Abstract: The present disclosure provides a method and apparatus for suppressing the spread of viruses in a local area network (LAN). The method includes, in response to that an ARP packet is received, determining whether a number of interacting terminals corresponding to a target terminal that sent the ARP packet reaches a first preset threshold; in response to that the number of interacting terminals reaches the first preset threshold, further determining whether a number of abnormal terminal relationships corresponding to the target terminal reaches a second preset threshold; and in response to that the number of abnormal terminal relationships reaches the second preset threshold, providing protection to the target terminal to so to suppress virus propagation in the LAN.

Abstract: A method of detecting abnormality may include the following steps. A normal-value range of a parameter for a target object is determined based on historical values of the parameter in a preset time period or at a preset time point. Whether the target object is abnormal is determined based on the normal-value range and the value of the parameter for the target object in the preset time period or at the preset time point within a current time cycle. Further, another normal-value range may be determined based on historical deviation values for the target object in historical time periods or at historical time points before the preset time period or the preset time point. Whether the target object is abnormal is determined based on either of the two normal-value ranges.

Abstract: Methods for counting synchronization (SYN) packets to identify a SYN attack, applicable to network device, are provided. The network device includes a field programmable gate array (FPGA) for counting the total number of received SYN packets and a high-speed hardware memory connected to the FPGA. One of the methods includes: periodically traversing the count entries stored in the high-speed hardware memory, and aging any count entry for which a time difference between a current time and a creation time reaches a preset aging time interval; obtaining a first number of SYN packets and a second number of SYN packets; and updating the total number of the received SYN packets with a sum of the first number of SYN packets and the second number of SYN packets.

Abstract: Provided are a method of dynamically configuring a FPGA and a network security device. The network security device includes a CPU and at least one FPGA coupled with the CPU. The CPU generates a configuration entry for a target FPGA in response to a user instruction. The configuration entry includes a classification number and a configuration content for the target FPGA. The CPU sends the configuration entry to each FPGA coupled with the CPU, Each FPGA obtains its own classification number, compares its own classification number with the classification number in the configuration entry, and stores the configuration content when the own classification number the same with the classification number in the configuration entry.

Abstract: A method and apparatus of accessing queue data is provided. According to the method, a double-layer circular queue is constructed, where the double-layer circular queue includes one or more inner-layer circular queues established based on an array, and the one or more inner-layer circular queues constitute an outer-layer circular queue of the double-layer circular queue based on a linked list. A management pointer of the outer-layer circular queue is set. Data accessing is performed on the inner-layer circular queues by using the management pointer.

Abstract: A fault detection method of LACP packet timeout provided including: receiving a LACP packet from a target port of the partner device through a local port, the LACP packet at least includes a phase identifier to indicate a negotiation phase of a LACP negotiation process between the target port and the local port; sending a response LACP packet corresponding to the LACP packet to the target port through the local port; generating a LACP service processing entry for the LACP packet to indicate a LACP service processing phase performed by the actor device for the LACP packet; in response to that no LACP packet from the target port being received through the local port continues for a preset waiting time, performing fault detection based on the phase identifier and the LACP service processing entry so to obtain fault cause information to indicate a LACP packet timeout of the target port.

Abstract: Provided are a method and an apparatus for isolating transverse communication between terminal devices in an intranet. The method includes: when receiving an ARP (Address Resolution Protocol) packet, an access device in the intranet determines whether to perform a first transverse isolation operation for the ARP packet based on a pre-stored first transverse isolation policy; and when receiving a packet, a gateway device in the intranet determines whether to perform a second transverse isolation operation for the packet according to a pre-stored second transverse isolation policy.

Abstract: The present disclosure provides a method for executing a QoS policy and a network device, where the method includes: before a packet entering the network device goes through a preset forwarding process, it is determined whether the packet matches a flow template according to a property of the packet; if the packet matches the flow template, a session structure of a network session corresponding to the packet is acquired, a QoS dedicated structure is added to a tail of the session structure, a QoS policy corresponding to the flow template is acquired, the QoS policy is compiled to obtain policy information, and the policy information is filled to the QoS dedicated structure; and after the packet goes through the preset forwarding process, the policy information in the QoS dedicated structure is added to the packet, so that a switching chip of the network device executes the QoS policy.

Abstract: The present disclosure provides a method of distributing flow on a 4G network, which is applied to a distribution device. The method includes: monitoring a GTPv2 signalling packet communicated between a mobile management entity (MME) and a serving gateway (SGW); obtaining a data plane tunnel identifier and a user phone number, which are carried in the monitored GTPv2 signalling packet and indicate a same user equipment (UE), and establishing association relationship between the data plane tunnel identifier and the user phone number; obtaining a target data plane tunnel identifier carried in a received data packet; and determining a target user phone number associated with the target data plane tunnel identifier based on the association relationship, and distributing the data packet based on the target user phone number.

Abstract: A method and device for partitioning packet classification rules are provided. According to an example of the method, one or more group are obtained by initially grouping bits included in a rule set on the network device. A local optimum combination of bits is determined for each group according to a correlation analysis on the group. A global optimum combination of bits having a minimum correlation coefficient and comprising fewest bits is determined from all the local optimum combinations of bits. The rule set is partitioned according to the global optimum combination of bits.

Abstract: Methods, devices and apparatus for verifying a terminal device are provided. In one aspect, a method includes: recording a correspondence between a source IP address of an authentication message and an MAC address of the terminal device in a first whitelist after successful authentication is performed for the terminal device based on the authentication message, where the authentication message carries an MAC address of the terminal device; querying the first whitelist based on a source IP address of a data packet when the data packet from the terminal device is monitored; confirming the terminal device is successfully authenticated if the source IP address hits the first whitelist.

Abstract: Methods for counting synchronization (SYN) packets to identify a SYN attack, applicable to network device, are provided. The network device includes a field programmable gate array (FPGA) for counting the total number of received SYN packets and a high-speed hardware memory connected to the FPGA. One of the methods includes: periodically traversing the count entries stored in the high-speed hardware memory, and aging any count entry for which a time difference between a current time and a creation time reaches a preset aging time interval; obtaining a first number of SYN packets and a second number of SYN packets; and updating the total number of the received SYN packets with a sum of the first number of SYN packets and the second number of SYN packets.

Abstract: The present disclosure provides a method of distributing flow on a 4G network, which is applied to a distribution device. The method includes: monitoring a GTPv2 signalling packet communicated between a mobile management entity (MME) and a serving gateway (SGW); obtaining a data plane tunnel identifier and a user phone number, which are carried in the monitored GTPv2 signalling packet and indicate a same user equipment (UE), and establishing association relationship between the data plane tunnel identifier and the user phone number; obtaining a target data plane tunnel identifier carried in a received data packet; and determining a target user phone number associated with the target data plane tunnel identifier based on the association relationship, and distributing the data packet based on the target user phone number.

Abstract: The present application provides a method and device for Portal authentication. The method includes: sending an authentication webpage to a user terminal in response to an authentication request from the user terminal; authenticating login information returned by the user terminal through the authentication webpage; in response to successful authentication with respect to the login information, sending online information corresponding to the user terminal to an authentication device, such that the authentication device updates an online state of the user terminal.

Abstract: Provided are a method of dynamically configuring a FPGA and a network security device. The network security device includes a CPU and at least one FPGA coupled with the CPU. The CPU generates a configuration entry for a target FPGA in response to a user instruction. The configuration entry includes a classification number and a configuration content for the target FPGA. The CPU sends the configuration entry to each FPGA coupled with the CPU, Each FPGA obtains its own classification number, compares its own classification number with the classification number in the configuration entry, and stores the configuration content when the own classification number the same with the classification number in the configuration entry.

Abstract: The present disclosure provides a method for executing a QoS policy and a network device, where the method includes: before a packet entering the network device goes through a preset forwarding process, it is determined whether the packet matches a flow template according to a property of the packet; if the packet matches the flow template, a session structure of a network session corresponding to the packet is acquired, a QoS dedicated structure is added to a tail of the session structure, a QoS policy corresponding to the flow template is acquired, the QoS policy is compiled to obtain policy information, and the policy information is filled to the QoS dedicated structure; and after the packet goes through the preset forwarding process, the policy information in the QoS dedicated structure is added to the packet, so that a switching chip of the network device executes the QoS policy.

Abstract: Provided are a method and an apparatus for isolating transverse communication between terminal devices in an intranet. The method includes: when receiving an ARP (Address Resolution Protocol) packet, an access device in the intranet determines whether to perform a first transverse isolation operation for the ARP packet based on a pre-stored first transverse isolation policy; and when receiving a packet, a gateway device in the intranet determines whether to perform a second transverse isolation operation for the packet according to a pre-stored second transverse isolation policy.

Abstract: The present application provides a load balancing system. In an example, the load balancing system includes a client, a first load balancer coupled to the client, a plurality of security forwarding devices whose load sides are coupled to the first load balancer and forwarding sides are coupled to a second load balancer, the second load balancer, and a server coupled with the second load balancer. In the load balancing system, service traffic resources can be accurately allocated to the target security forwarding device selected by the scheduling algorithm, so as to balance load.

Abstract: A method and apparatus of accessing queue data is provided. According to the method, a double-layer circular queue is constructed, where the double-layer circular queue includes one or more inner-layer circular queues established based on an array, and the one or more inner-layer circular queues constitute an outer-layer circular queue of the double-layer circular queue based on a linked list. A management pointer of the outer-layer circular queue is set. Data accessing is performed on the inner-layer circular queues by using the management pointer.

Abstract: Methods of detecting a packet forwarding path, UMC servers and non-transitory machine-readable storage mediums are provided. In one aspect, a UMC server distributes a target packet feature pre-configured by a user to a plurality of forwarding devices managed by the UMC server, wherein the target packet feature is a feature of a target packet; receives respective path information transmitted by forwarding devices within the forwarding devices managed by the UMC server, wherein the respective path information is extracted by the forwarding devices from the target packet determined based on the target packet feature; and obtains a forwarding path corresponding to the target packet based on the path information transmitted by the forwarding devices.