流量异常原因通知方法、装置及网络设备

Notification method and device of flow abnormality reasons and network device

Abstract

本发明提供一种流量异常原因通知方法、装置及网络设备。方法包括:防火墙检测到主机的行为异常后,拦截主机的流量;防火墙根据拦截的流量中的TCP连接建立请求,向主机返回TCP连接应答,以与主机建立连接;防火墙根据拦截的流量中发送给应用服务器的页面请求,仿造应用服务器向主机返回页面响应,页面响应包括拦截流量的原因,或者页面响应包括重定向服务器的地址信息,以使主机从重定向服务器获取拦截流量的原因。本发明技术方案可以在不增加用户主机负担的情况下,将主机流量被阻断的原因提供给主机。
The invention provides a notification method and device of flow abnormality reasons and a network device. The method comprises that a fire dam intercepts flow of a host machine when detecting that the host machine is abnormal in action; the fire dam builds requests according to transmission control protocol (TCP) connection in the intercepted flow, and the fire dam returns TCP connection response to the host machine to build connection with the host machine; the fire dam copies an application server to return page response to the host machine according to page requests sending to the application server in the intercepted flow, wherein the page response comprises reasons for intercepting the flow or the page response comprises address information of a redirection server to enable the host machine to obtain the reasons for intercepting the flow from the redirection server. By means of the technical scheme, reasons for intercepting the flow of the host machine can be provided for the host machine under the condition that a host machine load of a user is not increased.

Claims

Description

Topics

Download Full PDF Version (Non-Commercial Use)

Patent Citations (3)

    Publication numberPublication dateAssigneeTitle
    CN-101577729-ANovember 11, 2009上海宝信软件股份有限公司DNS重定向与Http重定向相结合的旁路阻断方法
    CN-101789948-AJuly 28, 2010浪潮通信信息系统有限公司Hierarchical type mobile internet security monitoring and protecting system
    CN-1555170-ADecember 15, 2004沈阳东软软件股份有限公司Flow filtering fine wall

NO-Patent Citations (0)

    Title

Cited By (0)

    Publication numberPublication dateAssigneeTitle