CN100442778C - Method, system for carrying out anti-attack filtration on data stream and its re-positioning device - Google Patents
Method, system for carrying out anti-attack filtration on data stream and its re-positioning device Download PDFInfo
- Publication number
- CN100442778C CN100442778C CNB2006100009088A CN200610000908A CN100442778C CN 100442778 C CN100442778 C CN 100442778C CN B2006100009088 A CNB2006100009088 A CN B2006100009088A CN 200610000908 A CN200610000908 A CN 200610000908A CN 100442778 C CN100442778 C CN 100442778C
- Authority
- CN
- China
- Prior art keywords
- redirected
- data flow
- user
- compartment wall
- fire compartment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000001914 filtration Methods 0.000 title claims abstract description 62
- 238000000034 method Methods 0.000 title claims abstract description 33
- 238000004891 communication Methods 0.000 claims abstract description 50
- 230000008569 process Effects 0.000 claims description 10
- 230000007246 mechanism Effects 0.000 claims description 7
- 238000010295 mobile communication Methods 0.000 claims description 4
- 238000012544 monitoring process Methods 0.000 claims description 3
- 230000002452 interceptive effect Effects 0.000 abstract description 3
- 239000000203 mixture Substances 0.000 description 6
- 238000012545 processing Methods 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- CNQCVBJFEGMYDW-UHFFFAOYSA-N lawrencium atom Chemical compound [Lr] CNQCVBJFEGMYDW-UHFFFAOYSA-N 0.000 description 2
- 238000013461 design Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Abstract
The present invention discloses a method which is used for the anti-attack filtration of communication data flows among users in a network, which comprises the steps that the network side of a grouping data communication system is moved to redirect the interactive data flows among the users in a network to a firewall, and the firewall is used for executing the treatment of the anti-attack filtration to the interactive data flows among the users in the network. The present invention correspondingly discloses a system for the anti-attack filtration of the communication data flows in the users in the network and the corresponding redirecting equipment. The present invention can be used for the complex anti-malicious-attack treatment of the communication data flows among the grouping data users in the network to satisfy the requirements of communication security of users.
Description
Technical field
The present invention relates to the mobile packet data communication technical field, especially relate to and a kind of data stream is carried out the method and the system thereof of anti-attack filtration, and corresponding re-positioning device.
Background technology
At GPRS (GPRS, General Packet Radio Service)/Wideband Code Division Multiple Access (WCDMA) (WCDMA, Wideband Code Division Multiple Access) there are two main basic equipments in the system: Gateway GPRS Support Node (GGSN, Gateway GPRS Support Node) and serving GPRS support node (SGSN, Serving GPRS Support Node), wherein the main function of SGSN provides universal land radio access web (UTRAN, UMTS Terrestrial Radio AccessNetwork)/base station sub-system (BSS, Base Station Subsystem) access function, the main function of GGSN is the gateway as communication between GPRS/WCDMA system and the external packet data net (PDN, Packet DataNetwork).Wherein SGSN and the position view of GGSN equipment in the GPRS/WCDMA system are as shown in Figure 1.
The data service that the mobile packet data user is mail to the external packet data net at first will insert through SGSN equipment, mails to GGSN by SGSN then, mails to the external packet data net via GGSN at last.Wherein in order to protect the communication security of packet data user; between GGSN and external packet data net, need to be provided with fire compartment wall Firewall, the attack that the fire compartment wall Firewall by this setting stops the invalid data stream in the external packet data net may cause packet data user in netting.
Though but the attack that the fire compartment wall that is provided with has stoped the external packet data net may cause packet data user in netting, and can not the communication data stream between each packet data user in netting be filtered, be that mobile packet data user desire sends data flow in the net during other packet data users, after up next data flow arrives GGSN, after the simple filtration of GGSN is handled, just directly transferred to the descending mobile packet data that sends to and received the user.
Along with the communication service between the packet data user in the net increases gradually, the potential possibility that accuses each other that exists between the different grouping data user also increases thereupon, yet in the GPRS/WCDMA system, just the communication data stream between the packet data user in netting is carried out filtration treatment at present based on GGSN, GGSN uses the packet filtering strategy that data stream is filtered, the packet filtering strategy is a kind of relative simple filtering means, can only according to the simple attributes of data message (as source address, destination address, source port number and destination slogan etc.) judge the filtration treatment that realizes the data message, thereby realize some simple filtering, and do not filter for some comparatively complicated malicious attacks based on the GGSN of packet filtering strategy.Therefore only be to use GGSN to come the communication data stream between the packet data user in netting is filtered, can not satisfy the user's communications security requirement based on simple packet filtering strategy.
Summary of the invention
The technical problem to be solved in the present invention is to propose a kind of method and system thereof that communication data stream between user in netting is carried out anti-attack filtration, handle can the stream of the communication data between the packet data user in netting being carried out comparatively complicated preventing malicious attack, satisfy the user's communications security requirement.
Accordingly, the present invention goes back correspondence and has proposed a kind of re-positioning device.
For addressing the above problem, the technical scheme that the present invention proposes is as follows:
A kind of communication data stream between user in netting is carried out the method for anti-attack filtration, comprises step:
Mutual data flow between the user was redirected to the internetwork fire compartment wall of network side and external packet data in A, mobile packet data communication system network will be netted;
B, by described fire compartment wall data flow mutual between the user in netting is carried out anti-attack filtration and handle.
Preferably, described steps A specifically comprises step:
A1, be provided with in the IAD of mobile packet data communication system network and be redirected strategy, described redirected strategy be to net mutual data flow between the interior user, is redirected to the internetwork fire compartment wall of network side and external packet data;
A2, described IAD judge the data flow that receives for net between the user during mutual data flow, according to set redirected strategy the data flow that receives is redirected to described fire compartment wall.
Preferably, IAD judges according to the source address and the destination address of the data flow that receives whether the data flow that receives is mutual data flow between the interior user of net in the described steps A 2.
Preferably, described fire compartment wall comes data flow mutual between the user in netting is carried out the anti-attack filtration processing based on following filtration treatment mechanism:
Packet filtering mechanism; Or agency service strobe utility; Or condition monitoring strobe utility.
Preferably, described mobile packet data communication system is:
General Packet Radio Service System; Or
The 3-G (Generation Three mobile communication system) of upgrading based on General Packet Radio Service System.
Preferably, described IAD is a ggsn.
A kind of communication data stream between user in netting is carried out the system of anti-attack filtration, comprise the internetwork fire compartment wall of re-positioning device and network side and external packet data, wherein:
Re-positioning device is used at the mobile packet data communication system network, and mutual data flow between the interior user of net is redirected to network side and the internetwork fire compartment wall of external packet data;
The internetwork fire compartment wall of network side and external packet data is used for that described re-positioning device is transmitted in the net that comes between the user mutual data flow and carries out anti-attack filtration and handle.
Preferably, described re-positioning device specifically comprises:
Redirected strategy is provided with the unit, is used to be provided with the redirected strategy that mutual data flow between the interior user of net is redirected to network side and the internetwork fire compartment wall of external packet data;
Judging unit is used to judge whether the data flow that re-positioning device receives is mutual data flow between the interior user of net;
Be redirected performance element, be used in the judged result of described judging unit when being, according to described redirected strategy the redirected strategy of unit setting is set, the data flow that re-positioning device is received is redirected to described fire compartment wall.
Preferably, described re-positioning device is a ggsn.
A kind of re-positioning device comprises that being used for the mobile packet data communication system network will net mutual data flow between the interior user, be redirected to the re-orientation processes unit of network side and the internetwork fire compartment wall of external packet data.
Preferably, described re-orientation processes unit specifically comprises:
Redirected strategy is provided with subelement, is used to be provided with the redirected strategy that mutual data flow between the interior user of net is redirected to network side and the internetwork fire compartment wall of external packet data;
Judgment sub-unit is used to judge whether the data flow that re-positioning device receives is mutual data flow between the interior user of net;
Be redirected to carry out subelement, be used in the judged result of described judgment sub-unit when being, according to described redirected strategy the data flow that the redirected strategy of subelement setting receives re-positioning device is set and is redirected to described fire compartment wall.
Preferably, described re-positioning device is a ggsn.
The beneficial effect that the present invention can reach is as follows:
In technical solution of the present invention will be netted by the mobile packet data communication system network between the user mutual data flow be redirected to fire compartment wall, by fire compartment wall data flow mutual between the user in netting is carried out anti-attack filtration and handles.Thereby that has realized that the redirected strategy of equipment Network Based and fire compartment wall itself had improves the anti-attack filtration strategy, coming that data flow mutual between the access user in the mobile packet data communication system is carried out anti-attack filtration handles, therefore prevent the mutual malicious attack between the mobile packet data communication system internal interface access customer preferably, satisfied the user's communications security requirement.
Description of drawings
Fig. 1 is SGSN and the position view of GGSN equipment in the GPRS/WCDMA system;
Fig. 2 carries out the main realization principle flow chart of the method for anti-attack filtration to the communication data stream between user in netting for the present invention;
Fig. 3 for use the inventive method principle on GGSN, be provided be redirected tactful realization will net in data flow between the user be redirected to the schematic diagram that fire compartment wall carries out filtration treatment;
Fig. 4 carries out the main composition structured flowchart of the system of anti-attack filtration to the communication data stream between user in netting for the present invention;
Fig. 5 is the concrete composition structured flowchart of re-positioning device in the system of the present invention;
Fig. 6 is the concrete composition structured flowchart of the re-orientation processes unit that comprises in the re-positioning device of the present invention.
Embodiment
Consider in the mobile packet data communication system, along with the growth that inserts interactive service between the user, inserting potential the accusing each other that exists between the user also may increase gradually, and as only using the packet filtering strategy to come to handle inserting data flow execution anti-attack filtration mutual between the user in netting based on GGSN in the prior art, insert accusing each other of initiating between the user in can only comparatively simply preventing to net, and do not prevent for inserting accusing each other between the user in some comparatively complicated nets, and need prevent to net accusing each other between the interior user of access based on the more perfect strobe utility in the firewall box by means of firewall box.Therefore the present invention provides a kind of technical scheme here, redirection function with equipment disposition Network Based, make that mutual data flow can be redirected to firewall box between the access user, realize handling inserting data flow execution anti-attack filtration mutual between the user in netting by the comparatively perfect strobe utility that disposes in the firewall box.
The present invention program's design philosophy mainly is the redirected strategy that a kind of equipment Network Based is provided at the mobile packet data communication system network, make that mutual data flow can be redirected on the firewall box between the interior user of access of net, realize handling inserting data flow execution anti-attack filtration mutual between the user in netting with the strobe utility that improves by firewall box configuration itself.
Be explained in detail below in conjunction with main realization principle, specific implementation process and the corresponding beneficial effect thereof of each accompanying drawing the present invention program.
Please refer to Fig. 2, to be the present invention carry out the main realization principle flow chart of the method for anti-attack filtration to the communication data stream between user in netting to this figure, and its main implementation procedure is as follows:
Mutual data flow between the user was redirected to the internetwork fire compartment wall of network side and external packet data in step S10, mobile packet data communication system network will net;
Wherein the mobile packet data communication system network can be redirected to network side and the internetwork fire compartment wall of external packet data with mutual data flow between the interior user of net by following processing procedure:
At first, be provided with in the IAD of mobile packet data communication system network and be redirected strategy, this redirected strategy is mutual data flow between the interior user of net is redirected to described fire compartment wall;
Secondly, the IAD of network side judge the data flow that receives for net between the user during mutual data flow, according to self set redirected strategy the data flow that receives is redirected to described fire compartment wall, wherein IAD can judge that whether the data flow that receives is mutual data flow between the user in the net according to the source address of the data flow that receives and destination address information.
Step S20 carries out anti-attack filtration by described fire compartment wall to data flow mutual between the user in netting and handles; Wherein fire compartment wall can but be not limited to come that based on following filtration treatment mechanism data flow mutual between the user in netting is carried out anti-attack filtration and handle:
Packet filtering mechanism; Or
The agency service strobe utility; Or
Condition monitoring strobe utility etc.
The mobile packet data communication system that said method of the present invention was applied in can be gprs system, also can be for the 3-G (Generation Three mobile communication system) of upgrading etc. based on gprs system, above-mentioned so mentioned IAD is in the gprs system or is the Gateway GPRS Support Node GGSN in the 3G mobile communication system of upgrading based on gprs system.
This shows, the inventive method is at the shortcoming of prior art scheme, be redirected strategy by on the core net access device, being provided with, thereby make under the situation that does not change existing networking mode, when redirection function activates, MS can be redirected on the fire compartment wall to the data message of MS, realize follow-up filtration and transmit processing.
Following will be that example comes the inventive method principle is further illustrated with the redirected strategy of configuration on the GGSN in the GPRS network system:
By the mode of MS in netting being specified next hop address to the data message of MS is set in GGSN, here the next hop address that promptly address of firewall box is redirected to the MS data message as MS in the net is provided with the redirected strategy that mutual data flow between the user in netting is redirected to fire compartment wall thereby be implemented among the GGSN; GGSN itself will be according to MS in the redirected tactful net that will receive of this kind to the redirected fire compartment wall that is transmitted to of the data message of MS like this;
After fire compartment wall receives the next data message of the redirected forwarding of GGSN, can come that receiving data packets is carried out anti-attack filtration according to the strobe utility that self disposes handles, carry out next step forwarding then according to the destination address of this data message, for example the data message forwarding after the filtration treatment is returned GGSN, by GGSN and then send to another MS downwards.
Please refer to Fig. 3, this figure be use the inventive method principle on GGSN, be provided be redirected tactful realization will net in data flow between the user be redirected to the schematic diagram that fire compartment wall carries out filtration treatment, wherein send to the data flow of Internet for MS, its transmission and processing process is with the prior art unanimity, promptly first through SGSN by MS, arrive GGSN again, arrive Internet after handling through firewall filtering; Also keep consistency for send the transmission and processing process that data flow is forwarded to MS from Internet, after promptly handling via firewall filtering earlier, arrive GGSN, arrive MS through SGSN again with prior art.What wherein change to some extent corresponding to the present invention program's principle is (the data flow transmission trend of MS->MS) in the net between the user, before not using the present invention program's principle, GGSN directly carries out simple filtering to the data flow of MS->MS and directly is forwarded to SGSN after handling and carries out downlink transfer and give MS, and can and then not be forwarded to firewall box; After having used the present invention program's principle, for better avoiding the rogue attacks of MS->MS, to take firewall filtering mechanism, be specially: GGSN judge the data message that receives for net in during the data message of MS->MS, the next hop address (being the fire compartment wall address) that then disposes in the redirected strategy that can set in advance according to self, give fire compartment wall with the data message forwarding that receives, by fire compartment wall the data message of MS->MS is carried out anti-attack filtration and handles, last again with the data message after the filtration treatment by the descending MS that sends to.
In sum, the present invention program by using equipment Network Based redirected strategy and fire compartment wall itself had improve the anti-attack filtration strategy, coming that data flow mutual between the access user in the mobile packet data communication system is carried out anti-attack filtration handles, can prevent the mutual malicious attack between the mobile packet data communication system internal interface access customer preferably, satisfy the user's communications security requirement.
Method corresponding to the above-mentioned proposition of the present invention, the present invention has also proposed a kind of system that communication data stream between user in netting is carried out anti-attack filtration here, please refer to Fig. 4, this figure is the present invention carries out the system of anti-attack filtration to the communication data stream between user in netting a main composition structured flowchart, it mainly comprises the internetwork fire compartment wall 20 of re-positioning device 10 and network side and external packet data, and wherein the main effect of each part is as follows:
The internetwork fire compartment wall 20 of network side and external packet data is mainly used in above-mentioned re-positioning device 10 redirected forwardings are inserted mutual data flow between the user in the next net, based on the strobe utility that self disposes, and the anti-attack filtration processing that execution is corresponding.
Please refer to Fig. 5, this figure is the concrete composition structured flowchart of re-positioning device in the system of the present invention, wherein re-positioning device 10 comprises that mainly being redirected strategy is provided with unit 101, judging unit 102 and redirected performance element 103, and wherein the concrete effect of each component units is as follows:
Redirected strategy is provided with unit 101, is used to set in advance to insert mutual data flow between the user in the net, is redirected to the redirected strategy of the internetwork fire compartment wall 20 of network side and external packet data;
Judging unit 102, be used to judge whether the data flow that re-positioning device 10 receives is to insert mutual data flow between the user in the net, wherein the source address and the destination address information of judging unit 20 data flow that can receive according to re-positioning device 10 judge whether the data flow that re-positioning device 10 receives is to insert mutual data flow between the user in the net;
Be redirected performance element 103, be used in the judged result of above-mentioned judging unit 102 when being, according to above-mentioned redirected strategy the redirected strategy that unit 101 sets in advance is set, the data flow that re-positioning device 10 is received is redirected and is forwarded to described fire compartment wall 20 and carries out anti-attack filtration and handle.
Wherein above-mentioned re-positioning device can be the Gateway GPRS Support Node GGSN in the gprs system.
In like manner, method and system thereof corresponding to the above-mentioned proposition of the present invention, the present invention goes back and then has proposed a kind of re-positioning device here, comprise in being used for the mobile packet data communication system network will net and insert mutual data flow between the user, be redirected to the re-orientation processes unit of network side and the internetwork fire compartment wall of external packet data, please refer to Fig. 6, this figure is the concrete composition structured flowchart of the re-orientation processes unit that comprises in the re-positioning device of the present invention, it comprises that mainly being redirected strategy is provided with subelement 200, judgment sub-unit 300 and the redirected subelement 400 of carrying out, the concrete effect of these three component units is as follows:
Redirected strategy is provided with subelement 200, is mainly used in to set in advance and will insert mutual data flow between the user in the net, is redirected to the redirected strategy of network side and the internetwork fire compartment wall of external packet data;
Be redirected and carry out subelement 400, be mainly used in the judged result of above-mentioned judgment sub-unit 300 when being, according to above-mentioned redirected strategy the redirected strategy that subelement 200 sets in advance is set, the data flow that re-positioning device is received is redirected and is forwarded to described fire compartment wall and carries out anti-attack filtration and handle.
More preferably, the re-positioning device that proposes here of the present invention can be the Gateway GPRS Support Node GGSN in the gprs system.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.
Claims (12)
1, a kind of communication data stream between user in netting is carried out the method for anti-attack filtration, it is characterized in that, comprise step:
Mutual data flow between the user was redirected to the internetwork fire compartment wall of network side and external packet data in A, mobile packet data communication system network will be netted;
B, by described fire compartment wall data flow mutual between the user in netting is carried out anti-attack filtration and handle.
2, the method for claim 1 is characterized in that, described steps A specifically comprises step:
A1, be provided with in the IAD of mobile packet data communication system network and be redirected strategy, described redirected strategy be to net mutual data flow between the interior user, is redirected to the internetwork fire compartment wall of network side and external packet data;
A2, described IAD judge the data flow that receives for net between the user during mutual data flow, according to set redirected strategy the data flow that receives is redirected to described fire compartment wall.
3, method as claimed in claim 2 is characterized in that, IAD judges according to the source address and the destination address of the data flow that receives whether the data flow that receives is mutual data flow between the interior user of net in the described steps A 2.
4, the method for claim 1 is characterized in that, described fire compartment wall comes that based on following filtration treatment mechanism data flow mutual between the user in netting is carried out anti-attack filtration to be handled:
Packet filtering mechanism; Or
The agency service strobe utility; Or
The condition monitoring strobe utility.
As claim 2 or 3 described methods, it is characterized in that 5, described mobile packet data communication system is:
General Packet Radio Service System; Or
The 3-G (Generation Three mobile communication system) of upgrading based on General Packet Radio Service System.
6, method as claimed in claim 5 is characterized in that, described IAD is a ggsn.
7, a kind of communication data stream between user in netting is carried out the system of anti-attack filtration, it is characterized in that, comprise the internetwork fire compartment wall of re-positioning device and network side and external packet data, wherein:
Re-positioning device is used at the mobile packet data communication system network, and mutual data flow between the interior user of net is redirected to network side and the internetwork fire compartment wall of external packet data;
The internetwork fire compartment wall of network side and external packet data is used for that described re-positioning device is transmitted in the net that comes between the user mutual data flow and carries out anti-attack filtration and handle.
8, system as claimed in claim 7 is characterized in that, described re-positioning device specifically comprises:
Redirected strategy is provided with the unit, is used to be provided with the redirected strategy that mutual data flow between the interior user of net is redirected to network side and the internetwork fire compartment wall of external packet data;
Judging unit is used to judge whether the data flow that re-positioning device receives is mutual data flow between the interior user of net;
Be redirected performance element, be used in the judged result of described judging unit when being, according to described redirected strategy the redirected strategy of unit setting is set, the data flow that re-positioning device is received is redirected to described fire compartment wall.
As claim 7 or 8 described systems, it is characterized in that 9, described re-positioning device is a ggsn.
10, a kind of re-positioning device is characterized in that, comprises being used at the mobile packet data communication system network, mutual data flow between the interior user of net is redirected to the re-orientation processes unit of network side and the internetwork fire compartment wall of external packet data.
11, equipment as claimed in claim 10 is characterized in that, described re-orientation processes unit specifically comprises:
Redirected strategy is provided with subelement, is used to be provided with the redirected strategy that mutual data flow between the interior user of net is redirected to network side and the internetwork fire compartment wall of external packet data;
Judgment sub-unit is used to judge whether the data flow that re-positioning device receives is mutual data flow between the interior user of net;
Be redirected to carry out subelement, be used in the judged result of described judgment sub-unit when being, according to described redirected strategy the redirected strategy of subelement setting is set, the data flow that re-positioning device is received is redirected to described fire compartment wall.
As claim 10 or 11 described equipment, it is characterized in that 12, described re-positioning device is a ggsn.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100009088A CN100442778C (en) | 2006-01-12 | 2006-01-12 | Method, system for carrying out anti-attack filtration on data stream and its re-positioning device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2006100009088A CN100442778C (en) | 2006-01-12 | 2006-01-12 | Method, system for carrying out anti-attack filtration on data stream and its re-positioning device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1845528A CN1845528A (en) | 2006-10-11 |
| CN100442778C true CN100442778C (en) | 2008-12-10 |
Family
ID=37064443
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2006100009088A Expired - Fee Related CN100442778C (en) | 2006-01-12 | 2006-01-12 | Method, system for carrying out anti-attack filtration on data stream and its re-positioning device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100442778C (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217537B (en) * | 2007-12-28 | 2011-04-20 | 董韶瑜 | A network attacking prevention method |
| CN101299724B (en) * | 2008-07-04 | 2010-12-08 | 杭州华三通信技术有限公司 | Method, system and equipment for cleaning traffic |
| CN102859934B (en) * | 2009-03-31 | 2016-05-11 | 考持·维 | Access-in management and safety system and the method for the accessible Computer Service of network |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6321336B1 (en) * | 1998-03-13 | 2001-11-20 | Secure Computing Corporation | System and method for redirecting network traffic to provide secure communication |
| WO2004045159A2 (en) * | 2002-11-11 | 2004-05-27 | Orange Sa | Filtering data packets at a network gateway working as a service-based policy (sblp) enforcement point |
| US20050268335A1 (en) * | 2004-05-28 | 2005-12-01 | Nokia Inc. | System, method and computer program product for updating the states of a firewall |
| CN1708964A (en) * | 2002-10-25 | 2005-12-14 | 施克莱无线公司 | Redirection of notifications to a wireless user device |
-
2006
- 2006-01-12 CN CNB2006100009088A patent/CN100442778C/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6321336B1 (en) * | 1998-03-13 | 2001-11-20 | Secure Computing Corporation | System and method for redirecting network traffic to provide secure communication |
| CN1708964A (en) * | 2002-10-25 | 2005-12-14 | 施克莱无线公司 | Redirection of notifications to a wireless user device |
| WO2004045159A2 (en) * | 2002-11-11 | 2004-05-27 | Orange Sa | Filtering data packets at a network gateway working as a service-based policy (sblp) enforcement point |
| US20050268335A1 (en) * | 2004-05-28 | 2005-12-01 | Nokia Inc. | System, method and computer program product for updating the states of a firewall |
Non-Patent Citations (2)
| Title |
|---|
| 通过分配IP地址构建GPRS防火墙. 胡锐,何大可.通信技术,第124卷第4期. 2002 |
| 通过分配IP地址构建GPRS防火墙. 胡锐,何大可.通信技术,第124卷第4期. 2002 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1845528A (en) | 2006-10-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2314128B1 (en) | Method and system for bypassing 3gpp packet switched core network when accessing internet from 3gpp ues using 3gpp radio access network | |
| JP4166942B2 (en) | Internet protocol traffic filter for mobile radio networks | |
| CN101099353B (en) | Method for providing access carry information, access processor, service processor, service entity and system | |
| CN100589637C (en) | Register method for mobile communication system and the used bimodule terminal | |
| EP1345371A3 (en) | Packet transmission system, packet transmission method, packet transmission device, home agent, mobile terminal, and access router | |
| CN108366436A (en) | Information processing method, forwarding surface equipment and control plane equipment | |
| CN106332067A (en) | Method, device and system of preventing diameter signaling attacks in wireless network | |
| CN101197795A (en) | Network service protection method and service gateway | |
| CN102843668A (en) | Method and system for implementing flow sharing of multiple mobile terminal cards | |
| CN101959215A (en) | Packet service data transmission method, device and system | |
| CN105122741A (en) | Method and apparatus for controlling service chain of service flow | |
| CN100574504C (en) | A kind of mobile communication paging method and paging system thereof | |
| CN107645496A (en) | A kind of distribution method and system of intelligent electronic device | |
| CN110169022A (en) | The method and device of data transmission | |
| EP3258724A2 (en) | Preserving mobile network session data during radio access technology handover | |
| CN100442778C (en) | Method, system for carrying out anti-attack filtration on data stream and its re-positioning device | |
| CN103563449B (en) | Cut-in method and mobile management device, user equipment | |
| CN104333882A (en) | Wireless network traffic control method | |
| CN101925038B (en) | Data transmission method, communication device and network system | |
| EP1981295A3 (en) | Mobile communication system, method of controlling operation thereof, and node used for the system | |
| WO2006062674A3 (en) | Method and system for providing packet data services | |
| CN101599889A (en) | Prevent the method for MAC address spoofing in a kind of ethernet switching device | |
| CN101197836B (en) | Data communication control method and data communication control device | |
| CN1863140B (en) | Method for improving network resource utilization ratio of wireless communication system | |
| CN103795736A (en) | Firewall networking system for different networking channels of mobile terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20081210 |