ATE552692T1 - Verfahren und anordnung zum schutz vor unrechtmässigem gebrauch von ip-adressen - Google Patents
Verfahren und anordnung zum schutz vor unrechtmässigem gebrauch von ip-adressenInfo
- Publication number
- ATE552692T1 ATE552692T1 AT02783924T AT02783924T ATE552692T1 AT E552692 T1 ATE552692 T1 AT E552692T1 AT 02783924 T AT02783924 T AT 02783924T AT 02783924 T AT02783924 T AT 02783924T AT E552692 T1 ATE552692 T1 AT E552692T1
- Authority
- AT
- Austria
- Prior art keywords
- address
- filter
- subscriber
- dhcp
- addresses
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/5014—Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Small-Scale Networks (AREA)
- Communication Control (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/SE2002/002021 WO2004042999A1 (en) | 2002-11-06 | 2002-11-06 | Method and arrangement for preventing illegitimate use of ip addresses |
Publications (1)
Publication Number | Publication Date |
---|---|
ATE552692T1 true ATE552692T1 (de) | 2012-04-15 |
Family
ID=32310983
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
AT02783924T ATE552692T1 (de) | 2002-11-06 | 2002-11-06 | Verfahren und anordnung zum schutz vor unrechtmässigem gebrauch von ip-adressen |
Country Status (8)
Country | Link |
---|---|
US (2) | USRE45445E1 (de) |
EP (3) | EP1559237B1 (de) |
CN (1) | CN100490377C (de) |
AT (1) | ATE552692T1 (de) |
AU (1) | AU2002347725A1 (de) |
DK (1) | DK2472823T3 (de) |
ES (2) | ES2433272T3 (de) |
WO (1) | WO2004042999A1 (de) |
Families Citing this family (52)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
USRE47253E1 (en) * | 2002-11-06 | 2019-02-19 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and arrangement for preventing illegitimate use of IP addresses |
US7577735B1 (en) | 2002-11-27 | 2009-08-18 | Cisco Technology, Inc. | Transparent mode |
CN1277373C (zh) * | 2003-05-07 | 2006-09-27 | 华为技术有限公司 | 网络通信系统中用户位置信息的传递方法 |
US7523485B1 (en) * | 2003-05-21 | 2009-04-21 | Foundry Networks, Inc. | System and method for source IP anti-spoofing security |
US7516487B1 (en) | 2003-05-21 | 2009-04-07 | Foundry Networks, Inc. | System and method for source IP anti-spoofing security |
US20040255154A1 (en) * | 2003-06-11 | 2004-12-16 | Foundry Networks, Inc. | Multiple tiered network security system, method and apparatus |
US7876772B2 (en) | 2003-08-01 | 2011-01-25 | Foundry Networks, Llc | System, method and apparatus for providing multiple access modes in a data communications network |
US7735114B2 (en) * | 2003-09-04 | 2010-06-08 | Foundry Networks, Inc. | Multiple tiered network security system, method and apparatus using dynamic user policy assignment |
US7774833B1 (en) | 2003-09-23 | 2010-08-10 | Foundry Networks, Inc. | System and method for protecting CPU against remote access attacks |
US8528071B1 (en) | 2003-12-05 | 2013-09-03 | Foundry Networks, Llc | System and method for flexible authentication in a data communications network |
EP1558002B1 (de) * | 2004-01-23 | 2008-10-08 | Siemens Aktiengesellschaft | Verfahren zur Zuordnung einer IP-Adresse zu einem Gerät |
US20050262218A1 (en) * | 2004-04-30 | 2005-11-24 | Cox Gabriel C | System and method for DHCP-based assignment of IP addresses to servers based on geographic identifiers |
US7933253B2 (en) * | 2004-09-20 | 2011-04-26 | Panasonic Corporation | Return routability optimisation |
FR2881592A1 (fr) * | 2005-02-02 | 2006-08-04 | France Telecom | Procede et dispositif de detection d'usurpations d'adresse dans un reseau informatique |
US7756976B2 (en) * | 2005-03-18 | 2010-07-13 | Hewlett-Packard Development Company, L.P. | Systems and methods for denying rogue DHCP services |
US20060225128A1 (en) * | 2005-04-04 | 2006-10-05 | Nokia Corporation | Measures for enhancing security in communication systems |
CN100442706C (zh) * | 2005-04-19 | 2008-12-10 | 华为技术有限公司 | 一种使维护节点标识与媒体访问控制地址对应的方法 |
GB2425681A (en) | 2005-04-27 | 2006-11-01 | 3Com Corporaton | Access control by Dynamic Host Configuration Protocol snooping |
JP4161981B2 (ja) * | 2005-05-31 | 2008-10-08 | ブラザー工業株式会社 | 通信装置、及び、プログラム |
EP1739929B1 (de) * | 2005-06-29 | 2012-05-30 | Alcatel Lucent | Verfahren zum Weiterleiten einer Abwärtsnachricht und Netzwerkeinheit zur Realisierung des Verfahrens |
US7778250B2 (en) * | 2005-08-11 | 2010-08-17 | Ericsson Ab | Method and apparatus for securing a layer II bridging switch/switch for subscriber aggregation |
CN101022472B (zh) * | 2006-02-13 | 2010-06-09 | 中兴通讯股份有限公司 | 一种对消息接口异常的预防保护方法 |
CN1835514B (zh) * | 2006-03-31 | 2010-05-12 | 北京润汇科技有限公司 | Dhcp+客户端模式的宽带接入的管理方法 |
CN101083670B (zh) * | 2006-06-02 | 2010-09-29 | 鸿富锦精密工业(深圳)有限公司 | 地址分配系统及方法 |
JP4825724B2 (ja) * | 2006-06-09 | 2011-11-30 | 株式会社リコー | ネットワーク機器 |
US8331266B2 (en) * | 2006-06-14 | 2012-12-11 | Nokia Siemens Networks Oy | LAN topology detection and assignment of addresses |
CN101098290B (zh) * | 2006-06-29 | 2011-04-06 | 中兴通讯股份有限公司 | 一种在an上实现ip地址防欺骗的装置及其方法 |
CN101471966B (zh) * | 2006-07-06 | 2011-07-20 | 华为技术有限公司 | 一种防止ip地址泄露的系统和设备 |
US8625456B1 (en) * | 2006-09-21 | 2014-01-07 | World Wide Packets, Inc. | Withholding a data packet from a switch port despite its destination address |
US8289976B2 (en) | 2006-09-28 | 2012-10-16 | Packetfront Network Products Ab | Method for automatically providing a customer equipment with the correct service |
US20080089323A1 (en) * | 2006-10-13 | 2008-04-17 | At&T Knowledge Ventures, L.P. | System and method for assigning virtual local area networks |
CN101641933A (zh) * | 2006-12-22 | 2010-02-03 | 艾利森电话股份有限公司 | 电子欺骗的防止 |
CN100563149C (zh) * | 2007-04-25 | 2009-11-25 | 华为技术有限公司 | 一种dhcp监听方法及其装置 |
CN100586106C (zh) * | 2007-05-22 | 2010-01-27 | 华为技术有限公司 | 报文处理方法、系统和设备 |
JP5164450B2 (ja) * | 2007-06-28 | 2013-03-21 | キヤノン株式会社 | 通信装置及びその制御方法とプログラム |
CN101115063B (zh) * | 2007-08-30 | 2011-11-30 | 中兴通讯股份有限公司 | 宽带接入设备中防止mac地址/ip地址欺骗的方法 |
US20090086639A1 (en) * | 2007-09-27 | 2009-04-02 | Verizon Services Corp. | Testing dynamically addressed network devices |
JP5104426B2 (ja) * | 2008-03-13 | 2012-12-19 | パナソニック株式会社 | 画像表示装置 |
WO2011153679A1 (zh) * | 2010-06-07 | 2011-12-15 | 华为技术有限公司 | 业务配置方法、设备和系统 |
JP5385872B2 (ja) * | 2010-07-27 | 2014-01-08 | パナソニック株式会社 | 通信制御装置、通信システム及びプログラム |
CN101984693A (zh) * | 2010-11-16 | 2011-03-09 | 中兴通讯股份有限公司 | 终端接入局域网的监控方法和监控装置 |
EP2697721B1 (de) | 2011-04-15 | 2019-09-18 | Heartstitch, Inc. | Nähvorrichtungen zum nähen einer anatomischen klappe |
AU2012373188B2 (en) * | 2012-03-12 | 2017-06-15 | Arista Networks, Inc. | A network device and a method for networking |
US8855117B2 (en) * | 2012-08-08 | 2014-10-07 | Cisco Technology, Inc. | Scalable media access control protocol synchronization techniques for fabric extender based emulated switch deployments |
US8869275B2 (en) * | 2012-11-28 | 2014-10-21 | Verisign, Inc. | Systems and methods to detect and respond to distributed denial of service (DDoS) attacks |
US10277555B2 (en) * | 2014-07-18 | 2019-04-30 | Mitsubishi Electric Corporation | IP address distribution system, switch device, and IP address distribution method |
WO2016148676A1 (en) | 2015-03-13 | 2016-09-22 | Hewlett Packard Enterprise Development Lp | Determine anomalous behavior based on dynamic device configuration address range |
CN107046585A (zh) * | 2017-03-30 | 2017-08-15 | 百富计算机技术(深圳)有限公司 | Dhcp服务器选择方法和装置 |
CN109391586A (zh) * | 2017-08-04 | 2019-02-26 | 深圳市中兴微电子技术有限公司 | 一种防止静态ip非法上网的装置及方法、onu设备和pon系统 |
CN110313155B (zh) | 2017-12-11 | 2020-10-09 | 华为技术有限公司 | 网络、网络管理方法以及该网络的控制器和交换机 |
US11831420B2 (en) | 2019-11-18 | 2023-11-28 | F5, Inc. | Network application firewall |
US20230412594A1 (en) * | 2022-06-20 | 2023-12-21 | Micro Focus Llc | Tying addresses to authentication processes |
Family Cites Families (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0520709A3 (en) | 1991-06-28 | 1994-08-24 | Digital Equipment Corp | A method for providing a security facility for remote systems management |
US5826014A (en) | 1996-02-06 | 1998-10-20 | Network Engineering Software | Firewall system for protecting network elements connected to a public network |
US5884024A (en) | 1996-12-09 | 1999-03-16 | Sun Microsystems, Inc. | Secure DHCP server |
US6374295B2 (en) * | 1998-10-29 | 2002-04-16 | Nortel Networks Limited | Active server management |
US7188180B2 (en) * | 1998-10-30 | 2007-03-06 | Vimetx, Inc. | Method for establishing secure communication link between computers of virtual private network |
US6427170B1 (en) * | 1998-12-08 | 2002-07-30 | Cisco Technology, Inc. | Integrated IP address management |
US6393484B1 (en) * | 1999-04-12 | 2002-05-21 | International Business Machines Corp. | System and method for controlled access to shared-medium public and semi-public internet protocol (IP) networks |
US7281036B1 (en) * | 1999-04-19 | 2007-10-09 | Cisco Technology, Inc. | Method and apparatus for automatic network address assignment |
US7079499B1 (en) * | 1999-09-08 | 2006-07-18 | Nortel Networks Limited | Internet protocol mobility architecture framework |
FI110975B (fi) | 1999-12-22 | 2003-04-30 | Nokia Corp | Huijaamisen estäminen tietoliikennejärjestelmissä |
CA2403736A1 (en) | 2000-03-20 | 2001-09-27 | At&T Corp. | Service selection in a shared access network using dynamic host configuration protocol |
US20020065919A1 (en) * | 2000-11-30 | 2002-05-30 | Taylor Ian Lance | Peer-to-peer caching network for user data |
US7127524B1 (en) * | 2000-12-29 | 2006-10-24 | Vernier Networks, Inc. | System and method for providing access to a network with selective network address translation |
US7139818B1 (en) * | 2001-10-04 | 2006-11-21 | Cisco Technology, Inc. | Techniques for dynamic host configuration without direct communications between client and server |
US7191331B2 (en) * | 2002-06-13 | 2007-03-13 | Nvidia Corporation | Detection of support for security protocol and address translation integration |
US7139828B2 (en) * | 2002-08-30 | 2006-11-21 | Ip Dynamics, Inc. | Accessing an entity inside a private network |
US7412515B2 (en) * | 2002-09-26 | 2008-08-12 | Lockheed Martin Corporation | Method and apparatus for dynamic assignment of network protocol addresses |
-
2002
- 2002-11-06 WO PCT/SE2002/002021 patent/WO2004042999A1/en not_active Application Discontinuation
- 2002-11-06 EP EP02783924A patent/EP1559237B1/de not_active Expired - Lifetime
- 2002-11-06 EP EP12162215.3A patent/EP2472824B1/de not_active Expired - Lifetime
- 2002-11-06 ES ES12162215T patent/ES2433272T3/es not_active Expired - Lifetime
- 2002-11-06 DK DK12162190.8T patent/DK2472823T3/da active
- 2002-11-06 US US13/962,787 patent/USRE45445E1/en active Active
- 2002-11-06 US US10/531,753 patent/US7996537B2/en not_active Ceased
- 2002-11-06 ES ES02783924T patent/ES2384377T3/es not_active Expired - Lifetime
- 2002-11-06 AT AT02783924T patent/ATE552692T1/de active
- 2002-11-06 EP EP12162190.8A patent/EP2472823B1/de not_active Expired - Lifetime
- 2002-11-06 AU AU2002347725A patent/AU2002347725A1/en not_active Abandoned
- 2002-11-06 CN CNB028298543A patent/CN100490377C/zh not_active Expired - Lifetime
Also Published As
Publication number | Publication date |
---|---|
EP2472823B1 (de) | 2013-09-18 |
CN100490377C (zh) | 2009-05-20 |
CN1695341A (zh) | 2005-11-09 |
WO2004042999A1 (en) | 2004-05-21 |
EP1559237A1 (de) | 2005-08-03 |
ES2384377T3 (es) | 2012-07-04 |
AU2002347725A1 (en) | 2004-06-07 |
EP1559237B1 (de) | 2012-04-04 |
EP2472824A1 (de) | 2012-07-04 |
EP2472824B1 (de) | 2013-09-18 |
EP2472823A1 (de) | 2012-07-04 |
DK2472823T3 (da) | 2013-12-16 |
US20060155853A1 (en) | 2006-07-13 |
US7996537B2 (en) | 2011-08-09 |
USRE45445E1 (en) | 2015-03-31 |
ES2433272T3 (es) | 2013-12-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
ATE552692T1 (de) | Verfahren und anordnung zum schutz vor unrechtmässigem gebrauch von ip-adressen | |
RU2342798C2 (ru) | Система, способ и функция для управления адресом доступа к среде передачи сети ethernet | |
CN100581162C (zh) | 一种防止地址解析欺骗的方法 | |
ATE413747T1 (de) | Verfahren und system zum inbeziehungsetzen von dienstanbietern mit kunden in einem zugriffsnetzwerk unter verwendung dynamisch zugeteilter mac-adressen | |
DE60329786D1 (de) | Verfahren und vorrichtung zur verhinderung des fälschens von netzwerkadressen | |
DE60016613D1 (de) | Abschreckungssystem gegen aufschaltung und missbrauch | |
RU2006143768A (ru) | Ароматическое ограничение сетевого нарушителя | |
WO2010072096A1 (zh) | IPv6环境下提高邻居发现安全性的方法及宽带接入设备 | |
US20140289800A1 (en) | System and method for filtering network traffic | |
CN101459653B (zh) | 基于Snooping技术的防止DHCP报文攻击的方法 | |
WO2010005872A2 (en) | System and methods of detecting non-colocated subscriber devices | |
CN112688900B (zh) | 一种防御arp欺骗和网络扫描的局域网安全防护系统及方法 | |
Rohatgi et al. | A detailed survey for detection and mitigation techniques against ARP spoofing | |
US8867542B2 (en) | Method and apparatus for connecting subscriber devices to an IPv6-capable aggregation network | |
CN101931627B (zh) | 安全检测方法、装置和网络侧设备 | |
CN102882861B (zh) | 基于解析dhcp报文实现防ip地址欺诈的方法 | |
Kumar et al. | Host based IDS for NDP related attacks: NS and NA Spoofing | |
CN102752266B (zh) | 访问控制方法及其设备 | |
US20050111447A1 (en) | Technique for tracing source addresses of packets | |
CN106878291A (zh) | 一种基于前缀安全表项的报文处理方法及装置 | |
Buenaventura et al. | IPv6 stateless address autoconfiguration (SLAAC) attacks and detection | |
Cisco | Switch clear Commands | |
Yan et al. | SAVI-based IPv6 source address validation implementation of the access network | |
Al-Ani et al. | Preventing denial of service attacks on address resolution in IPv6 link-local network: AR-match security technique | |
KR101188308B1 (ko) | 악성 코드의 주소 결정 프로토콜 스푸핑 모니터링을 위한 가상 패킷 모니터링 시스템 및 그 방법 |