CN101370019B - Method and switchboard for preventing packet cheating attack of address analysis protocol - Google Patents
Method and switchboard for preventing packet cheating attack of address analysis protocol Download PDFInfo
- Publication number
- CN101370019B CN101370019B CN2008102230712A CN200810223071A CN101370019B CN 101370019 B CN101370019 B CN 101370019B CN 2008102230712 A CN2008102230712 A CN 2008102230712A CN 200810223071 A CN200810223071 A CN 200810223071A CN 101370019 B CN101370019 B CN 101370019B
- Authority
- CN
- China
- Prior art keywords
- address
- source
- arp
- mac address
- mac
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to a method and exchanger for preventing deceptive attack of message of address resolution protocol. The method comprises: creating checking information including correlated source IP address, source MAC address, sending party MAC address and port, checking received ARP message according to the checking information; if source IP address, source MAC address, sending party MAC address of the ARP message and port for receiving the ARP message are identical with the checking information, forwarding the ARP message. The exchanger comprises: generation unit, checking unit and sending unit. In the technical scheme source address, source MAC address of ARP message is checked, in addition sender-mac address of ARP message is further checked, and matched ARP message is forwarded, thereby ARP message deceptive attack is precluded from source, the exchanger promotes resistance for ARP message attack.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of address resolution protocol (AddressResolution Protocol, ARP) method of packet cheating attack and switch of preventing.
Background technology
In the common local area network (LAN) (Local Area Network is called for short LAN),, do not need directly to use network through authentication and authorization as long as terminal equipments such as PC can be received on the network equipment.This network access mode is not only bad for the real-time monitoring of network manager to network, and brought network security hidden danger.
In order to address the above problem, improve internet security, IEEE (Instituteof Electrical and Electronic Engineers, abbreviation IEEE) 802 committees have formulated a local area network (LAN) (Local Area Network is called for short LAN) standard--IEEE802.1x (hereinafter to be referred as 802.1x).For a LAN who has disposed the 802.1x authentication, when user's (as PC etc.) when being linked among the LAN, need authenticate by 802.1x, the user through authentication can't not be linked among the LAN.
802.1x the network access control based on port is adopted in authentication, inserts for LAN subscriber provides the safety of point-to-point formula.As shown in Figure 1, inserting with computer (being called for short PC) 11 is example (also can be that other access terminal).The PC11 that Authentication Client software is installed will submit to relevant authentication information to authenticate for switch 12, and switch 12 is handed to certificate server 13 with relevant authentication information and confirmed.If authentication is passed through, switch 12 is opened relevant port.At this moment, switch 12 will be learnt IP address and the MAC Address of this PC11, and the corresponding port that PC11 inserts is bound, form an IP tlv triple (IP, MAC, PORT), that is to say that the PC that only meets this tlv triple condition can get permission to insert LAN, the Internet resources that visit is relevant.Thereby the 802.1X authentication becomes a kind of effective ways of user to network or the authentication of device access legitimacy, and the fail safe that has improved network.
Because above-mentioned 802.1x verification process only is that the IP stream that inserts PC is controlled, therefore only can control the User IP message effectively, prevent authenticated user abuse IP, and can not ARP stream be controlled, cause after authentication, can't avoiding the ARP packet cheating attack.
The ARP packet cheating attack mainly is meant in the ARP request or response message that the deception main frame sends, source IP, source MAC are made as deception value or random value to reach the purpose of other main frame of deception, comprise and only revise source IP, only revise source medium access control (Media Access Control, be called for short MAC) address, revise methods such as source IP address and source MAC simultaneously, the internuncial purpose that reaches other main frame online of blocking-up or serve as other main frame.
Wherein, MAC Address is the sign that is used for discerning each node of LAN.MAC Address is by the burned network interface card of network interface card manufacturer, storage be the transmission data time sign of really relying send the computer of data and receive the address of the main frame of data.MAC Address has global uniqueness just as the ID card No. on our identity card.
In local area network (LAN), actual transmissions is frame in the network, and there is the MAC Address of destination host the frame the inside.In Ethernet, a main frame will carry out direct communication with another main frame, must know the MAC Address of destination host.This destination-mac address obtains by ARP.So-called " address resolution " is meant that main frame converts target ip address to the process of destination-mac address before transmit frame.The basic function of ARP agreement is exactly the MAC Address by the IP address lookup target device of target device, to guarantee carrying out smoothly of communication.
ARP header form is as shown in table 1, and the ARP protocol headers of each ARP message all can source IP address.And each ARP request message is made up of 2 layers of head and ARP header, and the MAC Address that 2 layers of head carries transmit leg is source MAC, also is the sender-MAC address.Wherein, sender-MAC address, source IP address are used for identifying the host address that sends this ARP message.
Table 1ARP header form
When switch when certain port is received an ARP packet, the source MAC in the first read data packet packet header, which port it is connected on regard to the machine of knowing source MAC like this.Remove the target MAC (Media Access Control) address in the read data packet packet header again, and in address table, search corresponding ports.As having and this target MAC (Media Access Control) address corresponding port in the table, packet is directly copied on this port, send to destination host; As can not find corresponding ports in the table, then packet is broadcast on all of the port, when the purpose machine was responded source machine, this target MAC (Media Access Control) address of switches learn was corresponding with which port, sent packet by the port of learning when transmitting data next time.
The ARP packet cheating attack as shown in Figure 2.Wherein, PC1 is by the deception main frame, and PC2 is for attacking main frame, and PC3 is for being pretended to be main frame.PC2 is by the deception message of switch 21 to PC1 transmission arp reply, and the source MAC of this message is MAC2, and source IP address is IP3.After PC1 receives this ARP deception message, the MAC Address of the PC3 correspondence in the own ARP table is revised as MAC2.Like this, the data message that PC3 is mail in follow-up PC1 plan all is addressed to PC2, causes between PC1 and the PC3 communication undesired, causes PC2 can select to carry out man-in-the-middle attack or blocking-up is attacked.
In the prior art, the method that solves ARP packet cheating attack problem mainly is to detect the ARP message by switch to prevent the ARP packet cheating attack.The technical scheme that this method is taked is: detect list item by the ARP that is provided with and detect source IP address and source MAC, specifically comprise:
Switch is by resolving authentication information between Authentication Client and the certificate server, and it is right that the terminal use who passes through for authentication resolves its corresponding IP-MAC address; The IP-MAC address is to promptly passing through authentication and source IP address and source MAC that bind together;
List item is detected to the Static ARP that is configured to dynamically to be rewritten in this IP-MAC address, and be set in the Static ARP detection table of switch;
Whether the source IP address and the source MAC that detect the ARP message that is input to switch with Static ARP detection list item be correct, thereby the ARP message of input switch is detected.Have only the source IP address of ARP message and source MAC to meet some detection list items in the Static ARP detection table, message could pass through.
As shown in Figure 3, behind the PC2 authentication success, the Static ARP that IP2-MAC2 is set on switch 31 detects list item (IP2+MAC2+PORT), then as PC2 when to send source IP address or source MAC be not ARP message for IP2-MAC2, then can't pass through.This has been avoided the ARP spoofing attack to a certain extent.
Also having a kind of method is to detect the ARP message by the destination main frame to prevent the ARP packet cheating attack.
The defective that prior art exists is, the method that detects ARP message source IP address and source MAC merely can not prevent that the ARP message of malice structure from cheating.And, detect the ARP method of message by main frame and be not easy to realize, also increased the load of main frame.
ARP request message format as shown in Figure 4.In the reciprocal process of ARP agreement, obtain the MAC Address of transmit leg by the transmit leg MAC Address (being the sender-mac address) in the ARP request header ARP message protocol field, rather than be the MAC Address that the source MAC of ethernet frame head obtains the other side by the two-layer protocol head.Under the normal condition, the source MAC of ethernet frame head should be identical with ARP protocol massages head sender-mac address.Therefore, in the prior art, Static ARP detect that list item detects to as if the source MAC of ethernet frame head and the source IP address of ARP protocol massages head.And in fact, ARP protocol massages head sender-mac may be rewritten by malice, as shown in Figure 5.In the ARP attack message of PC2 structure, source MAC, source IP address are respectively MAC3 and the IP3 of PC3, and the sender-mac address is the arp response message of MAC2, like this, there is the leak of being attacked in prior art, and this ARP attack message still can be forwarded by the detection of Static ARP table.After PC1 receives this ARP message, because the sender-mac address is MAC2, and the MAC Address of the IP3 correspondence in the own ARP table is revised as MAC2, and the data message that makes follow-up PC1 plan to mail to PC3 originally all is addressed to PC2, and PC2 still can successfully cheat.
Summary of the invention
The objective of the invention is to propose a kind of method and switch that prevents packet cheating attack of address analysis protocol, to improve the ability of the anti-ARP message aggression of switch.
For achieving the above object, the invention provides a kind of method that prevents packet cheating attack of address analysis protocol, comprising:
In verification process, generate the detection information that comprises the Internet Protocol IP address, source, source medium access control MAC Address, transmit leg MAC Address and the port that are associated;
Detect the ARP message that receives according to described detection information;
Source IP address in described ARP message, source MAC, transmit leg MAC Address and receive under the port of the described ARP message situation consistent with described detection information are transmitted described ARP message; Source IP address in described ARP message, source MAC, transmit leg MAC Address and receive the port of described ARP message and the situation of described detection information inconsistency under, abandon described ARP message;
Wherein, generating the detection information that comprises the source IP address, source MAC, transmit leg MAC Address and the port that are associated in verification process comprises:
Right by monitoring authentication interactive information acquisition IP-MAC address;
It is right to resolve described IP-MAC address, and structure comprises the Static ARP detection table of the source IP address, source MAC, transmit leg MAC Address and the port that are associated, and described source MAC is the transmit leg MAC Address.
The present invention also provides a kind of switch, comprising:
Generation unit is used for generating the detection information that comprises the source IP address, source MAC, transmit leg MAC Address and the port that are associated at verification process;
Detecting unit is used for detecting the ARP message that receives according to described detection information;
Transmitting element is used for source IP address, source MAC, the transmit leg MAC Address at described ARP message and receives under the port of the described ARP message situation consistent with described detection information, transmits described ARP message;
Discarding unit, be used for source IP address, source MAC, transmit leg MAC Address at described ARP message and receive the port of described ARP message and the situation of described detection information inconsistency under, abandon described ARP message;
Described generation unit comprises:
Monitor subelement, it is right to be used for by monitoring authentication interactive information acquisition IP-MAC address;
Resolve subelement, it is right to be used to resolve described IP-MAC address;
The constructor unit is used for constructing the Static ARP detection table that comprises the source IP address, source MAC, transmit leg MAC Address and the port that are associated according to the analysis result of described parsing subelement, and described source MAC is the transmit leg MAC Address.
Such scheme is except the source IP address that detects the ARP message, source MAC, also further detected the sender-mac address in the ARP message, and only transmit the ARP message of coupling, stopped the ARP packet cheating attack from the source, improved the ability that the anti-ARP of switch attacks, and do not need the participation of end host, guaranteed the safety of each end host of access network based on ethernet, be easier to configuration and application.
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Description of drawings
Fig. 1 is the network diagram that IP control is used in the prior art;
Fig. 2 is the network diagram of ARP packet cheating attack;
Fig. 3 is for preventing the network diagram of ARP spoofing attack in the prior art;
Fig. 4 is an ARP request message format schematic diagram;
Fig. 5 is an ARP attack message form schematic diagram;
Fig. 6 prevents the flow chart of the method embodiment of packet cheating attack of address analysis protocol for the present invention;
Fig. 7 prevents the network diagram of the method embodiment of packet cheating attack of address analysis protocol for the present invention;
Fig. 8 prevents to generate among the method embodiment of packet cheating attack of address analysis protocol the flow chart of detection information for the present invention;
Fig. 9 is the structural representation of switch embodiment of the present invention.
Embodiment
The embodiment of the invention is improved on the basis of existing technology and is expanded, according to the source MAC and the source IP address of the authenticated user that is resolved to,, each authenticated user detects list item (source IP address, source MAC for generating the Static ARP that strengthens, the sender-mac address, port (PORT)).Safeguard that in the Static ARP detection table of switch these Static ARP detect list item.This Static ARP detects list item except the source IP address that detects the ARP message, source MAC, also further detected the sender-mac address of ARP protocol massages head, realized more high performance ARP message detection technique, directly on the network equipment, illegal ARP message is abandoned, stopped the ARP spoofing attack from the source, improved the ability that the anti-ARP of switch attacks, and do not need the participation of end host, guarantee the safety of each end host of access network based on ethernet, be easier to configuration and application.
Fig. 6 prevents the flow chart of the method embodiment of packet cheating attack of address analysis protocol for the present invention, and Fig. 7 prevents the network diagram of the method embodiment of packet cheating attack of address analysis protocol for the present invention.Comprise as shown in Figure 6:
Fig. 9 is the structural representation of switch embodiment of the present invention, and switch comprises: generation unit 91, detecting unit 92 and transmitting element 93.It is that ARP detects list item that generation unit 91 is used for generating the detection information that comprises the source IP address, source MAC, transmit leg MAC Address and the port that are associated at verification process; Detecting unit 92 is used for detecting the ARP message that receives according to described detection information, judge in the ARP message source IP address, source MAC and sender-mac address whether with corresponding port in Static ARP detect list item and mate; Transmitting element 93 is used for transmitting described ARP message under the source IP address of described ARP message, source MAC, transmit leg MAC Address and the port that receives described ARP message and the consistent situation of promptly mating of described detection information.
In the present embodiment, generation unit can comprise monitors subelement, parsing subelement and constructor unit.In the 802.1X verification process, it is right by monitoring authentication interactive information acquisition IP-MAC address to monitor subelement; The IP-MAC address of resolving the acquisition of subelement parsing monitoring subelement is right; The constructor unit comprises the Static ARP detection table of the source IP address, source MAC, transmit leg MAC Address and the port that are associated according to the analysis result structure of described parsing subelement.
Generation unit also can comprise the interpolation subelement, detects under the already present situation of table at described Static ARP, adds subelement the right analysis result in described IP-MAC address is added in the described Static ARP detection table.
Among the said apparatus embodiment, switch also can comprise discarding unit, source IP address in described ARP message, source MAC, transmit leg MAC Address and receive the port of described ARP message and the situation of described detection information inconsistency under, discarding unit abandons described ARP message, has filtered unmatched ARP message.
Said method and switch embodiment generate at verification process owing to Static ARP detects list item, can not be subjected to the interference of various attack and deception, the ARP message that can send various end hosts effectively carries out more profound detection, attack the user and can't avoid this testing process, therefore, can prevent the ARP packet cheating more efficiently.
The scheme that said method and switch embodiment provide has been expanded the application of 1x authentication, is embodied in following aspect:
1, effectively prevents the ARP deception, improve network security
In verification process, dynamically generate ARP detection table, the ARP message is carried out deep layer detect, guaranteed the fail safe that inserts, illegal ARP message is isolated fully, and switch is easy to just to detect ARP spoofing attack message, makes whole network security performance that the lifting of very big degree arranged.
2, the convenient use
Existing technical scheme needs the various information of manual configuration, complex operation, and workload is big, and because the not stationarity of terminal brings very big difficulty for the maintenance of webmaster.And in this programme, in verification process, generate ARP detection of dynamic group automatically, and reduced the workload of safeguarding largely, convenient for users.
3, flexible configuration
By the administration interface of switch, can carry out the setting of various ARP message detecting pattern easily, provide positive opening, positive closing, acquiescence to open three kinds of ARP message detecting patterns, satisfied the needs of various different occasions.As, the user can select to want or not carry out the ARP message and detect, if not, and can be by the administration interface positive closing ARP message measuring ability of switch; If desired, the administration interface that then can cross switch selects positive opening or acquiescence to open the detection of ARP message.During positive opening, any moment (no matter having or not authenticated user) is all detected the ARP message, at this time must authenticate earlier, opens again; When acquiescence is opened, detect triggering automatically, when not having authenticated user, then the ARP message is not done detection for authenticated user ARP.
4, be widely used
Except in the environment of 802.1X, using, can also expand to other and insert safely on the relevant function, as, in the process of DHCP dynamic assignment IP or the like, application extension is convenient.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be finished by the relevant hardware of program command, aforesaid program can be stored in the computer read/write memory medium, this program is carried out the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
It should be noted that at last: above embodiment only in order to technical scheme of the present invention to be described, is not intended to limit; Although with reference to previous embodiment the present invention is had been described in detail, those of ordinary skill in the art is to be understood that: it still can be made amendment to the technical scheme that aforementioned each embodiment put down in writing, and perhaps part technical characterictic wherein is equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution break away from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (5)
1. a method that prevents packet cheating attack of address analysis protocol is characterized in that, comprising:
In verification process, generate the detection information that comprises the Internet Protocol IP address, source, source medium access control MAC Address, transmit leg MAC Address and the port that are associated;
Detect the ARP message that receives according to described detection information;
Source IP address in described ARP message, source MAC, transmit leg MAC Address and receive under the port of the described ARP message situation consistent with described detection information are transmitted described ARP message; Source I P address, source MAC, transmit leg MAC Address in described ARP message and receive the port of described ARP message and the situation of described detection information inconsistency under, abandon described ARP message;
Wherein, generating the detection information that comprises the source I P address, source MAC, transmit leg MAC Address and the port that are associated in verification process comprises:
Right by monitoring authentication interactive information acquisition IP-MAC address;
It is right to resolve described I P-MAC address, and structure comprises the Static ARP detection table of the source I P address, source MAC, transmit leg MAC Address and the port that are associated, and described source MAC is the transmit leg MAC Address.
2. the method that prevents packet cheating attack of address analysis protocol according to claim 1 is characterized in that, described detection information is Static ARP detection table.
3. the method that prevents packet cheating attack of address analysis protocol according to claim 2 is characterized in that, detects under the already present situation of table at described Static ARP, and the right analysis result in described IP-MAC address is added in the described Static ARP detection table.
4. a switch is characterized in that, comprising:
Generation unit is used for generating the detection information that comprises the source I P address, source MAC, transmit leg MAC Address and the port that are associated at verification process;
Detecting unit is used for detecting the ARP message that receives according to described detection information;
Transmitting element is used in the source of described ARP message I P address, source MAC, transmit leg MAC Address and receives under the port of the described ARP message situation consistent with described detection information, transmits described ARP message;
Discarding unit, be used for the source of described ARP message I P address, source MAC, transmit leg MAC Address and receive the port of described ARP message and the situation of described detection information inconsistency under, abandon described ARP message;
Described generation unit comprises:
Monitor subelement, it is right to be used for by monitoring authentication interactive information acquisition IP-MAC address;
Resolve subelement, it is right to be used to resolve described IP-MAC address;
The constructor unit is used for constructing the Static ARP detection table that comprises the source IP address, source MAC, transmit leg MAC Address and the port that are associated according to the analysis result of described parsing subelement, and described source MAC is the transmit leg MAC Address.
5. switch according to claim 4 is characterized in that, described generation unit also comprises:
Add subelement, be used for showing under the already present situation, the right analysis result in described IP-MAC address is added in the described Static ARP detection table in described Static ARP detection.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008102230712A CN101370019B (en) | 2008-09-26 | 2008-09-26 | Method and switchboard for preventing packet cheating attack of address analysis protocol |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008102230712A CN101370019B (en) | 2008-09-26 | 2008-09-26 | Method and switchboard for preventing packet cheating attack of address analysis protocol |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101370019A CN101370019A (en) | 2009-02-18 |
| CN101370019B true CN101370019B (en) | 2011-06-22 |
Family
ID=40413634
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008102230712A Expired - Fee Related CN101370019B (en) | 2008-09-26 | 2008-09-26 | Method and switchboard for preventing packet cheating attack of address analysis protocol |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101370019B (en) |
Families Citing this family (31)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102136985B (en) * | 2010-01-22 | 2014-04-16 | 杭州华三通信技术有限公司 | Access method and equipment |
| CN101841441B (en) * | 2010-05-05 | 2011-12-28 | 北京星网锐捷网络技术有限公司 | Test method and system for flow control device and data stream playback device |
| CN101895587B (en) * | 2010-07-06 | 2015-09-16 | 中兴通讯股份有限公司 | Prevent the methods, devices and systems of users from modifying IP addresses privately |
| CN102014174B (en) * | 2010-11-16 | 2014-09-10 | 中兴通讯股份有限公司 | Network access method and network equipment |
| CN103716179A (en) * | 2011-03-09 | 2014-04-09 | 成都勤智数码科技股份有限公司 | Telnet/SSH-based network terminal management method |
| CN102195887B (en) * | 2011-05-31 | 2014-03-12 | 北京星网锐捷网络技术有限公司 | Message processing method, device and network security equipment |
| CN102546658A (en) * | 2012-02-20 | 2012-07-04 | 神州数码网络(北京)有限公司 | Method and system for preventing address resolution protocol (ARP) gateway spoofing |
| CN103441932B (en) * | 2013-08-30 | 2016-08-17 | 福建星网锐捷网络有限公司 | A kind of Host routes list item generates method and apparatus |
| CN104780139B (en) * | 2014-01-09 | 2018-02-13 | 北京东土科技股份有限公司 | A kind of defence method and system based on MAC Address attack |
| CN104917729A (en) * | 2014-03-12 | 2015-09-16 | 国基电子(上海)有限公司 | Network device and method for preventing address resolution protocol message from being attacked |
| CN105610763A (en) * | 2014-10-31 | 2016-05-25 | 杭州迪普科技有限公司 | Protocol identification method and protocol identification device |
| CN104601566B (en) * | 2015-01-08 | 2018-07-24 | 新华三技术有限公司 | authentication method and device |
| CN105262738B (en) * | 2015-09-24 | 2019-08-16 | 上海斐讯数据通信技术有限公司 | A kind of method of router and its preventing ARP aggression |
| CN105141485A (en) * | 2015-10-14 | 2015-12-09 | 上海斐讯数据通信技术有限公司 | Network communication test method avoiding ARP interference and system thereof |
| CN105429946A (en) * | 2015-10-28 | 2016-03-23 | 广州西麦科技股份有限公司 | System and method of preventing forging IP address based on SDN virtual switch |
| CN106209837A (en) * | 2016-07-08 | 2016-12-07 | 珠海市魅族科技有限公司 | ARP cheat detecting method and system |
| CN106506200A (en) * | 2016-10-31 | 2017-03-15 | 中国工程物理研究院计算机应用研究所 | A kind of ARP protocol submodel based on SDN |
| CN106506531A (en) * | 2016-12-06 | 2017-03-15 | 杭州迪普科技股份有限公司 | The defence method and device of ARP attack messages |
| CN106506534B (en) * | 2016-12-09 | 2019-09-27 | 河南工业大学 | An ARP attack detection method for SDN network |
| CN108574673A (en) * | 2017-03-10 | 2018-09-25 | 武汉安天信息技术有限责任公司 | ARP message aggression detection method and device applied to gateway |
| CN106973126A (en) * | 2017-05-26 | 2017-07-21 | 杭州迪普科技股份有限公司 | A kind of arp reply method and device |
| CN106982234A (en) * | 2017-05-26 | 2017-07-25 | 杭州迪普科技股份有限公司 | A kind of ARP attack defense methods and device |
| CN108259482B (en) * | 2018-01-04 | 2019-05-28 | 平安科技(深圳)有限公司 | Network Abnormal data detection method, device, computer equipment and storage medium |
| CN108418794B (en) * | 2018-01-29 | 2022-09-02 | 全球能源互联网研究院有限公司 | Method and system for preventing ARP attack by intelligent substation communication network |
| CN110324199B (en) * | 2019-03-03 | 2021-03-26 | 北京立思辰安科技术有限公司 | Method and device for realizing universal protocol analysis framework |
| CN111010362B (en) | 2019-03-20 | 2021-09-21 | 新华三技术有限公司 | Monitoring method and device for abnormal host |
| CN111083109A (en) * | 2019-11-14 | 2020-04-28 | 国网河南省电力公司驻马店供电公司 | Switch linkage firewall protection and improvement method |
| CN111490989A (en) * | 2020-04-10 | 2020-08-04 | 全球能源互联网研究院有限公司 | Network system, attack detection method and device and electronic equipment |
| CN111541721B (en) * | 2020-05-21 | 2022-05-27 | 四川英得赛克科技有限公司 | Attack monitoring method and system applied to industrial control environment |
| US11438375B2 (en) | 2020-06-02 | 2022-09-06 | Saudi Arabian Oil Company | Method and system for preventing medium access control (MAC) spoofing attacks in a communication network |
| CN114244801B (en) * | 2021-12-31 | 2023-05-05 | 四川天邑康和通信股份有限公司 | ARP spoofing prevention method and system based on government enterprise gateway |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1466341A (en) * | 2002-06-22 | 2004-01-07 | ��Ϊ��������˾ | A Method of Preventing IP Address Spoofing in Dynamic Address Assignment |
| CN101110821A (en) * | 2007-09-06 | 2008-01-23 | 华为技术有限公司 | Method and apparatus for preventing ARP address cheating attack |
| CN101247217A (en) * | 2008-03-17 | 2008-08-20 | 北京星网锐捷网络技术有限公司 | Method, unit and system for preventing address resolution protocol flux attack |
-
2008
- 2008-09-26 CN CN2008102230712A patent/CN101370019B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1466341A (en) * | 2002-06-22 | 2004-01-07 | ��Ϊ��������˾ | A Method of Preventing IP Address Spoofing in Dynamic Address Assignment |
| CN101110821A (en) * | 2007-09-06 | 2008-01-23 | 华为技术有限公司 | Method and apparatus for preventing ARP address cheating attack |
| CN101247217A (en) * | 2008-03-17 | 2008-08-20 | 北京星网锐捷网络技术有限公司 | Method, unit and system for preventing address resolution protocol flux attack |
Non-Patent Citations (5)
| Title |
|---|
| Cristina L.Abad et al.An Analysis on the Schemes for Detecting and Preventing ARP Cache Poisoning Attachs.《IEEE Computer Society》.2007,全文. * |
| Thomas Baxley et al..LAN Attacker:A Visual Education Tool.《InfoSecCD Conference"06》.2005,118-123. * |
| US 5,854,901 A,1998.12.29,全文. |
| Zouheir Trabelsi et al.Preventing ARP Attacks using a Fuzzy-Based Stateful ARP Cache.《IEEE Communications Society subject matter experts for publication in the ICC 2007 proceedings》.2007,1355-1360. * |
| 徐涛.基于Ethernet的ARP欺骗原理及防御.《网络安全》.2007,22-24. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101370019A (en) | 2009-02-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101370019B (en) | Method and switchboard for preventing packet cheating attack of address analysis protocol | |
| US6745333B1 (en) | Method for detecting unauthorized network access by having a NIC monitor for packets purporting to be from itself | |
| CN101415012B (en) | Method and system for defending address analysis protocol message aggression | |
| US8875233B2 (en) | Isolation VLAN for layer two access networks | |
| CN101651696B (en) | Method and device for preventing neighbor discovery (ND) attack | |
| US10601766B2 (en) | Determine anomalous behavior based on dynamic device configuration address range | |
| CN100563149C (en) | A kind of DHCP monitor method and device thereof | |
| CN102438028B (en) | A kind of prevent Dynamic Host Configuration Protocol server from cheating method, Apparatus and system | |
| CN101674306B (en) | Address resolution protocol message processing method and switch | |
| EP2859700A1 (en) | Using neighbor discovery to create trust information for other applications | |
| CN101621525B (en) | Method and equipment for treating legal entries | |
| CN101345743A (en) | Method and system for preventing network attack by utilizing address analysis protocol | |
| CN101888329A (en) | Address resolution protocol (ARP) message processing method, device and access equipment | |
| CN102137073B (en) | Method and access equipment for preventing imitating internet protocol (IP) address to attack | |
| CN101577645B (en) | Method and device for detecting counterfeit network equipment | |
| JPH08186569A (en) | Device and method for address management | |
| CN104468619A (en) | Method and gateway for achieving dual-stack web authentication | |
| CN101808097A (en) | Method and equipment for preventing ARP attack | |
| KR100856918B1 (en) | IP address authentication method and IP6-based network system in IP6-based network | |
| JP2007018081A (en) | User authentication system, user authentication method, program for achieving the same, and storage medium storing program | |
| CN101552724A (en) | Generation method and apparatus for neighbor table items | |
| CN106506410B (en) | Method and device for establishing safety table item | |
| Jony et al. | A New Technique to Mitigate DHCPv6 Starvation Attack and Authenticate Clients using DUID | |
| CN105959251B (en) | method and device for preventing NAT from traversing authentication | |
| US10015179B2 (en) | Interrogating malware |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110622 |