公开(公告)号：US20140325648A1

公开(公告)日：2014-10-30

申请号：US14330722

申请日：2014-07-14

Applicant: Huawei Technologies Co., Ltd.

Inventor： Gaoqiang Liu ,  Yongbo Pan ,  Li Yang

IPC: H04L29/06

CPC classification number: H04L63/1458 ,  H04L63/1425 ,  H04L63/166 ,  H04L69/24

Abstract: An attack defense method and device. The method includes counting the number of renegotiations in a transmission control protocol (TCP) connection, where the number of the renegotiations is the number of repeated negotiations between a client and a server in the TCP connection. When the number of the renegotiations in the TCP connection is greater than a preset threshold of the number of renegotiations, determining that the TCP connection is an abnormal connection and disconnecting the TCP connection. Embodiments of the present invention also provide an attack defense device, implementing effective defense against a secure socket layer (SSL) denial of service (DOS) attack behavior.

Abstract translation: 攻击防御方法和设备。 该方法包括对传输控制协议（TCP）连接中重新协商的次数进行计数，其中重新协商的次数是TCP连接中的客户端和服务器之间重复协商的次数。 当TCP连接中重新协商的数量大于重新协商数量的预设阈值时，确定TCP连接是异常连接并断开TCP连接。 本发明的实施例还提供了一种针对安全套接层（SSL）拒绝服务（DOS）攻击行为的有效防御的防攻击装置。