CN101005412A - Realizing method and system for preventing port loop detection message attack - Google Patents
Realizing method and system for preventing port loop detection message attack Download PDFInfo
- Publication number
- CN101005412A CN101005412A CN 200710002591 CN200710002591A CN101005412A CN 101005412 A CN101005412 A CN 101005412A CN 200710002591 CN200710002591 CN 200710002591 CN 200710002591 A CN200710002591 A CN 200710002591A CN 101005412 A CN101005412 A CN 101005412A
- Authority
- CN
- China
- Prior art keywords
- loop detection
- random code
- loop
- port
- detection message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
Being related to network equipment in second, third layer including router and Ethernet exchange, the invention is concretely related to method and system for preventing attack from port loop-checking message. Based on mechanism of processing loop checking, the invention adds random code to the checking message in order to prevent virus software from active sending data packets with destination MAC address coincident to loop checking message. In short time period, the method receives loop-checking message for multiple times continuously in order to prevent virus software form reflecting back received loop-checking data packets.
Description
Technical field
The present invention relates to two three-layer network appliances, comprise router and Ethernet switch, be specifically related to a kind of implementation method and system that prevents port loop detection message attack.
Background technology
Along with the high speed development of information technology, the composition of network becomes increasingly complex, and network topology is varied, wherein more commonly Star Network and looped network.In the network of reality, in case network loop occurs, will cause broadcast storm, cause network paralysis, therefore there have been various Spanning-Tree Protocols to guarantee that the network equipment in the looped network loop can not occur.But Spanning-Tree Protocol can not be judged single port and whether have loop that therefore, each equipment vendors has developed the technology of single port loop detection voluntarily, prevents that loop from appearring in single port.
The implementation of existing loop detection is by constructing the loop detection message of a specific Mac address, characteristics according to loop broadcasting, in case loop takes place down in this port, detect bag and will return detection port, whether correct by the purpose Mac address of judging message, whether be that the port sends simultaneously, determine whether there is loop under this port.
There is great potential safety hazard in the treatment mechanism of existing port loop detection:
At first,, construct a packet then and initiate active attack, can cause when carrying out loop detection so, think that loop has appearred in port by mistake if bogusware, analyzes the target MAC (Media Access Control) address of loop detection bag by packet capturing.
Secondly, if bogusware is used the method for reflection, the loop detection bag transmission that receives is gone back, this also can cause when carrying out loop detection, thinks that loop has appearred in port by mistake.
In sum, existing loop detection treatment mechanism does not have protective capacities to bogusware.
Summary of the invention
Bogusware there is not the problem of protective capacities in order to remedy the loop detection treatment mechanism that exists in the prior art, the present invention is on the basis of existing loop detection treatment mechanism, in detection messages, add random code, prevent that bogusware from initiatively sending the packet with the consistent target MAC (Media Access Control) address of loop detection message; Continuous several times receives loop detection message within the short time, prevents that bogusware from reflecting the loop detection bag that receives, thereby a kind of implementation method and system that simply prevents port loop detection message attack is provided.
The present invention specifically is achieved in that
A kind of implementation method that prevents port loop detection message attack comprises the steps:
Step 1, the structure random code;
Step 2, structure has the loop detection message of random code;
Step 3 is intercepted loop detection message, receives many parts of loop detection messages at short notice, judges target MAC (Media Access Control) address and destination interface earlier, then the loop detection message that receives is carried out the random code authentication, and the random code coupling then receives this message.
In the described step 1,, produce 1 unique random code per 1 second according to frame MAC Address and system clock.
In the described step 3, described reception loop detection message will receive 100 parts of loop detection messages that mate with the random code that produces at least, otherwise think that loop does not exist in 1 second, wait for loop detection next time.
In the described step 3,, then return step 1 and re-construct random code if in 1 second, do not receive loop detection message.
A kind of system of the attack of port loop detection message that prevents comprises that data transmission blocks, packet constructing module and data reception module also comprise:
Random code generation module and data analysis module;
Described random code generation module provides the generation of random code;
Described packet constructing module utilizes the random code structure that has generated to prevent the loop detection packet that port is attacked;
Described data transmission blocks sends the loop detection packet of having constructed;
Described data reception module is in order to receive many parts of loop detection packets at short notice;
Described data analysis module, analysis arrives the target MAC (Media Access Control) address and the destination interface of the loop detection packet of the port, and it is carried out the coupling of random code.
Described random code generation module according to frame MAC Address and system clock, produces 1 random code per 1 second.
Described data reception module if do not receive the loop detection packet in 1 second, is then waited for the new random code of random code generation module structure.
Described data analysis module, whether the loop detection packet that the random code with the generation of random code generation module that the analysis data reception module received in 1 second is mated is greater than 100 parts, if then loop exists, otherwise think that loop does not exist, wait for loop detection next time.
Compare with existing loop detection solution, the present invention is keeping having added the identification to the random code of loop detection message on the present loop detection function basis; While is according to the characteristics of loop broadcast storm, in case generation loop, loop detection message must pour in detection port, so judge that port exists the condition of loop to be: within 1 second, detection port receives the loop detection message that has legal random authentication sign indicating number greater than 100 parts.By this method, prevent the message aggression of bogusware to loop detection.Because the present invention realizes, does not increase extra cost, and is also little to the cost increase of software, but effectively protect the fail safe of loop detection on existing hardware device basis.
Description of drawings
Fig. 1 is the handling process of existing general loop detection.
Fig. 2 is the concrete handling process that prevents the port loop detection message attack method of the present invention.
Fig. 3 is a hardware unit block diagram of the present invention.
Embodiment
As shown in Figure 1, in the prior art, in general loop detection mechanism, the data message that all are received at interface only is concerned about target MAC (Media Access Control) address and destination interface, judges whether to exist loop according to these two property values.When bogusware detection port is carried out loop when attacking, do not guard against measure, cause the network equipment to think by mistake to have loop below the detection port and make port be in blocked state, have a strong impact on the carrying out of regular traffic.
The realization that prevents the system of port loop detection message attack in two three-layer network appliances of the present invention comprises with lower module:
Random code generation module: the generation of random code is provided;
The packet constructing module utilizes the random code structure that has generated to prevent the loop detection packet that port is attacked;
The packet sending module is in order to send the loop detection packet;
Data reception module in order to receive the loop detection packet that arrives the port, receives many parts of loop detection packets in a second;
Data analysis module, analysis arrives the target MAC (Media Access Control) address and the destination interface of the loop detection packet of the port, and it is carried out the coupling of random code.
Described random code generation module according to frame MAC Address and system clock, produces 1 random code per 1 second.
Described data reception module if do not receive the loop detection packet in 1 second, is then waited for the new random code of random code generation module structure.
Described data analysis module, whether the loop detection packet that the random code with the generation of random code generation module that the analysis data reception module received in 1 second is mated is greater than 100 parts, if then loop exists, otherwise think that loop does not exist, wait for loop detection next time.
The method of port loop detection message attack that prevents of the present invention may further comprise the steps:
The first step generates a random code each second according to system clock and frame MAC.
Second step, intercept loop detection message, utilize the characteristics of loop broadcast storm, the short time receives many parts of detection messages, analyzes random code.
To two three-layer network appliances, prevent that port loop from detecting the enforcement of attacking and being described in further detail below in conjunction with Fig. 2.
The concrete handling process that prevents port loop detection message attack of the present invention:
The first step is used the random code generation module, produces a unique random code according to frame MAC Address and system clock.
In second step, structure has the loop detection message of random code, sends the loop detection bag.
In the 3rd step, startup is intercepted, and waits for receiving loop detection message.
The 4th step if do not receive detection messages within a second, then re-constructed random code, waited for loop detection next time, prevented the packet capturing attack of bogusware to loop detection.
The 5th step received after the loop detection message, according to the flow process of general loop detection, judged target MAC (Media Access Control) address and destination interface, if correct, then continued random code is authenticated; If incorrect, then abandon this message, wait for receiving.
The 6th step authenticated random code, if random code does not match, then abandoned this message, waited for receiving; If the random code coupling then adds up 1 with loop detection packet count pick up device.
In the 7th step,, judge that whether the legal loop detection message of receiving is greater than 100 parts within 1 second according to loop broadcast storm characteristics and CPU transmitting-receiving bag ability.If equal or, think that then loop does not exist less than 100 parts, wait for loop detection next time, prevent from that bogusware from adopting to receive after the message attack that message is sent return; If greater than 100 parts, then think to have loop below this port.
Claims (8)
1. an implementation method that prevents port loop detection message attack is characterized in that, comprises the steps:
Step 1, the structure random code;
Step 2, structure has the loop detection message of random code;
Step 3 is intercepted loop detection message, receives many parts of loop detection messages at short notice, judges target MAC (Media Access Control) address and destination interface earlier, then the loop detection message that receives is carried out the random code authentication, and the random code coupling then receives this message.
2. the implementation method that prevents port loop detection message attack as claimed in claim 1 is characterized in that:
In the described step 1,, produce 1 unique random code per 1 second according to frame MAC Address and system clock.
3. the implementation method that prevents port loop detection message attack as claimed in claim 1 or 2 is characterized in that:
In the described step 3, described reception loop detection message will receive 100 parts of loop detection messages that mate with the random code that produces at least, otherwise think that loop does not exist in 1 second, wait for loop detection next time.
4. the implementation method that prevents port loop detection message attack as claimed in claim 1 or 2 is characterized in that:
In the described step 3,, then return step 1 and re-construct random code if in 1 second, do not receive loop detection message.
5. a system that prevents the attack of port loop detection message comprises, data transmission blocks, packet constructing module and data reception module is characterized in that, also comprise:
Random code generation module and data analysis module;
Described random code generation module provides the generation of random code;
Described packet constructing module utilizes the random code structure that has generated to prevent the loop detection packet that port is attacked;
Described data transmission blocks sends the loop detection packet of having constructed;
Described data reception module is in order to receive many parts of loop detection packets at short notice;
Described data analysis module, analysis arrives the target MAC (Media Access Control) address and the destination interface of the loop detection packet of the port, and it is carried out the coupling of random code.
6. the system that prevents port loop detection message attack as claimed in claim 5 is characterized in that:
Described random code generation module according to frame MAC Address and system clock, produces 1 random code per 1 second.
7. as claim 5 or the 6 described systems that prevent port loop detection message attack, it is characterized in that:
Described data reception module if do not receive the loop detection packet in 1 second, is then waited for the new random code of random code generation module structure.
8. as claim 5 or the 6 described systems that prevent port loop detection message attack, it is characterized in that:
Described data analysis module, whether the loop detection packet that the random code with the generation of random code generation module that the analysis data reception module received in 1 second is mated is greater than 100 parts, if then loop exists, otherwise think that loop does not exist, wait for loop detection next time.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200710002591 CN101005412A (en) | 2007-01-29 | 2007-01-29 | Realizing method and system for preventing port loop detection message attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200710002591 CN101005412A (en) | 2007-01-29 | 2007-01-29 | Realizing method and system for preventing port loop detection message attack |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101005412A true CN101005412A (en) | 2007-07-25 |
Family
ID=38704293
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200710002591 Pending CN101005412A (en) | 2007-01-29 | 2007-01-29 | Realizing method and system for preventing port loop detection message attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101005412A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100466583C (en) * | 2007-04-06 | 2009-03-04 | 华为技术有限公司 | Fast ring network method against attack based on RRPP, apparatus and system |
| CN102025572A (en) * | 2011-01-10 | 2011-04-20 | 中国科学院软件研究所 | Method for preventing and monitoring Internet loop |
| CN102195746A (en) * | 2010-03-17 | 2011-09-21 | 瑞昱半导体股份有限公司 | Loop detection method and network device applying same |
| CN102281171A (en) * | 2011-08-30 | 2011-12-14 | 华为数字技术有限公司 | Loop detection method and equipment for two-layer network |
| CN101197648B (en) * | 2008-01-02 | 2012-06-06 | 中兴通讯股份有限公司 | Self-loop detection method and device used for access network |
| WO2012171216A1 (en) * | 2011-06-17 | 2012-12-20 | 华为技术有限公司 | Method and ethernet switching device for detecting loop position in ethernet |
| US8792362B2 (en) | 2009-12-02 | 2014-07-29 | Realtek Semiconductor Corp. | Loop detection method and network device applying the same |
| CN104038386A (en) * | 2014-05-30 | 2014-09-10 | 华为技术有限公司 | Method for detecting service looped network, node and network management device |
| CN104113442A (en) * | 2013-04-18 | 2014-10-22 | 上海斐讯数据通信技术有限公司 | Ethernet loop detection system and method |
| WO2015081499A1 (en) * | 2013-12-03 | 2015-06-11 | 北京东土科技股份有限公司 | Method and device for preventing ring network protocol messages from attacking cpu of device |
| CN105656897A (en) * | 2016-01-05 | 2016-06-08 | 大连民族大学 | Method and device for detecting port loop and method for preventing port loop detection message attacks |
| CN106231007A (en) * | 2016-09-14 | 2016-12-14 | 浙江宇视科技有限公司 | A kind of method and device preventing MAC Address from drifting about |
-
2007
- 2007-01-29 CN CN 200710002591 patent/CN101005412A/en active Pending
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100466583C (en) * | 2007-04-06 | 2009-03-04 | 华为技术有限公司 | Fast ring network method against attack based on RRPP, apparatus and system |
| CN101197648B (en) * | 2008-01-02 | 2012-06-06 | 中兴通讯股份有限公司 | Self-loop detection method and device used for access network |
| US8792362B2 (en) | 2009-12-02 | 2014-07-29 | Realtek Semiconductor Corp. | Loop detection method and network device applying the same |
| CN102195746A (en) * | 2010-03-17 | 2011-09-21 | 瑞昱半导体股份有限公司 | Loop detection method and network device applying same |
| CN102025572B (en) * | 2011-01-10 | 2012-12-19 | 中国科学院软件研究所 | Method for preventing and monitoring Internet loop |
| CN102025572A (en) * | 2011-01-10 | 2011-04-20 | 中国科学院软件研究所 | Method for preventing and monitoring Internet loop |
| WO2012171216A1 (en) * | 2011-06-17 | 2012-12-20 | 华为技术有限公司 | Method and ethernet switching device for detecting loop position in ethernet |
| US9178795B2 (en) | 2011-06-17 | 2015-11-03 | Huawei Technologies Co., Ltd. | Method and ethernet switching device for detecting loop position in ethernet |
| CN102281171A (en) * | 2011-08-30 | 2011-12-14 | 华为数字技术有限公司 | Loop detection method and equipment for two-layer network |
| CN102281171B (en) * | 2011-08-30 | 2013-09-11 | 北京华为数字技术有限公司 | Loop detection method and equipment for two-layer network |
| CN104113442A (en) * | 2013-04-18 | 2014-10-22 | 上海斐讯数据通信技术有限公司 | Ethernet loop detection system and method |
| WO2015081499A1 (en) * | 2013-12-03 | 2015-06-11 | 北京东土科技股份有限公司 | Method and device for preventing ring network protocol messages from attacking cpu of device |
| CN104038386A (en) * | 2014-05-30 | 2014-09-10 | 华为技术有限公司 | Method for detecting service looped network, node and network management device |
| CN105656897A (en) * | 2016-01-05 | 2016-06-08 | 大连民族大学 | Method and device for detecting port loop and method for preventing port loop detection message attacks |
| CN105656897B (en) * | 2016-01-05 | 2018-07-31 | 大连民族大学 | The method for detecting the method and apparatus of port loop and preventing port loop detection message attack |
| CN108418838A (en) * | 2016-01-05 | 2018-08-17 | 大连民族大学 | A method of detection port loop |
| CN108418838B (en) * | 2016-01-05 | 2020-08-07 | 大连民族大学 | Method for detecting port loop |
| CN106231007A (en) * | 2016-09-14 | 2016-12-14 | 浙江宇视科技有限公司 | A kind of method and device preventing MAC Address from drifting about |
| CN106231007B (en) * | 2016-09-14 | 2019-04-12 | 浙江宇视科技有限公司 | A kind of method and device for preventing MAC Address from drifting about |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101005412A (en) | Realizing method and system for preventing port loop detection message attack | |
| CN1316369C (en) | Secret hashing for SYN/FIN correspondence | |
| CN102291441B (en) | Method and security agent device for protecting against attack of synchronize (SYN) Flood | |
| Chao-Yang | DOS attack analysis and study of new measures to prevent | |
| CN101589595B (en) | A containment mechanism for potentially contaminated end systems | |
| CN101465855B (en) | Method and system for filtrating synchronous extensive aggression | |
| CN100464548C (en) | System and method for blocking worm attack | |
| EP1895738A2 (en) | Intelligent network interface controller | |
| KR20140118494A (en) | Apparatus and method for detecting anomaly in a controller system | |
| SE524963C2 (en) | Node and mobile device for a mobile telecommunications network providing intrusion detection | |
| WO2008131667A1 (en) | Method, device for identifying service flows and method, system for protecting against a denial of service attack | |
| WO2006019701A2 (en) | Inline intrusion detection using a single physical port | |
| US20040098482A1 (en) | Hub unit for preventing the spread of viruses, method and program therefor | |
| CN104424438B (en) | A kind of antivirus file detection method, device and the network equipment | |
| CN100420197C (en) | Method for guarding against attack realized for networked devices | |
| JP2004302538A (en) | Network security system and network security management method | |
| CN103139219B (en) | Based on the attack detection method of the Spanning-Tree Protocol of credible switchboard | |
| CN1326365C (en) | Worm blocking system and method using hardware-based pattern matching | |
| WO2014161205A1 (en) | Method, system and device for processing network congestion | |
| CN101136917B (en) | Transmission control protocol blocking module and soft switch method | |
| CN101771575B (en) | Method, device and system for processing IP partitioned message | |
| CN102333010B (en) | The method and system of one way link detection protection | |
| Ansari et al. | A low-cost masquerade and replay attack detection method for CAN in automobiles | |
| CN102164135B (en) | Device and method for defending prepositioned reconfigurable DDoS (distributed denial of service) attack | |
| CN113328976B (en) | Security threat event identification method, device and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |