Processing method for network address translation technology, NAT device and BNG device
First Claim
1. A processing method for a Network Address Translation (NAT), the method comprising:
- determining, by an NAT device, whether or not a session establishment of a user equipment (UE) reaches a preset threshold;
notifying, by the NAT device, a Broadband Network Gateway (BNG) device to execute a security strategy for the UE responsive to determining the session establishment of the UE reaches the preset threshold, wherein the security strategy is used for stopping an attack behavior of the UE and informing the UE of the attack behavior of the UE;
wherein the method further comprises;
accelerating, by the NAT device, aging of one or more sessions of the UE when the NAT device notifies the BNG device to execute the security strategy for the UE;
wherein executing, by the BNG device, the security strategy for the UE comprises;
executing, by the BNG device, a forced Web page pushing strategy for the UE to re-direct an Hypertext Transfer protocol (HTTP) request sent by the UE to a first prompt page, wherein the first prompt page is used for informing the UE of an existence of the attack behavior during an access of the UE;
wherein after executing, by the BNG device, the security strategy for the UE, the method further comprises;
notifying, by the NAT device, the BNG device to execute, aiming at an access behavior of the UE, an operation of forcing the UE to be offline or returning the UE to an unauthenticated state; and
notifying, by the NAT device, an Authentication, Authorization and Accounting (AAA) server to mark or set the UE as a UE having the attack behavior, wherein the first prompt page is further used for reminding the UE that the UE is to be forced to be offline or returned to the unauthenticated state;
responsive to the UE requesting to be online and/or to be authenticated again, authenticating, by the AAA server, the UE, after the UE passes the authentication by the AAA server, notifying, by the AAA server, the BNG device to execute a forced Web page pushing strategy for the UE to re-direct a page access request of the UE to a second prompt page, wherein the second prompt page is used for reminding the UE that a reason why the UE was formerly forced to be offline or returned to the unauthenticated state is the attack behavior of the UE and responsive to determining the UE still has the attack behavior, the UE will be forced to be offline or returned to the unauthenticated state again, and reminding the UE to check and kill viruses and/or Trojans.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are a processing method for a Network Address Translation, NAT, technology, an NAT device and a BNG device, the method includes: the NAT device determining whether or not session establishment of a UE reaches a preset threshold, and notifying the BNG device to execute a security strategy for the UE if the session establishment of the UE reaches the preset threshold, wherein the security strategy is used for stopping the attack behavior of the UE and informing the UE of the attack behavior of the UE. In the disclosure, the technical problem in the related art that the user lodges complaints against the operator for the abnormal behavior of the host user is solved, thus by reminding the user to check the security of the host user, the disclosure increases the utilization rate of the NAT device and improves user experience.
-
Citations
14 Claims
-
1. A processing method for a Network Address Translation (NAT), the method comprising:
-
determining, by an NAT device, whether or not a session establishment of a user equipment (UE) reaches a preset threshold; notifying, by the NAT device, a Broadband Network Gateway (BNG) device to execute a security strategy for the UE responsive to determining the session establishment of the UE reaches the preset threshold, wherein the security strategy is used for stopping an attack behavior of the UE and informing the UE of the attack behavior of the UE; wherein the method further comprises;
accelerating, by the NAT device, aging of one or more sessions of the UE when the NAT device notifies the BNG device to execute the security strategy for the UE;wherein executing, by the BNG device, the security strategy for the UE comprises;
executing, by the BNG device, a forced Web page pushing strategy for the UE to re-direct an Hypertext Transfer protocol (HTTP) request sent by the UE to a first prompt page, wherein the first prompt page is used for informing the UE of an existence of the attack behavior during an access of the UE;wherein after executing, by the BNG device, the security strategy for the UE, the method further comprises;
notifying, by the NAT device, the BNG device to execute, aiming at an access behavior of the UE, an operation of forcing the UE to be offline or returning the UE to an unauthenticated state; and
notifying, by the NAT device, an Authentication, Authorization and Accounting (AAA) server to mark or set the UE as a UE having the attack behavior, wherein the first prompt page is further used for reminding the UE that the UE is to be forced to be offline or returned to the unauthenticated state;
responsive to the UE requesting to be online and/or to be authenticated again, authenticating, by the AAA server, the UE, after the UE passes the authentication by the AAA server, notifying, by the AAA server, the BNG device to execute a forced Web page pushing strategy for the UE to re-direct a page access request of the UE to a second prompt page, wherein the second prompt page is used for reminding the UE that a reason why the UE was formerly forced to be offline or returned to the unauthenticated state is the attack behavior of the UE and responsive to determining the UE still has the attack behavior, the UE will be forced to be offline or returned to the unauthenticated state again, and reminding the UE to check and kill viruses and/or Trojans. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A Network Address Translation (NAT) device, comprising:
-
a hardware processor coupled with a memory and configured to execute program components stored on the memory, wherein the program components comprises; a determination component configured to determine whether or not a session establishment of a user equipment (UE) a reaches a preset threshold; and a first notification component configured to notify a Broadband Network Gateway (BNG) device to execute a security strategy for the UE responsive to determining the session establishment of the UE reaches the preset threshold, wherein the security strategy is used for stopping an attack behavior of the UE and informing the UE of the attack behavior of the UE; wherein the program components further comprise;
a processing component configured to accelerate aging of one and more sessions of the UE when the NAT device notifies the BNG device to execute the security strategy for the UE,wherein the program components further comprise;
a second notification component configured to notify the BNG device to execute, aiming at an access behavior of the UE, an operation of forcing the UE to be offline or returning the UE to an unauthenticated state and notify an Authentication, Authorization and Accounting (AAA) server to mark or set the UE as a UE having the attack behavior, wherein a first prompt page is further used for reminding the UE that the UE is to be forced to be offline or returned to the unauthenticated state so as to let the UE request to be online and/or to be authenticated again;
the second notification component further configured to notify the BNG device to execute a forced Web page pushing strategy for the UE to re-direct a page access request of the UE to a second prompt page after the UE passes authentication executed by the AAA server, wherein the second prompt page is used for informing the UE that a reason why the UE was formerly forced to be offline or returned to the unauthenticated state is the attack behavior of the UE, and reminding the UE that the UE will be forced to be offline or returned to the unauthenticated state again responsive to determining the UE still has the attack behavior, and reminding the UE to check and kill viruses and/or Trojans. - View Dependent Claims (12, 13)
-
-
14. A Broadband Network Gateway (BNG) device, comprising:
-
a hardware processor coupled with a memory and configured to execute program components stored on the memory, wherein the program components comprises; a first receiving component configured to receive a first notification which is sent by a Network Address Translation (NAT) device to indicate execution of a security strategy for a user equipment (UE) when a session establishment of the UE reaches a preset threshold, the security strategy is used for stopping attack behavior of the UE and informing the UE of the attack behavior of the UE; and a re-direct component configured to execute a forced Web page pushing strategy for the UE to re-direct an Hypertext Transfer protocol (HTTP) request sent by the UE to a first prompt page, wherein the first prompt page is used for informing the UE of an existence of the attack behavior of the UE; wherein the program components further comprise;
a second receiving component configured to receive a second notification which is sent by the NAT device to indicate execution of an operation of forcing the UE to be offline or returning the UE to an unauthenticated state aiming at an access behavior of the UE; and
a processing component configured to execute, aiming at the access behavior of the UE, an operation of forcing the UE to be offline or returning the UE to the unauthenticated state according to the second notification and notify an Authentication, Authorization and Accounting (AAA) server to mark or set the UE as a UE having the attack behavior, wherein the first prompt page is further used for reminding the UE that the UE is to be forced to be offline or returned to the unauthenticated state so as to let the UE request to be online and/or to be authenticated again, the processing component further configured to execute a forced Web page pushing strategy for the UE to re-direct a page access request of the UE to a second prompt page when the BNG device is notified by the AAA server after the UE passes authentication executed by the AAA server, wherein the second prompt page reminding the UE that a reason why the UE was formerly forced to be offline or returned to the unauthenticated state is the attack behavior of the UE, and remind the UE that the UE will be forced to be offline or returned to the unauthenticated state again responsive to determining the UE still has the attack behavior, and remind the UE to check and kill viruses and/or Trojans.
-
Specification