ATE552692T1 - Verfahren und anordnung zum schutz vor unrechtmässigem gebrauch von ip-adressen - Google Patents

Verfahren und anordnung zum schutz vor unrechtmässigem gebrauch von ip-adressen

Info

Publication number
ATE552692T1
ATE552692T1 AT02783924T AT02783924T ATE552692T1 AT E552692 T1 ATE552692 T1 AT E552692T1 AT 02783924 T AT02783924 T AT 02783924T AT 02783924 T AT02783924 T AT 02783924T AT E552692 T1 ATE552692 T1 AT E552692T1
Authority
AT
Austria
Prior art keywords
address
filter
subscriber
dhcp
addresses
Prior art date
Application number
AT02783924T
Other languages
English (en)
Inventor
Peter Nesz
Thomas Johansson
Michael Juhl
Original Assignee
Ericsson Telefon Ab L M
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ericsson Telefon Ab L M filed Critical Ericsson Telefon Ab L M
Application granted granted Critical
Publication of ATE552692T1 publication Critical patent/ATE552692T1/de

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L61/5014Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)
  • Communication Control (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
AT02783924T 2002-11-06 2002-11-06 Verfahren und anordnung zum schutz vor unrechtmässigem gebrauch von ip-adressen ATE552692T1 (de)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/SE2002/002021 WO2004042999A1 (en) 2002-11-06 2002-11-06 Method and arrangement for preventing illegitimate use of ip addresses

Publications (1)

Publication Number Publication Date
ATE552692T1 true ATE552692T1 (de) 2012-04-15

Family

ID=32310983

Family Applications (1)

Application Number Title Priority Date Filing Date
AT02783924T ATE552692T1 (de) 2002-11-06 2002-11-06 Verfahren und anordnung zum schutz vor unrechtmässigem gebrauch von ip-adressen

Country Status (8)

Country Link
US (2) USRE45445E1 (de)
EP (3) EP1559237B1 (de)
CN (1) CN100490377C (de)
AT (1) ATE552692T1 (de)
AU (1) AU2002347725A1 (de)
DK (1) DK2472823T3 (de)
ES (2) ES2433272T3 (de)
WO (1) WO2004042999A1 (de)

Families Citing this family (52)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
USRE47253E1 (en) * 2002-11-06 2019-02-19 Telefonaktiebolaget Lm Ericsson (Publ) Method and arrangement for preventing illegitimate use of IP addresses
US7577735B1 (en) 2002-11-27 2009-08-18 Cisco Technology, Inc. Transparent mode
CN1277373C (zh) * 2003-05-07 2006-09-27 华为技术有限公司 网络通信系统中用户位置信息的传递方法
US7523485B1 (en) * 2003-05-21 2009-04-21 Foundry Networks, Inc. System and method for source IP anti-spoofing security
US7516487B1 (en) 2003-05-21 2009-04-07 Foundry Networks, Inc. System and method for source IP anti-spoofing security
US20040255154A1 (en) * 2003-06-11 2004-12-16 Foundry Networks, Inc. Multiple tiered network security system, method and apparatus
US7876772B2 (en) 2003-08-01 2011-01-25 Foundry Networks, Llc System, method and apparatus for providing multiple access modes in a data communications network
US7735114B2 (en) * 2003-09-04 2010-06-08 Foundry Networks, Inc. Multiple tiered network security system, method and apparatus using dynamic user policy assignment
US7774833B1 (en) 2003-09-23 2010-08-10 Foundry Networks, Inc. System and method for protecting CPU against remote access attacks
US8528071B1 (en) 2003-12-05 2013-09-03 Foundry Networks, Llc System and method for flexible authentication in a data communications network
EP1558002B1 (de) * 2004-01-23 2008-10-08 Siemens Aktiengesellschaft Verfahren zur Zuordnung einer IP-Adresse zu einem Gerät
US20050262218A1 (en) * 2004-04-30 2005-11-24 Cox Gabriel C System and method for DHCP-based assignment of IP addresses to servers based on geographic identifiers
US7933253B2 (en) * 2004-09-20 2011-04-26 Panasonic Corporation Return routability optimisation
FR2881592A1 (fr) * 2005-02-02 2006-08-04 France Telecom Procede et dispositif de detection d'usurpations d'adresse dans un reseau informatique
US7756976B2 (en) * 2005-03-18 2010-07-13 Hewlett-Packard Development Company, L.P. Systems and methods for denying rogue DHCP services
US20060225128A1 (en) * 2005-04-04 2006-10-05 Nokia Corporation Measures for enhancing security in communication systems
CN100442706C (zh) * 2005-04-19 2008-12-10 华为技术有限公司 一种使维护节点标识与媒体访问控制地址对应的方法
GB2425681A (en) 2005-04-27 2006-11-01 3Com Corporaton Access control by Dynamic Host Configuration Protocol snooping
JP4161981B2 (ja) * 2005-05-31 2008-10-08 ブラザー工業株式会社 通信装置、及び、プログラム
EP1739929B1 (de) * 2005-06-29 2012-05-30 Alcatel Lucent Verfahren zum Weiterleiten einer Abwärtsnachricht und Netzwerkeinheit zur Realisierung des Verfahrens
US7778250B2 (en) * 2005-08-11 2010-08-17 Ericsson Ab Method and apparatus for securing a layer II bridging switch/switch for subscriber aggregation
CN101022472B (zh) * 2006-02-13 2010-06-09 中兴通讯股份有限公司 一种对消息接口异常的预防保护方法
CN1835514B (zh) * 2006-03-31 2010-05-12 北京润汇科技有限公司 Dhcp+客户端模式的宽带接入的管理方法
CN101083670B (zh) * 2006-06-02 2010-09-29 鸿富锦精密工业(深圳)有限公司 地址分配系统及方法
JP4825724B2 (ja) * 2006-06-09 2011-11-30 株式会社リコー ネットワーク機器
US8331266B2 (en) * 2006-06-14 2012-12-11 Nokia Siemens Networks Oy LAN topology detection and assignment of addresses
CN101098290B (zh) * 2006-06-29 2011-04-06 中兴通讯股份有限公司 一种在an上实现ip地址防欺骗的装置及其方法
CN101471966B (zh) * 2006-07-06 2011-07-20 华为技术有限公司 一种防止ip地址泄露的系统和设备
US8625456B1 (en) * 2006-09-21 2014-01-07 World Wide Packets, Inc. Withholding a data packet from a switch port despite its destination address
US8289976B2 (en) 2006-09-28 2012-10-16 Packetfront Network Products Ab Method for automatically providing a customer equipment with the correct service
US20080089323A1 (en) * 2006-10-13 2008-04-17 At&T Knowledge Ventures, L.P. System and method for assigning virtual local area networks
CN101641933A (zh) * 2006-12-22 2010-02-03 艾利森电话股份有限公司 电子欺骗的防止
CN100563149C (zh) * 2007-04-25 2009-11-25 华为技术有限公司 一种dhcp监听方法及其装置
CN100586106C (zh) * 2007-05-22 2010-01-27 华为技术有限公司 报文处理方法、系统和设备
JP5164450B2 (ja) * 2007-06-28 2013-03-21 キヤノン株式会社 通信装置及びその制御方法とプログラム
CN101115063B (zh) * 2007-08-30 2011-11-30 中兴通讯股份有限公司 宽带接入设备中防止mac地址/ip地址欺骗的方法
US20090086639A1 (en) * 2007-09-27 2009-04-02 Verizon Services Corp. Testing dynamically addressed network devices
JP5104426B2 (ja) * 2008-03-13 2012-12-19 パナソニック株式会社 画像表示装置
WO2011153679A1 (zh) * 2010-06-07 2011-12-15 华为技术有限公司 业务配置方法、设备和系统
JP5385872B2 (ja) * 2010-07-27 2014-01-08 パナソニック株式会社 通信制御装置、通信システム及びプログラム
CN101984693A (zh) * 2010-11-16 2011-03-09 中兴通讯股份有限公司 终端接入局域网的监控方法和监控装置
EP2697721B1 (de) 2011-04-15 2019-09-18 Heartstitch, Inc. Nähvorrichtungen zum nähen einer anatomischen klappe
AU2012373188B2 (en) * 2012-03-12 2017-06-15 Arista Networks, Inc. A network device and a method for networking
US8855117B2 (en) * 2012-08-08 2014-10-07 Cisco Technology, Inc. Scalable media access control protocol synchronization techniques for fabric extender based emulated switch deployments
US8869275B2 (en) * 2012-11-28 2014-10-21 Verisign, Inc. Systems and methods to detect and respond to distributed denial of service (DDoS) attacks
US10277555B2 (en) * 2014-07-18 2019-04-30 Mitsubishi Electric Corporation IP address distribution system, switch device, and IP address distribution method
WO2016148676A1 (en) 2015-03-13 2016-09-22 Hewlett Packard Enterprise Development Lp Determine anomalous behavior based on dynamic device configuration address range
CN107046585A (zh) * 2017-03-30 2017-08-15 百富计算机技术(深圳)有限公司 Dhcp服务器选择方法和装置
CN109391586A (zh) * 2017-08-04 2019-02-26 深圳市中兴微电子技术有限公司 一种防止静态ip非法上网的装置及方法、onu设备和pon系统
CN110313155B (zh) 2017-12-11 2020-10-09 华为技术有限公司 网络、网络管理方法以及该网络的控制器和交换机
US11831420B2 (en) 2019-11-18 2023-11-28 F5, Inc. Network application firewall
US20230412594A1 (en) * 2022-06-20 2023-12-21 Micro Focus Llc Tying addresses to authentication processes

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0520709A3 (en) 1991-06-28 1994-08-24 Digital Equipment Corp A method for providing a security facility for remote systems management
US5826014A (en) 1996-02-06 1998-10-20 Network Engineering Software Firewall system for protecting network elements connected to a public network
US5884024A (en) 1996-12-09 1999-03-16 Sun Microsystems, Inc. Secure DHCP server
US6374295B2 (en) * 1998-10-29 2002-04-16 Nortel Networks Limited Active server management
US7188180B2 (en) * 1998-10-30 2007-03-06 Vimetx, Inc. Method for establishing secure communication link between computers of virtual private network
US6427170B1 (en) * 1998-12-08 2002-07-30 Cisco Technology, Inc. Integrated IP address management
US6393484B1 (en) * 1999-04-12 2002-05-21 International Business Machines Corp. System and method for controlled access to shared-medium public and semi-public internet protocol (IP) networks
US7281036B1 (en) * 1999-04-19 2007-10-09 Cisco Technology, Inc. Method and apparatus for automatic network address assignment
US7079499B1 (en) * 1999-09-08 2006-07-18 Nortel Networks Limited Internet protocol mobility architecture framework
FI110975B (fi) 1999-12-22 2003-04-30 Nokia Corp Huijaamisen estäminen tietoliikennejärjestelmissä
CA2403736A1 (en) 2000-03-20 2001-09-27 At&T Corp. Service selection in a shared access network using dynamic host configuration protocol
US20020065919A1 (en) * 2000-11-30 2002-05-30 Taylor Ian Lance Peer-to-peer caching network for user data
US7127524B1 (en) * 2000-12-29 2006-10-24 Vernier Networks, Inc. System and method for providing access to a network with selective network address translation
US7139818B1 (en) * 2001-10-04 2006-11-21 Cisco Technology, Inc. Techniques for dynamic host configuration without direct communications between client and server
US7191331B2 (en) * 2002-06-13 2007-03-13 Nvidia Corporation Detection of support for security protocol and address translation integration
US7139828B2 (en) * 2002-08-30 2006-11-21 Ip Dynamics, Inc. Accessing an entity inside a private network
US7412515B2 (en) * 2002-09-26 2008-08-12 Lockheed Martin Corporation Method and apparatus for dynamic assignment of network protocol addresses

Also Published As

Publication number Publication date
EP2472823B1 (de) 2013-09-18
CN100490377C (zh) 2009-05-20
CN1695341A (zh) 2005-11-09
WO2004042999A1 (en) 2004-05-21
EP1559237A1 (de) 2005-08-03
ES2384377T3 (es) 2012-07-04
AU2002347725A1 (en) 2004-06-07
EP1559237B1 (de) 2012-04-04
EP2472824A1 (de) 2012-07-04
EP2472824B1 (de) 2013-09-18
EP2472823A1 (de) 2012-07-04
DK2472823T3 (da) 2013-12-16
US20060155853A1 (en) 2006-07-13
US7996537B2 (en) 2011-08-09
USRE45445E1 (en) 2015-03-31
ES2433272T3 (es) 2013-12-10

Similar Documents

Publication Publication Date Title
ATE552692T1 (de) Verfahren und anordnung zum schutz vor unrechtmässigem gebrauch von ip-adressen
RU2342798C2 (ru) Система, способ и функция для управления адресом доступа к среде передачи сети ethernet
CN100581162C (zh) 一种防止地址解析欺骗的方法
ATE413747T1 (de) Verfahren und system zum inbeziehungsetzen von dienstanbietern mit kunden in einem zugriffsnetzwerk unter verwendung dynamisch zugeteilter mac-adressen
DE60329786D1 (de) Verfahren und vorrichtung zur verhinderung des fälschens von netzwerkadressen
DE60016613D1 (de) Abschreckungssystem gegen aufschaltung und missbrauch
RU2006143768A (ru) Ароматическое ограничение сетевого нарушителя
WO2010072096A1 (zh) IPv6环境下提高邻居发现安全性的方法及宽带接入设备
US20140289800A1 (en) System and method for filtering network traffic
CN101459653B (zh) 基于Snooping技术的防止DHCP报文攻击的方法
WO2010005872A2 (en) System and methods of detecting non-colocated subscriber devices
CN112688900B (zh) 一种防御arp欺骗和网络扫描的局域网安全防护系统及方法
Rohatgi et al. A detailed survey for detection and mitigation techniques against ARP spoofing
US8867542B2 (en) Method and apparatus for connecting subscriber devices to an IPv6-capable aggregation network
CN101931627B (zh) 安全检测方法、装置和网络侧设备
CN102882861B (zh) 基于解析dhcp报文实现防ip地址欺诈的方法
Kumar et al. Host based IDS for NDP related attacks: NS and NA Spoofing
CN102752266B (zh) 访问控制方法及其设备
US20050111447A1 (en) Technique for tracing source addresses of packets
CN106878291A (zh) 一种基于前缀安全表项的报文处理方法及装置
Buenaventura et al. IPv6 stateless address autoconfiguration (SLAAC) attacks and detection
Cisco Switch clear Commands
Yan et al. SAVI-based IPv6 source address validation implementation of the access network
Al-Ani et al. Preventing denial of service attacks on address resolution in IPv6 link-local network: AR-match security technique
KR101188308B1 (ko) 악성 코드의 주소 결정 프로토콜 스푸핑 모니터링을 위한 가상 패킷 모니터링 시스템 및 그 방법