Abstract: A method, a device, and a system for alerting against unknown malicious codes are disclosed. The method includes: detecting characteristics of a packet; judging whether any suspicious code exists in the packet according to a result of the detection; recording a source address of the suspicious code if the suspicious code exists in the packet; and sending alert information that carries the source address to a monitoring device. The embodiments of the present invention can report source addresses of numerous suspicious codes proactively at the earliest possible time, lay a foundation for shortening the time required for overcoming virus threats, and avoid the trouble of installing software on the client.

Abstract: Disclosed is a flood attack detection method, wherein the total number of keywords of a source packet is acquired, and the number of feature parameters corresponding to the source packet is acquired. A ratio of the number of feature parameters to the total number of keywords is compared with a preset threshold, and if the ratio is greater than or equal to the preset threshold, it is determined that a flood attack occurs.

Abstract: A method, an apparatus, and a system for detecting Botnet are disclosed. The method for detecting Botnet includes: obtaining an address information about a control host in a Bot sample by using an auto breakout environment; sending a query request message to a traffic analysis device to obtain an address information of a Bot host connected with the control host, in which the query request message carries the address information about the control host; and receiving a query response message returned by the traffic analysis device, in which the query response message carries the address information of the Bot host connected with the control host. The method for detecting Botnet can obtain the Botnet information in real time and construct a topology of the Botnet.

Abstract: A method, a system, and an apparatus for establishing communication are disclosed. The method is invented to establish communication between at least two communication parties including a first communication party and a second communication party. The method includes: sending a Cryptographically Generated Address (CGA) request to the first communication party; receiving CGA parameters and a CGA signature returned by the first communication party; and authenticating the CGA parameters and the CGA signature, and establishing communication with the first communication party if the authentication succeeds. By using the method disclosed herein, in the process of establishing communication, the communication party authenticates the CGA parameters and CGA signature carried in the CGA extension header to determine authenticity of the CGA, thus preventing the IP address spoofing and preventing or mitigating the network security problems caused by the IP address spoofing.

Abstract: A method for preventing Domain Name System (DNS) spoofing includes: performing uppercase/lowercase conversion for letters of a DNS question field in a DNS request packet according to a preset rule; sending the DNS request packet; receiving a DNS response packet; obtaining uppercase/lowercase distribution of the letters of the DNS question field in the DNS response packet; and forwarding the DNS response packet to a target DNS client if the uppercase/lowercase distribution of the letters of the DNS question field in the DNS response packet complies with the preset rule. Corresponding to the method, a device for preventing DNS spoofing is disclosed. The method and device reduce occupation of storage resources of the device.

Abstract: A communication system that obtains a key includes: a server that confirms support of Identity Based Encryption (IBE) authentication; the server obtains public parameters and a private key for IBE; and the server receives a PreMasterSecret key encrypted through the IBE, and obtains a plain text of the PreMasterSecret key according to the public parameters and the private key. The system includes a client and a server. The client includes an IBE negotiating module, a public parameter obtaining module, a server identifier obtaining module, and a processing module. The server includes an IBE negotiating module, a public parameter obtaining module, a private key obtaining module, and a processing module. Through combination of the IBE technology and the SSL/TLS technology, the modes of encrypting a PreMasterSecret key in the existing SSL/TLS protocol are diversified, and the use scope of the existing SSL/TLS protocol is extended substantially.

Abstract: A Virtual Private Network (VPN) node information processing method and a VPN node information processing device are provided, in which the method comprises: receiving an access request message sent by a node, in which the access request message at least carries authentication information, a current real Internet Protocol (IP) address, a node name and information indicating whether to accept extranet connection of the node; allocating a virtual IP address for the node when the authentication information of the node is correct; and registering the current real IP address, the node name, the information indicating whether to accept the extranet connection, and the virtual IP address of the node as registration information. Through the method and the device, when a node is added into a VPN, configuration of other nodes does not need to be adjusted.

Abstract: A method for preventing Domain Name System (DNS) spoofing includes: performing uppercase/lowercase conversion for letters of a DNS question field in a DNS request packet according to a preset rule; sending the DNS request packet; receiving a DNS response packet; obtaining uppercase/lowercase distribution of the letters of the DNS question field in the DNS response packet; and forwarding the DNS response packet to a target DNS client if the uppercase/lowercase distribution of the letters of the DNS question field in the DNS response packet complies with the preset rule. Corresponding to the method, a device for preventing DNS spoofing is disclosed. The method and device reduce occupation of storage resources of the device.

Abstract: A system and method for transmitting packets over two different network protocols without protocol conversion in any switches. A computer system comprises host computers and target storage arrays, or targets, coupled to one another through a Enhanced Ethernet network. Each of the host computers and the targets is configured to transmit encapsulated packets, such as a Fiber Channel over Ethernet (FCoE) packet. During system configuration, each of the targets is set to be the only target included in a virtual local area network (VLAN) with a corresponding unique VLAN identifier (ID). A given host computer logins to multiple assigned targets using a predefined Fiber Channel protocol. In response to a login request, a corresponding target assigns and conveys a N_Port ID that comprises a VLAN ID and a unique Host ID to the host computer in a reply message. A virtual link is established between the host computer and the target storage array.

Abstract: A method and system for implementing network proxy are provided. The method includes: establishing a first connection between a client and a server through a proxy adapter, so as to enable the client to acquire status information of the server through the first connection; and if the status information of the server shows that the server is in a turn-on state, establishing a second connection between the client and the server, so as to enable the client and the server to transmit a data packet through the second connection. Through the method for implementing network proxy, the client acquires the status information of the server through the first connection, and only when the status information of the server is the turn-on state, could the second connection between the client and the server be established, thereby ensuring the reliability of establishing the second connection, and improving the user experience.

Abstract: In the field of communications technology, a method and a system for forwarding data between private networks are provided, which can enable terminals in different private networks to securely communicate with each other by using private network addresses. The method includes the following steps. A Secure Socket Layer (SSL) tunnel to an SSL Virtual Private Network (VPN) device in another private network is established. Address allocation information of the another private network is received through the SSL tunnel. The address allocation information and a mapping relation between the address allocation information and a public network IP address of the SSL VPN device transmitting the address allocation information and a session ID of the SSL tunnel transmitting the address allocation information are saved.

Abstract: A method, an apparatus, and a system for processing packets are disclosed. The method is applied to a distributed architecture of multiple service boards; the distributed architecture includes a main control board, at least one service board, and at least one interface board. The method includes: determining a specified CPU corresponding to a received packet; and, by the service board corresponding to the CPU, processing the received packet. Through the embodiments of the present invention, the received packets are processed in the service board corresponding to the specified CPU. Therefore, the packets are evenly distributed to all service boards for being processed, the workload of the main control board is relieved, the service throughput is increased significantly, and the packet processing efficiency of the whole architecture is improved.

Abstract: A method for preventing network attacks is provided, which includes: obtaining a data packet, where a source address of the data packet is a cryptographically generated address (CGA); determining that the obtained data packet includes a CGA parameter and signature information; authenticating the CGA parameter; authenticating the signature information according to the authenticated CGA parameter; and sending the data packet to a destination address when the signature information is authenticated. Accordingly, a device for preventing network attacks is also provided. A CGA parameter used by a data packet is directly used to ensure authenticity of a source address of the data packet, thus preventing network attacks performed by counterfeiting the address. In addition, by authenticating signature information, authenticity of identification of a sender of the data packet and bound address of the sender of the data packet are further ensured.

Abstract: Embodiments of the present technical solution relate to the technique field of storage, and disclose a server and a method for the server to access a volume. The method comprises: determining, from a first list, a block that needs to be accessed according to an access offset of a volume that needs to be accessed; determining, from a second list, a storage controller corresponding to the block that needs to be accessed according to the determined block; and sending a data reading request or a data writing request to the storage controller corresponding to the block that needs to be accessed to process. Embodiments of the present invention can reduce time delay when the data reading request or the data writing request of the server reaches the block that needs to be accessed.

Abstract: A multi-disk fault-tolerant system, a method for generating a check block, and a method for recovering a data block are provided. The multi-disk fault-tolerant system includes a disk array and a calculation module connected through a system bus, the disk array is formed by p disks, and a fault-tolerant disk amount of the disk array is q; data in the disk array is arranged according to a form of a matrix M of (m+q)×p, where m is a prime number smaller than or equal to p?q; in the matrix M, a 0th row is virtual data blocks being virtual and having values being 0, a 1st row to an (m?1)th row are data blocks, an mth row to an (m+q?1)th row are check blocks. Therefore, during a procedure of generating the check block and recovering the data block in the multi-disk fault-tolerant system, calculation complexity is lowered.

Abstract: A network authentication method, a method for a client to request authentication, a client, and a device are provided.

Abstract: A method, system, and device for negotiating a security association (SA) on an Internet Protocol version 6 (IPv6) network are disclosed. In this method, the initiator and the responder generate an SA through the interaction of two messages. Compared with the conventional procedure for setting up an SA based on the Internet Key Exchange Protocol (IKE), the interaction procedure in the present invention is simplified significantly. Therefore, the negotiation is faster and more convenient. In addition, with the present invention, cryptographically generated address parameters (CGA Params) are carried in the message and the CGA may be verified so that the invader cannot spoof the address.

Abstract: A method for implementing network security access control is provided, including: receiving and decrypting terminal identity information that is encrypted in a bi-directional encryption mode and forwarded by a switch, and authenticating the decrypted terminal identity information; returning an authentication result to the switch so that the switch controls access of a terminal to a network according to the authentication result; encrypting the decrypted terminal identity information in a solo-directional encryption mode and authenticating the encrypted terminal identity information; returning an authentication result to a security access control gateway so that the security access control gateway controls access of the terminal to network resources according to the authentication result; delivering a security policy to a security control module on the terminal so that the security control module controls the terminal according to the security policy.

Abstract: A method for automatic snapshot includes obtaining the amount of data written into a source Logical Unit Number (LUN) and performing increment accumulation; and taking a snapshot when a value of the increment accumulation exceeds the upper limit value. An apparatus for automatic snapshot is disclosed. In one embodiment of the invention, snapshots are taken according to the size of a data variable, only two characterizing parameters, an upper limit value and an increment value need to be added, and the determination logic is clear and concise. Thus, system efficiency or resource overload is not affected, the pertinence is strengthened, the resource usage is increased, and the adaptability is strengthened. Furthermore, stored data may be automatically protected with snapshot, and data safety and reliability are greatly improved.

Abstract: A storage method, a storage system, and a controller are disclosed. The method is applicable to a system that includes at least one controller, at least two Peripheral Component Interconnection Express (PCIE) Input/Output (IO) modules, and at least two storage devices. The at least two storage devices are connected through a PCIE switch chip of the at least one controller, and the at least two PCIE IO modules are connected through a PCIE switch chip of the at least one controller. The method includes: receiving a request message from a server through the at least two PCIE IO modules; and accessing the at least two storage devices according to the request message. The at least two PCIE IO modules are shared between controllers, thereby saving resources; and the storage devices access the controllers without the need of a hard disk controller or a hard disk extension chip, thereby saving costs.