×

Processing method for network address translation technology, NAT device and BNG device

  • US 9,998,492 B2
  • Filed: 08/27/2013
  • Issued: 06/12/2018
  • Est. Priority Date: 11/14/2012
  • Status: Active Grant
First Claim
Patent Images

1. A processing method for a Network Address Translation (NAT), the method comprising:

  • determining, by an NAT device, whether or not a session establishment of a user equipment (UE) reaches a preset threshold;

    notifying, by the NAT device, a Broadband Network Gateway (BNG) device to execute a security strategy for the UE responsive to determining the session establishment of the UE reaches the preset threshold, wherein the security strategy is used for stopping an attack behavior of the UE and informing the UE of the attack behavior of the UE;

    wherein the method further comprises;

    accelerating, by the NAT device, aging of one or more sessions of the UE when the NAT device notifies the BNG device to execute the security strategy for the UE;

    wherein executing, by the BNG device, the security strategy for the UE comprises;

    executing, by the BNG device, a forced Web page pushing strategy for the UE to re-direct an Hypertext Transfer protocol (HTTP) request sent by the UE to a first prompt page, wherein the first prompt page is used for informing the UE of an existence of the attack behavior during an access of the UE;

    wherein after executing, by the BNG device, the security strategy for the UE, the method further comprises;

    notifying, by the NAT device, the BNG device to execute, aiming at an access behavior of the UE, an operation of forcing the UE to be offline or returning the UE to an unauthenticated state; and

    notifying, by the NAT device, an Authentication, Authorization and Accounting (AAA) server to mark or set the UE as a UE having the attack behavior, wherein the first prompt page is further used for reminding the UE that the UE is to be forced to be offline or returned to the unauthenticated state;

    responsive to the UE requesting to be online and/or to be authenticated again, authenticating, by the AAA server, the UE, after the UE passes the authentication by the AAA server, notifying, by the AAA server, the BNG device to execute a forced Web page pushing strategy for the UE to re-direct a page access request of the UE to a second prompt page, wherein the second prompt page is used for reminding the UE that a reason why the UE was formerly forced to be offline or returned to the unauthenticated state is the attack behavior of the UE and responsive to determining the UE still has the attack behavior, the UE will be forced to be offline or returned to the unauthenticated state again, and reminding the UE to check and kill viruses and/or Trojans.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×