CN100589434C - Method for implementing anti-spurious business server address under access mode - Google Patents
Method for implementing anti-spurious business server address under access mode Download PDFInfo
- Publication number
- CN100589434C CN100589434C CN200610028422A CN200610028422A CN100589434C CN 100589434 C CN100589434 C CN 100589434C CN 200610028422 A CN200610028422 A CN 200610028422A CN 200610028422 A CN200610028422 A CN 200610028422A CN 100589434 C CN100589434 C CN 100589434C
- Authority
- CN
- China
- Prior art keywords
- dhcp
- mac address
- address
- message
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
A method for realizing service server address cheating-proof at access network mode comprises that CSCC on AN via a DHCP protocol learns the MAC address of DHCP Server or DHCP Relay, the CSCC via checking the interaction between user and the DHCP Server finds the IP address of DGW, then uses ARP to obtain the MAC address of the DGW, to be distributed a static MAC address list of each LC, to be bonded with an internal port. Therefore, since the MAC address is static, the learning process of MAC address of SS will not transfer, to avoid MAC address cheating-proof of SS. The inventive method caneffectively avoid transfer of MAC address learning of SS on AN, to avoid data report transfer turbulence and DoS attack on user.
Description
Technical field
The present invention relates to the information security of computer network technical field, be specifically related on a kind of access node AN (Access Node) at Access Network, realize under IPoE (the IP over Ethernet) access module SS (Service Server, the method of the anti-deception in MAC service server) (Media AccessControl, medium access control) address.
Background technology
Along with xDSL (Digital Subscriber Loop, DSL comprises polytype) technology is widely used, increasing domestic consumer or enterprise customer receive on the public network by xDSL technical battery.On the one hand, this is very easy to people's life.On the other hand, the use of a large number of users also makes public network suffer unprecedented security threat.Wherein, the MAC address spoofing of SS is exactly a kind of serious DoS (Denial ofService, denial of service) security attack.
In the prior art, SS generally is meant under the IPoE access module, the equipment that the terminal use must use its service that provides to surf the Net, it comprises DHCP Server (Dynamic Host Configuration Protocol server), DHCP Relay (DHCP router) and DGW (Default Gateway, default gateway).
IPoE is one of current topmost broadband access method, and along with the carrying out of business such as IPTV, IPoE inserts and will be used more and more widely.User under the IPoE access module can further be subdivided into two classes: retail (wholesale) user and (retail) user that approves the lease of.
In general, in order to surf the Net, retail user need be finished following two things:
1, obtain the configuration information of main frame to DHCP (Dynamic Host Configuration Protocol, DHCP) Server, configuration information comprises: IP address, default gateway ip address or the like.If DHCP Server and user not in a local area network (LAN), need so by DHCP Relay indirect obtain its configuration information.
2, the first step is to obtain identity, and second step was to find an exit.Only finish after above two steps, the user just may send the application data message of oneself.
For the user that approves the lease of, generally their IP address is all fixed, and has disposed the IP address of default gateway statically, does not need to DHCP Server request configuration information.Only need finish for second step just can surf the Net.
Be not difficult to find out that from top description the terminal use can obtain the MAC Address of SS (be DHCP Server or DHCP Relay, and default gateway) with comparalive ease.If the MAC Address that the user of a malice (or program) pretends to be SS sends datagram.AN will be this MAC address learning on user-side port, thereby causes the MAC address learning migration of SS, upsets the message of equipment and transmits, and makes some users to surf the Net, and causes DoS attack.
In order to prevent the DoS attack of the type, can adopt:
(1) static state is provided with the MAC Address of SS.The MAC of the SS that AN will know in advance is configured in the static mac address list item, makes the MAC address learning of SS can not shift, and has so just prevented the DoS attack of malicious user.
(2) user's MAC address translation technology.User source MAC is translated again at the AN place, is construed to believable virtual mac address.MAC address learning uses the believable virtual mac address after the translation.Transmitting also is to utilize virtual mac address to search target port, and different is to need to use original MAC Address to replace virtual MAC address before the forwarding.Use the MAC Address translation technology, AN just can not learn the MAC Address of SS at user side.
Though more than the anti-deception of MAC Address that can solve SS of two kinds of methods, all there is certain problem in they.The flexibility of static configuration mode is too poor, need know the MAC Address of SS in advance.If SS is more or change, it is very loaded down with trivial details that static configuration will become.The MAC Address translation is had higher requirement to hardware technology, and may cause the performance loss of data message forwarding.The MAC Address translation also can influence the normal operation of other agreements, and such as ARP, DHCP agreement or the like, its improvement cost can not be ignored.
Summary of the invention
The objective of the invention is to overcome the deficiency of prior art, proposed a kind ofly under the IPoE access module, realize the method for the anti-deception of MAC Address of SS.
For achieving the above object, technical scheme of the present invention is:
A kind of method that under access module, realizes the anti-deception of address of service server, this method is at DHCP Server, DHCP Relay, DGW and AN upward realize, it is characterized in that this method comprises the following steps:
A.AN obtains the MAC Address of DHCP Server or DHCP Relay, and MAC Address is set in the static mac address list item of AN;
B.AN obtains the MAC Address of default gateway, and these MAC Address is set in the static mac address list item of AN;
Above-mentioned steps A further comprises:
A1.AN initiates the DHCP configuration flow termly by the message timer, broadcasting DHCPDiscovery message;
A2. DHCP Server on the network or DHCP Relay make response to the Discovery message, passback DHCP Offer message;
A3.AN receives the Offer message, extract wherein DHCP Server or the MAC Address of DHCPRelay;
A4.AN is set to these MAC Address in the static mac address table of AN;
Above-mentioned steps B further comprises:
B1.AN detects the mutual DHCP protocol massages of user and DHCP Server or DHCP Relay in real time; Obtain the IP address of the default gateway that wherein is provided with;
B2.AN starts the ARP agreement, obtains the MAC Address of default gateway ip address correspondence;
After B3.AN gets access to the MAC Address of default gateway, this MAC Address is written in the static mac address list item of AN.
Further comprise after the described step B:
C. the MAC Address in the MAC Address list item is tied to the network side interface of Line cards.
Further comprise after the described steps A 4:
Whether the MAC Address that A5.AN passes through regular inspection DHCPServer of DHCP MAC address aging timer or DHCP Relay is aging, if aging just this list item of deletion from static mac address table.
Further comprise after the described step B3:
B4.AN is by the validity of default gateway MAC address aging timer periodic maintenance default gateway ip address; If invalid, then from MAC static address table, delete the MAC Address list item of IP address correspondence.
Above-mentioned steps A2 further comprises:
If that A21. exist on the network is DHCP Server, so direct loopback DHCPOffer;
If that A22. exist on the network is DHCP Relay, the DHCP Server of DHCP Relay needs and external network is mutual so, obtains the Offer message from DHCP Server, then this message of loopback.
Above-mentioned steps A22 further comprises:
A221.DHCP Relay receives DHCP Discovery message, according to the DHCPRelay agreement, this message is just revised, and sends to the DHCP Server of external network then;
A222.DHCP Server receives DHCP Discovery message, loopback DHCPOffer;
A223.DHCP Relay receives the DHCP Offer message from DHCP Server; According to DHCP Relay agreement, Relay makes amendment to the Offer message, and AN is given in loopback then.
The cycle of described message timer is set to 10 minutes.
The cycle of described DHCP MAC address aging timer is greater than the cycle of message timer.
DHCP Discovery, ARP request message that this CSCC (Core Switch Control Card, core switch control card) sends only are sent to network-side port, and CSCC only handles DHCP Offer, arp response message from network-side port.
Whenever CSCC detects new LC (Line Card, Line cards), before the professional circulation of LC, the SS MAC Address that at first will obtain is set among the LC;
Maximum dhcp message table, the number of DGW information table list item are set, ALM when address number that CSCC obtains surpasses default variable.
Use this method of the present invention, can prevent that the terminal use from pretending to be the MAC Address of SS.Otherwise the MAC address learning of the last SS of AN can move, and causes the data message forwarding disorder, makes the user suffer DoS attack, has no idea to use Network.
Description of drawings
Fig. 1 is the basic structure schematic diagram that AN of the present invention uses DHCP Relay Access Network;
Fig. 2 is that AN is directly and the basic structure schematic diagram of the mutual Access Network of DHCP Server among the present invention;
Fig. 3 is the structural representation of AN among the present invention;
Fig. 4 is the process chart of the anti-deception of MAC Address of DHCP Relay among the present invention;
Fig. 5 is that the MAC Address of DHCP Server among the present invention prevents the process chart of cheating;
Fig. 6 is the process chart of the anti-deception of MAC Address of default gateway DGW among the present invention;
Embodiment
The invention provides a kind of method that under access module, realizes the anti-deception of address of service server,, only the AN systems soft ware is done minor modifications and can achieve the goal by utilizing existing DHCP and ARP agreement.
In order to implement method of the present invention, system should comprise DHCP Server, DHCP Relay, equipment such as DGW and AN.And require DHCP Relay or DHCP Server, trust each other between DGW and the AN; DHCP Relay and DHCP Server also trust each other.In general, DHCP Server, DHCP Relay, DGW and AN are owned by operator, or even are owned by single operator, and the mutual trust between them is satisfied to a great extent.Even they are not trusted each other, also can accomplish this point by the method for mutual authentication.
See also Fig. 1,2, wherein, Fig. 1 is to use the Access Network networking situation of DHCP Relay, and Fig. 2 be AN directly and the mutual Access Network networking situation of DHCP Server.Among the figure: local area network (LAN) generally all is the ethernet aggregation network network, and IP network is core layer network or external network.DHCP Server is the server of DHCP, carries out user's's (main frame) configuration, comprises to subscriber's main station distributing IP address, informs functions such as default gateway IP address.DHCP Relay is used for not having in the ethernet aggregation network network in the DHCP Server, the DHCP request that it can trunk subscriber, and the result of DHCP Server returned to the user again, play the part of agency's role.DGW is unique passage that the user is finally led to external network, and generally it is a routing gateway.
The user also is divided into two classes, domestic consumer and enterprise customer, and the former generally is also referred to as retail user, and the latter then is called the user that approves the lease of.User's the configuration information of approving the lease of is known in advance, does not need to obtain by DHCP Server or DHCP Relay.We can see the latter as the former a kind of special case.Therefore, below our discussion mainly around using under the situation of access network at domestic consumer, how to accomplish to prevent the MAC deception of SS.
See also Fig. 3 again, this AN be access node (such as DSLAM) it mainly comprise two hardware module: CSCC and realize the access of user data and the LC (Line Card, Line cards) that converges.NC is also used in the exchange of cascade and up-downgoing data sometimes between this CSCC control and configuration LC, AN, and abundant last connecting port can be provided.What this LC finished is the function of Ethernet half-bridge, its core component or be MAC layer exchange chip, or be network processing unit.At user side, a plurality of user port PORT_B are arranged, PORT_C...PORT_N has only a port PO RT_A at network side, is called as inline port, and this inline port links to each other with CSCC.
Under the normal condition, the message that SS sends advances from inline port, and user port goes out.Therefore, the MAC Address of SS should be learned on the inline port.And the unicast message destination address that the user sends should belong to one of MAC Address of SS, should go out from inline port forwarded upstream from the data message that user port is come in.
If the user pretends to be the MAC Address of SS, also just say that the source MAC of the message that user port is received is the MAC Address of SS, this will cause the mac learning of SS to move on the user port from inline port.Suppose that this time, the normal user data message sent up from other user ports, it is user-side port that LC inquires target port, LC or transmit this data message to user port, or abandon (if port isolation function is opened).The above-mentioned pass-through mode of LC and the pass-through mode of expection are compared variation have been taken place, and the state that gets muddled causes validated user to surf the Net.
The present invention realizes that the method for the anti-deception of MAC Address is: CSCC learns the MAC Address of DHCP Server or DHCP Relay by the DHCP agreement.CSCC uses ARP to obtain the MAC Address of DGW by the IP address of the mutual discovery DGW of detection user and DHCP Server then.After getting access to the MAC Address of these SS again, they are set on the static mac address table of each LC again, and are in the same place with inline port binding.Because be static mac address, thus the study of SS MAC Address can not move, thereby prevented the SS MAC address spoofing.
When reality realized above-mentioned thought, we need consider how to preserve the SS MAC Address, the IP address of DGW; If guarantee the validity problem of these information, that is to say that if some SS has stopped service, their information is exactly invalid so, just relevant information should be known from AN.For this reason, we need use following several timers:
● MS_Timer (Message Timer, message timer): be used to control CSCC and send DHCP Discovery grouping periodically.
● DMA_Timer (DHCP MAC Aging Timer, DHCP MAC ageing timer): this DMA_Timer number is consistent with the MAC number of DHCP Server that gets access to or DHCPRelay, is mainly used in the term of validity of the MAC Address of maintaining DHCP Server or DHCP Relay.
● DGW_IA_Timer (Default Gateway IP Aging Timer, DGW IP address aging timer): the term of validity that is used to safeguard default gateway ip address.
● DGW_MA_Timer (Default Gateway MAC Aging Timer, DGWMAC address aging timer): the MAC Address that is used for the periodic refresh default gateway.
On CSCC, also need to safeguard two tables:
● dhcp message table
| DHCP?Server/Relay?MAC | DMA_Timer |
● the DGW information table
| DGW?IP | DGW_IA_Timer | DGW?MAC | DGW_MA_Timer |
This method comprises two independently processing procedures: one is that DHCP Server/RelayMAC obtains, setting up procedure, and another is that DGW MAC obtains, setting up procedure.
One, DHCP Server/Relay MAC obtain, setting up procedure
Because DHCP Server can be placed on the different networks, it can with AN in a local area network (LAN), also can be in different networks, the latter need use DHCP Relay.For the scene of using DHCP Relay, we only need prevent the MAC address spoofing of DHCP Relay, because DHCP Server is sightless to the user.See also Fig. 4, the handling process of the anti-deception of the MAC Address of DHCPRelay comprises following step:
1, the overtime triggering of MS_Timer CSCC sends DHCP Discovery broadcasting packet;
2, after DHCP Relay receives DHCP Discovery message, revise the Discovery message according to the definition of DHCP Relay agreement (referring to RFC1542), this message of relaying is given the DHCP Server that pre-sets.
3, DHCP Server receives the Discovery message behind the relaying, after the processing, and loopback DHCP Offer.
4, DHCP Relay receives the Offer message from Server, according to DHCP Relay agreement this message is made amendment, and this message of loopback is given CSCC then.
5, CSCC receives after the DHCP Offer message, therefrom obtains source MAC.This address and dhcp message table are contrasted:
If a) this address does not exist, illustrate that this address is a new address in dhcp message table.
I. create a DMA_Timer.
Ii. create the MAC Address of a dhcp message table list item<obtain, the new DMA_Timer that creates 〉.
Iii. this MAC Address is set in the static mac address table of each LC, and and the inline port binding of LC.
B), illustrate that so this address is the address in a Geju City if this address exists in dhcp message table.In this case, only need refresh the DMA_Timer of corresponding list item.
6, DMA_Timer is overtime, triggers the flow process of DMA_Timer correspondence.
A) corresponding MAC address entries in the CSCC deletion dhcp message table.
B) delete MAC Address list item corresponding on the mac address table of all LC.
Be different from several steps of front, top step 6 is independent step, and the 1-5 step is triggered by the MS_Timer timer.
The cycle of MS_Timer is unsuitable too short, otherwise may cause DHCP Server or DHCPRelay disposal ability to descend, and is takeed for the brute force attack of DHCP configuring request.The MS_Timer cycle can be set to about 10 minutes.
The cycle of BMA_Timer must be greater than the cycle of MS_Timer, otherwise the BMA_Timer MS_Timer that also is not able to do in time by the time triggers BMA_Timer and just refreshes and destroyed.Consider the factor of reliability aspect, the cycle of suggestion BMA_Timer is at least more than the twice duration of MS_Timer.
And another situation, when DHCP Server and AN were in a local area network (LAN), we need prevent the MAC address spoofing of DHCP Server.See also Fig. 5, the handling process of the anti-deception of the MAC Address of DHCP Server comprises following step:
1, the overtime triggering of MS_Timer CSCC sends DHCP Discovery broadcasting packet;
2, DHCP Server receives the Discovery message from CSCC, and (RFC2131) makes amendment to this message according to the DHCP agreement, and this message of loopback is given CSCC then.
3, CSCC receives after the DHCP Offer message, therefrom obtains source MAC.This address and dhcp message table are contrasted:
If a) this address does not exist, illustrate that this address is a new address in dhcp message table.
I. create a DMA_Timer.
Ii. create the MAC Address of a dhcp message table list item<obtain, the new DMA_Timer that creates 〉.
Iii. this MAC Address is set in the static mac address table of each LC, and and the inline port binding of LC.
B), illustrate that so this address is the address in a Geju City if this address exists in dhcp message table.In this case, only need refresh the DMA_Timer of corresponding list item.
4, DMA_Timer is overtime, triggers the flow process of DMA_Timer correspondence.
A) corresponding MAC address entries in the CSCC deletion dhcp message table
B) delete MAC Address list item corresponding on the mac address table of all LC.
Be different from several steps of front, top step 4 is independent step, and the 1-3 step is triggered by the MS_Timer timer.
In particular cases, AN oneself can play the part of the role of DHCP Server or DHCP Relay.In this time, can be directly the MAC Address of CSCC be set in the static mac address table of LC.
In addition, because the cycle of MS_Timer is generally long, " blind area " that DHCP Server that starts between two MS_Timer triggering flow processs or DHCP Relay just may cause protection.For this reason, we can carry out following enhancing: CSCC and detect the mutual of user and DHCP Server in real time, if find the MAC Address of new DHCP Server, carry out the MS_Timer flow process so at once.
Two, see also Fig. 6, DGW MAC obtains, is provided with and anti-deception process comprises following step:
1, CSCC detects DHCP Ack message in real time, obtains the IP address of DGW.
2, inquiry DGW information table checks whether the list item of this IP address exists.
A) if there is no, explanation is a new IP address.
I. initiate ARP, inquire about the MAC Address of this IP.Create new DGW_IA_Timer and DGW_MA_Timer.
Ii. use above-mentioned information, increase a new DGW information table.
Iii. MAC Address is set in the static mac address list item of LC, and and inline port binding.
B) if exist, illustrate that this is the IP address in a Geju City.Only need refresh corresponding DGW_IA_Timer.
3, the following flow process of the overtime triggering of DGW_IA_Timer:
A) inquire corresponding DGW information table.
B) the corresponding MAC Address list item of deletion from the LC static mac address table.
C) DGW_IA_Timer and the DGW_MA_Timer of deletion DGW information table correspondence.
D) delete this DGW information table.
4, DGW_MA_Timer triggers CSCC and initiates the ARP request again.Use uses the ARP agreement to obtain a MAC Address from the IP address that the DGW information table inquires.
If the MAC that preserves in the MAC Address of a) obtaining and the DGW information table is consistent, do not do any action so;
B) if different,
I. upgrade the DGW information table so, use new MAC Address to replace old MAC Address;
Ii. delete the old MAC Address among the static MAC of LC, new MAC Address is set.
The cycle of DGW_IA_Timer is unsuitable too short, should have linear relationship with user's the minimum rental period.Can prevent that like this and corresponding MAC Address is deleted prematurely because its cycle is too short.DGW_MA_Timer can be set to the MAC address aging time of system default.
Consider fail safe, method of the present invention can also be done some enhancings, for example:
1, by being provided with, DHCP Discovery, ARP request and message that this CSCC sends only are sent to network-side port, that is to say, can not be sent to the inline port that docks with LC, CSCC can only handle DHCP Offer, the arp response message from network-side port.
2, by being provided with, make CSCC whenever detecting new LC, before the professional circulation of LC, the SS MAC Address that at first will obtain is set among the LC.
3, by maximum dhcp message table, the number of DGW information table list item are set, if the address number that CSCC obtains surpasses default variable, ALM.
Being preferred embodiment of the present invention only in sum, is not to be used for limiting practical range of the present invention.Be that all equivalences of doing according to the content of the present patent application claim change and modification, all should be technology category of the present invention.
Claims (9)
1, a kind of method that under access module, realizes the anti-deception of address of service server, this method is at DHCP Server, DHCP Relay, default gateway DGW and access node AN upward realize, it is characterized in that this method comprises the following steps:
A.AN obtains the MAC Address of DHCP Server or DHCP Relay, and MAC Address is set in the static mac address list item of AN;
B.AN obtains the MAC Address of default gateway, and the MAC Address of described default gateway is set in the static mac address list item of AN;
Above-mentioned steps A further comprises:
A1.AN initiates the DHCP configuration flow termly by the message timer, broadcasting DHCPDiscovery message;
A2. DHCP Server on the network or DHCP Relay make response to the Discovery message, passback DHCP Offer message;
A3.AN receives the Offer message, extract wherein DHCP Server or the MAC Address of DHCPRelay;
A4.AN is set to the MAC Address of DHCP Server or DHCP Relay in the static mac address table of AN;
Above-mentioned steps B further comprises:
B1.AN detects the mutual DHCP protocol massages of user and DHCP Server or DHCP Relay in real time; Obtain the IP address of the default gateway that wherein is provided with;
B2.AN starts the ARP agreement, obtains the MAC Address of default gateway ip address correspondence;
After B3.AN gets access to the MAC Address of default gateway, this MAC Address is written in the static mac address list item of AN, and the network side interface that the MAC Address in the described MAC Address list item is tied to Line cards.
2, the method that realizes the anti-deception of address of service server under access module according to claim 1 is characterized in that further comprising after the described steps A 4:
Whether the MAC Address that A5.AN passes through regular inspection DHCPServer of DHCP MAC address aging timer or DHCP Relay is aging, if aging just this list item of deletion from static mac address table.
3, the method that realizes the anti-deception of address of service server under access module according to claim 1 is characterized in that above-mentioned steps A2 further comprises:
If that A21. exist on the network is DHCP Server, so direct loopback DHCPOffer;
If that A22. exist on the network is DHCP Relay, the DHCP Server of DHCP Relay needs and external network is mutual so, obtains the Offer message from DHCP Server, then this message of loopback.
4, the method that realizes the anti-deception of address of service server under access module according to claim 3 is characterized in that described above-mentioned steps A22 further comprises:
A221.DHCP Relay receives DHCP Discovery message, according to the DHCPRelay agreement, this message is just revised, and sends to the DHCP Server of external network then;
A222.DHCP Server receives DHCP Discovery message, loopback DHCPOffer;
A223.DHCP Relay receives the DHCP Offer message from DHCP Server; According to DHCP Relay agreement, Relay makes amendment to the Offer message, and AN is given in loopback then.
5, the method that realizes the anti-deception of address of service server under access module according to claim 1 is characterized in that the cycle of described message timer is set to 10 minutes.
6, the method that realizes the anti-deception of address of service server under access module according to claim 2 is characterized in that the cycle of the cycle of DHCP MAC address aging timer greater than the message timer.
7, the method that realizes the anti-deception of address of service server under access module according to claim 1 is characterized in that described method also further comprises:
Only send DHCPDiscovery, ARP request message by core switch control card CSCC to network-side port, and CSCC only handles DHCPOffer, arp response message from network-side port, wherein, described AN comprises CSCC and realizes the access of user data and the Line cards LC that converges.
8 methods that realize the anti-deception of address of service server under access module according to claim 7 is characterized in that described method further comprises:
Detect new Line cards LC by CSCC, before the professional circulation of LC, the service server SS MAC Address that at first will obtain is set among the LC.
9, the method that realizes the anti-deception of address of service server under access module according to claim 8 is characterized in that described method also further comprises:
Maximum dhcp message table, the number of DGW information table list item are set, ALM when address number that CSCC obtains surpasses maximum list item number.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610028422A CN100589434C (en) | 2006-06-30 | 2006-06-30 | Method for implementing anti-spurious business server address under access mode |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610028422A CN100589434C (en) | 2006-06-30 | 2006-06-30 | Method for implementing anti-spurious business server address under access mode |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101098288A CN101098288A (en) | 2008-01-02 |
| CN100589434C true CN100589434C (en) | 2010-02-10 |
Family
ID=39011816
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200610028422A Expired - Fee Related CN100589434C (en) | 2006-06-30 | 2006-06-30 | Method for implementing anti-spurious business server address under access mode |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100589434C (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101217477B (en) * | 2008-01-10 | 2010-12-22 | 杭州华三通信技术有限公司 | A method, device and router to realize DHCP lease smoothing switching in VRRP backup group |
| CN101931607A (en) * | 2009-06-23 | 2010-12-29 | 中兴通讯股份有限公司 | Method and device for preventing user address spoofing in broadband access equipment |
| CN101674309B (en) * | 2009-09-23 | 2012-05-09 | 中兴通讯股份有限公司 | Ethernet access method and device thereof |
| CN102036247B (en) * | 2010-11-29 | 2013-01-02 | 桂林电子科技大学 | Method for defending single node invasive attack in wireless network |
| CN102420748B (en) * | 2011-11-23 | 2014-07-23 | 杭州华三通信技术有限公司 | Method and router for avoiding attack of ARP (address resolution protocol) report |
| CN102571564A (en) * | 2011-12-19 | 2012-07-11 | 福建星网锐捷网络有限公司 | Method, apparatus and device for aging static medium access control address |
| CN105376346B (en) * | 2015-12-09 | 2018-12-14 | 北京艾科网信科技有限公司 | A kind of method and system improving DHCP protocol safety |
| CN110213301B (en) * | 2019-07-11 | 2021-09-03 | 武汉思普崚技术有限公司 | Method, server and system for transferring network attack plane |
| JP7376288B2 (en) * | 2019-09-10 | 2023-11-08 | アズビル株式会社 | Specific device and method |
-
2006
- 2006-06-30 CN CN200610028422A patent/CN100589434C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN101098288A (en) | 2008-01-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100589434C (en) | Method for implementing anti-spurious business server address under access mode | |
| CN1855873B (en) | Method and system for implementing a high availability vlan | |
| CN100566294C (en) | Single broadcast reverse path repeating method | |
| US8055768B2 (en) | Network including snooping | |
| US7379423B1 (en) | Filtering subscriber traffic to prevent denial-of-service attacks | |
| EP1250791B1 (en) | System and method for using an ip address as a wireless unit identifier | |
| US7596693B1 (en) | Controlling ARP packet traffic to enhance network security and scalability in TCP/IP networks | |
| US10601766B2 (en) | Determine anomalous behavior based on dynamic device configuration address range | |
| US9118606B2 (en) | Method and apparatus for simulating IP multinetting | |
| CN106559292A (en) | A kind of broad band access method and device | |
| CN104243472A (en) | Network with MAC table overflow protection | |
| CN100407704C (en) | Method of dynamically learning address on MAC layer | |
| JP4873960B2 (en) | Method for facilitating application server functions and access nodes including application server functions | |
| CN101459653B (en) | Method for preventing DHCP packet attack based on Snooping technique | |
| CN101321102A (en) | Detection method and access equipment of DHCP server | |
| CN102137073B (en) | Method and access equipment for preventing imitating internet protocol (IP) address to attack | |
| CN110493366A (en) | The method and device of network management is added in a kind of access point | |
| CN104270325A (en) | System and method of implementing limitation of public network access user number based on Linux for CPE (Customer Premise Equipment) | |
| KR20040109985A (en) | Method for preventing arp/ip spoofing automatically on the dynamic ip address allocating environment using dhcp packet | |
| CN101098290B (en) | Devices for implementing anti-spurious IP address on AN and methods therefor | |
| CN104506437A (en) | Item setup method and device | |
| CN104883337A (en) | Ring network user safety realizing method and apparatus | |
| US7583616B2 (en) | Network unit for forwarding an ethernet packet | |
| CN100502310C (en) | broadband far end server MAC address cheat prevention implementing method for MAC address of server | |
| Nikolchev et al. | Development of Recommendations for the Implementation of Integrated Security in the Corporate Network at the OSI Data Link Layer |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100210 Termination date: 20150630 |
|
| EXPY | Termination of patent right or utility model |