[go: up one dir, main page]

CN105656897B - The method for detecting the method and apparatus of port loop and preventing port loop detection message attack - Google Patents

The method for detecting the method and apparatus of port loop and preventing port loop detection message attack Download PDF

Info

Publication number
CN105656897B
CN105656897B CN201610005061.6A CN201610005061A CN105656897B CN 105656897 B CN105656897 B CN 105656897B CN 201610005061 A CN201610005061 A CN 201610005061A CN 105656897 B CN105656897 B CN 105656897B
Authority
CN
China
Prior art keywords
detection message
loop detection
mac address
loop
attack
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201610005061.6A
Other languages
Chinese (zh)
Other versions
CN105656897A (en
Inventor
王德高
刘向东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dalian Minzu University
Original Assignee
Dalian Nationalities University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dalian Nationalities University filed Critical Dalian Nationalities University
Priority to CN201810384916.XA priority Critical patent/CN108418838B/en
Priority to CN201610005061.6A priority patent/CN105656897B/en
Publication of CN105656897A publication Critical patent/CN105656897A/en
Application granted granted Critical
Publication of CN105656897B publication Critical patent/CN105656897B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1475Passive attacks, e.g. eavesdropping or listening without modification of the traffic monitored

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A method of the method and apparatus of detection port loop and port loop detection message attack is prevented, belongs to data communication field, be to loop in the prior art or bogusware attack detecting, technical essential for solving the problems, such as:Have:Sa. the step of constructing loop detection message;And Sb. judges that there are loop free or the possible step of virus attack in port;And Sc. judges whether there is the step of physical rings or virus attack.Effect is:Realize the detection of loop or bogusware attack.

Description

It detects the method and apparatus of port loop and prevents port loop detection message attack Method
Technical field
The present invention relates to data communication fields, particularly relate to a kind of side preventing port loop detection message attack Method.
Background technology
The mistake of network connection or configuration can lead to occur loop in network.Once occurring loop in network, the network equipment (interchanger) will carry out broadcasting packet, multicast message and unknown unicast message to repeat transmission, to cause broadcast storm, lead Cause network paralysis.Caused by order to solve the problems, such as network loop this, may be used various Spanning-Tree Protocols (STP, RSTP, MSTP), the agreements such as rapid ring protection protocol (RRPP) avoid the appearance of loop.However, Spanning-Tree Protocol can not detect list Existing loop under port, when the network flow of looped network is excessive or it is unidirectional obstructed when above-mentioned agreement can also fail.Therefore, it is necessary to carry For a kind of testing mechanism, the loop detection occurred in network can be come out.Then many network equipment vendors develop loop detection Technology:The network equipment is by sending loop detection message and detecting whether it returns to this equipment, if loop detection message returns to this Equipment is it is assumed that there are loops for the port.
But existing port loop detection can be attacked by bogusware:Bogusware oneself constructs loop detection message Or the loop detection message of capture is sent to the network equipment, when loop may not had by causing the network equipment actually, But wrong report has loop.Therefore the network equipment just needs to take precautions against attack of the bogusware to loop detection mechanism.
Such as the Chinese invention patent application of publication No. CN101005412A, disclosing one kind preventing port loop detection message The realization method and system of attack, wherein the loop detection message implementation method based on random code, concrete scheme are " 1. According to equipment rack MAC Address and system clock, 1 unique random code is generated within every 1 second;2. loop of the construction with random code is examined Observe and predict text;3. intercept loop detection message, if at least received in 1 second 100 parts with random code it is matched if think that there are rings Road, otherwise it is assumed that loop is not present.If not receiving loop detection message in 1 second, random code is reconfigured." this method is most Pipe can reach certain detection result, but still have following defects or problem:I.e. if loop is not present on physical network, But bogusware replicates the loop detection message containing random code received, repeats to send immediately after multiple (more than 100 times), such network equipment can still be received in 1 second more than 100 parts and the matched loop detection report of random code Text, to be mistaken for, there are loops.
Invention content
In view of defects in the prior art, the technical problem to be solved by the present invention is to:To loop in the prior art Or bogusware attack detecting;And makes every effort to comprehensive, accurately distinguishes loop or bogusware.
To achieve the goals above, the present invention adopts the following technical scheme that:
A method of detection port loop has:Sa. the step of constructing loop detection message;And Sb. judges that port has Loop free or the possible step of virus attack;And Sc. judges whether there is the step of physical rings or virus attack.
The invention further relates to a kind of devices of detection port loop, including:Constructing module constructs loop detection message;Ring Road and the possible judgment module of virus attack, judge that port has loop free or virus attack may;Physical rings or virus attack are sentenced Disconnected module, judges whether there is physical rings or virus attack.
The invention further relates to a kind of methods preventing port loop detection message attack:Include the following steps:
Step 1. constructs privately owned unicast mac address pond P;
Step 2. randomly selects 2 privately owned unicast mac address A0 and A1 from privately owned unicast mac address pond P;
Step 3. switch fabric loop detection message F0 and F1;
Loop detection message F0 passes through using the privately owned unicast mac address A0 that randomly selects as purpose MAC Address, source MAC Location is that bridge MAC Address or interface mac address construct;Loop detection message F1 is by the way that using A1 as purpose MAC Address, A0 is source MAC Address architecture;
Step 4. interchanger sends loop detection message F0;
Step 5. interchanger, which waits for, receives loop detection message F0;
If step 6. does not receive loop detection message F0, return to step 2 within the T0 times of setting;Otherwise confirm doubtful There are loops, go to step 7;
If step 7. does not receive loop detection message F0 within the T1 times, step 8 is gone to;Otherwise, step 9 is gone to;
If the MAC Address number in step 8. switch mac address table under the port is 1 and is the source MAC of F0, It is determined as the port from ring;Otherwise, then it is determined as bogusware single attack, after waiting for the T0 times, return to step 2;
Step 9. interchanger sends loop detection message F1;
Certain a period of time T2 to be set such as step 10.;
Step 11. exchanges function and receives loop detection message F0, then when being determined as the unlimited attack of bogusware or T1 Between do not rest attack in section;Otherwise, step 12 is gone to;
If step 12. can receive loop detection message F1, it is determined as under the interface that there are loops;Otherwise, it is determined that being Bogusware limited number of time is attacked.
Compared with prior art, beneficial effects of the present invention:
1. since privately owned unicast mac address randomly selects, if bogusware is wanted to construct loop detection message hair It is difficult that successfully (bogusware is difficult to guess which the privately owned unicast mac address that epicycle randomly selects is to play active attack to be It is a).
2. bogusware is difficult to initiate passive attack by way of reflection, because the purpose MAC of loop detection message Location is not fixed multicast address (broadcast address), and bogusware is difficult to judge received message which is loop detection report Text.
3. if bogusware initiates passive attack (reception is judged after being loop detection message, replicates and sends), no matter Bogusware initiates limited number of time attack (only hair 1 time or only hair is for several times within certain time) or initiates attack (or one infinitely Do not rest attack in section of fixing time), this algorithm can identify.With single port from the complete of ring, physical rings or virus attack Face and accurately detection and judgement.
Description of the drawings
Fig. 1 is the method for the present invention flow chart of steps.
Specific implementation mode
Below in conjunction with the accompanying drawings and the technical solution that further illustrates the present invention of specific embodiment.
Embodiment 1:A method of prevent the port loop detection message attack, steps flow chart from being:
1. the privately owned unicast mac address pond P of construction.Privately owned unicast mac address refers to:Certain specific network equipment will not be distributed to The unicast mac address that all-network equipment (interface) does not use in the unicast mac address or local network of (interface).Due to private There is unicast mac address not used in the home network by miscellaneous equipment (interface), therefore, interchanger is receiving target MAC (Media Access Control) address For the forwarding that floods will be carried out after the message of privately owned unicast mac address.
The privately owned unicast mac address pond of oneself company can be used in network equipment vendor, such as the privately owned MAC of Digital China Corporation Location pond initial address is 00-30-0F-30-00-00;Our company Local Administrated Address can also be used to make For privately owned unicast mac address pond, as OUI can be used to construct privately owned unicast mac address pond for 00-30-0F for Digital China Corporation Initial address is 02-30-0F-00-00-00.The unicast address pond 00-00-5E-00-00-00 that IANA can also be used to retain is arrived 00-00-5E-FF-FF-FF。
Number of addresses in privately owned unicast mac address pond cannot very little also need not be too many, hundreds of to thousands of.
2. randomly selecting 2 privately owned unicast mac address A0 and A1 from privately owned unicast mac address pond.
3. constructing loop detection message F0 and F1.Using the privately owned unicast mac address A0 that randomly selects as purpose MAC Address, Source MAC is that bridge MAC Address (or interface mac address) constructs a loop detection message F0.Using A1 as purpose MAC Address, A0 is that source MAC constructs loop detection message F1.
Bogusware is identified according to the type field value of loop detection message in order to prevent, the type field of F0 and F1 Value can in defined value range random value.
4. sending loop detection message F0.Since the target MAC (Media Access Control) address A0 of F0 (is not connect in the home network by miscellaneous equipment Mouthful) use, therefore, receiving the interchanger of F0 will flood.
Loop detection message F0 is received 5. waiting for.
6. if (such as 1 second) does not receive loop detection message F0 within the T0 times of setting, return to the 2nd step;Otherwise it (doubts Seemingly there is loop), turn the 7th step.
If (such as 0.1 second, T1 is less than the ageing time of switch mac address table) does not receive F0 7. within the T1 times, Turn the 8th step;Otherwise, turn the 9th step.
If 8. MAC Address number in switch mac address table (content-addressable memory) under the port be 1 and be F0 source MAC Location is then determined as the port from ring;Otherwise, then it is determined as bogusware single attack, after waiting for the T0 times, returns to the 2nd Step.
9. sending loop detection message F1.Since the source MAC of F1 is A0, if there are physics loop F1 will clear up loop In F0 (F0 will disappear in 1-2 seconds);Since the target MAC (Media Access Control) address A1 of F1 is not in the home network by miscellaneous equipment (interface) It uses, therefore, receiving the interchanger of F1 will flood.
10. etc. certain a period of time T2 to be set.T2 time value suggestions are set as from F0 is sent to receiving the time used in F0 1.1 times.
11. if F0 can be received, it is determined as that bogusware is attacked and (attacks or do not rest in the T1 periods infinitely and attack It hits);Otherwise, turn 12.
12. if F1 can be received, it is determined as under the interface that there are loops;Otherwise, it is determined that being attacked for bogusware (limited Secondary attack).
Embodiment 2:A method of port loop detection message attack is prevented, is included the following steps:
Step 1. constructs privately owned unicast mac address pond P;
The privately owned unicast mac address refers to:With being not allocated to the unicast MAC of the arbitrary specific network equipment or interface Location, or not by all-network equipment or interface use in local network unicast mac address.
Step 2. randomly selects 2 privately owned unicast mac address A0 and A1 from privately owned unicast mac address pond P;
Step 3. network equipment (interchanger) constructs loop detection message F0 and F1;
Loop detection message F0 passes through using the privately owned unicast mac address A0 that randomly selects as purpose MAC Address, source MAC Location is that bridge MAC Address or interface mac address construct;
Loop detection message F1 is by the way that using A1 as purpose MAC Address, A0 constructs for source MAC;
Preferably, bogusware is identified according to the type field value of loop detection message in order to prevent, the loop The type field value of detection messages F0 and F1 value range as defined in DIXEthernetv2 standards, IEEE802.3 standards Interior random value.
Step 4. network equipment (interchanger) sends loop detection message F0;
Step 5. network equipment (interchanger), which waits for, receives loop detection message F0;
If step 6. does not receive loop detection message F0, return to step 2 within the T0 times of setting;Otherwise confirm doubtful There are loops, go to step 7;
If step 7. does not receive F0 within the T1 times, step 8 is gone to;Otherwise, step 9 is gone to;
T1 must be less than the ageing time of switch mac address table, for example be set as 0.1s.
If the MAC Address number in step 8. switch mac address table under the port is 1 and is the source MAC of F0, It is determined as the port from ring;Otherwise, then it is determined as bogusware single attack, after waiting for the T0 times, return to step 2;
Step 9. network equipment (interchanger) sends loop detection message F1;
Certain a period of time T2 to be set such as step 10.;
Preferably, the T2 time values are set as from F0 is sent to receiving 1.1 times of the time used in F0.
If step 11. network equipment (interchanger) can receive F0, be determined as bogusware attack (infinitely attack or Attack is not rested in the T1 periods);Otherwise, step 12 is gone to.
If step 12. can receive F1, it is determined as under the interface that there are loops;Otherwise, it is determined that being attacked for bogusware (limited number of time attack).
Embodiment 3:A method of detection port loop has:Sa. the step of constructing loop detection message;And Sb. sentences Interruptive port has loop free or the possible step of virus attack;And Sc. judges whether there is the step of physical rings or virus attack.
Embodiment 4:A method of detection port loop has:Sa. the step of constructing loop detection message;Sb. judge There are loop free or the possible step of virus attack in port;Sbc. judge whether there is single port from ring the step of;Sc. it judges whether there is The step of physical rings or virus attack.
Embodiment 5:A method of detection port loop has:SA1. privately owned unicast mac address pond is constructed;SA2. from 2 privately owned unicast mac address A0 and A1 are randomly selected in privately owned unicast mac address pond P.Sa. the step of loop detection message is constructed Suddenly;And Sb. judges that there are loop free or the possible step of virus attack in port;And Sc. judges whether there is physical rings or virus is attacked The step of hitting.
Embodiment 6:A method of detection port loop has:SA1. privately owned unicast mac address pond is constructed;SA2. from 2 privately owned unicast mac address A0 and A1 are randomly selected in privately owned unicast mac address pond P.Sa. the step of loop detection message is constructed Suddenly;Sb. judge that there are loop free or the possible step of virus attack in port;Sbc. judge whether there is single port from ring the step of;And Sc. the step of judging whether there is physical rings or virus attack.
Embodiment 7:With with embodiment 3 or 4 or 5 or 6 identical technical solutions, more specifically:The step Sa In, construct detection messages F0, F1, and the Sb. judges that port has the loop free or the possible step of virus attack to be specially: Sb1. the network equipment sends loop detection message F0;Sb2. the network equipment, which waits for, receives loop detection message F0;If Sb3. setting Loop detection message F0 is received in the fixed T0 times, then judges that there are loop or the possibility of virus attack.
Embodiment 8:With with embodiment 3 or 4 or 5 or 6 or 7 identical technical solutions, more specifically:The Sc. The step of judging whether there is physical rings or virus attack be specially:Sc1. the network equipment sends loop detection message F1;Sc2. etc. Certain a period of time T2 to be set;If Sc3. in time T2, the network equipment receives loop detection message F0, then is determined as disease Malicious attack infinitely or the attack that do not rest in the T1 periods;Otherwise, step Sc4 is gone to;Sc4. the network equipment receives loop inspection Literary F1 is observed and predicted, then is determined as under the port that there are physics loops;Otherwise, it is determined that being attacked for bogusware limited number of time.
The purpose for sending message F1 is, clears up the F0 in loop, and the F0 cleared up remains to be received, and illustrates in the presence of disease Poison attack, and this attack is unlimited number of attack, otherwise, is not received by F0, then it is assumed that there are physical rings, or there is disease The limited number of time of malicious software is attacked, this when, then is judged in the T2 times, if F1 is received, if receiving F1, so that it may to say Bright its is really a physical rings, and otherwise, explanation is the virus attack of a limited number of time.
Embodiment 9:With with embodiment 3 or 4 or 5 or 6 or 7 or 8 identical technical solutions, more specifically:In structure When making loop detection message, loop detection message F0 by using the privately owned unicast mac address A0 that randomly selects as purpose MAC Location, source MAC are that bridge MAC Address or interface mac address construct;Loop detection message F1 by using A1 as purpose MAC Address, A0 constructs for source MAC.
Embodiment 10.A kind of device of detection port loop, including:
Constructing module constructs loop detection message;
Loop and the possible judgment module of virus attack, judge that port has loop free or virus attack may;
Physical rings or virus attack judgment module, judge whether there is physical rings or virus attack.
Embodiment 11.With technical solution same as in Example 10, more specifically:Further include:Single port is sentenced from ring Disconnected module, judges whether there is single port from ring.
Embodiment 12.With technical solution same as in Example 10, more specifically:The constructing module, construction Detection messages F0, F1, and the loop and the possible judgment module of virus attack, including:
F0 sending modules, the network equipment send loop detection message F0;
F0 receiving modules, the network equipment, which waits for, receives loop detection message F0;
First judgment module, if receiving loop detection message F0 within the T0 times of setting, judge there are loop or The possibility of virus attack;
Embodiment 13.With with embodiment 10 or 11 or 12 identical technical solutions, more specifically:The physical rings Or virus attack judgment module, including:
F1 sending modules, the network equipment send loop detection message F1;
Module is waited for, certain a period of time T2 to be set is waited;
Second judgment module, if in time T2, the network equipment receives loop detection message F0, then is determined as viral nothing Limit time attack or the attack that do not rest in the T1 periods;
Third judgment module, the network equipment receive loop detection message F1, then are determined as under the port that there are physical rings Road;Otherwise, it is determined that being attacked for bogusware limited number of time.
Embodiment 14.With with embodiment 10 or 11 or 12 or 13 identical technical solutions, more specifically:Single port is certainly Ring judgment module, including:
T1 time F0 receiving modules, judge whether to receive detection messages F0 within the T1 times;
4th judgment module, when judging to receive detection messages F0 within the T1 times, if the end in switch mac address table Mouthful lower MAC Address number is 1 and is the source MAC of detection messages F0, then is determined as that the port is single port from ring;Otherwise, Then it is determined as bogusware single attack.
The foregoing is only a preferred embodiment of the present invention, but scope of protection of the present invention is not limited thereto, Any one skilled in the art in the technical scope disclosed by the present invention, according to the technique and scheme of the present invention and its Inventive concept is subject to equivalent substitution or change, should be covered by the protection scope of the present invention.

Claims (1)

1. a kind of method preventing port loop detection message attack, it is characterised in that:Include the following steps:
Step 1. constructs privately owned unicast mac address pond P;
Step 2. randomly selects 2 privately owned unicast mac address A0 and A1 from privately owned unicast mac address pond P;
Step 3. switch fabric loop detection message F0 and F1;
Loop detection message F0 by being as purpose MAC Address, source MAC using the privately owned unicast mac address A0 randomly selected Bridge MAC Address or interface mac address construction;Loop detection message F1 is by the way that using A1 as purpose MAC Address, A0 is source MAC Construction;
Step 4. interchanger sends loop detection message F0;
Step 5. interchanger, which waits for, receives loop detection message F0;
If step 6. does not receive loop detection message F0, return to step 2 within the T0 times of setting;Otherwise confirm doubtful presence Loop goes to step 7;
If step 7. does not receive loop detection message F0 within the T1 times, step 8 is gone to;Otherwise, step 9 is gone to;
If the MAC Address number in step 8. switch mac address table under the port is 1 and is the source MAC of F0, judge It is the port from ring;Otherwise, then it is determined as bogusware single attack, after waiting for the T0 times, return to step 2;
Step 9. interchanger sends loop detection message F1;
Certain a period of time T2 to be set such as step 10.;
Step 11. exchanges function and receives loop detection message F0, then is determined as the unlimited attack of bogusware or T1 periods Attack is not rested inside;Otherwise, step 12 is gone to;
If step 12. can receive loop detection message F1, it is determined as under the interface that there are loops;Otherwise, it is determined that for virus Software limited number of time is attacked.
CN201610005061.6A 2016-01-05 2016-01-05 The method for detecting the method and apparatus of port loop and preventing port loop detection message attack Expired - Fee Related CN105656897B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201810384916.XA CN108418838B (en) 2016-01-05 2016-01-05 A Method for Detecting Port Loops
CN201610005061.6A CN105656897B (en) 2016-01-05 2016-01-05 The method for detecting the method and apparatus of port loop and preventing port loop detection message attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610005061.6A CN105656897B (en) 2016-01-05 2016-01-05 The method for detecting the method and apparatus of port loop and preventing port loop detection message attack

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN201810384916.XA Division CN108418838B (en) 2016-01-05 2016-01-05 A Method for Detecting Port Loops

Publications (2)

Publication Number Publication Date
CN105656897A CN105656897A (en) 2016-06-08
CN105656897B true CN105656897B (en) 2018-07-31

Family

ID=56491722

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201610005061.6A Expired - Fee Related CN105656897B (en) 2016-01-05 2016-01-05 The method for detecting the method and apparatus of port loop and preventing port loop detection message attack
CN201810384916.XA Expired - Fee Related CN108418838B (en) 2016-01-05 2016-01-05 A Method for Detecting Port Loops

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN201810384916.XA Expired - Fee Related CN108418838B (en) 2016-01-05 2016-01-05 A Method for Detecting Port Loops

Country Status (1)

Country Link
CN (2) CN105656897B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11591625B2 (en) 2018-09-26 2023-02-28 Kalamazoo Holdings, Inc. Enzymatic process for production of modified hop products

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101005412A (en) * 2007-01-29 2007-07-25 中兴通讯股份有限公司 Realizing method and system for preventing port loop detection message attack
CN101179455A (en) * 2007-12-07 2008-05-14 中兴通讯股份有限公司 Method and system for implementing VLAN based port loop detection
US8107382B2 (en) * 2006-03-31 2012-01-31 Avaya Holdings Limited Loop detection in a communications network

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3947146B2 (en) * 2003-09-18 2007-07-18 富士通株式会社 Routing loop detection program and routing loop detection method
US20050076140A1 (en) * 2003-09-24 2005-04-07 Hei Tao Fung [topology loop detection mechanism]
CN101707538B (en) * 2009-11-25 2011-09-14 烽火通信科技股份有限公司 Method for detecting and automatically recovering Ethernet loopback
TWI424713B (en) * 2009-12-02 2014-01-21 Realtek Semiconductor Corp Loop detection method and network device applying the same

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8107382B2 (en) * 2006-03-31 2012-01-31 Avaya Holdings Limited Loop detection in a communications network
CN101005412A (en) * 2007-01-29 2007-07-25 中兴通讯股份有限公司 Realizing method and system for preventing port loop detection message attack
CN101179455A (en) * 2007-12-07 2008-05-14 中兴通讯股份有限公司 Method and system for implementing VLAN based port loop detection

Also Published As

Publication number Publication date
CN108418838B (en) 2020-08-07
CN105656897A (en) 2016-06-08
CN108418838A (en) 2018-08-17

Similar Documents

Publication Publication Date Title
Ahmed et al. Mitigation of black hole attacks in routing protocol for low power and lossy networks
Wurzinger et al. Automatically generating models for botnet detection
Maximov et al. Hiding computer network proactive security tools unmasking features
US6977887B1 (en) Method and apparatus for loop breaking on a serial bus
CN105812318B (en) For preventing method, controller and the system of attack in a network
Coppolino et al. An intrusion detection system for critical information infrastructures using wireless sensor network technologies
CN104579718B (en) A kind of device and method of optimization ARP aging mechanism
CN102137073B (en) Method and access equipment for preventing imitating internet protocol (IP) address to attack
CN106534289A (en) Automatic testing method, device and system
CN103685279B (en) Based on adaptive network port fast scanning method
CN102546311B (en) Method for realizing loop detection on EOC (Ethernet Over Coax) device
CN112804220B (en) Firewall testing method and device, electronic equipment and storage medium
CN108965263A (en) Network attack defence method and device
CN108028835A (en) automatic configuration server and method
CN109218283A (en) Prevent the method and corresponding equipment of distributed denial of service attack
CN110493366A (en) The method and device of network management is added in a kind of access point
CN105656897B (en) The method for detecting the method and apparatus of port loop and preventing port loop detection message attack
US9712393B2 (en) Network loop prevention
Burns et al. A novel traceroute-based detection scheme for wi-fi evil twin attacks
CN101030912A (en) Fast ring network method against attack based on RRPP, apparatus and system
CN106571936A (en) Loop network protection data configuration method and device
CN103354548B (en) High continuation threatens detection method, the equipment and system attacked
CN112804263A (en) Vulnerability scanning method, system and equipment for Internet of things
Shrivastava et al. Detection of topology poisoning by silent relay attacker in SDN
Kandah et al. Colluding injected attack in mobile ad-hoc networks

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20180731

Termination date: 20210105