KR101710385B1 - Method, apparatus and computer program for managing arp packet - Google Patents
Method, apparatus and computer program for managing arp packet Download PDFInfo
- Publication number
- KR101710385B1 KR101710385B1 KR1020150141999A KR20150141999A KR101710385B1 KR 101710385 B1 KR101710385 B1 KR 101710385B1 KR 1020150141999 A KR1020150141999 A KR 1020150141999A KR 20150141999 A KR20150141999 A KR 20150141999A KR 101710385 B1 KR101710385 B1 KR 101710385B1
- Authority
- KR
- South Korea
- Prior art keywords
- arp
- packet
- gateway
- request packet
- arp request
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/22—Arrangements for preventing the taking of data from a data transmission channel without authorisation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
Abstract
Description
The present invention relates to a method for controlling a software defined network. More particularly, the present invention relates to a method for managing an ARP packet for a gateway of a network in order to defend against an ARP spoofing attack in a software defined network.
Software Defined Networking (SDN) is a technology that manages all the network devices in the network by an intelligent central management system. In the SDN technology, a controller provided in a software form instead of a control operation related to packet processing performed in a network device of existing hardware type has a merit in that it can develop and assign various functions over an existing network structure .
The SDN system generally comprises a controller server for controlling the entire network, a plurality of open flow switches controlled by the controller server for processing packets, and a host corresponding to a lower layer of the open flow switch. Here, the open flow switch is only responsible for transmitting and receiving packets, and routing, management, and control of the packets are all performed in the controller server. In other words, separating the data planes and control planes that form the network equipment is the basic structure of the SDN system.
Open Networking Foundation, "OpenFlow Specification 1.5.0"
SUMMARY OF THE INVENTION It is an object of the present invention to provide a method and apparatus capable of effectively blocking ARP spoofing in a software defined network while ensuring flexibility in network operation for ARP management.
A method for managing an ARP packet in a software defined network according to an embodiment of the present invention includes: setting a switch such that the controller processes an ARP packet for an IP of the gateway according to a flow table; And blocking the host that generated the ARP response packet if an ARP response packet for the IP of the gateway is found.
Further, a method for managing an ARP packet in a software defined network according to an embodiment of the present invention includes: setting, in a switch, processing of an ARP packet for an IP of a gateway according to a flow table; And blocking the host that has generated the ARP response packet if an ARP response packet for the IP address of the gateway is found.
Meanwhile, a controller for managing an ARP packet in a software defined network according to an embodiment of the present invention includes a communication unit for connecting to a switch via a network; And a controller for setting a switch to process the ARP packet for the IP of the gateway according to the flow table and for blocking the host which has generated the ARP response packet if an ARP response packet for the IP of the gateway is found .
Further, a switch for managing an ARP packet in a software defined network according to an embodiment of the present invention includes: a communication unit for connecting to a controller via a network; And a controller for setting an ARP packet to be processed according to the flow table, and blocking the host that has generated the ARP response packet when an ARP response packet for the IP of the gateway is found.
In addition, a computer program recorded on a computer readable medium for executing a process of managing an ARP packet in a software defined network according to an embodiment of the present invention in a controller server may further include a step of processing the ARP packet for the IP of the gateway according to the flow table A function of setting a switch; And blocking a host that has generated the ARP response packet if an ARP response packet for the IP address of the gateway is found.
Further, a computer program recorded on a computer readable medium for executing in the switch the process of managing ARP packets in a software defined network according to an embodiment of the present invention is configured to process ARP packets for the IP of the gateway according to a flow table Function; And blocking a host that has generated the ARP response packet if an ARP response packet for the IP address of the gateway is found.
According to the present invention, there is an effect that the controller processes the ARP packet for the gateway, thereby preventing the ARP spoofing fundamentally without changing the gateway or the host, and blocking the host attempting the ARP spoofing.
1 is a diagram for explaining the configuration of a software defined network;
2 is a diagram for explaining ARP spoofing;
3 is a flowchart for explaining a method of managing an ARP packet in an SDN according to an embodiment of the present invention
It is to be understood that the present invention is not limited to the description of the embodiments described below, and that various modifications may be made without departing from the technical scope of the present invention. In the following description, well-known functions or constructions are not described in detail since they would obscure the invention in unnecessary detail.
In the drawings, the same components are denoted by the same reference numerals. And in the accompanying drawings, some of the elements may be exaggerated, omitted or schematically illustrated. It is intended to clearly illustrate the gist of the present invention by omitting unnecessary explanations not related to the gist of the present invention. Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings.
It should be understood that the term " flow rule " in the context of the present invention means a network policy applied by a controller server in a software defined network in the context of a skilled artisan.
Further, in the present specification, the
1 is a diagram for explaining a configuration of a software defined network. Referring to FIG. 1, a software defined network may include a
The
The
In the software defined network, the
According to the open flow protocol, the
On the other hand, in the software defined network, the transmission between the
ARP, or Address Resolution Protocol, is a protocol used to map an IP address to a physical network address, such as a MAC address, on a network. Where the physical network address may include the network card address of the Ethernet.
For example, if Host A tries to send an IP packet to Host B, but does not know the physical network address of Host B, it uses ARP protocol to broadcast an ARP Request packet containing the IP address of Destination B on the network )can do. When the host B receives the ARP request packet for its own IP address, it will send an ARP reply packet containing its own physical network address to A.
The IP address and the corresponding physical network address information collected in this manner are stored in a memory in a memory called an ARP cache of each IP host, and packet transmission to the host B is processed by referring to the ARP table, The ARP table can be updated periodically.
However, ARP does not consider a means of authenticating the other party. Using this, a malicious attacker can send an ARP reply packet to answer the wrong contents, modulate the ARP table of the network nodes, and intercept the data packets.
If this attack is done in a way that modulates the ARP for the gateway, the problem can be serious because an attacker can intercept or tamper with every packet sent outside the local network.
A more detailed description of the ARP attack will be described later with reference to FIG. 2 attached hereto.
In the example shown in Figure 2, the local network comprises, for example, a
In this case, the hosts A and B may store the IP address and the MAC address of the
However, if host A wishes to intercept host B's packets, attacker A can continuously modulate the ARP table of host B by sending an ARP message continuously.
For example, attacker A can modulate the ARP table of the host B by continuously transmitting an ARP response packet corresponding to the IP address of the gateway to its MAC address. Host B, whose ARP table has been tampered with, will mistake the MAC address of attacker A as the MAC address corresponding to the IP of the gateway and send all packets to A to be sent out.
In this way, ARP spoofing is an attack that uses the loophole of the ARP protocol to deceive the MAC address of another computer as the MAC address of the other computer.
In particular, an attacker can intercept all packets leaving the local area by tricking the MAC address of the attacker into the MAC address of the gateway. If the attacker intercepts and modulates the intercepted packet and sends it back to the gateway, it is difficult for the attacker to recognize the attack.
In order to prevent such ARP spoofing, conventionally, a static ARP table has been operated or a method of monitoring ARP spoofing in a local network has been adopted.
First, the defensive method of setting the static ARP table can be implemented to statically define the local ARP cache to ignore the ARP message or ignore the packet having the MAC address other than the specific MAC address.
This approach can fundamentally defend ARP spoofing, but at the same time, it creates problems that can degrade the flexibility and efficiency of network operations. For example, if the gateway's MAC address changes, you need to reset the ARP table for all nodes in the network.
Second, the method of monitoring ARP spoofing in the local network is implemented in such a manner that the agent server checks the ARP table of the node to check whether the same MAC address is used in another IP or monitors the occurrence of an abnormally large number of ARP responses . However, there is a problem in that ARP spoofing can not be fundamentally defended due to the postmortem response.
SUMMARY OF THE INVENTION The present invention has been made to solve the above problems.
According to an embodiment of the present invention, the ARP packet for the gateway can be processed through the controller without following the conventional broadcast-based ARP packet processing procedure. In a software-defined network, the controller can centrally control the nodes in the network, allowing the controller to control the processing of ARP packets to the gateway, thus blocking ARP spoofing.
For example, if the ARP packet received by the switch is an ARP request message for the gateway, the switch may be controlled to send it to the controller in the form of a packet, which is a packet, without broadcasting it. The controller may then send an ARP Response message containing the MAC address of the gateway to the switch in the form of a packet out message.
As another example, if the ARP packet received by the switch is an ARP request message for the gateway, the switch can be controlled to send an ARP response message to the host with reference to the flow table, without broadcasting it, to the host. In this case, the flow rule will be updated by the controller when the MAC address of the gateway is changed.
This does not occur under normal circumstances when the switch receives an ARP reply to the gateway from a source other than the controller. That is, the ARP response message can exist only when the attacker attempts to spoof ARP.
Therefore, if the ARP packet received by the switch is an ARP response message to the gateway, the source host of the packet can be determined to be an attacker. Thereafter, according to the embodiment of the present invention, if a switch drops a corresponding packet or transmits a packet to the controller in the form of a packet in which the packet is sent to the controller, the controller can prevent the ARP spoofing by blocking the source host of the packet.
A more specific method will be described later with reference to Fig. 3 attached hereto.
3 is a diagram for explaining a process of processing an ARP packet in a software defined network according to an embodiment of the present invention.
In
In
According to an embodiment of the present invention, the flow rules may specify for the processing of ARP requests and / or response packets for the IP of the gateway.
First, the flow rule for processing an ARP request does not broadcast the ARP request packet to the IP of the gateway but sends it to the controller as a packet-in message as shown in Table 1, or changes to an ARP response packet as shown in Table 2 To be sent to the source host.
2. Send to controller (send to controller)
2. Record the gateway MAC address in the OXM_OF_ARP_SHA field
3. Transfer to the incoming port
In particular, according to the flow rule illustrated in Table 2, the switch can change the ARP request packet for the IP address of the gateway to the ARP response packet including the MAC address of the gateway.
More specifically, according to the embodiment of the present invention, the header OXM_OF_ARP_OP field of the ARP request packet received by the switch is changed from REQUEST to REPLY using the Set-Field action defined in the open flow standard, and the OXM_OF_ARP_SHA field is set to the gateway MAC address Can be set to be recorded. Further, it is possible to change the source IP and the destination IP of the packet received in the Set-Filed action to the gateway and the source host, respectively. In this manner, the ARP request packet received by the switch can be changed to the ARP response packet for the gateway have.
According to this, the switch can generate the ARP response packet without transmitting the ARP request packet to the controller or the network, thereby improving the performance of the network. Further, the flow rule as shown in Table 2 can be updated when the MAC address of the gateway is changed.
Second, the flow rule processing the ARP response may instruct the ARP reply packet for the IP of the gateway to be dropped, as shown in Table 3, or to be sent to the controller as a packet, as shown in Table 4, without unicasting .
2. Send to controller (send to controller)
The switch will then reflect the received flow rule in the flow table.
If the host sends an ARP request message for the IP address of the gateway to the switch at
More specifically, if a flow rule such as Table 1 has been applied to the switch, after
On the other hand, when the flow rule as shown in Table 2 is applied to the switch, after the
On the other hand, if the host sends an ARP response message to the switch for the IP address of the gateway in
More specifically, when the flow rule as shown in Table 3 is applied, the switch can drop the ARP packet for the IP of the gateway. (Step 360)
As another example, when the flow rule as shown in Table 4 is applied, the switch can transmit the ARP response to the controller in the form of a message in which the packet is a packet. (Step 370), the controller can block the source host of the packet. (Step 375). For example, the controller transmits a flow change command (OFPT_FLOW_MOD) instructing to drop all packets having the IP of the source host or a port change command (OFPT_PORT_MOD) You can block the source host in such a way.
Meanwhile, although not shown separately in FIG. 3, according to an embodiment of the present invention, the controller may further determine the MAC address of the gateway after
The above steps can be implemented by the following embodiments.
The first embodiment is a case in which the virtual IP of the gateway is used. The actual IP of the gateway is known only to the controller, and other nodes in the network can be configured to use the gateway's virtual IP.
According to this, even if the MAC address of the gateway is changed, when the controller receives the ARP request message for the virtual IP of the gateway, it converts the ARP request message into the ARP request message for the actual IP of the gateway and broadcasts the ARP request message. And obtain the MAC address of the changed gateway.
The second embodiment is a method of manually entering the MAC address of the controller into the ARP table of the controller or maintaining the ARP connection with the gateway only through a specific port of the controller.
According to this, when the MAC address of the gateway is changed, the administrator needs to directly change the ARP table of the controller or the administrator's own port of the controller. This is a static method, but the efficiency of the network operation does not drop much because only one controller, not all nodes of the network, needs to be changed, unlike the conventional one.
The third embodiment is a method for confirming the MAC address of the gateway through the authentication process without following the ARP protocol. According to this, an agent is installed in each of the gateway and the controller, and the MAC address of the gateway can be grasped by periodically checking the MAC address through the authentication process.
The embodiments of the present invention disclosed in the present specification and drawings are intended to be illustrative only and not intended to limit the scope of the present invention. It is to be understood by those skilled in the art that other modifications based on the technical idea of the present invention are possible in addition to the embodiments disclosed herein.
100: controller
200: Network equipment
300, 25, 35: Host
10: Gateway
20, 30: switch
Claims (12)
The controller establishing a switch to process the ARP packet for the IP of the gateway according to the flow table; And
And blocking the host that generated the ARP response packet if an ARP response packet for the IP of the gateway is found,
Wherein the setting step comprises:
The ARP request packet is converted into an ARP reply packet for the MAC address of the gateway without sending an ARP request packet for the IP address of the gateway or transmitting the ARP request packet to the controller and instructing the ARP request packet to be transmitted to the port on which the ARP request packet is received And sending a flow rule to the switch.
And setting the switch to convert the ARP request packet into an ARP response packet for the MAC address of the gateway, including an instruction to change an ARP type and an MAC address in the header of the ARP request packet ARP packet management method.
Sending a flow rule instructing to drop an ARP response packet to the IP of the gateway or a flow rule instructing the controller to send an ARP response packet for the IP of the gateway to the controller in the form of a packet Characterized in that the ARP packet management method comprises:
Transmitting a port change command for bringing down a port to which a host transmitting the ARP response packet is connected or a flow change command for dropping all packets transmitted by the host to the switch; .
Wherein the setting step is a step of transmitting to the switch a flow rule instructing to transmit to the controller in the form of a message that is a packet without broadcasting an ARP request packet for the IP of the gateway,
Receiving an ARP request packet for the IP of the gateway from the switch in the form of a packet, and transmitting an ARP response packet for the MAC address of the gateway to the switch; .
Receiving an ARP request packet including a virtual IP of the gateway, converting the virtual IP into an actual IP for the IP of the gateway, and broadcasting an ARP request packet.
Setting, in the switch, to process an ARP packet for the IP of the gateway according to a flow table;
And blocking the host that generated the ARP response packet if an ARP response packet for the IP of the gateway is found,
Wherein the setting step comprises:
A flow for instructing to convert the ARP request packet into an ARP response packet for the MAC address of the gateway and transmit the ARP request packet to the port on which the ARP request packet is received without broadcasting an ARP request packet for the IP of the gateway or transmitting the ARP request packet to the controller And applying a rule to the ARP packet.
A communication unit for connecting the switch and the network; And
And a control unit for setting a switch to process the ARP packet for the IP of the gateway according to the flow table and for blocking the host which has generated the ARP response packet when an ARP response packet for the IP of the gateway is found,
Wherein,
The ARP request packet is converted into an ARP reply packet for the MAC address of the gateway without sending an ARP request packet for the IP address of the gateway or transmitting the ARP request packet to the controller and instructing the ARP request packet to be transmitted to the port on which the ARP request packet is received And to transmit the flow rule to the switch.
A communication unit connected to the controller via a network; And
And a control unit configured to process the ARP packet according to the flow table and to block the host that has generated the ARP response packet if an ARP response packet for the IP of the gateway is found,
Wherein,
The ARP request packet is converted into an ARP reply packet for the MAC address of the gateway without sending an ARP request packet for the IP address of the gateway or transmitting the ARP request packet to the controller and instructing the ARP request packet to be transmitted to the port on which the ARP request packet is received And a flow rule is applied.
Setting a switch to process the ARP packet for the IP of the gateway along with the flow table; And
When the ARP response packet for the IP address of the gateway is found, the host which has generated the ARP response packet is blocked,
The setting function may include:
The ARP request packet is converted into an ARP reply packet for the MAC address of the gateway without sending an ARP request packet for the IP address of the gateway or transmitting the ARP request packet to the controller and instructing the ARP request packet to be transmitted to the port on which the ARP request packet is received And sending a flow rule to the switch.
A function of setting an ARP packet for the IP of the gateway to be processed along with the flow table; And
When the ARP response packet for the IP address of the gateway is found, the host which has generated the ARP response packet is blocked,
The setting function may include:
A flow for instructing to convert the ARP request packet into an ARP response packet for the MAC address of the gateway and transmit the ARP request packet to the port on which the ARP request packet is received without broadcasting an ARP request packet for the IP of the gateway or transmitting the ARP request packet to the controller And a function of applying a rule to the ARP packet.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150141999A KR101710385B1 (en) | 2015-10-12 | 2015-10-12 | Method, apparatus and computer program for managing arp packet |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150141999A KR101710385B1 (en) | 2015-10-12 | 2015-10-12 | Method, apparatus and computer program for managing arp packet |
Publications (1)
Publication Number | Publication Date |
---|---|
KR101710385B1 true KR101710385B1 (en) | 2017-02-27 |
Family
ID=58315790
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150141999A KR101710385B1 (en) | 2015-10-12 | 2015-10-12 | Method, apparatus and computer program for managing arp packet |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101710385B1 (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101906437B1 (en) | 2016-12-13 | 2018-10-10 | 아토리서치(주) | Method, apparatus and computer program for testing network security policy |
KR20180130802A (en) * | 2017-05-30 | 2018-12-10 | 아토리서치(주) | Method, system and computer program for host secretion in software defined networking environment |
KR101931139B1 (en) | 2017-09-13 | 2018-12-20 | 아토리서치(주) | Method, apparatus, and computer program for verifying host status information in a software defined network |
KR101969304B1 (en) * | 2017-10-26 | 2019-08-20 | 아토리서치(주) | Method and computer program for handling trouble using packet-out message in software defined networking environment |
WO2022103155A1 (en) * | 2020-11-13 | 2022-05-19 | 현대자동차주식회사 | Method and device for arp operation in communication system supporting multiple links |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20070081116A (en) * | 2007-02-09 | 2007-08-14 | 주식회사 코어세스 | Apparatus and method for automatically blocking spoofing by address resolution protocol |
US20150281067A1 (en) * | 2013-12-31 | 2015-10-01 | Huawei Technologies Co.,Ltd. | Method and apparatus for implementing communication between virtual machines |
-
2015
- 2015-10-12 KR KR1020150141999A patent/KR101710385B1/en active IP Right Grant
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20070081116A (en) * | 2007-02-09 | 2007-08-14 | 주식회사 코어세스 | Apparatus and method for automatically blocking spoofing by address resolution protocol |
US20150281067A1 (en) * | 2013-12-31 | 2015-10-01 | Huawei Technologies Co.,Ltd. | Method and apparatus for implementing communication between virtual machines |
Non-Patent Citations (2)
Title |
---|
Open Networking Foundation, "OpenFlow Specification 1.5.0" |
정소영, 네이버 비즈니스 플랫폼 서비스플랫폼개발센터, "클라우드 환경에서 ARP 스푸핑 방지 메커니즘 구현하기" (2013.10.30. 공개) * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101906437B1 (en) | 2016-12-13 | 2018-10-10 | 아토리서치(주) | Method, apparatus and computer program for testing network security policy |
KR20180130802A (en) * | 2017-05-30 | 2018-12-10 | 아토리서치(주) | Method, system and computer program for host secretion in software defined networking environment |
KR101993875B1 (en) * | 2017-05-30 | 2019-06-27 | 아토리서치(주) | Method, system and computer program for host secretion in software defined networking environment |
KR101931139B1 (en) | 2017-09-13 | 2018-12-20 | 아토리서치(주) | Method, apparatus, and computer program for verifying host status information in a software defined network |
KR101969304B1 (en) * | 2017-10-26 | 2019-08-20 | 아토리서치(주) | Method and computer program for handling trouble using packet-out message in software defined networking environment |
WO2022103155A1 (en) * | 2020-11-13 | 2022-05-19 | 현대자동차주식회사 | Method and device for arp operation in communication system supporting multiple links |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR101710385B1 (en) | Method, apparatus and computer program for managing arp packet | |
KR100908320B1 (en) | Method for protecting and searching host in internet protocol version 6 network | |
WO2019165950A1 (en) | Lightweight Secure Autonomic Control Plane | |
CN107241313B (en) | Method and device for preventing MAC flooding attack | |
KR101786620B1 (en) | Method, apparatus and computer program for subnetting of software defined network | |
EP3817285A1 (en) | Method and device for monitoring forwarding table entry | |
CA3025093C (en) | Network device and controlling method thereof applicable for mesh networks | |
KR101881061B1 (en) | 2-way communication apparatus capable of changing communication mode and method thereof | |
US10708163B1 (en) | Methods, systems, and computer readable media for automatic configuration and control of remote inline network monitoring probe | |
KR102412933B1 (en) | System and method for providing network separation service based on software-defined network | |
KR102092015B1 (en) | Method, apparatus and computer program for recognizing network equipment in a software defined network | |
KR101786616B1 (en) | Method, apparatus and computer program for subnetting of software defined network | |
KR102114484B1 (en) | Method, apparatus AND COMPUTER PROGRAM for controlling network access in a software defined network | |
KR101931139B1 (en) | Method, apparatus, and computer program for verifying host status information in a software defined network | |
CN109039680B (en) | Method and system for switching main Broadband Network Gateway (BNG) and standby BNG and BNG | |
KR101969304B1 (en) | Method and computer program for handling trouble using packet-out message in software defined networking environment | |
KR101932656B1 (en) | Method, apparatus and computer program for defending software defined network | |
KR101074563B1 (en) | Preventing method for overlapping dhcp message generation in arp spoofig attack blocking system | |
KR101914831B1 (en) | SDN to prevent an attack on the host tracking service and controller including the same | |
CN115883256B (en) | Data transmission method, device and storage medium based on encryption tunnel | |
EP3228048B1 (en) | Method and apparatus for routing data to cellular network | |
KR102055912B1 (en) | Apparatus and method for managing sharing terminal in a router environment | |
EP4072076A1 (en) | Data transmission method, and related apparatus and system | |
KR101906437B1 (en) | Method, apparatus and computer program for testing network security policy | |
KR100969466B1 (en) | Apparatus and method for providing network access service about terminal of infected with virus |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
E90F | Notification of reason for final refusal | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant |