摘要 |
PURPOSE: An abnormal packet blocking system and a method thereof are provided to extract one blocking target among client terminals and a target server of an attack and allow or block the access of the blocking target. CONSTITUTION: A network switch (20) detects the status of overload generation from abnormal packets transmitted by multiple client terminals. An abnormal packet analyzing device (30) receives overload generation information from the network switch. The abnormal packet analyzing device analyzes the information of the abnormal packets collected through the network switch and extracts a target to be blocked. An access blocking management device (40) creates a blocking filter by using access information of the blocking target extracted by the abnormal packet analyzing device. The access blocking management device delivers the blocking filter to the network switch. [Reference numerals] (10) Customer terminal; (20) Network switch; (30) Abnormal packet analyzing device; (40) Access blocking management device; (50) Attack target device; (AA) Block target; (BB) Backbone network; (CC) Overload generating information; (DD) Member network; (EE,II) Block; (FF) Access allowing or blocking information; (GG,HH) Attack |