CN106131046B - anti-attack processing method and device - Google Patents
anti-attack processing method and device Download PDFInfo
- Publication number
- CN106131046B CN106131046B CN201610662475.6A CN201610662475A CN106131046B CN 106131046 B CN106131046 B CN 106131046B CN 201610662475 A CN201610662475 A CN 201610662475A CN 106131046 B CN106131046 B CN 106131046B
- Authority
- CN
- China
- Prior art keywords
- attack
- acl
- equipment
- mac address
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention provides an anti-attack processing method and device, wherein the method comprises the following steps: the superior equipment locally issues an ACL according to the obtained MAC address of the attack terminal; when the number of the used ACLs reaches a preset ACL threshold value and lower equipment exists under an interface for receiving the attack message, the MAC address of the attack terminal is sent to the lower equipment; and after receiving the MAC address of the attack terminal, the lower-level equipment issues an ACL at the interface which learns the MAC address of the attack terminal, and filters an attack message sent by the attack terminal. The invention can enhance the anti-attack capability of the network and reduce the resource consumption of the BRAS equipment.
Description
Technical Field
The present invention relates to the field of network communication technologies, and in particular, to an anti-attack processing method and apparatus.
Background
PPPoE (Point-to-Point Protocol over Ethernet ) is a technology for forwarding a PPP (Point-to-Point Protocol) frame in Ethernet. With the increasing spread of PPPoE applications, attacks on PPPoE networks are increasingly frequent.
at present, the anti-attack technology mainly uses BRAS (Broadband Remote Access Server) devices in the PPPoE network to perform defense. The BRAS device is responsible for detecting the attack message, and sends the attack user information of the attack message to a hardware Access Control List (ACL), and the attack message is matched and filtered through the ACL. However, the ACL resources of the BRAS device are limited, and when the scale of the attacking user is huge and the ACL resources of the BRAS device are used up, the attacking message is sent to a Central Processing Unit (CPU) for Processing, which causes impact on the CPU.
Disclosure of Invention
the invention aims to provide an anti-attack processing method and an anti-attack processing device, which are used for reducing the impact of an attack message on BRAS equipment.
In order to realize the purpose, the invention provides the technical scheme that:
The invention provides an anti-attack processing method, which is applied to superior equipment and comprises the following steps:
Locally issuing an Access Control List (ACL) according to an acquired Media Access Control (MAC) address of an attack terminal, wherein the ACL is used for filtering an attack message sent by the attack terminal;
and when the number of the used ACLs reaches a preset ACL threshold value and lower equipment exists under an interface for receiving the attack message, transmitting the MAC address of the attack terminal to the lower equipment so that the lower equipment locally transmits the ACL aiming at the MAC of the attack terminal.
The invention also provides an anti-attack processing method, which is applied to lower-level equipment and comprises the following steps:
receiving a Media Access Control (MAC) address of an attack terminal issued by a superior device;
and issuing an ACL at an interface which learns the MAC address of the attack terminal, wherein the ACL is used for filtering an attack message sent by the attack terminal.
The invention also provides an anti-attack processing device, which is applied to superior equipment, and comprises:
the device comprises an ACL issuing unit, an ACL processing unit and a data processing unit, wherein the ACL issuing unit is used for locally issuing an access control list ACL according to an obtained medium access control MAC address of an attack terminal, and the ACL is used for filtering an attack message sent by the attack terminal;
And the MAC issuing unit is used for issuing the MAC address of the attack terminal to the subordinate equipment when the number of the used ACLs reaches a preset ACL threshold value and the subordinate equipment exists under an interface for receiving the attack message, so that the subordinate equipment locally issues the ACL aiming at the MAC of the attack terminal.
the invention also provides an anti-attack processing device, which is applied to lower-level equipment, and the device comprises:
the MAC receiving unit is used for receiving a Medium Access Control (MAC) address of the attack terminal issued by the superior device;
and the ACL issuing unit is used for issuing an ACL at an interface which learns the MAC address of the attack terminal, and the ACL is used for filtering the attack message sent by the attack terminal.
it can be seen from the above description that, in the present invention, when the superior device confirms that its own ACL resources are in short supply, the superior device issues the MAC address of the attack terminal to the inferior device, so that the inferior device generates the ACL for filtering the attack packet according to the MAC address, thereby enhancing the anti-attack capability of the network and reducing the resource consumption of the BRAS device.
drawings
FIG. 1 is a schematic diagram of a PPPoE network shown in accordance with one embodiment of the present invention;
FIG. 2 is a flow diagram illustrating an anti-attack processing method according to one embodiment of the invention;
FIG. 3 is a flow chart of an attack prevention processing method according to another embodiment of the invention;
Fig. 4 is a schematic structural diagram of a superior device/inferior device according to an embodiment of the present invention;
Fig. 5 is a schematic structural diagram of an attack prevention processing apparatus according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an attack prevention processing apparatus according to another embodiment of the present invention.
Detailed Description
reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present invention. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the invention, as detailed in the appended claims.
the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It is to be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present invention. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
The invention provides an anti-attack processing method, which is characterized in that when the superior equipment confirms that the resources of an ACL (access control list) of the superior equipment are in shortage, the MAC address of an attack terminal is sent to the inferior equipment, so that the inferior equipment generates the ACL for filtering an attack message according to the MAC address, thereby enhancing the anti-attack capability of a network and reducing the resource consumption of BRAS (broadband remote access server) equipment.
referring to fig. 1, a PPPoE network is shown in an embodiment of the present invention. The PPPoE network comprises BRAS equipment, switching equipment SW 1-SW 4 and user terminals PC 1-PC 3, and the MAC addresses of the corresponding user terminals are MAC 1-MAC 3. Wherein the BRAS is an upper device of SW1 and SW2, whereas SW1 and SW2 are lower devices of the BRAS; similarly, SW1 is a superior device of SW3 and SW4, whereas SW3 and SW4 are inferior devices of SW 1.
referring to fig. 2, a flowchart of an embodiment of the anti-attack processing method according to the present invention is shown, and the embodiment describes an anti-attack processing procedure from a higher-level device side.
Step 201, locally issuing an ACL according to the obtained MAC address of the attack terminal.
As mentioned above, the upper device in the present invention may be a BRAS device or a switching device.
When the upper level device is a BRAS device, it is responsible for detecting whether the received message is an attack message, for example, counting the number of messages from the same user terminal (the same MAC address) within a certain time, and when the number of messages reaches a preset threshold, it is considered that the message sent by the user terminal is an attack message, and the current user terminal is an attack terminal. And when the received message is determined to be an attack message, acquiring the MAC address of the attack terminal carried by the attack message.
and when the superior equipment is the switching equipment, receiving the MAC address of the attack terminal sent by the superior equipment of the current switching equipment.
And the superior equipment locally issues an ACL according to the obtained MAC address of the attack terminal, and filters the attack message sent by the attack terminal.
step 202, when the number of the used ACLs reaches a preset ACL threshold value and a lower level device exists under an interface for receiving the attack message, the MAC address of the attack terminal is issued to the lower level device.
and the superior equipment judges whether the number of the used ACLs reaches an ACL threshold value, wherein the ACL threshold value is an early warning value of the ACL use condition. When the used ACL quantity does not reach the ACL threshold value, the ACL resources of the superior equipment are abundant, and the superior equipment can filter the attack message of the attack terminal according to the ACL issued locally; when the number of the used ACLs reaches the ACL threshold value, it is indicated that the ACL resources of the superior device are relatively tense, and at this time, it is required to determine whether the inferior device exists under the interface receiving the attack message.
Specifically, the upper device may determine whether the lower device exists under the interface receiving the attack packet through information interaction with the lower device, and obtain an available ACL resource, for example, the number of available ACLs, of the interface on the lower device, where the MAC address of the attack terminal is learned. And when determining that the lower-level equipment under the interface for receiving the attack message has available ACL resources, issuing the MAC address of the attack terminal to the lower-level equipment.
When the superior equipment is BRAS equipment, the interface on the BRAS equipment for receiving the attack message is an interface for detecting the attack message; when the superior device is the switching device, the interface on the switching device for receiving the attack message is the interface for learning the MAC address of the attack terminal.
and the lower-level equipment issues an ACL at the interface which learns the MAC address of the attack terminal according to the MAC address of the attack terminal, and filters the attack message sent by the attack terminal. And simultaneously, feeding back an ACL issuing result to the upper-level equipment.
and the superior equipment receives an ACL issuing result fed back by the inferior equipment, deletes the ACL issued by the local attack terminal when the inferior equipment successfully issues the ACL, and reduces the occupation of the attack on the superior equipment resources.
referring to fig. 3, a flowchart of an embodiment of the anti-attack processing method according to the present invention is shown, and the embodiment describes an anti-attack processing procedure from a lower device side.
Step 301, receiving the MAC address of the attack terminal issued by the upper device.
As described above, the lower device performs information interaction with the upper device, and the lower device notifies the upper device of the available ACL resource of the interface for learning the MAC address of the attack terminal, so that the upper device sends the MAC address of the attack terminal to the lower device when determining that the lower device under the interface for receiving the attack packet has the available ACL resource. Specifically, refer to the description of the upper device side, which is not described herein again.
Step 302, sending down ACL at the interface of the MAC address learned to the attack terminal.
The lower level device can find the interface which learns the MAC address of the attack terminal by inquiring the MAC table, and send the ACL for filtering the attack message to the interface. And determining whether the ACL is successfully issued, and feeding back an ACL issuing result to the upper-level equipment so that the upper-level equipment deletes the ACL issued in the upper-level equipment after confirming that the lower-level equipment successfully issues the ACL, thereby avoiding ACL resource waste.
The information interaction between the upper device and the lower device in the present invention can be realized by extending the existing Protocol, for example, LLDP (Link Layer Discovery Protocol), IS-IS (Intermediate System-to-Intermediate System), and the like.
Now, the LLDP protocol is taken as an example, and the anti-attack processing procedure is described with reference to the networking environment shown in fig. 1.
Firstly, two TLVs (Type-Length-Value ), TLV1 and TLV2 are defined by using the expansion capability of the LLDP protocol, where TLV1 is used to carry available ACL resources of a lower device, and in this embodiment, the available ACL resources are the number of available ACLs, and TLV2 is used to carry an MAC address of an attack terminal issued by an upper device.
Table 1 is an example TLV1 data structure; table 2 is an example TLV2 data structure.
TABLE 1
TABLE 2
Supposing that the BRAS detects an attack message on the interface 1, obtains a user terminal MAC address carried by the attack message, supposing that the user terminal MAC address is MAC1 (namely, the PC1 is an attack terminal), locally issues an ACL, and filters the attack message sent by the PC 1. Meanwhile, whether the number of the used ACLs reaches a preset ACL threshold value is judged, and when the ACL threshold value is reached, the ACL resource shortage is indicated, and whether available ACL resources exist in SW1 under the interface 1 needs to be determined.
specifically, the BRAS sends an LLDP message carrying TLV1 through an interface 1, where a Level field is 0, which indicates that the current device is the BRAS; the ACL No. field may be empty. After receiving an LLDP message carrying TLV1 sent by a BRAS, SW1 counts the number of local available ACLs, and sends the LLDP message carrying TLV1 to the BRAS, wherein a Level field is 1, which indicates the Level of SW1, and SW1 is a lower device of the BRAS; the ACL NO. field is the number of available ACLs for SW 1. The BRAS confirms whether SW1 has any ACL resources available for attack prevention according to the number of available ACLs provided by SW 1.
When the SW1 is confirmed to have available ACL resources, transmitting an LLDP message carrying TLV2 to the SW1, wherein the Status field is 0, which indicates that the current upper-level equipment transmits an attack terminal MAC to the lower-level equipment; the User MAC field is MAC 1; the Aging Time field is the Aging Time for the MAC1 to issue an ACL. After SW1 receives LLDP message carrying TLV2 sent by BRAS, MAC1 is obtained, and ACL of MAC1 is issued locally. And after successful issuing, returning an issuing result to the BRAS through an LLDP message carrying TLV2, wherein the Status field is 1 and indicates that SW1 has issued the ACL of MAC 1. And after receiving the LLDP message which carries the TLV2 and is returned by the SW1, the BRAS deletes the ACL of the MAC1 which is issued locally.
Supposing that after the SW1 issues the ACL of the MAC1, if the ACL number used by the SW1 reaches the ACL threshold value, matching MAC table items, searching and learning an interface (interface 1) of the MAC1, and sending an LLDP message carrying a TLV1 through the interface 1, wherein a Level field is 1 and represents the Level of the SW 1; the ACL No. field may be empty. After receiving the LLDP message carrying TLV1 sent by the SW1, the SW3 counts the number of local available ACLs, and sends the LLDP message carrying TLV1 to the SW1, wherein a Level field is 2, which indicates the Level of the SW3, and SW3 is a lower device of the SW 1; the ACL NO. field is the number of available ACLs for SW 3. SW1 confirms whether SW3 has any ACL resources available for anti-attack according to the number of available ACLs provided by SW 3.
When the SW3 is confirmed to have available ACL resources, transmitting an LLDP message carrying TLV2 to the SW3, wherein the Status field is 0, which indicates that the current upper-level equipment transmits an attack terminal MAC to the lower-level equipment; the User MAC field is MAC 1; the Aging Time field is the Aging Time for the MAC1 to issue an ACL. After receiving the LLDP message carrying TLV2 sent by SW1, SW3 obtains MAC1 and locally issues ACL of MAC 1. After successful delivery, the delivery result is returned to the SW1 through the LLDP message carrying the TLV2, wherein the Status field is 1, which indicates that the SW3 has delivered the ACL of the MAC 1. After the SW1 receives the LLDP message which carries the TLV2 and is returned by the SW3, the ACL of the MAC1 which is issued locally is deleted.
So far, the description of the anti-attack processing procedure, for example, the LLDP protocol, is completed.
Similarly, the information interaction between the superior device and the subordinate device can be realized by utilizing the expansion capability of the IS-IS protocol and carrying the TLV1 and the TLV2 in the IS-IS message (for example, LSP message), thereby completing the anti-attack processing.
Corresponding to the embodiment of the anti-attack processing method, the invention also provides an embodiment of the anti-attack processing device.
The embodiment of the anti-attack processing device can be applied to the superior equipment or the inferior equipment. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. A software implementation is taken as an example, and a logical means is formed by a processor of the device in which it is located running corresponding computer program instructions in a memory. From a hardware aspect, as shown in fig. 4, the hardware structure diagram of the device where the attack prevention processing apparatus is located is shown, except for the processor and the nonvolatile memory shown in fig. 4, the device where the apparatus is located in the embodiment may also include other hardware according to the actual function of the device, which is not described again.
Fig. 5 is a schematic structural diagram of an attack-prevention processing apparatus according to an embodiment of the present invention. The anti-attack processing device comprises an ACL issuing unit 501 and an MAC issuing unit 502, wherein:
An ACL issuing unit 501, configured to locally issue an access control list ACL according to an obtained media access control MAC address of an attack terminal, where the ACL is used to filter an attack packet sent by the attack terminal;
the MAC issuing unit 502 is configured to issue the MAC address of the attack terminal to a lower device when the number of used ACLs reaches a preset ACL threshold and the lower device exists under an interface that receives the attack packet, so that the lower device locally issues an ACL for the MAC of the attack terminal.
Further, the apparatus further comprises:
the MAC issuing unit 502 is specifically configured to issue an MAC address of the attack terminal to a lower device under an interface that receives the attack packet, when the lower device has an available ACL resource;
An ACL deletion unit, configured to receive a result of the lower device issuing an ACL according to the MAC address of the attack terminal after the MAC issuing unit 502 issues the MAC address of the attack terminal to the lower device; and when the lower-level equipment successfully issues the ACL, deleting the ACL issued by the local aiming at the attack terminal.
Further, the apparatus further comprises:
And the information interaction unit is used for performing information interaction with the lower-level equipment and acquiring the available ACL resources of the interface of the MAC address of the attack terminal learned on the lower-level equipment.
further, the apparatus further comprises:
The device comprises an MAC obtaining unit and an ACL issuing unit, wherein the MAC obtaining unit is used for detecting whether a received message is an attack message or not before the ACL issuing unit 501 locally issues an ACL according to an obtained MAC address of an attack terminal when the superior equipment is broadband remote access server BRAS equipment; when the received message is determined to be an attack message, acquiring the MAC address of an attack terminal carried by the attack message; the interface of the BRAS equipment for receiving the attack message is the interface for detecting the attack message; when the upper-level device is a switching device, before the ACL is locally issued by the ACL issuing unit 501 according to the obtained MAC address of the attack terminal, the MAC address of the attack terminal issued by the upper-level device of the switching device is received; the interface of the exchange equipment for receiving the attack message is the interface for learning the MAC address of the attack terminal.
Fig. 6 is a schematic structural diagram of an attack prevention processing apparatus according to an embodiment of the present invention. The anti-attack processing device comprises an MAC receiving unit 601 and an ACL issuing unit 602, wherein:
An MAC receiving unit 601, configured to receive a medium access control MAC address of an attack terminal issued by an upper device;
An ACL issuing unit 602, configured to issue an ACL on an interface where the MAC address of the attack terminal is learned, where the ACL is used to filter an attack packet sent by the attack terminal.
Further, the apparatus further comprises:
An information interaction unit, configured to perform information interaction with a higher-level device before the MAC receiving unit 601 receives an MAC address of an attack terminal sent by the higher-level device, and notify an available ACL resource of an interface that learns the MAC address of the attack terminal, so that the higher-level device sends the MAC address of the attack terminal to a lower-level device when determining that the lower-level device has the available ACL resource.
Further, the apparatus further comprises:
An ACL feedback unit, configured to determine whether to successfully issue an ACL after the ACL is issued by the ACL issuing unit 602 on the interface where the MAC address of the attack terminal is learned; and feeding back an ACL issuing result to the superior equipment, so that the superior equipment deletes the ACL issued by the superior equipment aiming at the attack terminal when determining that the subordinate equipment successfully issues the ACL.
the implementation process of the functions and actions of each unit in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the scheme of the invention. One of ordinary skill in the art can understand and implement it without inventive effort.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (14)
1. An anti-attack processing method applied to a superior device, the method comprising:
Locally issuing an Access Control List (ACL) according to an acquired Media Access Control (MAC) address of an attack terminal, wherein the ACL is used for filtering an attack message sent by the attack terminal;
And when the number of the used ACLs reaches a preset ACL threshold value and lower equipment exists under an interface for receiving the attack message, transmitting the MAC address of the attack terminal to the lower equipment so that the lower equipment locally transmits the ACL aiming at the MAC of the attack terminal.
2. the method as claimed in claim 1, wherein said issuing the MAC address of the attack terminal to the subordinate device comprises:
When available ACL resources exist in lower equipment under an interface for receiving the attack message, the MAC address of the attack terminal is issued to the lower equipment;
After the sending the MAC address of the attack terminal to the subordinate device, the method further includes:
Receiving a result of ACL issued by the lower equipment according to the MAC address of the attack terminal;
And when the lower-level equipment successfully issues the ACL, deleting the ACL issued by the local aiming at the attack terminal.
3. The method of claim 2, wherein the method further comprises:
and performing information interaction with the lower equipment to acquire the available ACL resources of the interface of the MAC address of the attack terminal learned on the lower equipment.
4. The method according to any one of claims 1 to 3, wherein before locally issuing the ACL according to the acquired MAC address of the attack terminal, the method further comprises:
When the superior device is a Broadband Remote Access Server (BRAS) device, detecting whether the received message is an attack message; when the received message is determined to be an attack message, acquiring the MAC address of an attack terminal carried by the attack message; the interface of the BRAS equipment for receiving the attack message is the interface for detecting the attack message;
When the superior device is a switching device, receiving an MAC address of an attack terminal issued by the superior device of the switching device; the interface of the exchange equipment for receiving the attack message is the interface for learning the MAC address of the attack terminal.
5. an anti-attack processing method applied to a subordinate device, the method comprising:
receiving a Media Access Control (MAC) address of an attack terminal issued by a superior device, wherein the MAC address is issued to a subordinate device when the superior device determines that the number of used ACLs reaches a preset ACL threshold value and the subordinate device exists under an interface for receiving an attack message sent by the attack terminal;
and issuing an ACL at an interface which learns the MAC address of the attack terminal, wherein the ACL is used for filtering an attack message sent by the attack terminal.
6. The method as claimed in claim 5, wherein before receiving the MAC address of the attack terminal issued by the upper device, the method further comprises:
and carrying out information interaction with the superior equipment, and notifying and learning the available ACL resources of the interface of the MAC address of the attack terminal, so that the superior equipment sends the MAC address of the attack terminal to the subordinate equipment when determining that the subordinate equipment has the available ACL resources.
7. The method according to claim 5 or 6, wherein after the interface which learns the MAC address of the attack terminal issues the ACL, the method further comprises:
determining whether ACL issuing is successful;
and feeding back an ACL issuing result to the superior equipment, so that the superior equipment deletes the ACL issued by the superior equipment aiming at the attack terminal when determining that the subordinate equipment successfully issues the ACL.
8. An attack prevention processing apparatus applied to a higher-level device, the apparatus comprising:
the device comprises an ACL issuing unit, an ACL processing unit and a data processing unit, wherein the ACL issuing unit is used for locally issuing an access control list ACL according to an obtained medium access control MAC address of an attack terminal, and the ACL is used for filtering an attack message sent by the attack terminal;
and the MAC issuing unit is used for issuing the MAC address of the attack terminal to the subordinate equipment when the number of the used ACLs reaches a preset ACL threshold value and the subordinate equipment exists under an interface for receiving the attack message, so that the subordinate equipment locally issues the ACL aiming at the MAC of the attack terminal.
9. the apparatus of claim 8, wherein the apparatus further comprises:
the MAC issuing unit is specifically configured to issue an MAC address of the attack terminal to a subordinate device under an interface that receives the attack packet, when the subordinate device has an available ACL resource;
An ACL deleting unit, which is used for receiving the result of ACL transmission by the lower equipment according to the MAC address of the attack terminal after the MAC transmitting unit transmits the MAC address of the attack terminal to the lower equipment; and when the lower-level equipment successfully issues the ACL, deleting the ACL issued by the local aiming at the attack terminal.
10. The apparatus of claim 9, wherein the apparatus further comprises:
and the information interaction unit is used for performing information interaction with the lower-level equipment and acquiring the available ACL resources of the interface of the MAC address of the attack terminal learned on the lower-level equipment.
11. The apparatus of any of claims 8 to 10, further comprising:
the device comprises an MAC acquisition unit, an ACL issuing unit and a data processing unit, wherein the MAC acquisition unit is used for detecting whether a received message is an attack message or not before the ACL issuing unit locally issues an ACL according to an acquired MAC address of an attack terminal when the superior equipment is broadband remote access server BRAS equipment; when the received message is determined to be an attack message, acquiring the MAC address of an attack terminal carried by the attack message; the interface of the BRAS equipment for receiving the attack message is the interface for detecting the attack message; when the superior device is a switching device, before the ACL issuing unit locally issues the ACL according to the obtained MAC address of the attack terminal, the MAC address of the attack terminal issued by the superior device of the switching device is received; the interface of the exchange equipment for receiving the attack message is the interface for learning the MAC address of the attack terminal.
12. an attack prevention processing apparatus applied to a subordinate device, the apparatus comprising:
The device comprises an MAC receiving unit and a processing unit, wherein the MAC receiving unit is used for receiving a Media Access Control (MAC) address of an attack terminal sent by an upper-level device, and the MAC address is sent to a lower-level device when the upper-level device determines that the number of ACLs used by the upper-level device reaches a preset ACL threshold value and the lower-level device exists under an interface for receiving an attack message sent by the attack terminal;
and the ACL issuing unit is used for issuing an ACL at an interface which learns the MAC address of the attack terminal, and the ACL is used for filtering the attack message sent by the attack terminal.
13. the apparatus of claim 12, wherein the apparatus further comprises:
And the information interaction unit is used for performing information interaction with the upper equipment before the MAC receiving unit receives the MAC address of the attack terminal sent by the upper equipment, and notifying the available ACL resources of the interface which learns the MAC address of the attack terminal, so that the upper equipment sends the MAC address of the attack terminal to the lower equipment when determining that the lower equipment has the available ACL resources.
14. The apparatus of claim 12 or 13, wherein the apparatus further comprises:
The ACL feedback unit is used for determining whether the ACL is successfully issued after the ACL issuing unit issues the ACL at the interface which learns the MAC address of the attack terminal; and feeding back an ACL issuing result to the superior equipment, so that the superior equipment deletes the ACL issued by the superior equipment aiming at the attack terminal when determining that the subordinate equipment successfully issues the ACL.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610662475.6A CN106131046B (en) | 2016-08-12 | 2016-08-12 | anti-attack processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610662475.6A CN106131046B (en) | 2016-08-12 | 2016-08-12 | anti-attack processing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106131046A CN106131046A (en) | 2016-11-16 |
| CN106131046B true CN106131046B (en) | 2019-12-06 |
Family
ID=57258329
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610662475.6A Active CN106131046B (en) | 2016-08-12 | 2016-08-12 | anti-attack processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106131046B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108076068B (en) * | 2017-12-27 | 2021-05-07 | 新华三技术有限公司 | Anti-attack method and device |
| CN108429731B (en) * | 2018-01-22 | 2021-10-12 | 新华三技术有限公司 | Anti-attack method and device and electronic equipment |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102413054A (en) * | 2011-12-15 | 2012-04-11 | 北京星网锐捷网络技术有限公司 | Method, device and system for controlling data traffic as well as gateway equipment and switchboard equipment |
| CN104202293A (en) * | 2004-02-19 | 2014-12-10 | 洛克威尔自动控制技术股份有限公司 | IP for switch-based ACL |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20140044970A (en) * | 2012-09-13 | 2014-04-16 | 한국전자통신연구원 | Method and apparatus for controlling blocking of service attack by using access control list |
| CN103491076B (en) * | 2013-09-09 | 2017-10-17 | 新华三技术有限公司 | The prevention method and system of a kind of network attack |
-
2016
- 2016-08-12 CN CN201610662475.6A patent/CN106131046B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104202293A (en) * | 2004-02-19 | 2014-12-10 | 洛克威尔自动控制技术股份有限公司 | IP for switch-based ACL |
| CN102413054A (en) * | 2011-12-15 | 2012-04-11 | 北京星网锐捷网络技术有限公司 | Method, device and system for controlling data traffic as well as gateway equipment and switchboard equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106131046A (en) | 2016-11-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101883158B (en) | Method and client for acquiring VLAN (Virtual Local Area Network) IDs (Identifiers) and network protocol addresses | |
| CN110493366B (en) | Method and device for adding access point into network management | |
| CN106559292A (en) | A kind of broad band access method and device | |
| CN104301141B (en) | A kind of method, apparatus and system for preserving configuration information | |
| CN104780232B (en) | A kind of resource allocation methods, controller and system | |
| CN112187740B (en) | Network access control method and device, electronic equipment and storage medium | |
| CN108134856B (en) | Network tree-based virtualized MAC address anti-collision method and device | |
| CN105704256B (en) | A kind of IP address management methods, devices and systems | |
| CN106470253B (en) | IP address recovery method and device | |
| CN105142189B (en) | The roam control method and device of website | |
| EP2218214B1 (en) | Network location service | |
| CN104184708A (en) | Method of inhabiting MAC address attack in EVI (Ethernet Virtualization Interconnection) network and ED (edge device) | |
| CN108712449A (en) | Prevent the method, apparatus and electronic equipment of MAC Address extensive aggression | |
| CN106131046B (en) | anti-attack processing method and device | |
| CN101415002B (en) | Method for preventing message aggression, data communication equipment and communication system | |
| CN107995124B (en) | Traffic scheduling method and device | |
| CN108123955B (en) | Management method, device and equipment of safety table items and machine-readable storage medium | |
| US7756976B2 (en) | Systems and methods for denying rogue DHCP services | |
| CN107579988B (en) | Method and device for configuring security policy | |
| CN107105072B (en) | Method and device for creating ARP (Address resolution protocol) table entry | |
| CN106453367A (en) | Method and system for preventing address scanning attack based on SDN | |
| CN100454825C (en) | Static user access network control method based on MAC address | |
| CN107995125B (en) | Traffic scheduling method and device | |
| CN104994071B (en) | The backup method and device of broadband remote access server equipment | |
| CN107835188A (en) | A kind of equipment safety cut-in method and system based on SDN |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant after: Xinhua three Technology Co., Ltd. Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant before: Huasan Communication Technology Co., Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |