CN105592063B - A kind of multicast anti-attack method and device - Google Patents

A kind of multicast anti-attack method and device Download PDF

Info

Publication number
CN105592063B
CN105592063B CN201510730727.XA CN201510730727A CN105592063B CN 105592063 B CN105592063 B CN 105592063B CN 201510730727 A CN201510730727 A CN 201510730727A CN 105592063 B CN105592063 B CN 105592063B
Authority
CN
China
Prior art keywords
port
link
multicast
state
state information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510730727.XA
Other languages
Chinese (zh)
Other versions
CN105592063A (en
Inventor
王伟
梁玉洁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
New H3C Technologies Co Ltd
Original Assignee
New H3C Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by New H3C Technologies Co Ltd filed Critical New H3C Technologies Co Ltd
Priority to CN201510730727.XA priority Critical patent/CN105592063B/en
Publication of CN105592063A publication Critical patent/CN105592063A/en
Application granted granted Critical
Publication of CN105592063B publication Critical patent/CN105592063B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast

Abstract

The present invention provides a kind of multicast anti-attack method and devices, technical solution are as follows: when the either port of multicast equipment receives the multicast protocol message that the port can be made to become router port, judge the port with the presence or absence of risk of attacks according to the link-state information of the port, if there is risk of attacks, then forbid the port being added to router port and abandons the message, otherwise, which is added to router port.The present invention can prevent information leakage.

Description

A kind of multicast anti-attack method and device
Technical field
The present invention relates to field of communication technology, in particular to a kind of multicast attack protection and device.
Background technique
IP multicast (IP Multicast) is one kind point between unicast (Unicast) and broadcast (Broadcast) Group delivery form, also known as ip multicast, refer to that IP data are generated by single sender's (multicast source), give one by net distribution Group recipient.
Work is known as Layer 2 Multicast in the IP multicast of data link layer, and corresponding multicast protocol is known as Layer 2 Multicast agreement, Including IGMP Snooping (Internet Group Management Protocol Snooping, internet group management association View snooping)/MLD Snooping (peep by Multicast Listener Discovery Snooping, multicast listener discovery protocol Visit) etc..IGMP Snooping is IPv4 Layer 2 Multicast agreement, and MLD Snooping is IPv6 Layer 2 Multicast agreement, and the two is realized It is essentially identical, it is described and illustrates by taking IPv4 as an example below.
IGMP Snooping abbreviation IGSP, mainly runs on the two-layer equipment between IGMP router and host, is used for Manage and control multicast group.Run IGMP Snooping Layer 2 Multicast equipment by analyzing the IGMP message received, Mapping relations are set up for port and IP multicast address, and according to such mapping relations multicast data forwarding.
Port is divided into two kinds of port types by the protocol massages that IGSP is received according to port, and one kind being known as router Port, one kind being known as member port.Wherein, router port is usually towards the port of the three layers of multicast equipment in upstream, such as Fig. 1 The port Eth1/1 of the middle switch A and port Eth1/1 of switch b, IGSP module will receive the universal group polling message of IGMP or The port maintenance of PIM hello packet is router port;Member port is usually towards the port of downstream multicast member, example The port Eth1/2 of the port Eth1/2 and Eth1/3 of switch A and switch b, IGSP module will receive IGMP as shown in figure 1 The port maintenance of membership report's message is the member port of corresponding multicast group.
In existing realization, IGSP module ties up the port for receiving the universal group polling message of IGMP or PIM hello packet It, can also be according to maximum response time (Max Resp Time) field in the universal group polling message of IGMP when shield is router port Retention time (Holdtime) field value is arranged the ageing timer of the router port in value or PIM hello packet.Fortune The multicast data message that the Layer 2 Multicast equipment of row IGSP can will receive is forwarded to all-router port, if there is maliciously attacking The person of hitting to a certain router port send Holdtime be never PIM hello packet or Max Resp Time be maximum value Igmp querying message, then the port maintenance can be the never router port of aging or ageing time overlength by IGSP module, And received all flux of multicast all can unconditionally be forwarded to the port, this is possible to will cause information leakage.
Summary of the invention
In view of this, can prevent information from letting out the purpose of the present invention is to provide a kind of multicast anti-attack method and device Dew.
In order to achieve the above object, the present invention provides the following technical scheme that
A kind of multicast anti-attack method, which comprises multicast equipment receives the end that can make the multicast equipment When mouth becomes the multicast protocol message of router port, judge whether the port deposits according to the link-state information of the port In risk of attacks, if there is risk of attacks, then forbid the port being added to router port, otherwise, by the port It is added to router port.
A kind of multicast attack protection device, be applied to multicast equipment in, which is characterized in that described device include: receiving unit, Judging unit, processing unit;
The receiving unit, receiving for multicast equipment can make the port of the multicast equipment become router port Multicast protocol message;
The judging unit, for after multicast equipment receives the multicast message, according to the link shape of the port State information judges the port with the presence or absence of risk of attacks;
The processing unit, if forbidding the port being added to routing for the port there are risk of attacks Otherwise the port is added to router port by device port.
As can be seen from the above technical solution, in the present invention, when determination needs port being added to router port, according to Port links status information judges port with the presence or absence of risk of attacks, there are risk of attacks in the case where forbid adding the port For router port.The present invention is it is possible to prevente effectively from information leakage, for example, when malicious attacker to certain Single port by sending The PIM hello packet that Holdtime is never or the igmp querying message that Max Resp Time is maximum value, so that the end It, can by application technical solution of the present invention when mouth is sent out multicast message as router port always and causes information leakage To find that there are malicious attacks for the port, and then information leakage is avoided by cancelling the port as router port.
Detailed description of the invention
Fig. 1 is the port prior art IGSP relation schematic diagram;
Fig. 2 is multicast anti-attack method flow chart provided in an embodiment of the present invention;
Fig. 3 is one multicast anti-attack method flow chart of the embodiment of the present invention;
Fig. 4 is two multicast anti-attack method flow chart of the embodiment of the present invention;
Fig. 5 is the structural schematic diagram of multicast attack protection device of the embodiment of the present invention.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawing and according to embodiment, Technical solution of the present invention is described in detail.
Technical solution provided by the present invention can be used in double layer network or between double layer network and three-layer network.
Referring to fig. 2, Fig. 2 is multicast anti-attack method flow chart provided in an embodiment of the present invention, and this method is applied to multicast Equipment, specifically includes the following steps:
Step 201, multicast equipment either port receive can make the port become router port multicast protocol Message;
In practical applications, universal group polling message or multicast routing protocol are received in certain Single port of multicast equipment When hello packet, need for the port to be added to router port, therefore, universal group polling message and multicast routing protocol Hello packet belongs to being capable of multicast protocol message of the port as router port.It should be noted that in IPv4 network In, universal group polling message is the universal group polling message of IGMP, and multicast routing protocol hello packet is PIM hello packet;? In IPv6 network, universal group polling message is the universal group polling message of MLD, and multicast routing protocol hello packet is IPv6 PIM Hello packet.
Step 202 judges the port according to the link-state information of the port with the presence or absence of risk of attacks, if there is attacking Risk is hit, then forbid for the port being added to router port and abandons the message, the port is otherwise added to router Port.
The present embodiment is applied to the multicast protocol module in multicast equipment, the multicast in IPv4 network, in multicast equipment Protocol module is IGMP Snooping module or the multicast protocol module based on the realization of IGMP Snooping function;In IPv6 net In network, the multicast protocol module in multicast equipment is MLD Snooping module or the group based on the realization of MLD Snooping function Broadcast protocol module.
Before this step, multicast protocol module also needs to obtain the link-state information of the port, specifically includes: establishing The connection of link-state protocol module in multicast equipment sends to be directed to and be somebody's turn to do by the connection to the link-state protocol module The link state inquiry message of port receives the link-state information for the port that the link-state protocol module returns.
In the present embodiment, the link-state information of port includes: whether that there are link state neighbours.According to the link of port Status information judges that the port is specifically included with the presence or absence of risk of attacks: if the link-state information of the port shows the port There is no link state neighbours, it is determined that there are risk of attacks for the port, otherwise, it determines risk of attacks is not present in the port.
When the link-state information according to port determines that there are when risk of attacks, forbid the port being added to road for the port By device port, the multicast data message that multicast equipment receives will not be sent from the port, so that information will not be from The port leaks out.
When the link-state information according to port determines that risk of attacks is not present in the port, still according to the place of the prior art The port is added to router port by reason method, and the multicast data message that multicast equipment receives will all be transferred from the port It goes.
Below with reference to two specific embodiments, realization principle of the invention is described in detail.
It is one multicast anti-attack method flow chart of the embodiment of the present invention referring to 3, Fig. 3, this method is applied in multicast equipment Multicast protocol module, mainly comprise the steps that
Step 301, multicast protocol module and local link layer state protocol module establish connection.
Multicast protocol module and link state module are configured in multicast equipment.In general, in multicast equipment Multicast protocol module and link-state protocol module default be starting, therefore, multicast protocol module can directly establish with Connection between link-state protocol module.
However, it is contemplated that it is also likely to be present the starting of multicast protocol module, and the situation that link-state protocol module is inactive, In order to guarantee that multicast protocol module in multicast equipment and link-state protocol module can be successfully established connection, multicast protocol mould Block trigger link status protocol module can start simultaneously when starting, so that multicast protocol module be made to assist in foundation and link state Before discussing the connection between module, two modules are startings.
In addition, in adjacent multicast equipment, it is also possible to there are the link-state protocol module startings in a multicast equipment, and The inactive situation of link-state protocol module in another multicast equipment.In order to guarantee under normal circumstances adjacent multicast equipment it Between can set up neighborhood by respective link-state protocol module, the starting of multicast protocol module in multicast equipment Afterwards, the port that local area network can also be connected to from each of multicast equipment, which is sent, is used to indicate opposite end multicast equipment starting link shape The notice message of state protocol module, so that opposite end multicast equipment also starts the link-state protocol mould of itself according to notice message Block, this way it is secured that two neighboring multicast equipment is before establishing neighbours' connection, link-state protocol module is opened Dynamic.Here, the local area network must enable multicast.After opposite end multicast equipment receives the notice message, start local Link-state protocol module.After multicast equipment and opposite end multicast equipment start link-state protocol module, chain can be carried out The interaction of line state protocol massages.Link-state protocol module is by periodically sending hello packet, maintenance link state to neighbours Neighborhood.
Step 302, multicast protocol module receive universal group polling message or multicast path in the either port of multicast equipment When by agreement hello packet, pass through the link shape that the port is obtained with the connection of local link-state protocol module of foundation State information.
In the prior art, multicast equipment receives universal group polling message or multicast routing protocol in certain Single port When hello packet, need the port being added to router port.In the present embodiment, multicast equipment is received in certain Single port When to universal group polling message or multicast routing protocol hello packet, be not the port is directly added to router port, and It is first to determine whether to the port being added to router port with the presence or absence of risk of attacks according to the port.
For the either port of multicast equipment, local link-state protocol module can pass through the port and opposite end Link-state protocol module in multicast equipment carries out link-state protocol interaction, to know the link state letter of the port Breath.Again because multicast protocol module is established and connect with the link-state protocol module of local, can by the connection to The link-state information of either port in local link-state protocol module request multicast equipment.
In this step, multicast protocol module receives universal group polling message or multicast path in the either port of multicast equipment When by agreement hello packet, the link-state information for obtaining the port is just gone.In practical implementations, multicast protocol module can also Periodically to go to obtain the link-state information of all of the port by the connection with link-state protocol module established, in this way, working as When wherein either port receives the message that the port can be made to become router port, there is no need to temporarily go acquisition again The link-state information of the port, but directly go to judge the end using the link-state information of the port obtained before this Mouth whether there is risk of attacks.
Multicast protocol module and link-state protocol module, which establish connection, can use various existing methods, such as in link An interface module is provided in status protocol module, multicast protocol module is assisted by calling the interface module to establish with link state The problem of connection of view module, this belongs to Project Realization, it will not go into details.
The chain that a port is obtained with the connection of local link-state protocol module that multicast protocol module passes through foundation Line state information method particularly includes: send the link for being directed to the port to local link-state protocol module by the connection Status inquiry message receives the link-state information for the port that local link-state protocol module returns.
Step 303 judges that the port whether there is risk of attacks according to the link-state information of the port, if it is, Step 304 is executed, otherwise, executes step 305.
Here, the link-state information of port includes: whether that, there are link state neighbours, a mark, which can be used, to be indicated With the presence or absence of link state neighbours, for example, two values of the traffic sign placement, one of value (such as 1) show that the port exists Link state neighbours, another value (such as 0) show that there is no link state neighbours for the port.
Under normal circumstances, two multicast equipments, which by respective link-state protocol module establish agreement and connect and pass through, builds Vertical connection interactive link status information, when which does not disconnect, the two multicast equipments link state neighbours each other, accordingly In the link-state information of connectivity port, the mark for indicating that the port whether there is link state neighbours is that there are links for the port The corresponding value of state neighbours;After the connection disconnects, the two multicast equipments no longer link state neighbours each other, corresponding connecting pin In the link-state information of mouth, the mark for indicating that the port whether there is link state neighbours is that there is no link states for the port The corresponding value of neighbours.
Step 304 forbids for the port being added to router port, and abandons the universal group polling message received or group Routing Protocol hello packet is broadcast, this process is terminated.
When link state neighbours are not present in a port, which cannot be used as router port, otherwise there is letter Cease the possibility of leakage.Therefore, if certain Single port in multicast equipment receives universal group polling message or multicast routing protocol When hello packet, if the link-state information of the port shows that there is no link state neighbours for the port, illustrate to have occurred different Reason condition, which may be subject to attacks, therefore there are risk of attacks, the port should not be added to router port.
The port is added to router port by step 305.
When a port is there are when link state neighbours, which can be used as router port.Therefore, if When certain Single port of multicast equipment receives universal group polling message or multicast routing protocol hello packet, if the chain of the port Line state information shows that there are link state neighbours for the port, then illustrates that the port is not affected by attack, and risk of attacks is not present, this The port can be added to router port in the case of kind.
Timer is arranged for the port in step 306, setting one, and recycles the following operation of execution: if the timer is super When, then the link-state information of the port is reacquired, and judge whether the port deposits according to the link-state information of the port In risk of attacks, if there is risk of attacks, then cancel the port as router port, otherwise end loop operation continues It safeguards that the port is router port, and is again started up timer.Further, when being again started up timer, timer Timing length can be constant, also can change, and the timing length of the timer is such as increased a random value.It is fixed in initial setting up When device when, timer duration can be set to default router port ageing time, hereafter it is every wheel circulation operation in, A value can be randomly choosed in a pre-set value interval (such as [1,10]), it is random that timer duration is increased this Value.
After a port is added to router port, by the way that timer is arranged for the port, at regular intervals The link-state information of the port is inquired, so as to detect whether the port risk of attacks occurs in time, and is being gone out Cancel the port when existing risk of attacks as router port (also will the port delete from router port list), thus No longer received multicast data message is sent from the port, to avoid the information leakage for causing the port.
It should be noted that in practical implementations, a timing can also be arranged for each port in multicast equipment Device once should can be inquired if a port is arranged to router port in each timer time of the port The link-state information of port, when the link-state information for finding the port shows that link state neighbours are not present in the port, It is assured that there are risk of attacks for the port, therefore cancels the port as router port.
It is two multicast anti-attack method flow chart of the embodiment of the present invention referring to 4, Fig. 4, this method is applied in multicast equipment Multicast protocol module, mainly comprise the steps that
Step 401, multicast protocol module establish the connection between the link layer state protocol module of local.
Step 402, the universal group polling message of either port reception or multicast routing protocol hello packet in multicast equipment When, pass through the link-state information that the port is obtained with the connection of local link-state protocol module of foundation.
Step 403 judges that the port whether there is risk of attacks according to the link-state information of the port, if it is, Step 404 is executed, otherwise, executes step 405.
Step 404 forbids for the port being added to router port, and abandons the universal group polling message received or group Routing Protocol hello packet is broadcast, this process is terminated.
The port is added to router port by step 405.
Above-mentioned steps 401-405 is identical as the step 301-305 in embodiment one respectively.
Step 406, to the link-state information of the local link-state protocol Module registers port.
It is specifically included to the link-state information of the local link-state protocol Module registers port: to local link Status protocol module sends the registration request of the link-state information for the port, and local link-state protocol module receives The link-state information of the port is registered after to the registration request.
Since the port is added to router port, to the end of local link-state protocol Module registers It is that there are link shapes for showing the port with the presence or absence of the value of the mark of link state neighbours in the link-state information of mouth The corresponding value of statistical indicant of state neighbours.
When step 407, local link-state protocol module detect that the link-state information of the port changes, to multicast Protocol module, which is sent, is used to indicate the notice message that the link-state information of the port changes.
Link-state protocol module in the opposite end multicast equipment of local link-state protocol module and the port carries out Protocol interaction, when connecting disconnection when the agreement between the link-state protocol module in the multicast equipment of opposite end, on the port Link state neighbours are deleted, which no longer has link state neighbours, and the link-state information of the port is caused to change.
Multicast protocol module is local to after the link-state information of local link-state protocol Module registers Single port Link-state protocol module the link-state information of the port can be monitored, when monitor the port link state believe It ceases (for example whether there are link state neighbours) to change, then can send the link shape for being used to indicate the port to multicast protocol module The notice message that state information changes carries the link-state information after the port changes, multicast protocol module evidence in notice message This notice message can determine that the link-state information of the port changes.
It should be noted that link-state protocol module can only change in the link-state information for detecting port When send notice message, in this case, multicast protocol module can cancel the port as router port accordingly.In addition, Link-state protocol module can also send notice message when any link-state information for detecting port changes, In this case, multicast protocol module first judge whether be the port link-state information: link state neighbours change, It is to cancel the port as router port, otherwise, does not execute and cancel the port as router port.
It should be noted that judging of changing of link-state information above-mentioned on condition that: link-state information is deposits In link state neighbours.
What step 408, multicast protocol module received that local link-state protocol module sends is used to indicate the port Link-state information change notice message, cancel the port as router port.
After a port is added to router port, local link-state protocol module is detecting the port It is logical by changing in time to the link-state information that the transmission of multicast protocol module is used to indicate the port when link-state information Know message, equally can find in time whether the port risk of attacks occurs, and cancels port work when there is risk of attacks For router port (also will the port deleted from router port list), believe so as to avoid revealing from the port Breath.
The present embodiment compared with embodiment one, can also effectively reduce multicast protocol module and link-state protocol module it Between information exchange.
Multicast anti-attack method of the present invention is described in detail above, the present invention also provides a kind of multicast attack protections Device is illustrated below with reference to Fig. 5.
It is the structural schematic diagram of multicast attack protection device of the embodiment of the present invention referring to Fig. 5, Fig. 5, which is applied to multicast In equipment, as shown in figure 5, the device includes: receiving unit 501, judging unit 502, processing unit 503;Wherein,
Receiving unit 501, for receiving the group that the port can be made to become router port in each port of multicast equipment Broadcast protocol massages;
Judging unit 502, for receiving unit 501 the either port of multicast equipment receive universal group polling message or After multicast routing protocol hello packet, judge the port with the presence or absence of attack according to the link-state information of the either port Risk;
Processing unit 503, if forbidding adding the either port for the either port there are risk of attacks For router port and the message is abandoned, otherwise, the either port is added to router port.
In Fig. 5 shown device, the link-state information of port includes: whether that there are link state neighbours;
The judging unit judges the port with the presence or absence of risk of attacks according to the link-state information of the either port When, it is used for: if the link-state information of the port shows that there is no link state neighbours for the port, it is determined that the port exists Risk of attacks, otherwise, it determines risk of attacks is not present in the port.
Fig. 5 shown device further includes acquiring unit 504;
Whether the acquiring unit 504 judges the port according to the link-state information of the port for judging unit 502 There are the link-state information for before risk of attacks, obtaining the port, specifically: pass through foundation and the link in multicast equipment The connection of status protocol module sends the link state inquiry message for being directed to the port to the link-state protocol module, receives The link-state information for the port that the link-state protocol module returns.
In one embodiment of the invention,
When the port is added to router port by the processing unit 503, timer is set further directed to the port, And recycle the following operation of execution:
If the timer expiry, the link-state information of the port is reacquired, and according to the link of the port Status information judges that the port is then cancelled as router side if there is risk of attacks with the presence or absence of risk of attacks in the port Mouthful, otherwise end loop operation continues to safeguard that the port is router port, and by the timer duration of the timer The timer is again started up after increasing a random value.
In another embodiment of the present invention,
When the port is added to router port by the processing unit 503, further sent out to link-state protocol module Card for the port link-state information registration request so that port described in the link-state protocol module monitors chain Line state information, if receiving the notice report sent when link-state information of the link-state protocol module in the port changes Text then cancels the port as router port.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention Within mind and principle, any modification, equivalent substitution, improvement and etc. done be should be included within the scope of the present invention.

Claims (10)

1. a kind of multicast anti-attack method is applied in multicast equipment, which is characterized in that the described method includes:
Multicast equipment receives when the port of the multicast equipment can be made to become the multicast protocol message of router port, according to The link-state information of the port judges the port with the presence or absence of risk of attacks, if there is risk of attacks, then forbid by The port is added to router port, otherwise, the port is added to router port;
Wherein, the link-state information of the port includes: whether that there are link state neighbours;
The link-state information according to the port judges that the port whether there is risk of attacks, specifically: if institute The link-state information for stating port shows that there is no link state neighbours for the port, it is determined that the port has attack wind Danger, otherwise, it determines risk of attacks is not present in the port.
2. the method according to claim 1, wherein the multicast equipment includes multicast protocol module and link shape State protocol module;The method is applied to the multicast protocol module in multicast equipment;
Judge that the port with the presence or absence of before risk of attacks, further comprises: obtaining according to the link-state information of the port The link-state information for taking the port, specifically includes: establishing the connection with the link-state protocol module, Xiang Suoshu link Status protocol module sends the link state inquiry message for being directed to the port, and receives the link-state protocol module and return Link-state information.
3. according to the method described in claim 2, it is characterized in that, the port is added to router port, the method Further include: timer is arranged to the port, and recycles the following operation of execution:
If the timer expiry, the link-state information of the port is reacquired, and according to the link of the port Status information judges the port with the presence or absence of risk of attacks, if there is risk of attacks, then cancels the port as routing Otherwise device port, end loop operation continue to safeguard that the port is router port, and be again started up the timer.
4. according to the method described in claim 2, it is characterized in that, the port is added to router port, the method Further include: Xiang Suoshu link-state protocol module sends the registration request of the link-state information for the port, so that institute The link-state information of port described in link-state protocol module monitors is stated, is existed if receiving the link-state protocol module The notice message that the link-state information of the port is sent when changing, then cancel the port as router port.
5. according to the method described in claim 2, it is characterized in that,
The link-state protocol module receives the link state inquiry report for the port of multicast protocol module transmission Wen Shi inquires the link-state information of the port, and the link-state information of the port is returned to multicast protocol module.
6. according to the method described in claim 2, it is characterized in that,
The link-state protocol module receives multicast protocol module and asks for the registration of the link-state information of the port When asking, the link-state information of the port is registered, and return to notice message when the link-state information of the port changes.
7. a kind of multicast attack protection device is applied in multicast equipment, which is characterized in that described device includes: receiving unit, sentences Disconnected unit, processing unit;
The receiving unit receives the multicast that the port of the multicast equipment can be made to become router port for multicast equipment Protocol massages;
The judging unit, for after multicast equipment receives the multicast protocol message, according to the link shape of the port State information judges the port with the presence or absence of risk of attacks;
The processing unit, if forbidding the port being added to router side for the port there are risk of attacks Mouthful, otherwise, the port is added to router port;
Wherein, the link-state information of port includes: whether that there are link state neighbours;
When the judging unit judges the port with the presence or absence of risk of attacks according to the link-state information of the port, use In: if the link-state information of the port shows that there is no link state neighbours for the port, it is determined that deposit the port In risk of attacks, otherwise, it determines risk of attacks is not present in the port.
8. device according to claim 7, which is characterized in that the multicast equipment includes multicast protocol module and link shape State protocol module;Described device is applied to the multicast protocol module, and described device further includes acquiring unit;
The acquiring unit, for judging that the port whether there is according to the link-state information of the port in judging unit Before risk of attacks, the link-state information of the port is obtained, is specifically included: established and the link-state protocol module Connection, Xiang Suoshu link-state protocol module sends the link state inquiry message for being directed to the port, and receives the link The link-state information that status protocol module returns.
9. device according to claim 8, which is characterized in that
The port is added to router port by the processing unit, further comprises: for the port, timer is set, And recycle the following operation of execution:
If the timer expiry, the link-state information of the port is reacquired, and according to the link of the port Status information judges the port with the presence or absence of risk of attacks, if there is risk of attacks, then cancels the port as routing Otherwise device port, end loop operation continue to safeguard that the port is router port, and be again started up the timer.
10. device according to claim 8, which is characterized in that
The port is added to router port by the processing unit, further comprises: Xiang Suoshu link-state protocol module The registration request for sending the link-state information for the port, so that port described in the link-state protocol module monitors Link-state information, if receive the link-state protocol module the port link-state information change when hair The notice message sent then cancels the port as router port.
CN201510730727.XA 2015-10-30 2015-10-30 A kind of multicast anti-attack method and device Active CN105592063B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510730727.XA CN105592063B (en) 2015-10-30 2015-10-30 A kind of multicast anti-attack method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510730727.XA CN105592063B (en) 2015-10-30 2015-10-30 A kind of multicast anti-attack method and device

Publications (2)

Publication Number Publication Date
CN105592063A CN105592063A (en) 2016-05-18
CN105592063B true CN105592063B (en) 2019-04-12

Family

ID=55931280

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510730727.XA Active CN105592063B (en) 2015-10-30 2015-10-30 A kind of multicast anti-attack method and device

Country Status (1)

Country Link
CN (1) CN105592063B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10142239B2 (en) * 2017-02-27 2018-11-27 Juniper Networks, Inc. Synchronizing multicast state between multi-homed routers in an Ethernet virtual private network
CN114221775A (en) * 2020-09-18 2022-03-22 北京金山云网络技术有限公司 Early warning method and device for dangerous port, cloud server and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101207473A (en) * 2006-12-18 2008-06-25 中兴通讯股份有限公司 Method for multicast implementation of switch-in layer network in IPTV system
CN101547100A (en) * 2009-05-07 2009-09-30 杭州华三通信技术有限公司 Method and system for multicast receiving control
CN102111279A (en) * 2011-02-28 2011-06-29 杭州华三通信技术有限公司 Method and equipment for transmitting multicast data
CN102368707A (en) * 2011-10-31 2012-03-07 华为技术有限公司 Method, equipment and system for multicast control
CN102905199A (en) * 2012-09-28 2013-01-30 杭州华三通信技术有限公司 Implement method and device of multicast service and device thereof
CN103475591A (en) * 2013-08-28 2013-12-25 杭州华三通信技术有限公司 Method and device for forwarding multicast data and software defined network controller

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7742407B2 (en) * 2005-11-10 2010-06-22 Scientific-Atlanta, Llc Quality of service management in a switched digital video environment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101207473A (en) * 2006-12-18 2008-06-25 中兴通讯股份有限公司 Method for multicast implementation of switch-in layer network in IPTV system
CN101547100A (en) * 2009-05-07 2009-09-30 杭州华三通信技术有限公司 Method and system for multicast receiving control
CN102111279A (en) * 2011-02-28 2011-06-29 杭州华三通信技术有限公司 Method and equipment for transmitting multicast data
CN102368707A (en) * 2011-10-31 2012-03-07 华为技术有限公司 Method, equipment and system for multicast control
CN102905199A (en) * 2012-09-28 2013-01-30 杭州华三通信技术有限公司 Implement method and device of multicast service and device thereof
CN103475591A (en) * 2013-08-28 2013-12-25 杭州华三通信技术有限公司 Method and device for forwarding multicast data and software defined network controller

Also Published As

Publication number Publication date
CN105592063A (en) 2016-05-18

Similar Documents

Publication Publication Date Title
US9038182B2 (en) Method of defending against a spoofing attack by using a blocking server
EP3355514B1 (en) Method and device for transmitting network attack defense policy and method and device for defending against network attack
CN108551446A (en) SYN message processing methods, device, fire wall and the storage medium of attack protection
CN105812318B (en) For preventing method, controller and the system of attack in a network
CN103746885A (en) Test system and test method oriented to next-generation firewall
CN104883360A (en) ARP spoofing fine-grained detecting method and system
CN111200611B (en) Method and device for verifying intra-domain source address based on boundary interface equivalence class
JP2007074734A (en) System, method and program for identifying source of malicious network message
CN102263788A (en) Method and equipment for defending against denial of service (DDoS) attack to multi-service system
CN108605264B (en) Method and apparatus for network management
CN104901953A (en) Distributed detection method and system for ARP (Address Resolution Protocol) cheating
KR20060030037A (en) Network attack combating method, network attack combating device and network attack combating program
CN103428032A (en) Attack positioning and assistant positioning device and method
CN103701818A (en) ARP (address resolution protocol) attack centralized detection and defense method for wireless controller system
CN102868569A (en) Method, node and system for detecting performance of three-layer virtual private network
CN105592063B (en) A kind of multicast anti-attack method and device
CN110191104A (en) A kind of method and device of security protection
CN108574673A (en) ARP message aggression detection method and device applied to gateway
CN101674312A (en) Method for preventing source address spoofing in network transmission and device thereof
CN102347903B (en) Data message forwarding method as well as device and system
CN107690004B (en) Method and device for processing address resolution protocol message
Castelucio et al. An AS-level overlay network for IP traceback
CN103067197B (en) The method of the dynamic loop detection of gateway device, protection and static loop detection
CN103414729B (en) The detecting system of a kind of routing attack and method
CN106878258A (en) One kind attacks localization method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Applicant after: Xinhua three Technology Co., Ltd.

Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No.

Applicant before: Huasan Communication Technology Co., Ltd.

GR01 Patent grant
GR01 Patent grant