CN101141396B - Packet processing method and network appliance - Google Patents
Packet processing method and network appliance Download PDFInfo
- Publication number
- CN101141396B CN101141396B CN2007101518056A CN200710151805A CN101141396B CN 101141396 B CN101141396 B CN 101141396B CN 2007101518056 A CN2007101518056 A CN 2007101518056A CN 200710151805 A CN200710151805 A CN 200710151805A CN 101141396 B CN101141396 B CN 101141396B
- Authority
- CN
- China
- Prior art keywords
- port
- dns server
- response message
- message
- trust attribute
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention discloses a method for processing a packet. The method comprises the following steps: the trust attribute of the received DNS server response packet access port is obtained; if the port is a trust port, the response packet of the DNS server is forwarded. The present invention also provides a network equipment, which solves the problem of the DNS phishing attack through configuring the trust attribute of the port, and the security of the network equipment is improved, thereby, the security of the DNS service is enhanced.
Description
Technical field
The present invention relates to network communications technology field, especially refer to a kind of message processing method and the network equipment.
Background technology
At TCP/IP (Transmission Control Protocol/Internet Protocol, transmission control protocol/internet protocol) in the network environment of framework, for example widely used Internet, DNS (DomainName System, domain name system) is a system extremely important and commonly used.The major function of DNS is exactly that user domain name of remembering easily and IP (Internet Protocol, the internet protocol) address that is not easy to remember are changed, and the network host of carrying out the DNS service then is referred to as dns server.Dns server normally is converted to domain name the IP address, and then the connection of using the IP address found to serve, and it is that forward is resolved that this process is commonly called as.For example: user terminal sends the request of visit domain name www.popunet.net to dns server, then dns server is according to the domain name of its preservation and the mapping relations of IP address, search address with the corresponding IP of domain name www.popunet.net, as 61.186.250.41, be the service providing device transmission service request of 61.186.250.41 to the IP address then, serve connection.By the effect of dns server, make the user can replace the IP address of difficult note by the simple domain name of memory, made things convenient for user's service-seeking.
Along with the develop rapidly of Internet, network environment is increasingly sophisticated, and behaviors such as network attack, virus attack, network cheating are also frequent day by day, and the harmfulness of the whole networking security of network also is on the rise.The fail safe of DNS also becomes the focus that people pay close attention to day by day, also more and more by the safety problem that DNS safety causes, for example: the situation that has part malicious user terminal personation dns server in the network, because the existence of this situation, the DNS application that has caused user terminal to send can not be replied by correct dns server, and the dns server that quilt is palmed off is replied, thereby causes that user terminal can not normally carry out the domain name conversion and cause teleservice unusual.In addition, the personation dns server also may take ample resources and reach the purpose that user terminal is attacked by sending a large amount of personation DNS response messages to user terminal, and this kind attack pattern belongs to DOS (Denial Of Service, denial of service) and attacks.
A kind of method of the DNS of solution safety problem is that application layer is filtered in the prior art, and promptly the protocol contents of the DNS message by the analytical equipment transmitting-receiving is intervened DNS message forwarding flow process according to preset rule, thereby reached protection DNS purpose of safety.But disposing with an emphasis of this method is on firewall box, and on the network equipment of other types, cause and can't well dispose because of some reasons such as resource occupation, and the layoutprocedure of this method is loaded down with trivial details, need the professional who is familiar with DNS Protocol to be configured, and need analyze using layer protocol information, the handling property of equipment is required than higher.
Summary of the invention
The embodiment of the invention provides a kind of message processing method and the network equipment, with the method complexity that solves protection DNS safety in the prior art, the defective that is difficult for deployment.
For achieving the above object, the embodiment of the invention provides a kind of message processing method on the one hand, may further comprise the steps: the trust attribute that network equipment physical port or logic port are set, the described dns server response message of division that the dns server response message is carried out security domain is a kind of DNS message, described DNS message comprises: DNS request message and dns server response message, the DNS request message is meant the domain name mapping request message that user terminal sends to dns server, and the dns server response message is meant the domain name mapping response message that dns server returns to user terminal; Obtain the trust attribute of the domain name system dns server response message inbound port that receives; If described inbound port is a trusted port, then described dns server response message is transmitted; If described inbound port is non-trusted port, then described dns server response message do not transmitted, but described dns server response message abandoned or the message of non-trusted port is reported and output journal.
On the other hand, the embodiment of the invention also provides a kind of network equipment, comprising: the port trust attribute is provided with the unit, is used to be provided with the trust attribute of described network equipment physical port or logic port, the dns server response message is carried out the division of security domain; Described dns server response message is a kind of DNS message, described DNS message comprises: DNS request message and dns server response message, the DNS request message is meant the domain name mapping request message that user terminal sends to dns server, and the dns server response message is meant the domain name mapping response message that dns server returns to user terminal; Port trust attribute acquiring unit is used to obtain the trust attribute of the dns server response message inbound port that receives; The message retransmission unit is connected with described port trust attribute acquiring unit, is used for getting access to after the inbound port that receives the dns server response message is trusted port at described port trust attribute acquiring unit, transmits described dns server response message;
The packet loss unit is connected with described port trust attribute acquiring unit, is used for getting access to after the inbound port that receives the dns server response message is non-trusted port at described port trust attribute acquiring unit, directly abandons the response message of this dns server;
The message reporting unit, be connected with described port trust attribute acquiring unit, be used for getting access to after the inbound port that receives the dns server response message is non-trusted port, with the message reporting and the output journal of described non-trusted port at described port trust attribute acquiring unit.
Compared with prior art, the embodiment of the invention is provided with the trust attribute of port on the network equipment, has solved the problem of DNS bogus attack by the configuration that is simple and easy to usefulness, has improved the security capabilities of the network equipment, thereby has promoted the DNS service security.
Description of drawings
Fig. 1 is the flow chart of a kind of message processing method of the embodiment of the invention;
Fig. 2 is that the message of the embodiment of the invention one is handled schematic diagram;
Fig. 3 is that the message of the embodiment of the invention two is handled schematic diagram;
Fig. 4 is the structural representation of a kind of network equipment of the embodiment of the invention.
Embodiment
Be elaborated below in conjunction with the drawings and specific embodiments.
As shown in Figure 1, Fig. 1 is the flow chart of a kind of message processing method of the embodiment of the invention, mainly may further comprise the steps:
The network equipment receives extraneous dns server response message, and obtain the ingress port information of message according to this dns server response message, search then in this network equipment and the corresponding trust attribute of this inbound port, thereby get access to the trust attribute of the dns server response message inbound port that receives.Wherein the trust attribute of each port of the network equipment is to be arranged in networking on this network equipment, in networking, can determine to connect in the network equipment port of dns server, the port that connects dns server is set to trusted port, and the port that does not connect dns server is set to non-trusted port.If desired network configuration is recombinated, and changed original networking structure, then need the trust attribute of each port of the network equipment in the network configuration after the reorganization is provided with again, but the port that connects dns server equally is set to trusted port, and the port that does not connect dns server is set to non-trusted port.Main then will connect active and standby port and all be made as trusted port if comprise in the system, and active and standbyly have identical priority with dns server with dns server with dns server and standby dns server.
Wherein, the dns server response message is a kind of DNS message, so-called DNS message comprises: DNS request message and dns server response message, the DNS request message is meant the domain name mapping request message that user terminal sends to dns server, and the dns server response message is meant the domain name mapping response message that dns server returns to user terminal.
The network equipment is handled this response message accordingly according to the trust attribute that gets access to this dns server response message inbound port, if the inbound port of this response message is a trusted port, then the network equipment is transmitted this response message; If the inbound port of this response message is non-trusted port, then the network equipment is not done forwarding to this response message, but take other processing modes, and multiple processing mode is arranged, for example it directly can be abandoned, the message of non-trusted port is reported and output journal etc.Because having determined the port that is connected with dns server in this network equipment in networking is trusted port, be that the dns server response message can only be received by the network equipment from this trusted port, the network equipment can not receive normal dns server response message from other non-trusted ports yet.If the network equipment receives the dns server response message from other non-trusted ports, illustrate that then this dns server response message is improper dns server response message, the response message that might send for counterfeit dns server.Therefore, be provided with the port trust attribute, also just determined the source of safe dns server response message, the network equipment is only transmitted the dns server response message that receives on the trusted port, the dns server response message that receives on the non-trusted port is not done forwarding, but take other processing modes, and multiple processing mode is arranged, for example it directly can be abandoned, the message of non-trusted port is reported and output journal etc.
It is to be noted, the network equipment among the invention described above embodiment comprises router, switch, firewall box or the like, and this network equipment can be PE (the Provider Edge that directly is connected with dns server, the provider edge) equipment, also can be CE (Customer Edge, the customer edge) equipment that is connected indirectly with dns server.No matter be PE equipment, or CE equipment, in networking, can both determine the port that directly or indirectly is connected in those network equipments with dns server, no matter be the PE equipment that directly is connected promptly also with dns server, still pass through the CE equipment that other upstream network device and dns server are connected indirectly, this dns server is when this PE or CE equipment transmission response message, and this PE or CE equipment must receive by its port that directly or indirectly connects dns server.
Handling schematic diagram below in conjunction with the message of the embodiment of the invention one shown in Figure 2 further describes.As shown in Figure 2, PE equipment comprises 3 ports, its middle port 3 is connected with real dns server, port one, port 2 connect user terminal respectively, then when networking, can determine the connection state of this each port of PE equipment, be provided with, port 3 is set be trusted port according to the trust attribute of this connection state to this each port of PE equipment, port one and port 2 are non-trusted port, and PE equipment is stored each the port trust attribute that is provided with.During operate as normal, PE equipment is monitored the DNS message that arrives this equipment, when having listened to the dns server response message, according to the ingress port information of this response message, obtains the trust attribute of this inbound port correspondence of storing in the PE equipment.If it is port 3 that PE equipment listens to the inbound port of this dns server response message, then can get access to port 3 according to the mapping relations of each port stored in this PE equipment and trust attribute and be trusted port, this PE equipment is transmitted this response message according to the purpose information of carrying in this response message; If it is port 2 that PE equipment listens to the inbound port of this dns server response message, then can get access to port 2 according to the mapping relations of each port stored in this PE equipment and trust attribute and be non-trusted port, this PE equipment is not transmitted this response message at port 2, but take other processing modes, multiple processing mode is arranged, for example: it directly can be abandoned, the message of non-trusted port is reported and output journal etc.
If there is the counterfeit dns server of assailant to send counterfeit dns server response message to user terminal by this PE equipment, PE equipment receives by port 2, because port 2 is non-trusted port, then PE equipment directly abandons the response message that receives on port 2, therefore the response message of the counterfeit dns server transmission of assailant also just can't finally arrive user terminal, thereby has effectively avoided this assailant's attack.
In the invention described above embodiment, determined in the time of networking that a ports having 3 connects dns server in the PE equipment, dns server is when this PE equipment sends response message as can be known, this PE equipment receives by port 3, and the port one of this PE equipment, port 2 connect user terminal respectively, and then this PE equipment of deducibility can not receive the dns server response message from port one, port 2.Therefore this PE equipment is monitored arriving this equipment DNS message, and only the dns server response message that receives on the port 3 is transmitted; If listen to the dns server response message that port one or port 2 receive, then this response message is classified as improper dns server response message, directly on port one or port 2, this response message is abandoned.Hence one can see that, the embodiment of the invention is provided with the trust attribute of each port of the network equipment, just the dns server response message has been carried out the division of security domain, also promptly the source of the dns server response message of safety is limited, the dns server response message that only receives on trusted port just is the dns server response message of safety.
The invention described above embodiment is the division of the dns server response message being carried out security domain by the trust attribute that network equipment physical port is set, the embodiment of the invention two also can be by being provided with network equipment logic port, the trust attribute that also is VLAN (Virtual Local Area Network, VLAN) is carried out the division of security domain to the dns server response message.As shown in Figure 3, PE equipment connects different VLAN:VLAN1, VLAN2 and VLAN3 respectively.Wherein real dns server then is provided with VLAN3 for trusting VLAN networking the time in VLAN3, it is non-trusts VLAN that VLAN1 and VLAN2 are set, and PE equipment is stored the trust attribute of each VLAN of setting.During operate as normal, PE equipment is monitored the DNS message that arrives this equipment, when having listened to the dns server response message, according to the vlan information of going into that carries in this response message, obtains the trust attribute of the corresponding VLAN that stores in the PE equipment.If the vlan information of going into that this dns server response message carries is VLAN3, then can get access to VLAN3 according to the mapping relations of each VLAN that stores in this PE equipment and trust attribute for trusting VLAN, this PE equipment is transmitted this response message according to the purpose information of carrying in this response message; If the VLAN that goes into of this dns server response message is VLAN2, then can get access to VLAN2 according to the mapping relations of each VLAN that stores in this PE equipment and trust attribute is non-trust VLAN, this PE equipment is not transmitted this response message on VLAN2, but take other processing modes, multiple processing mode is arranged, for example: it directly can be abandoned, the message of non-trusted port is reported and output journal etc.
Send counterfeit dns server response message by this PE equipment to user terminal if there is the assailant to palm off dns server, the VLAN that goes into that PE equipment gets access to this response message is VLAN2, because VLAN2 is non-trust VLAN, PE equipment is not transmitted the response message that receives, but take other processing modes, multiple processing mode is arranged, for example: it directly can be abandoned, the message of non-trusted port is reported and output journal etc., thereby effectively avoid this assailant's attack.
The embodiment of the invention also provides a kind of network equipment, as shown in Figure 4, comprising: port trust attribute acquiring unit 1 and message retransmission unit 2.Port trust attribute acquiring unit 1 is used to obtain the trust attribute of the dns server response message inbound port that receives.Message process unit 2 is connected with port trust attribute acquiring unit 1, is used at port trust attribute acquiring unit 1 transmitting this dns server response message after the inbound port of the dns server response message that receives is trusted port.
The network equipment of another embodiment of the present invention also comprises on the basis of the above: the port trust attribute is provided with unit 3 and port trust attribute memory cell 4.The port trust attribute is provided with unit 3, is used to be provided with the trust attribute of this each port of network equipment.Port trust attribute memory cell 4, with the port trust attribute unit 3 being set is connected with port trust attribute acquiring unit 1, being used for opposite end message appoints attribute that unit 3 each set port trust attribute are set to store, obtain the corresponding port trust attribute for port trust attribute acquiring unit 1 according to the ingress port information that the network equipment receives the dns server response message.
The network equipment of another embodiment of the present invention also comprises on the basis of the above: packet loss unit 5, be connected with port trust attribute acquiring unit 1, be used for after the inbound port that port trust attribute acquiring unit 1 gets access to the dns server response message of reception is non-trusted port, do not transmit this dns server response message, but it is directly abandoned.Message reporting unit 6, be connected with port trust attribute acquiring unit 1, be used for after the inbound port that port trust attribute acquiring unit 1 gets access to the dns server response message of reception is non-trusted port, do not transmit this dns server response message, but the message of non-trusted port is reported and output journal.
In sum, a kind of message processing method and the network equipment that the embodiment of the invention provides, by the trust attribute of each port of the network equipment is set, the port that connects dns server is set to trusted port, the port that does not connect dns server is set to non-trusted port, thereby realized the security domain of dns server response message is divided, and the network equipment is only transmitted processing to the dns server response message that security domain is sent, the dns server response message that non-security domain is sent is not done forwarding, but take other processing modes, multiple processing mode is arranged, for example: it directly can be abandoned, the message of non-trusted port is reported and output journal etc., the response message that makes the counterfeit dns server of assailant send can't finally arrive user terminal, thereby effectively avoided assailant's attack, guaranteed the DNS service security.
In addition, existing counterfeit dns server is initiated the dos attack of DSN response message, also is to be passed through to send a large amount of counterfeit dns server response messages to user terminal by the assailant, takies the means that ample resources is attacked.Because the embodiment of the invention directly abandons the DNS response message on the non-trusted port of the network equipment, the a large amount of dns server response messages that make the assailant send can't arrive user terminal, thereby also initiate the dos attack problem of response message with regard to having solved counterfeit dns server naturally, guaranteed the safety of the network equipment, also avoid the propagation of illegitimate traffic on network, promoted utilization rate of network resource.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential general hardware platform, can certainly pass through hardware, but the former is better execution mode under a lot of situation.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium, comprise that some instructions are with so that a computer equipment (can be a personal computer, server, the perhaps network equipment etc.) carry out the described method of each embodiment of the present invention.
The above only is a preferred implementation of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (6)
1. a message processing method is characterized in that, may further comprise the steps:
The trust attribute of network equipment physical port or logic port is set, the dns server response message is carried out the division of security domain; Described dns server response message is a kind of DNS message, described DNS message comprises: DNS request message and dns server response message, the DNS request message is meant the domain name mapping request message that user terminal sends to dns server, and the dns server response message is meant the domain name mapping response message that dns server returns to user terminal;
Obtain the trust attribute of the domain name system dns server response message inbound port that receives;
If described inbound port is a trusted port, then described dns server response message is transmitted;
If described inbound port is non-trusted port, then described dns server response message do not transmitted, but described dns server response message abandoned or the message of non-trusted port is reported and output journal.
2. message processing method according to claim 1, it is characterized in that, in the described trust attribute that network equipment physical port or logic port are set, the dns server response message is carried out after the division of security domain, described obtain receive before the trust attribute of dns server response message inbound port, also comprise: the trust attribute of described each port is stored in the described network equipment.
3. as message processing method as described in the claim 2, it is characterized in that, the described trust attribute that each port of the network equipment is set specifically comprises: the port that is connected with dns server is set to trusted port, and the port that is connected with dns server is not set to non-trusted port.
4. message processing method according to claim 1, it is characterized in that, the described trust attribute of obtaining the dns server response message inbound port that receives specifically comprises: the trust attribute of obtaining described inbound port according to the described port trust attribute of described dns server response message ingress port information and network equipment storage.
5. a network equipment is characterized in that, comprising:
The port trust attribute is provided with the unit, is used to be provided with the trust attribute of described network equipment physical port or logic port, the dns server response message is carried out the division of security domain; Described dns server response message is a kind of DNS message, described DNS message comprises: DNS request message and dns server response message, the DNS request message is meant the domain name mapping request message that user terminal sends to dns server, and the dns server response message is meant the domain name mapping response message that dns server returns to user terminal;
Port trust attribute acquiring unit is used to obtain the trust attribute of the dns server response message inbound port that receives;
The message retransmission unit is connected with described port trust attribute acquiring unit, is used for getting access to after the inbound port that receives the dns server response message is trusted port at described port trust attribute acquiring unit, transmits described dns server response message;
The packet loss unit is connected with described port trust attribute acquiring unit, is used for getting access to after the inbound port that receives the dns server response message is non-trusted port at described port trust attribute acquiring unit, directly abandons the response message of this dns server;
The message reporting unit, be connected with described port trust attribute acquiring unit, be used for getting access to after the inbound port that receives the dns server response message is non-trusted port, with the message reporting and the output journal of described non-trusted port at described port trust attribute acquiring unit.
6. as the network equipment as described in the claim 5, it is characterized in that, also comprise: port trust attribute memory cell, with described port information attribute the unit is set and is connected, be used to store the trust attribute of described each port of the network equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101518056A CN101141396B (en) | 2007-09-18 | 2007-09-18 | Packet processing method and network appliance |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101518056A CN101141396B (en) | 2007-09-18 | 2007-09-18 | Packet processing method and network appliance |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101141396A CN101141396A (en) | 2008-03-12 |
| CN101141396B true CN101141396B (en) | 2010-12-15 |
Family
ID=39193145
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007101518056A Expired - Fee Related CN101141396B (en) | 2007-09-18 | 2007-09-18 | Packet processing method and network appliance |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101141396B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104052660A (en) * | 2013-03-11 | 2014-09-17 | 中兴通讯股份有限公司 | Message forwarding method and device for multiservice loading network device |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101841521A (en) * | 2010-01-22 | 2010-09-22 | 中国科学院计算机网络信息中心 | Method, server and system for authenticating identify information in DNS message |
| CN102137011A (en) * | 2011-02-18 | 2011-07-27 | 华为技术有限公司 | Message forwarding method, device and system for network |
| CN102594810B (en) * | 2012-02-08 | 2016-03-30 | 神州数码网络(北京)有限公司 | The method and apparatus that a kind of IPv6 network prevents PMTU from attacking |
| CN102884764B (en) * | 2012-06-30 | 2015-05-27 | 华为技术有限公司 | Message receiving method, deep packet inspection device, and system |
| CN108011932B (en) * | 2017-11-22 | 2020-11-27 | 新华三技术有限公司 | Access processing method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6957276B1 (en) * | 2000-10-23 | 2005-10-18 | Microsoft Corporation | System and method of assigning and reclaiming static addresses through the dynamic host configuration protocol |
| CN1925452A (en) * | 2006-10-11 | 2007-03-07 | 杭州华为三康技术有限公司 | Data transferring system, method and network transferring apparatus |
| CN101030945A (en) * | 2007-04-06 | 2007-09-05 | 中兴通讯股份有限公司 | Method for preventing PPPoE from being attacked by personnel server and false server |
-
2007
- 2007-09-18 CN CN2007101518056A patent/CN101141396B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6957276B1 (en) * | 2000-10-23 | 2005-10-18 | Microsoft Corporation | System and method of assigning and reclaiming static addresses through the dynamic host configuration protocol |
| CN1925452A (en) * | 2006-10-11 | 2007-03-07 | 杭州华为三康技术有限公司 | Data transferring system, method and network transferring apparatus |
| CN101030945A (en) * | 2007-04-06 | 2007-09-05 | 中兴通讯股份有限公司 | Method for preventing PPPoE from being attacked by personnel server and false server |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104052660A (en) * | 2013-03-11 | 2014-09-17 | 中兴通讯股份有限公司 | Message forwarding method and device for multiservice loading network device |
| CN104052660B (en) * | 2013-03-11 | 2018-09-14 | 南京中兴软件有限责任公司 | A kind of method and equipment that the multiple service supporting network equipment E-Packets |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101141396A (en) | 2008-03-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10171475B2 (en) | Cloud email message scanning with local policy application in a network environment | |
| Xing et al. | SDNIPS: Enabling software-defined networking based intrusion prevention system in clouds | |
| CN101022394B (en) | Method for realizing virtual local network aggregating and converging exchanger | |
| CN109450841B (en) | Large-scale DDoS attack resisting defense method based on cloud + end equipment on-demand linkage mode | |
| EP2760174A1 (en) | Virtual private cloud access authentication method and related apparatus | |
| CN104205751A (en) | Network system, controller, and packet authentication method | |
| US20060256814A1 (en) | Ad hoc computer network | |
| CN103746956A (en) | Virtual honeypot | |
| Wu et al. | A source address validation architecture (sava) testbed and deployment experience | |
| US20180262467A1 (en) | Cloud-based ddos mitigation | |
| CN101141396B (en) | Packet processing method and network appliance | |
| CN105743878A (en) | Dynamic service handling using a honeypot | |
| US10868792B2 (en) | Configuration of sub-interfaces to enable communication with external network devices | |
| CN101459653B (en) | Method for preventing DHCP packet attack based on Snooping technique | |
| CN102571738A (en) | Intrusion prevention system (IPS) based on virtual local area network (VLAN) exchange and system thereof | |
| US11329959B2 (en) | Virtual routing and forwarding (VRF)-aware socket | |
| US10708299B2 (en) | Mitigating effects of flooding attacks on a forwarding database | |
| CN101834864A (en) | Method and device for preventing attack in three-layer virtual private network | |
| US20080104688A1 (en) | System and method for blocking anonymous proxy traffic | |
| US10795912B2 (en) | Synchronizing a forwarding database within a high-availability cluster | |
| US20060256717A1 (en) | Electronic packet control system | |
| CN101599889A (en) | Prevent the method for MAC address spoofing in a kind of ethernet switching device | |
| US20060256770A1 (en) | Interface for configuring ad hoc network packet control | |
| Abdulla | Survey of security issues in IPv4 to IPv6 tunnel transition mechanisms | |
| CN101277302A (en) | Apparatus and method for safety centralized protection of distributed network equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20101215 Termination date: 20150918 |
|
| EXPY | Termination of patent right or utility model |