Industrial protocol protection method based on iptables u32

• Main Authors: HOU XUSEN, LI FENG, WANG SHAOMI, SUN RUIYONG, LI YANHU, HE XIWEN, ZHANG YU, CAO LU, SUN XIAOPENG, SHUI ZHUI
• Format: Patent
• Language: Chinese; English
• Published: 19.10.2021
• Subjects: ELECTRIC COMMUNICATION TECHNIQUE; ELECTRICITY; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION

The invention relates to the technical field of network security, in particular to an industrial protocol protection method based on iptables u32, which comprises the following steps of: S1, a header length field is extracted from an IP header by an IP protocol identification module, and the header length field by 4 is multiplied to obtain a header length taking bytes as units; S2, a message retrieval pointer jumps to the beginning of a TCO header by using the value; S3, a TCP protocol identification module extracts a header length field from a TCP header, and multiplies the header length field by 4 to obtain a header length with bytes as units; S4, the message retrieval pointer uses the value to jump to the beginning of the SCADA message; and S5, the MODBUS protocol reading module specifies the offset at the beginning of the SCADA message, and then the offset is matched with the required value. The method has the beneficial effects that the iptables u32 module can be used for directly and flexibly analyzing