CN105592063B - A kind of multicast anti-attack method and device - Google Patents
A kind of multicast anti-attack method and device Download PDFInfo
- Publication number
- CN105592063B CN105592063B CN201510730727.XA CN201510730727A CN105592063B CN 105592063 B CN105592063 B CN 105592063B CN 201510730727 A CN201510730727 A CN 201510730727A CN 105592063 B CN105592063 B CN 105592063B
- Authority
- CN
- China
- Prior art keywords
- port
- link
- multicast
- state
- state information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/16—Arrangements for providing special services to substations
- H04L12/18—Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
Abstract
The present invention provides a kind of multicast anti-attack method and devices, technical solution are as follows: when the either port of multicast equipment receives the multicast protocol message that the port can be made to become router port, judge the port with the presence or absence of risk of attacks according to the link-state information of the port, if there is risk of attacks, then forbid the port being added to router port and abandons the message, otherwise, which is added to router port.The present invention can prevent information leakage.
Description
Technical field
The present invention relates to field of communication technology, in particular to a kind of multicast attack protection and device.
Background technique
IP multicast (IP Multicast) is one kind point between unicast (Unicast) and broadcast (Broadcast)
Group delivery form, also known as ip multicast, refer to that IP data are generated by single sender's (multicast source), give one by net distribution
Group recipient.
Work is known as Layer 2 Multicast in the IP multicast of data link layer, and corresponding multicast protocol is known as Layer 2 Multicast agreement,
Including IGMP Snooping (Internet Group Management Protocol Snooping, internet group management association
View snooping)/MLD Snooping (peep by Multicast Listener Discovery Snooping, multicast listener discovery protocol
Visit) etc..IGMP Snooping is IPv4 Layer 2 Multicast agreement, and MLD Snooping is IPv6 Layer 2 Multicast agreement, and the two is realized
It is essentially identical, it is described and illustrates by taking IPv4 as an example below.
IGMP Snooping abbreviation IGSP, mainly runs on the two-layer equipment between IGMP router and host, is used for
Manage and control multicast group.Run IGMP Snooping Layer 2 Multicast equipment by analyzing the IGMP message received,
Mapping relations are set up for port and IP multicast address, and according to such mapping relations multicast data forwarding.
Port is divided into two kinds of port types by the protocol massages that IGSP is received according to port, and one kind being known as router
Port, one kind being known as member port.Wherein, router port is usually towards the port of the three layers of multicast equipment in upstream, such as Fig. 1
The port Eth1/1 of the middle switch A and port Eth1/1 of switch b, IGSP module will receive the universal group polling message of IGMP or
The port maintenance of PIM hello packet is router port;Member port is usually towards the port of downstream multicast member, example
The port Eth1/2 of the port Eth1/2 and Eth1/3 of switch A and switch b, IGSP module will receive IGMP as shown in figure 1
The port maintenance of membership report's message is the member port of corresponding multicast group.
In existing realization, IGSP module ties up the port for receiving the universal group polling message of IGMP or PIM hello packet
It, can also be according to maximum response time (Max Resp Time) field in the universal group polling message of IGMP when shield is router port
Retention time (Holdtime) field value is arranged the ageing timer of the router port in value or PIM hello packet.Fortune
The multicast data message that the Layer 2 Multicast equipment of row IGSP can will receive is forwarded to all-router port, if there is maliciously attacking
The person of hitting to a certain router port send Holdtime be never PIM hello packet or Max Resp Time be maximum value
Igmp querying message, then the port maintenance can be the never router port of aging or ageing time overlength by IGSP module,
And received all flux of multicast all can unconditionally be forwarded to the port, this is possible to will cause information leakage.
Summary of the invention
In view of this, can prevent information from letting out the purpose of the present invention is to provide a kind of multicast anti-attack method and device
Dew.
In order to achieve the above object, the present invention provides the following technical scheme that
A kind of multicast anti-attack method, which comprises multicast equipment receives the end that can make the multicast equipment
When mouth becomes the multicast protocol message of router port, judge whether the port deposits according to the link-state information of the port
In risk of attacks, if there is risk of attacks, then forbid the port being added to router port, otherwise, by the port
It is added to router port.
A kind of multicast attack protection device, be applied to multicast equipment in, which is characterized in that described device include: receiving unit,
Judging unit, processing unit;
The receiving unit, receiving for multicast equipment can make the port of the multicast equipment become router port
Multicast protocol message;
The judging unit, for after multicast equipment receives the multicast message, according to the link shape of the port
State information judges the port with the presence or absence of risk of attacks;
The processing unit, if forbidding the port being added to routing for the port there are risk of attacks
Otherwise the port is added to router port by device port.
As can be seen from the above technical solution, in the present invention, when determination needs port being added to router port, according to
Port links status information judges port with the presence or absence of risk of attacks, there are risk of attacks in the case where forbid adding the port
For router port.The present invention is it is possible to prevente effectively from information leakage, for example, when malicious attacker to certain Single port by sending
The PIM hello packet that Holdtime is never or the igmp querying message that Max Resp Time is maximum value, so that the end
It, can by application technical solution of the present invention when mouth is sent out multicast message as router port always and causes information leakage
To find that there are malicious attacks for the port, and then information leakage is avoided by cancelling the port as router port.
Detailed description of the invention
Fig. 1 is the port prior art IGSP relation schematic diagram;
Fig. 2 is multicast anti-attack method flow chart provided in an embodiment of the present invention;
Fig. 3 is one multicast anti-attack method flow chart of the embodiment of the present invention;
Fig. 4 is two multicast anti-attack method flow chart of the embodiment of the present invention;
Fig. 5 is the structural schematic diagram of multicast attack protection device of the embodiment of the present invention.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawing and according to embodiment,
Technical solution of the present invention is described in detail.
Technical solution provided by the present invention can be used in double layer network or between double layer network and three-layer network.
Referring to fig. 2, Fig. 2 is multicast anti-attack method flow chart provided in an embodiment of the present invention, and this method is applied to multicast
Equipment, specifically includes the following steps:
Step 201, multicast equipment either port receive can make the port become router port multicast protocol
Message;
In practical applications, universal group polling message or multicast routing protocol are received in certain Single port of multicast equipment
When hello packet, need for the port to be added to router port, therefore, universal group polling message and multicast routing protocol
Hello packet belongs to being capable of multicast protocol message of the port as router port.It should be noted that in IPv4 network
In, universal group polling message is the universal group polling message of IGMP, and multicast routing protocol hello packet is PIM hello packet;?
In IPv6 network, universal group polling message is the universal group polling message of MLD, and multicast routing protocol hello packet is IPv6 PIM
Hello packet.
Step 202 judges the port according to the link-state information of the port with the presence or absence of risk of attacks, if there is attacking
Risk is hit, then forbid for the port being added to router port and abandons the message, the port is otherwise added to router
Port.
The present embodiment is applied to the multicast protocol module in multicast equipment, the multicast in IPv4 network, in multicast equipment
Protocol module is IGMP Snooping module or the multicast protocol module based on the realization of IGMP Snooping function;In IPv6 net
In network, the multicast protocol module in multicast equipment is MLD Snooping module or the group based on the realization of MLD Snooping function
Broadcast protocol module.
Before this step, multicast protocol module also needs to obtain the link-state information of the port, specifically includes: establishing
The connection of link-state protocol module in multicast equipment sends to be directed to and be somebody's turn to do by the connection to the link-state protocol module
The link state inquiry message of port receives the link-state information for the port that the link-state protocol module returns.
In the present embodiment, the link-state information of port includes: whether that there are link state neighbours.According to the link of port
Status information judges that the port is specifically included with the presence or absence of risk of attacks: if the link-state information of the port shows the port
There is no link state neighbours, it is determined that there are risk of attacks for the port, otherwise, it determines risk of attacks is not present in the port.
When the link-state information according to port determines that there are when risk of attacks, forbid the port being added to road for the port
By device port, the multicast data message that multicast equipment receives will not be sent from the port, so that information will not be from
The port leaks out.
When the link-state information according to port determines that risk of attacks is not present in the port, still according to the place of the prior art
The port is added to router port by reason method, and the multicast data message that multicast equipment receives will all be transferred from the port
It goes.
Below with reference to two specific embodiments, realization principle of the invention is described in detail.
It is one multicast anti-attack method flow chart of the embodiment of the present invention referring to 3, Fig. 3, this method is applied in multicast equipment
Multicast protocol module, mainly comprise the steps that
Step 301, multicast protocol module and local link layer state protocol module establish connection.
Multicast protocol module and link state module are configured in multicast equipment.In general, in multicast equipment
Multicast protocol module and link-state protocol module default be starting, therefore, multicast protocol module can directly establish with
Connection between link-state protocol module.
However, it is contemplated that it is also likely to be present the starting of multicast protocol module, and the situation that link-state protocol module is inactive,
In order to guarantee that multicast protocol module in multicast equipment and link-state protocol module can be successfully established connection, multicast protocol mould
Block trigger link status protocol module can start simultaneously when starting, so that multicast protocol module be made to assist in foundation and link state
Before discussing the connection between module, two modules are startings.
In addition, in adjacent multicast equipment, it is also possible to there are the link-state protocol module startings in a multicast equipment, and
The inactive situation of link-state protocol module in another multicast equipment.In order to guarantee under normal circumstances adjacent multicast equipment it
Between can set up neighborhood by respective link-state protocol module, the starting of multicast protocol module in multicast equipment
Afterwards, the port that local area network can also be connected to from each of multicast equipment, which is sent, is used to indicate opposite end multicast equipment starting link shape
The notice message of state protocol module, so that opposite end multicast equipment also starts the link-state protocol mould of itself according to notice message
Block, this way it is secured that two neighboring multicast equipment is before establishing neighbours' connection, link-state protocol module is opened
Dynamic.Here, the local area network must enable multicast.After opposite end multicast equipment receives the notice message, start local
Link-state protocol module.After multicast equipment and opposite end multicast equipment start link-state protocol module, chain can be carried out
The interaction of line state protocol massages.Link-state protocol module is by periodically sending hello packet, maintenance link state to neighbours
Neighborhood.
Step 302, multicast protocol module receive universal group polling message or multicast path in the either port of multicast equipment
When by agreement hello packet, pass through the link shape that the port is obtained with the connection of local link-state protocol module of foundation
State information.
In the prior art, multicast equipment receives universal group polling message or multicast routing protocol in certain Single port
When hello packet, need the port being added to router port.In the present embodiment, multicast equipment is received in certain Single port
When to universal group polling message or multicast routing protocol hello packet, be not the port is directly added to router port, and
It is first to determine whether to the port being added to router port with the presence or absence of risk of attacks according to the port.
For the either port of multicast equipment, local link-state protocol module can pass through the port and opposite end
Link-state protocol module in multicast equipment carries out link-state protocol interaction, to know the link state letter of the port
Breath.Again because multicast protocol module is established and connect with the link-state protocol module of local, can by the connection to
The link-state information of either port in local link-state protocol module request multicast equipment.
In this step, multicast protocol module receives universal group polling message or multicast path in the either port of multicast equipment
When by agreement hello packet, the link-state information for obtaining the port is just gone.In practical implementations, multicast protocol module can also
Periodically to go to obtain the link-state information of all of the port by the connection with link-state protocol module established, in this way, working as
When wherein either port receives the message that the port can be made to become router port, there is no need to temporarily go acquisition again
The link-state information of the port, but directly go to judge the end using the link-state information of the port obtained before this
Mouth whether there is risk of attacks.
Multicast protocol module and link-state protocol module, which establish connection, can use various existing methods, such as in link
An interface module is provided in status protocol module, multicast protocol module is assisted by calling the interface module to establish with link state
The problem of connection of view module, this belongs to Project Realization, it will not go into details.
The chain that a port is obtained with the connection of local link-state protocol module that multicast protocol module passes through foundation
Line state information method particularly includes: send the link for being directed to the port to local link-state protocol module by the connection
Status inquiry message receives the link-state information for the port that local link-state protocol module returns.
Step 303 judges that the port whether there is risk of attacks according to the link-state information of the port, if it is,
Step 304 is executed, otherwise, executes step 305.
Here, the link-state information of port includes: whether that, there are link state neighbours, a mark, which can be used, to be indicated
With the presence or absence of link state neighbours, for example, two values of the traffic sign placement, one of value (such as 1) show that the port exists
Link state neighbours, another value (such as 0) show that there is no link state neighbours for the port.
Under normal circumstances, two multicast equipments, which by respective link-state protocol module establish agreement and connect and pass through, builds
Vertical connection interactive link status information, when which does not disconnect, the two multicast equipments link state neighbours each other, accordingly
In the link-state information of connectivity port, the mark for indicating that the port whether there is link state neighbours is that there are links for the port
The corresponding value of state neighbours;After the connection disconnects, the two multicast equipments no longer link state neighbours each other, corresponding connecting pin
In the link-state information of mouth, the mark for indicating that the port whether there is link state neighbours is that there is no link states for the port
The corresponding value of neighbours.
Step 304 forbids for the port being added to router port, and abandons the universal group polling message received or group
Routing Protocol hello packet is broadcast, this process is terminated.
When link state neighbours are not present in a port, which cannot be used as router port, otherwise there is letter
Cease the possibility of leakage.Therefore, if certain Single port in multicast equipment receives universal group polling message or multicast routing protocol
When hello packet, if the link-state information of the port shows that there is no link state neighbours for the port, illustrate to have occurred different
Reason condition, which may be subject to attacks, therefore there are risk of attacks, the port should not be added to router port.
The port is added to router port by step 305.
When a port is there are when link state neighbours, which can be used as router port.Therefore, if
When certain Single port of multicast equipment receives universal group polling message or multicast routing protocol hello packet, if the chain of the port
Line state information shows that there are link state neighbours for the port, then illustrates that the port is not affected by attack, and risk of attacks is not present, this
The port can be added to router port in the case of kind.
Timer is arranged for the port in step 306, setting one, and recycles the following operation of execution: if the timer is super
When, then the link-state information of the port is reacquired, and judge whether the port deposits according to the link-state information of the port
In risk of attacks, if there is risk of attacks, then cancel the port as router port, otherwise end loop operation continues
It safeguards that the port is router port, and is again started up timer.Further, when being again started up timer, timer
Timing length can be constant, also can change, and the timing length of the timer is such as increased a random value.It is fixed in initial setting up
When device when, timer duration can be set to default router port ageing time, hereafter it is every wheel circulation operation in,
A value can be randomly choosed in a pre-set value interval (such as [1,10]), it is random that timer duration is increased this
Value.
After a port is added to router port, by the way that timer is arranged for the port, at regular intervals
The link-state information of the port is inquired, so as to detect whether the port risk of attacks occurs in time, and is being gone out
Cancel the port when existing risk of attacks as router port (also will the port delete from router port list), thus
No longer received multicast data message is sent from the port, to avoid the information leakage for causing the port.
It should be noted that in practical implementations, a timing can also be arranged for each port in multicast equipment
Device once should can be inquired if a port is arranged to router port in each timer time of the port
The link-state information of port, when the link-state information for finding the port shows that link state neighbours are not present in the port,
It is assured that there are risk of attacks for the port, therefore cancels the port as router port.
It is two multicast anti-attack method flow chart of the embodiment of the present invention referring to 4, Fig. 4, this method is applied in multicast equipment
Multicast protocol module, mainly comprise the steps that
Step 401, multicast protocol module establish the connection between the link layer state protocol module of local.
Step 402, the universal group polling message of either port reception or multicast routing protocol hello packet in multicast equipment
When, pass through the link-state information that the port is obtained with the connection of local link-state protocol module of foundation.
Step 403 judges that the port whether there is risk of attacks according to the link-state information of the port, if it is,
Step 404 is executed, otherwise, executes step 405.
Step 404 forbids for the port being added to router port, and abandons the universal group polling message received or group
Routing Protocol hello packet is broadcast, this process is terminated.
The port is added to router port by step 405.
Above-mentioned steps 401-405 is identical as the step 301-305 in embodiment one respectively.
Step 406, to the link-state information of the local link-state protocol Module registers port.
It is specifically included to the link-state information of the local link-state protocol Module registers port: to local link
Status protocol module sends the registration request of the link-state information for the port, and local link-state protocol module receives
The link-state information of the port is registered after to the registration request.
Since the port is added to router port, to the end of local link-state protocol Module registers
It is that there are link shapes for showing the port with the presence or absence of the value of the mark of link state neighbours in the link-state information of mouth
The corresponding value of statistical indicant of state neighbours.
When step 407, local link-state protocol module detect that the link-state information of the port changes, to multicast
Protocol module, which is sent, is used to indicate the notice message that the link-state information of the port changes.
Link-state protocol module in the opposite end multicast equipment of local link-state protocol module and the port carries out
Protocol interaction, when connecting disconnection when the agreement between the link-state protocol module in the multicast equipment of opposite end, on the port
Link state neighbours are deleted, which no longer has link state neighbours, and the link-state information of the port is caused to change.
Multicast protocol module is local to after the link-state information of local link-state protocol Module registers Single port
Link-state protocol module the link-state information of the port can be monitored, when monitor the port link state believe
It ceases (for example whether there are link state neighbours) to change, then can send the link shape for being used to indicate the port to multicast protocol module
The notice message that state information changes carries the link-state information after the port changes, multicast protocol module evidence in notice message
This notice message can determine that the link-state information of the port changes.
It should be noted that link-state protocol module can only change in the link-state information for detecting port
When send notice message, in this case, multicast protocol module can cancel the port as router port accordingly.In addition,
Link-state protocol module can also send notice message when any link-state information for detecting port changes,
In this case, multicast protocol module first judge whether be the port link-state information: link state neighbours change,
It is to cancel the port as router port, otherwise, does not execute and cancel the port as router port.
It should be noted that judging of changing of link-state information above-mentioned on condition that: link-state information is deposits
In link state neighbours.
What step 408, multicast protocol module received that local link-state protocol module sends is used to indicate the port
Link-state information change notice message, cancel the port as router port.
After a port is added to router port, local link-state protocol module is detecting the port
It is logical by changing in time to the link-state information that the transmission of multicast protocol module is used to indicate the port when link-state information
Know message, equally can find in time whether the port risk of attacks occurs, and cancels port work when there is risk of attacks
For router port (also will the port deleted from router port list), believe so as to avoid revealing from the port
Breath.
The present embodiment compared with embodiment one, can also effectively reduce multicast protocol module and link-state protocol module it
Between information exchange.
Multicast anti-attack method of the present invention is described in detail above, the present invention also provides a kind of multicast attack protections
Device is illustrated below with reference to Fig. 5.
It is the structural schematic diagram of multicast attack protection device of the embodiment of the present invention referring to Fig. 5, Fig. 5, which is applied to multicast
In equipment, as shown in figure 5, the device includes: receiving unit 501, judging unit 502, processing unit 503;Wherein,
Receiving unit 501, for receiving the group that the port can be made to become router port in each port of multicast equipment
Broadcast protocol massages;
Judging unit 502, for receiving unit 501 the either port of multicast equipment receive universal group polling message or
After multicast routing protocol hello packet, judge the port with the presence or absence of attack according to the link-state information of the either port
Risk;
Processing unit 503, if forbidding adding the either port for the either port there are risk of attacks
For router port and the message is abandoned, otherwise, the either port is added to router port.
In Fig. 5 shown device, the link-state information of port includes: whether that there are link state neighbours;
The judging unit judges the port with the presence or absence of risk of attacks according to the link-state information of the either port
When, it is used for: if the link-state information of the port shows that there is no link state neighbours for the port, it is determined that the port exists
Risk of attacks, otherwise, it determines risk of attacks is not present in the port.
Fig. 5 shown device further includes acquiring unit 504;
Whether the acquiring unit 504 judges the port according to the link-state information of the port for judging unit 502
There are the link-state information for before risk of attacks, obtaining the port, specifically: pass through foundation and the link in multicast equipment
The connection of status protocol module sends the link state inquiry message for being directed to the port to the link-state protocol module, receives
The link-state information for the port that the link-state protocol module returns.
In one embodiment of the invention,
When the port is added to router port by the processing unit 503, timer is set further directed to the port,
And recycle the following operation of execution:
If the timer expiry, the link-state information of the port is reacquired, and according to the link of the port
Status information judges that the port is then cancelled as router side if there is risk of attacks with the presence or absence of risk of attacks in the port
Mouthful, otherwise end loop operation continues to safeguard that the port is router port, and by the timer duration of the timer
The timer is again started up after increasing a random value.
In another embodiment of the present invention,
When the port is added to router port by the processing unit 503, further sent out to link-state protocol module
Card for the port link-state information registration request so that port described in the link-state protocol module monitors chain
Line state information, if receiving the notice report sent when link-state information of the link-state protocol module in the port changes
Text then cancels the port as router port.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention
Within mind and principle, any modification, equivalent substitution, improvement and etc. done be should be included within the scope of the present invention.
Claims (10)
1. a kind of multicast anti-attack method is applied in multicast equipment, which is characterized in that the described method includes:
Multicast equipment receives when the port of the multicast equipment can be made to become the multicast protocol message of router port, according to
The link-state information of the port judges the port with the presence or absence of risk of attacks, if there is risk of attacks, then forbid by
The port is added to router port, otherwise, the port is added to router port;
Wherein, the link-state information of the port includes: whether that there are link state neighbours;
The link-state information according to the port judges that the port whether there is risk of attacks, specifically: if institute
The link-state information for stating port shows that there is no link state neighbours for the port, it is determined that the port has attack wind
Danger, otherwise, it determines risk of attacks is not present in the port.
2. the method according to claim 1, wherein the multicast equipment includes multicast protocol module and link shape
State protocol module;The method is applied to the multicast protocol module in multicast equipment;
Judge that the port with the presence or absence of before risk of attacks, further comprises: obtaining according to the link-state information of the port
The link-state information for taking the port, specifically includes: establishing the connection with the link-state protocol module, Xiang Suoshu link
Status protocol module sends the link state inquiry message for being directed to the port, and receives the link-state protocol module and return
Link-state information.
3. according to the method described in claim 2, it is characterized in that, the port is added to router port, the method
Further include: timer is arranged to the port, and recycles the following operation of execution:
If the timer expiry, the link-state information of the port is reacquired, and according to the link of the port
Status information judges the port with the presence or absence of risk of attacks, if there is risk of attacks, then cancels the port as routing
Otherwise device port, end loop operation continue to safeguard that the port is router port, and be again started up the timer.
4. according to the method described in claim 2, it is characterized in that, the port is added to router port, the method
Further include: Xiang Suoshu link-state protocol module sends the registration request of the link-state information for the port, so that institute
The link-state information of port described in link-state protocol module monitors is stated, is existed if receiving the link-state protocol module
The notice message that the link-state information of the port is sent when changing, then cancel the port as router port.
5. according to the method described in claim 2, it is characterized in that,
The link-state protocol module receives the link state inquiry report for the port of multicast protocol module transmission
Wen Shi inquires the link-state information of the port, and the link-state information of the port is returned to multicast protocol module.
6. according to the method described in claim 2, it is characterized in that,
The link-state protocol module receives multicast protocol module and asks for the registration of the link-state information of the port
When asking, the link-state information of the port is registered, and return to notice message when the link-state information of the port changes.
7. a kind of multicast attack protection device is applied in multicast equipment, which is characterized in that described device includes: receiving unit, sentences
Disconnected unit, processing unit;
The receiving unit receives the multicast that the port of the multicast equipment can be made to become router port for multicast equipment
Protocol massages;
The judging unit, for after multicast equipment receives the multicast protocol message, according to the link shape of the port
State information judges the port with the presence or absence of risk of attacks;
The processing unit, if forbidding the port being added to router side for the port there are risk of attacks
Mouthful, otherwise, the port is added to router port;
Wherein, the link-state information of port includes: whether that there are link state neighbours;
When the judging unit judges the port with the presence or absence of risk of attacks according to the link-state information of the port, use
In: if the link-state information of the port shows that there is no link state neighbours for the port, it is determined that deposit the port
In risk of attacks, otherwise, it determines risk of attacks is not present in the port.
8. device according to claim 7, which is characterized in that the multicast equipment includes multicast protocol module and link shape
State protocol module;Described device is applied to the multicast protocol module, and described device further includes acquiring unit;
The acquiring unit, for judging that the port whether there is according to the link-state information of the port in judging unit
Before risk of attacks, the link-state information of the port is obtained, is specifically included: established and the link-state protocol module
Connection, Xiang Suoshu link-state protocol module sends the link state inquiry message for being directed to the port, and receives the link
The link-state information that status protocol module returns.
9. device according to claim 8, which is characterized in that
The port is added to router port by the processing unit, further comprises: for the port, timer is set,
And recycle the following operation of execution:
If the timer expiry, the link-state information of the port is reacquired, and according to the link of the port
Status information judges the port with the presence or absence of risk of attacks, if there is risk of attacks, then cancels the port as routing
Otherwise device port, end loop operation continue to safeguard that the port is router port, and be again started up the timer.
10. device according to claim 8, which is characterized in that
The port is added to router port by the processing unit, further comprises: Xiang Suoshu link-state protocol module
The registration request for sending the link-state information for the port, so that port described in the link-state protocol module monitors
Link-state information, if receive the link-state protocol module the port link-state information change when hair
The notice message sent then cancels the port as router port.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510730727.XA CN105592063B (en) | 2015-10-30 | 2015-10-30 | A kind of multicast anti-attack method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510730727.XA CN105592063B (en) | 2015-10-30 | 2015-10-30 | A kind of multicast anti-attack method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105592063A CN105592063A (en) | 2016-05-18 |
CN105592063B true CN105592063B (en) | 2019-04-12 |
Family
ID=55931280
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510730727.XA Active CN105592063B (en) | 2015-10-30 | 2015-10-30 | A kind of multicast anti-attack method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105592063B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10142239B2 (en) * | 2017-02-27 | 2018-11-27 | Juniper Networks, Inc. | Synchronizing multicast state between multi-homed routers in an Ethernet virtual private network |
CN114221775A (en) * | 2020-09-18 | 2022-03-22 | 北京金山云网络技术有限公司 | Early warning method and device for dangerous port, cloud server and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101207473A (en) * | 2006-12-18 | 2008-06-25 | 中兴通讯股份有限公司 | Method for multicast implementation of switch-in layer network in IPTV system |
CN101547100A (en) * | 2009-05-07 | 2009-09-30 | 杭州华三通信技术有限公司 | Method and system for multicast receiving control |
CN102111279A (en) * | 2011-02-28 | 2011-06-29 | 杭州华三通信技术有限公司 | Method and equipment for transmitting multicast data |
CN102368707A (en) * | 2011-10-31 | 2012-03-07 | 华为技术有限公司 | Method, equipment and system for multicast control |
CN102905199A (en) * | 2012-09-28 | 2013-01-30 | 杭州华三通信技术有限公司 | Implement method and device of multicast service and device thereof |
CN103475591A (en) * | 2013-08-28 | 2013-12-25 | 杭州华三通信技术有限公司 | Method and device for forwarding multicast data and software defined network controller |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7742407B2 (en) * | 2005-11-10 | 2010-06-22 | Scientific-Atlanta, Llc | Quality of service management in a switched digital video environment |
-
2015
- 2015-10-30 CN CN201510730727.XA patent/CN105592063B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101207473A (en) * | 2006-12-18 | 2008-06-25 | 中兴通讯股份有限公司 | Method for multicast implementation of switch-in layer network in IPTV system |
CN101547100A (en) * | 2009-05-07 | 2009-09-30 | 杭州华三通信技术有限公司 | Method and system for multicast receiving control |
CN102111279A (en) * | 2011-02-28 | 2011-06-29 | 杭州华三通信技术有限公司 | Method and equipment for transmitting multicast data |
CN102368707A (en) * | 2011-10-31 | 2012-03-07 | 华为技术有限公司 | Method, equipment and system for multicast control |
CN102905199A (en) * | 2012-09-28 | 2013-01-30 | 杭州华三通信技术有限公司 | Implement method and device of multicast service and device thereof |
CN103475591A (en) * | 2013-08-28 | 2013-12-25 | 杭州华三通信技术有限公司 | Method and device for forwarding multicast data and software defined network controller |
Also Published As
Publication number | Publication date |
---|---|
CN105592063A (en) | 2016-05-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9038182B2 (en) | Method of defending against a spoofing attack by using a blocking server | |
EP3355514B1 (en) | Method and device for transmitting network attack defense policy and method and device for defending against network attack | |
CN108551446A (en) | SYN message processing methods, device, fire wall and the storage medium of attack protection | |
CN105812318B (en) | For preventing method, controller and the system of attack in a network | |
CN103746885A (en) | Test system and test method oriented to next-generation firewall | |
CN104883360A (en) | ARP spoofing fine-grained detecting method and system | |
CN111200611B (en) | Method and device for verifying intra-domain source address based on boundary interface equivalence class | |
JP2007074734A (en) | System, method and program for identifying source of malicious network message | |
CN102263788A (en) | Method and equipment for defending against denial of service (DDoS) attack to multi-service system | |
CN108605264B (en) | Method and apparatus for network management | |
CN104901953A (en) | Distributed detection method and system for ARP (Address Resolution Protocol) cheating | |
KR20060030037A (en) | Network attack combating method, network attack combating device and network attack combating program | |
CN103428032A (en) | Attack positioning and assistant positioning device and method | |
CN103701818A (en) | ARP (address resolution protocol) attack centralized detection and defense method for wireless controller system | |
CN102868569A (en) | Method, node and system for detecting performance of three-layer virtual private network | |
CN105592063B (en) | A kind of multicast anti-attack method and device | |
CN110191104A (en) | A kind of method and device of security protection | |
CN108574673A (en) | ARP message aggression detection method and device applied to gateway | |
CN101674312A (en) | Method for preventing source address spoofing in network transmission and device thereof | |
CN102347903B (en) | Data message forwarding method as well as device and system | |
CN107690004B (en) | Method and device for processing address resolution protocol message | |
Castelucio et al. | An AS-level overlay network for IP traceback | |
CN103067197B (en) | The method of the dynamic loop detection of gateway device, protection and static loop detection | |
CN103414729B (en) | The detecting system of a kind of routing attack and method | |
CN106878258A (en) | One kind attacks localization method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant after: Xinhua three Technology Co., Ltd. Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant before: Huasan Communication Technology Co., Ltd. |
|
GR01 | Patent grant | ||
GR01 | Patent grant |