1.2 ⁇ r ⁇ n
- the IP address of the service server is recorded as the IP address of the preset service server, and so on, and a preset list is established, so that the gateway device can determine the subsequent reception according to the IP address of the preset service server corresponding to the domain name of the terminal in the list.
- the requested service server such as terminal device A or terminal device B corresponding to the terminal domain name is within an accessible range.
- S201, S202, and S203 have no order relationship with S204 and S205, and S201, S202, and S203 need only be executed before S206, S207 or S208.
- the gateway device receives a service request message sent by the terminal device, where the message carries a domain name of the terminal indicating the terminal device and a server domain name of the service server indicating the service request of the terminal device.
- the gateway device parses the received server domain name to obtain a service server network protocol IP address.
- step S206 is performed, if the parsed service server IP address belongs to the received If the terminal domain name is in the preset list corresponding to the preset service server IP address, step S207 or S208 is performed according to the requirements of the gateway device.
- the gateway device drops the packet.
- the gateway device may determine that the packet is a malicious fraudulent packet or an abnormal packet, and the packet is lost in the foregoing embodiment. Narration.
- the gateway device establishes a connection between the terminal device and the service server corresponding to the service server IP address, so that the service server provides the terminal device with a service request for the terminal device.
- the gateway device can The terminal device is connected to the service server, so that the service server provides the terminal device with a service requested by the terminal device such as video data or audio data.
- the gateway device determines, according to the terminal domain name of the terminal device, a service type of the service request.
- the gateway device can determine the default service server IP address in the preset list and the service server IP address of the terminal device, according to the preset list.
- the terminal domain name of the terminal device is automatically allocated with the service type. If the service type of the terminal device A is an encrypted download tool and the service type of the terminal device B is an encrypted mail tool, the terminal device A can be identified and Download for restrictions. In this way, it is possible to avoid the case where the anti-recognition software is encountered in the parsing so that the service type cannot be obtained and the encrypted service type cannot be operated.
- the preset list provided in the embodiment of the present invention may be used.
- the terminal device B is obtained according to the terminal domain name of the terminal device B in the preset list, and the specific service type is identified, for example, on the gateway device.
- Configure the mapping between the domain name and the service type For example, if you configure the domain name of www.gmail.com and the corresponding service type is email, you can obtain the service type of terminal device B as the email according to the terminal domain name www.gmail.com.
- step S207 and S208 a step may be performed according to different processing modes required by the gateway device. If it is required to determine that the packet is normal and the terminal device needs to establish a connection with the service server, perform S207, if necessary, In the case of the service type, S208 is executed.
- the gateway device receives the service request packet sent by the terminal device, where the packet carries the domain name of the terminal indicating the terminal device and the server domain name of the service server indicating the service request, and the server domain name is obtained.
- the IP address of the server network protocol If the IP address of the service server does not belong to the IP address of the preset service server corresponding to the terminal domain name in the preset list, the packet is lost.
- the gateway device can determine whether the packet is a normal packet or an abnormal report by comparing the IP address of the service server of the packet with the IP address of the preset service server corresponding to the terminal domain name of the terminal device in the preset table. In this case, packet loss is sent to the abnormal packet, which improves the server's ability to identify the packet and prevent the gateway device from processing the abnormal text normally due to insufficient identification.
- the DPI device 30 provided by the embodiment of the present invention, as shown in FIG. 4, includes: a receiving unit 301, configured to receive a service request packet sent by the terminal device 40, where the packet carries a terminal domain name indicating the terminal device 40 and an indication terminal.
- the server domain name of the service server requested by the device 40 service is not limited to:
- the DPI device 30 can establish a connection between the terminal device 40 and the service server required by the terminal device 40 through the terminal domain name and the server domain name received by the receiving unit 301, so that the terminal device 40 obtains the service required for the service request. , will not repeat them here.
- the parsing unit 302 is configured to parse the server domain name received by the receiving unit 301 Business Server Network Protocol IP Address.
- parsing unit 302 can implement mutual conversion between a user-friendly domain name and a machine-recognizable IP address.
- the processing unit 303 is configured to: if the IP address of the service server that is parsed by the parsing unit 302 does not belong to the IP address of the preset service server corresponding to the terminal domain name received by the receiving unit 301, the packet is lost.
- the terminal domain name received by the receiving unit 301 in the preset list is not a service server that the terminal domain name should correspond to, that is, the preset service server is recorded as the default service server, the access is indicated.
- the packet is abnormal, which may be malicious fraud, and avoids network charging. Therefore, the packet is lost.
- the processing unit 303 is further configured to: if the service server IP address parsed by the parsing unit 302 belongs to the preset service server IP address corresponding to the terminal domain name received by the receiving unit 301 in the preset list, the terminal device 40 corresponds to the service server IP address.
- the service server establishes a connection such that the service server provides the terminal device 40 with a service for the service request of the terminal device.
- the service type of the service request is determined according to the terminal domain name of the terminal device 40.
- the DPI device 30, as shown in FIG. 5, further includes:
- a sending unit configured to send a DNS query request to the terminal device 40, so that the terminal device 40 sends the DNS packet.
- the receiving unit 301 is further configured to receive the DNS packet sent by the terminal device 40, where the DNS file carries the real domain name of the at least one accessible service server corresponding to the terminal domain name and the terminal domain name.
- the parsing unit 302 is further configured to parse the real domain name received by the receiving unit 301 to obtain at least one accessible service server IP address.
- the processing unit 303 sets the at least one accessible service server IP address parsed by the parsing unit 302 as the preset service server IP address, and is set in the preset list corresponding to the terminal domain name received by the receiving unit 301, so that the subsequent receiving unit 301 Connect
- the terminal domain name is compared in the preset list, and the IP address of the service server that the packet is to be accessed does not correspond to the IP address of the preset service server corresponding to the terminal domain name in the preset list.
- the text is processed normally.
- the foregoing DPI device 30 corresponds to the foregoing method embodiment, and the DPI device 30 can be used in the steps of the foregoing method embodiments.
- the DPI device 30 can be used in the steps of the foregoing method embodiments.
- the DPI device 30 and the DPI device 30 provided by the embodiment of the present invention receive the service request packet sent by the terminal device 40, and the packet carries the domain name of the terminal indicating the terminal device 40 and the server domain name of the service server indicating the service request, and the server domain name is resolved.
- the service server network protocol IP address is obtained. If the service server IP address does not belong to the preset service server IP address corresponding to the terminal domain name in the preset list, the packet is lost. In this way, the DPI device 30 can determine whether the packet is a normal message by comparing the IP address of the service server of the packet with the IP address of the preset service server corresponding to the terminal domain name of the terminal device 40 in the preset table. An abnormal packet is sent to the abnormal packet. This improves the discriminating ability of the DPI device 30 to prevent the DPI device from processing the abnormal packet due to insufficient identification.
- the system provided by the embodiment of the present invention, as shown in FIG. 6, includes:
- the DPI device 30 is configured to receive a service request message sent by the terminal device 40, where the message carries a terminal domain name indicating the terminal device 40 and a server domain name of the service server indicating the service request of the terminal device 40; The server network protocol IP address; if the IP address of the resolved service server does not belong to the IP address of the preset service server corresponding to the received terminal domain name in the preset list, the packet is lost.
- the terminal device 40 is configured to send a service request to the DPI device 30.
- the DPI device 30 and the terminal device 40 correspond to the foregoing method embodiments.
- the DPI device 30 and the terminal device 40 can be used in the steps of the foregoing method embodiments, and the application in the specific steps can refer to the foregoing method embodiments.
- the specific structure of the DPI device 30 is the same as that of the terminal and the DPI device provided in the foregoing embodiment, and details are not described herein again.
- the DPI device 30 receives the terminal device 40 to send
- the service request packet carries the terminal domain name indicating the terminal device 40 and the server domain name of the target DPI device indicating the service request, and the resolution server domain name is obtained by the service server network protocol IP address, and if the service server IP address does not belong to the terminal domain name If the IP address of the preset service server is in the preset list, the packet is lost.
- the server 30 can determine whether the packet is a normal packet or an abnormality by comparing whether the service server IP address of the packet matches the IP address of the preset service server corresponding to the terminal domain name of the terminal device 40 in the preset table. The packet is discarded, so that the DPI device 30 can identify the packet and prevent the DPI device from processing the abnormal text normally due to insufficient identification.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Cardiology (AREA)
- General Health & Medical Sciences (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2012/077994 WO2014000303A1 (zh) | 2012-06-30 | 2012-06-30 | 一种报文接收方法、深度包检测设备及*** |
CN201280000912.8A CN102884764B (zh) | 2012-06-30 | 2012-06-30 | 一种报文接收方法、深度包检测设备及*** |
EP12880164.4A EP2869508A4 (en) | 2012-06-30 | 2012-06-30 | METHOD FOR RECEIVING MESSAGE AND DEVICE AND SYSTEM FOR INSPECTING PACKET IN DEPTH |
JP2015518769A JP6007458B2 (ja) | 2012-06-30 | 2012-06-30 | パケット受信方法、ディープ・パケット・インスペクション装置及びシステム |
US14/572,514 US9578040B2 (en) | 2012-06-30 | 2014-12-16 | Packet receiving method, deep packet inspection device and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2012/077994 WO2014000303A1 (zh) | 2012-06-30 | 2012-06-30 | 一种报文接收方法、深度包检测设备及*** |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/572,514 Continuation US9578040B2 (en) | 2012-06-30 | 2014-12-16 | Packet receiving method, deep packet inspection device and system |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014000303A1 true WO2014000303A1 (zh) | 2014-01-03 |
Family
ID=47484676
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2012/077994 WO2014000303A1 (zh) | 2012-06-30 | 2012-06-30 | 一种报文接收方法、深度包检测设备及*** |
Country Status (5)
Country | Link |
---|---|
US (1) | US9578040B2 (zh) |
EP (1) | EP2869508A4 (zh) |
JP (1) | JP6007458B2 (zh) |
CN (1) | CN102884764B (zh) |
WO (1) | WO2014000303A1 (zh) |
Families Citing this family (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103973506B (zh) * | 2013-01-30 | 2016-10-12 | 腾讯科技(深圳)有限公司 | 一种域名校验方法、装置及*** |
CN103634314B (zh) * | 2013-11-28 | 2017-06-16 | 新华三技术有限公司 | 一种基于虚拟路由器vsr的服务访问控制方法及设备 |
CN104601573B (zh) * | 2015-01-15 | 2018-04-06 | 国家计算机网络与信息安全管理中心 | 一种Android平台URL访问结果验证方法及装置 |
CN105991627A (zh) * | 2015-03-13 | 2016-10-05 | 杭州迪普科技有限公司 | 数据连接建立方法及装置 |
CN106210160A (zh) * | 2016-06-17 | 2016-12-07 | 乐视控股(北京)有限公司 | 一种域名设置方法及装置 |
CN106230775B (zh) * | 2016-07-13 | 2020-01-03 | 新华三技术有限公司 | 防止攻击url规则库的方法以及装置 |
JP6493426B2 (ja) * | 2017-02-02 | 2019-04-03 | 日本電気株式会社 | 通信システム、通信制御方法および通信プログラム |
CN109246256A (zh) * | 2017-07-10 | 2019-01-18 | 中国电信股份有限公司 | 域名解析方法和***、授信域名***服务器 |
JP6493475B1 (ja) * | 2017-09-28 | 2019-04-03 | 日本電気株式会社 | 通信装置、通信システム、通信制御方法、通信プログラムおよびデバイス接続制御プログラム |
CN110519750B (zh) * | 2018-05-21 | 2021-04-20 | 华为技术有限公司 | 报文处理方法、设备及*** |
CN109688100B (zh) * | 2018-09-07 | 2022-06-17 | 平安科技(深圳)有限公司 | Nat穿透方法、装置、设备及存储介质 |
CN110784467B (zh) * | 2019-10-29 | 2021-10-26 | 维沃移动通信有限公司 | 一种消息中的网络链接处理方法、电子设备 |
CN111163184B (zh) * | 2019-12-25 | 2022-07-01 | 杭州迪普科技股份有限公司 | 一种报文特征的提取方法和装置 |
CN111314197B (zh) * | 2020-02-03 | 2021-06-29 | 杭州迪普科技股份有限公司 | 域名资源管理装置及域名资源管理方法 |
CN113395367B (zh) * | 2020-03-13 | 2023-04-28 | ***通信集团山东有限公司 | Https业务识别方法、装置、存储介质及电子设备 |
TW202241091A (zh) * | 2021-04-07 | 2022-10-16 | 聚騰科技股份有限公司 | 網路連線的服務類型的辨識方法 |
CN113726689B (zh) * | 2021-07-27 | 2023-06-13 | 新华三信息安全技术有限公司 | 一种安全业务处理方法以及装置 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101068253A (zh) * | 2006-05-05 | 2007-11-07 | 美国博通公司 | 通信架构、中间路由节点及其执行的方法 |
CN101141396A (zh) * | 2007-09-18 | 2008-03-12 | 华为技术有限公司 | 报文处理方法和网络设备 |
CN101945053A (zh) * | 2010-10-12 | 2011-01-12 | 杭州华三通信技术有限公司 | 一种报文的发送方法和装置 |
Family Cites Families (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6108330A (en) * | 1997-09-26 | 2000-08-22 | 3Com Corporation | Apparatus and methods for use therein for an ISDN LAN modem that selects among a plurality of DNS servers for responding to a DNS query |
US6256671B1 (en) * | 1998-06-24 | 2001-07-03 | Nortel Networks Limited | Method and apparatus for providing network access control using a domain name system |
JP3758482B2 (ja) * | 2000-08-28 | 2006-03-22 | 富士通株式会社 | ネットワーク間通信セキュリティプログラムを記録した媒体および装置 |
US6961783B1 (en) * | 2001-12-21 | 2005-11-01 | Networks Associates Technology, Inc. | DNS server access control system and method |
US7228359B1 (en) * | 2002-02-12 | 2007-06-05 | Cisco Technology, Inc. | Methods and apparatus for providing domain name service based on a client identifier |
US6950660B1 (en) * | 2002-05-10 | 2005-09-27 | Qualcomm, Incorporated | Provisioning a mobile device in a wireless communication system |
JP2004180159A (ja) * | 2002-11-28 | 2004-06-24 | Ntt Docomo Inc | 通信制御装置、パケットフィルタリング方法、及びプログラム |
US7372809B2 (en) * | 2004-05-18 | 2008-05-13 | Time Warner Cable, Inc. | Thwarting denial of service attacks originating in a DOCSIS-compliant cable network |
JP4489676B2 (ja) * | 2005-09-28 | 2010-06-23 | 富士通株式会社 | 通信システム |
US7730187B2 (en) * | 2006-10-05 | 2010-06-01 | Limelight Networks, Inc. | Remote domain name service |
US8274985B2 (en) * | 2005-12-30 | 2012-09-25 | United States Cellular Corporation | Control of cellular data access |
US8275895B1 (en) * | 2006-12-21 | 2012-09-25 | Crimson Corporation | Systems and methods for establishing a trusted dynamic host configuration protocol connection |
US8397057B2 (en) * | 2007-08-13 | 2013-03-12 | Sap Ag | Generic hub to increase security when accessing business systems |
CN101399749B (zh) * | 2007-09-27 | 2012-04-04 | 华为技术有限公司 | 一种报文过滤的方法、***和设备 |
JP2009272659A (ja) * | 2008-03-03 | 2009-11-19 | Nec Corp | 通信制御装置、通信制御方法および通信システム |
JP4592789B2 (ja) * | 2008-07-29 | 2010-12-08 | 日本電信電話株式会社 | 通信制御装置、通信制御方法および通信制御処理プログラム |
US9225794B2 (en) * | 2009-03-31 | 2015-12-29 | Google Inc. | Adaptive DNS pre-resolution |
US9270646B2 (en) * | 2009-04-20 | 2016-02-23 | Citrix Systems, Inc. | Systems and methods for generating a DNS query to improve resistance against a DNS attack |
CN102004789A (zh) | 2010-12-07 | 2011-04-06 | 苏州迈科网络安全技术股份有限公司 | Url过滤***的应用方法 |
CN102572014B (zh) * | 2012-03-07 | 2015-12-02 | 华为终端有限公司 | 消息处理方法、装置和*** |
JP6171445B2 (ja) * | 2013-03-21 | 2017-08-02 | 富士通株式会社 | 割当装置及び割当プログラム |
CN104796883B (zh) * | 2015-03-19 | 2018-08-03 | 深信服网络科技(深圳)有限公司 | 通信方法、无线接入点、无线控制器及通信*** |
-
2012
- 2012-06-30 WO PCT/CN2012/077994 patent/WO2014000303A1/zh active Application Filing
- 2012-06-30 CN CN201280000912.8A patent/CN102884764B/zh not_active Expired - Fee Related
- 2012-06-30 JP JP2015518769A patent/JP6007458B2/ja not_active Expired - Fee Related
- 2012-06-30 EP EP12880164.4A patent/EP2869508A4/en not_active Withdrawn
-
2014
- 2014-12-16 US US14/572,514 patent/US9578040B2/en active Active - Reinstated
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101068253A (zh) * | 2006-05-05 | 2007-11-07 | 美国博通公司 | 通信架构、中间路由节点及其执行的方法 |
CN101141396A (zh) * | 2007-09-18 | 2008-03-12 | 华为技术有限公司 | 报文处理方法和网络设备 |
CN101945053A (zh) * | 2010-10-12 | 2011-01-12 | 杭州华三通信技术有限公司 | 一种报文的发送方法和装置 |
Non-Patent Citations (1)
Title |
---|
See also references of EP2869508A4 * |
Also Published As
Publication number | Publication date |
---|---|
EP2869508A4 (en) | 2015-07-08 |
JP2015525991A (ja) | 2015-09-07 |
JP6007458B2 (ja) | 2016-10-12 |
CN102884764A (zh) | 2013-01-16 |
US9578040B2 (en) | 2017-02-21 |
CN102884764B (zh) | 2015-05-27 |
US20150103688A1 (en) | 2015-04-16 |
EP2869508A1 (en) | 2015-05-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2014000303A1 (zh) | 一种报文接收方法、深度包检测设备及*** | |
US10263958B2 (en) | Internet mediation | |
JP5624973B2 (ja) | フィルタリング装置 | |
WO2021057889A1 (zh) | 一种数据处理方法、装置、电子设备及存储介质 | |
US10148645B2 (en) | Method and device for classifying TCP connection carrying HTTP traffic | |
CN108270882B (zh) | 域名的解析方法和装置、存储介质、电子装置 | |
EP2924941B1 (en) | Method and device for preventing service illegal access | |
CN108259425A (zh) | 攻击请求的确定方法、装置及服务器 | |
CN107800678A (zh) | 检测终端异常注册的方法及装置 | |
WO2015085850A1 (zh) | 应用识别方法及装置 | |
JP2011100489A (ja) | ユーザ確認装置、方法及びプログラム | |
JP4693174B2 (ja) | 中間ノード | |
CN112311722A (zh) | 一种访问控制方法、装置、设备及计算机可读存储介质 | |
CN112491836A (zh) | 通信***、方法、装置及电子设备 | |
JP5456842B2 (ja) | ユーザ確認装置、方法及びユーザ認証システム | |
JP2013251000A (ja) | ユーザ確認装置、方法及びプログラム | |
CN114417198A (zh) | 一种网络诈骗预警方法、装置、预警设备、*** | |
KR101379803B1 (ko) | 비정상 트래픽 분산 시스템 및 이를 이용한 비정상 트래픽 분산 방법 | |
CN115460270B (zh) | 一种5g upf违规业务阻断方法及相关设备 | |
JP2012003784A (ja) | ユーザ確認装置、方法及びプログラム | |
WO2008069043A1 (ja) | 通信システム、アドレス管理装置及びそれらに用いるアドレス管理方法並びにアドレス管理プログラム | |
KR20050064601A (ko) | Wifi 네트워크에서 사용자 인식을 이용한 네트워크자원 관리 시스템 및 방법 | |
JP2009182507A (ja) | ドメインネームシステムサーバ装置 | |
JP2011238267A (ja) | ユーザ確認装置、方法及びプログラム | |
JP2009182510A (ja) | ドメインネームシステムサーバ装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201280000912.8 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 12880164 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2015518769 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2012880164 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |