CN101075899B - Wireless device and method for discriminating administrative frame - Google Patents
Wireless device and method for discriminating administrative frame Download PDFInfo
- Publication number
- CN101075899B CN101075899B CN200610060727A CN200610060727A CN101075899B CN 101075899 B CN101075899 B CN 101075899B CN 200610060727 A CN200610060727 A CN 200610060727A CN 200610060727 A CN200610060727 A CN 200610060727A CN 101075899 B CN101075899 B CN 101075899B
- Authority
- CN
- China
- Prior art keywords
- frame
- management frames
- reflect
- stage
- wireless device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
Abstract
The method comprises: receiving the management frame to be discriminated; according to the management frame to be discriminated, determining a new frame; according to the new frame, transmitting the class frame to the expected source device; wherein, if the class of the class frame is higher than its corresponding frame above new frame determining step; deciding if receiving a desired frame; wherein, the desired frame has same frame type with the management frame to be discriminated; if receiving the desired frame, the management frame is determined to be a real one.
Description
Technical field
The present invention relates to network communication field, relate in particular to the method for a kind of wireless device and discriminating management frames thereof.
Background technology
When mobile radio station and access point carry out radio communication, link frame (Disassociation Frame) or remove authentication frame (DeAuthentication Frame) if mobile radio station receives to remove from access point, generally, mobile radio station can not be differentiated to remove and link frame or remove the true and false of authentication frame, so, mobile radio station can link again with access point, authenticates again or roams.
Yet, be that the assailant pretends to be access point to transmit if above-mentioned releasing links frame or removes authentication frame, can cause denial of service (Deny of Service) to attack (Attack) to mobile radio station.
Summary of the invention
In view of this, a kind of wireless device need be provided, it can be differentiated to remove and link frame (DisassociationFrame) and remove the true and false of authentication frame (DeAuthentication Frame), thereby avoid denial of service (Deny of Service) to attack (Attack).
In addition, also need provide a kind of method of differentiating management frames, it can be differentiated to remove and link frame and remove the true and false of authentication frame, thereby avoid Denial of Service attack.
A kind of wireless device is used to differentiate the true and false of management frames, and it comprises receiver module, stage determination module, delivery module and true and false judge module.Receiver module is used for receiving management frames to be reflected.The stage determination module is used for determining the new frame stage according to management frames to be reflected.Delivery module is used for transmitting the grade frame according to the new frame stage and gives the expectation original device.Wherein, the frame grade of grade frame is than new frame stage pairing frame grade height.True and false judge module is used to differentiate waits the true and false of management frames that reflect, and it comprises frame judgement submodule.Frame judges that submodule is used to judge whether to receive expecting frame, and the true and false of management frames that reflect waited in discriminating according to judged result.Wherein, expecting frame is and waits the identical frame of management frames kenel that reflects.
A kind of method of differentiating management frames may further comprise the steps: receive management frames to be reflected; Determine the new frame stage according to management frames to be reflected; Transmit the grade frame according to the new frame stage and give the expectation original device, wherein, the frame grade of grade frame is than new frame stage pairing frame grade height; Judge whether to receive expecting frame, wherein, expecting frame is and waits the identical frame of management frames kenel that reflects; Receive expecting frame if reach, judge that then management frames to be reflected is real.
The method of above-mentioned discriminating management frames can be differentiated and wait the true and false of management frames that reflect, thereby avoid Denial of Service attack.
Description of drawings
Fig. 1 is the schematic diagram of management frames in the embodiment of the present invention.
Fig. 2 is the module map of the schematic diagram and first wireless device of the present invention one execution mode of wireless communication system in the embodiment of the present invention.
Fig. 3 is the module map of another execution mode of first wireless device of the present invention.
Fig. 4 is the module map of the another execution mode of first wireless device of the present invention.
Fig. 5 is the module map of the another execution mode of first wireless device of the present invention.
Fig. 6 is the flow chart that the present invention differentiates method one execution mode of management frames.
Fig. 7 is the flow chart that the present invention differentiates another execution mode of method of management frames.
Fig. 8 is the flow chart that the present invention differentiates the another execution mode of method of management frames.
Fig. 9 is the flow chart that the present invention differentiates the another execution mode of method of management frames.
Embodiment
Consult Fig. 1, be the schematic diagram of management frames in the embodiment of the present invention 1000.In the present embodiment, management frames 1000 can be to remove and links frame (Disassociation Frame) or remove authentication frame (Deauthentication Frame).Management frames 1000 comprises medium access control (Media AccessControl, MAC) gauge outfit (Header) 1100, reason-code (Reason Code) 1200 and FCS (Frame Check Sequence, FCS) 1300.MAC gauge outfit 1100 comprises type field 1110 and sub-type field 1120.
Reason-code 1200 is used to indicate the releasing reason.In the present embodiment, when management frames 1000 linked frame for removing, reason-code 1200 was used to illustrate the reason of removing binding.When management frames 1000 is that reason-code 1200 is used to illustrate the reason of releasing authentication when removing authentication frame.
Consult Fig. 2, be the module map of the schematic diagram and first wireless device of the present invention 100 1 execution modes of wireless communication system in the embodiment of the present invention.In the present embodiment, wireless communication system comprises first wireless device 100, second wireless device 200 and attacks device 300.First wireless device 100 can be respectively mobile radio station (Mobile Station) with second wireless device 200, and (Access Point AP), maybe can be respectively access point and mobile radio station with access point.Attack device 300 and can be mobile radio station with frame generator.
First wireless device 100 carries out radio communication with second wireless device 200.Second wireless device 200 can transmit the management frames of waiting to reflect and give first wireless device 100.Attacking device 300 can utilize the MAC Address of second wireless device 200 to pretend to be second wireless device 200 to transmit the above-mentioned management frames of waiting to reflect to first wireless device 100.In the present embodiment, management frames to be reflected belongs to management frames 1000 shown in Figure 1, and management frames promptly to be reflected can be to remove and links frame or remove authentication frame.After first wireless device 100 receives the management frames of waiting to reflect, determine the new frame stage according to management frames to be reflected earlier, and transmit the grade frame according to the new frame stage and give second wireless device 200, judge according to second wireless device 200 whether loopback expecting frame again and wait the true and false of management frames that reflect, judge promptly whether the management frames of waiting to reflect is that second wireless device 200 transmits, thereby avoid denial of service (Denial of Service) to attack (Attack).
According to the regulation of 802.11 agreements, the frame stage (State) between first wireless device 100 and the second wireless device 200 comprises phase I (State 1), second stage (State 2) and phase III (State3).Wherein, the phase I is meant not only unverified (Unauthenticated) between first wireless device 100 and the second wireless device 200 but also does not link stage of (Unassociated).Second stage is meant the stage that (Authenticated) but do not link (Unassociated) that authenticates between first wireless device 100 and the second wireless device 200.Phase III is meant between first wireless device 100 and the second wireless device 200 stage that not only authenticates (Authenticated) but also link (Associated).
In the different frame stages, have only the frame of its permission to be transmitted mutually or to receive.So first wireless device 100 can be divided into three different grades (Class) with frame between the second wireless device 200, is respectively the first estate (Class 1), second grade (Class 2) and the tertiary gradient (Class 3).The first estate, second grade and the tertiary gradient correspond respectively to phase I, second stage and phase III.
Please consult Fig. 2 once more, first wireless device 100 comprises receiver module 110, stage determination module 120, delivery module 130 and true and false judge module 140.Receiver module 110 is used for receiving management frames to be reflected.Wherein, wait the to reflect source MAC that comes of management frames is the MAC Address of second wireless device 200.In the present embodiment, management frames to be reflected belongs to management frames 1000 as shown in Figure 1, promptly can be to remove to link frame or remove authentication frame.
In the present embodiment, transmit if management frames to be reflected is a second wireless device 200, then second wireless device 200 can determine that it is new frame stage that first wireless device 100 and frame stage from old frame stage between the second wireless device 200 become.In the present embodiment, if the management frames of waiting to reflect links frame for removing, the then new frame stage is a second stage.Management frames is for removing authentication frame if wait to reflect, and the then new frame stage is the phase I.
Otherwise, management frames is not that second wireless device 200 transmits if wait to reflect, pretend to be second wireless device 200 to transmit but attack device 300, then second wireless device 200 can think that the frame stage between first wireless device 100 and the second wireless device 200 still is the old frame stage.
In the present embodiment, transmit if management frames to be reflected is a second wireless device 200, then second wireless device 200 can receive the grade frame higher than pairing grade of new frame stage in the new frame stage.According to 802.11 regulations, second wireless device 200 must the loopback expecting frame be given first wireless device 100.Wherein, expecting frame is and waits the identical frame of management frames kenel that reflects.In the present embodiment, if second wireless device 200 receives the grade frame of the tertiary gradient in second stage, then loopback is removed and is linked frame and give first wireless device 100.If second wireless device 200 receives the grade frame of second and third grade in the phase I, then loopback is removed authentication frame and is given first wireless device 100.
Otherwise, if not being second wireless device 200, the management frames of waiting to reflect transmits, then second wireless device 200 can receive the grade frame in the old frame stage, thus can loopback not identical with the management frames kenel of waiting the to reflect frame of second wireless device 200 is to first wireless device 100.
True and false judge module 140 is used to differentiate waits the true and false of management frames that reflect.True and false judge module 140 comprises frame judgement submodule 141.Frame judges that submodule 141 is used to judge whether to receive expecting frame, and the true and false of management frames that reflect waited in discriminating according to judged result.Wherein, expecting frame is and waits the identical frame of management frames kenel that reflects.If receive expecting frame, then frame judges that submodule 141 judgements management frames to be reflected is real, and management frames promptly to be reflected is that second wireless device 200 transmits.If do not receive expecting frame, then frame judgement submodule 141 judges that the management frames of waiting to reflect is not real, and the management frames of promptly waiting to reflect is not that second wireless device 200 transmits, but 300 transmission of attack device.
Consult Fig. 3, be the module map of first wireless device 100 ' in another execution mode of the present invention.First wireless device 100 differences are that the true and false judge module 140 ' of first wireless device 100 ' more comprises code judgement submodule 142 among first wireless device 100 ' in the present embodiment and Fig. 2.First wireless device 100 ' can be judged that submodule 142 is judged more accurately by code and wait the true and false of management frames that reflect.
In the present embodiment, attack device 300 and might attack first wireless devices 100 ' continuously, promptly expecting frame might not be that first wireless device 100 ' transmits, but attack device 300 since continuously attack transmit.
In the present embodiment, expecting frame belongs to management frames 1000 shown in Figure 1.Expecting frame comprises reason-code 1200.Reason-code 1200 is used to indicate the releasing reason.For example, when reason-code 1200 is 6, the grade frame (Class 2 Frame Receivedfrom non-authenticated station) that receives second grade from unverified website is described.When reason-code 1200 is 7, illustrate that the website that never links receives the grade frame (Class 3 Frame Received from non-associatedstation) of the tertiary gradient.
In the present embodiment, transmit if wait to reflect management frames and expecting frame all are second wireless devices 200, and the management frames of waiting to reflect is all to remove with expecting frame and links frame, then the reason-code 1200 of expecting frame is used to illustrate the reason of releasing binding, is 7.Management frames and expecting frame all are that second wireless device 200 transmits if wait to reflect, and the management frames of waiting to reflect is all the releasing authentication frame with expecting frame, and then the reason-code 1200 of expecting frame is used to the reason that illustrates that releasing authenticates, is 6.
Otherwise neither as if wait to reflect management frames and expecting frame is that second wireless device 200 transmits, and then cause code field 1200 can arbitrarily be set by attack device 300.
In the present embodiment, judge submodule 141 when frame and judge when receiving expecting frame that code judges that submodule 142 judges whether the reason-code 1200 of expecting frame is expected value.If the reason-code of expecting frame 1200 is not an expected value, judge that then the management frames of waiting to reflect is not real.If the reason-code 1200 of expecting frame is an expected value, judge that then management frames to be reflected is real.
Consult Fig. 4, be first wireless device 100 in the another execution mode of the present invention " module map.First wireless device 100 in the present embodiment " with Fig. 3 in the difference of first wireless device 100 ' be first wireless device 100 " true and false judge module 140 " more comprise responding and judge submodule 143.First wireless device 100 " can wait the true and false of management frames that reflect by responding the 143 more accurate judgements of judgement submodule.
In the present embodiment, the grade frame is a claim frame, the frame that promptly needs second wireless device 200 to respond.Management frames is not that second wireless device 200 transmits if wait to reflect, and then second wireless device 200 can receive the grade frame in the old frame stage, so second wireless device 200 can transmit the Echo Frame of grade frame and give first wireless device 100 ".
Otherwise, transmit if management frames to be reflected is a second wireless device 200, then second wireless device 200 can receive the grade frame in the new frame stage, so, second wireless device 200 can not transmit the Echo Frame of grade frame and give first wireless device 100 ", give first wireless device 100 and can transmit expecting frame ".
Respond and judge that submodule 143 is used to judge whether to receive the Echo Frame of grade frame, and the true and false of management frames that reflect waited in discriminating according to judged result.In the present embodiment, when code judges that submodule 142 judges that the reason-code of expecting frame is expected value, respond and judge that submodule 143 judges whether to receive the Echo Frame of grade frame.If do not receive the Echo Frame of grade frame, can judge that then management frames to be reflected is real, management frames promptly to be reflected is that second wireless device 200 transmits.If receive the Echo Frame of grade frame, can judge that then the management frames of waiting to reflect is not real, the management frames of promptly waiting to reflect is not a second wireless device 200.
In other embodiments, response judgement submodule 143 can be changed with the judgement order of frame judgement submodule 141, but code judgement submodule 142 must could be judged after frame is judged submodule 141.
Consult Fig. 5, be first wireless device 100 in the another execution mode of the present invention " ' module map.First wireless device 100 in the present embodiment " ' with Fig. 4 in first wireless device 100 " difference be first wireless device 100 " ' more comprise contradiction judge module 150.First wireless device 100 " ' can judge in conjunction with contradiction judge module 150 and wait the true and false of management frames that reflect.
For example, when the reason-code of the management frames of waiting to reflect is 6, explanation receives the frame of second grade from unverified website, the frame stage that communicating pair promptly is described is the phase I, if the old frame stage is second and third stage, the reason-code of management frames of then waiting to reflect contradicted with the old frame stage, thereby contradiction judge module 150 judges that the management frames of waiting to reflect is not real.Otherwise, if the old frame stage is the phase I, the reason-code of management frames and the old frame stage contradiction not of then waiting to reflect, thereby stage determination module 120 is determined the new frame stage according to management frames to be reflected, and promptly determines first wireless device 100 " ' with second wireless device 200 between to become be new frame stage frame stage from the old frame stage.
When the reason-code of the management frames of waiting to reflect is 7, illustrate that the website that never links receives the grade frame of the tertiary gradient, the frame stage that communicating pair promptly is described is a second stage, if the old frame stage was first and third stage, then the reason-code of management frames to be identified contradicted with the old frame stage, thereby contradiction judge module 150 judges that the management frames of waiting to reflect is not real.Otherwise, if the old frame stage is a second stage, the reason-code of management frames to be identified and old frame stage contradiction not then, thereby stage determination module 120 is determined the new frame stage according to management frames to be reflected, and promptly determines first wireless device 100 " ' with second wireless device 200 between to become be new frame stage frame stage from the old frame stage.
Consult Fig. 6, differentiate the flow chart of method one execution mode of management frames for the present invention.In the present embodiment, first wireless device 100 utilizes the present invention to differentiate that the method for management frames is differentiated and waits the true and false of management frames that reflect.
At step S600, the receiver module 110 of first wireless device 100 receives management frames to be reflected.Wherein, wait the to reflect source MAC that comes of management frames is the MAC Address of second wireless device 200.In the present embodiment, management frames to be reflected belongs to management frames 1000 as shown in Figure 1, promptly can be to remove to link frame or remove authentication frame.
In the present embodiment, transmit if management frames to be reflected is a second wireless device 200, then second wireless device 200 can determine that it is new frame stage that first wireless device 100 and frame stage from old frame stage between the second wireless device 200 become.In the present embodiment, the management frames of waiting to reflect links frame for removing, and the then new frame stage is a second stage.Management frames is for removing authentication frame if wait to reflect, and the then new frame stage is the phase I.
Otherwise, management frames is not that second wireless device 200 transmits if wait to reflect, pretend to be second wireless device 200 to transmit but attack device 300, then second wireless device 200 can think that the frame stage between first wireless device 100 and the second wireless device 200 still is the old frame stage.
At step S602, the stage determination module 120 of first wireless device 100 is determined the new frame stage according to management frames to be reflected.In the present embodiment, if the management frames of waiting to reflect links frame for removing, the then new frame stage is a second stage.Management frames is for removing authentication frame if wait to reflect, and the then new frame stage is the phase I.
At step S604, the delivery module 130 of first wireless device 100 transmits the grade frame according to the new frame stage and gives the expectation original device.Wherein, the frame grade of grade frame is than new frame stage pairing frame grade height.The expectation original device is second wireless device 200, so, expect original device MAC Address should with expecting frame come source MAC identical.In the present embodiment, if the new frame stage is a second stage, then the frame grade of grade frame can be the third level.If the new frame stage is the phase I, then the frame grade of grade frame can be the second level or the third level.
In the present embodiment, transmit if management frames to be reflected is a second wireless device 200, then second wireless device 200 can receive the grade frame higher than pairing grade of new frame stage in the new frame stage.According to 802.11 regulations, second wireless device 200 must the loopback expecting frame be given first wireless device 100.Wherein, expecting frame is and waits the identical frame of management frames kenel that reflects.For example, if second wireless device 200 receives the grade frame of the tertiary gradient in second stage, then must transmit to remove and link frame and give first wireless device 100.If second wireless device 200 receives the grade frame of second and third grade in the phase I, then must transmit and remove authentication frame and give first wireless device 100.
Otherwise, if not being second wireless device 200, the management frames of waiting to reflect transmits, then second wireless device 200 can receive the grade frame in the old frame stage, thus second wireless device 200 can not transmit with the identical frame of management frames kenel of waiting to reflect and give first wireless device 100.
At step S606, the frame of first wireless device 100 judges that submodule 141 judges whether to receive expecting frame.Wherein, expecting frame is and waits the identical frame of management frames kenel that reflects.
If receive expecting frame, at step S608, then frame judges that submodule 141 judgements management frames to be reflected is real, and management frames promptly to be reflected is that second wireless device 200 transmits.
If do not receive expecting frame, at step S610, then frame judgement submodule 141 judges that the management frames of waiting to reflect is not real, and the management frames of promptly waiting to reflect is not that second wireless device 200 transmits.
Consult Fig. 7, differentiate the flow chart of another execution mode of management frames for the present invention.
Step S700, S702, S704 and S706 are identical with step S600, S602, S604 and S606 among Fig. 6 respectively in the present embodiment, therefore repeat no more.
In the present embodiment, transmit if wait to reflect management frames and expecting frame all are second wireless devices 200, and the management frames of waiting to reflect is all to remove with expecting frame and links frame, then the reason-code 1200 of expecting frame is used to illustrate the reason of releasing binding, is 7.Management frames and expecting frame all are that second wireless device 200 transmits if wait to reflect, and the management frames of waiting to reflect is all the releasing authentication frame with expecting frame, and then the reason-code 1200 of expecting frame is used to the reason that illustrates that releasing authenticates, is 6.
Otherwise neither as if wait to reflect management frames and expecting frame is that second wireless device 200 transmits, and then cause code field 1200 can arbitrarily be set by attack device 300.
Method in the present embodiment and the method difference among Fig. 6 are, if frame is judged submodule 141 and is judged when receiving expecting frame, at step S708, the code of first wireless device 100 ' judges that submodule 142 judges whether the reason-code of expecting frame is expected value.In the present embodiment, if expecting frame links frame for removing, then expected value is 7.If expecting frame is for removing authentication frame, then expected value is 6.
If frame is judged submodule 141 and judges when not receiving expecting frame that at step S712, the frame of first wireless device 100 ' judgement submodule 141 judges that the management frames of waiting to reflect is not real.
If the reason-code of expecting frame is an expected value, then at step S710, code judges that submodule 142 judgements management frames to be reflected is real.
If the reason-code of expecting frame is not an expected value, then at step S712, code judgement submodule 142 judges that the management frames of waiting to reflect is not real.
Consult Fig. 8, differentiate the flow chart of the another execution mode of method of management frames for the present invention.Step S800, S802, S804, S806 and S808 are identical with step S700, S702, S704, S706 and S708 among Fig. 7 respectively in the present embodiment, therefore repeat no more.
In the present embodiment, the grade frame is a claim frame, the frame that promptly needs second wireless device 200 to respond.Management frames is not that second wireless device 200 transmits if wait to reflect, and then second wireless device 200 can receive the grade frame in the old frame stage, so second wireless device 200 can transmit the Echo Frame of grade frame and give first wireless device 100 ".
Otherwise, transmit if management frames to be reflected is a second wireless device 200, then second wireless device 200 can receive the grade frame in the new frame stage, so, second wireless device 200 can not transmit the Echo Frame of grade frame and give first wireless device 100 ", give first wireless device 100 and can transmit expecting frame ".
Method in the present embodiment and the method difference among Fig. 7 are, if code is judged submodule 142 and is judged when the reason-code of expecting frame is expected value, at step S810, first wireless device 100 " response judge that submodule 143 judges whether to receive the Echo Frame of grade frame.
If code is judged submodule 142 and judges when the reason-code of expecting frame is not expected value that at step S814, code judgement submodule 142 judges that the management frames of waiting to reflect is not real.
If do not receive the Echo Frame of grade frame,, respond and judge that submodule 143 judgements management frames to be reflected is real then at step S812.
If receive the Echo Frame of grade frame,, respond judgement submodule 143 and judge that the management frames of waiting to reflect is not real then at step S814.
In other embodiments, the judgement of step S806 and S810 order can be changed, but step S808 must be after step S806.
Consult Fig. 9, differentiate the flow chart of the another execution mode of method of management frames for the present invention.Step S900, S906, S908, S910, S912 and S914 are identical with step S800, S806, S808, S810, S812 and S814 among Fig. 8 respectively in the present embodiment, therefore repeat no more.Method in the present embodiment and the method difference among Fig. 8 are, after receiver module 110 receives the management frames of waiting to reflect, at step S902, first wireless device 100 " ' contradiction judge module 150 judge whether the reason-code of the management frames of waiting to reflect contradicts with the old frame stage.
The reason-code of management frames and the old frame stage contradiction not if wait to reflect,, first wireless device 100 then at step S904 " ' stage determination module 120 determine the new frame stage according to management frames to be reflected.
The reason-code of management frames contradicted with the old frame stage if wait to reflect, and then at step S916, contradiction judge module 150 judges that the management frames of waiting to reflect is not real.
In embodiment of the present invention, first wireless device 100 " ' receive the management frames of waiting to reflect after; can be by contradiction judge module 150, stage determination module 120, delivery module 130 and true and false judge module 140 " differentiate and wait the true and false of management frames that reflect, judge promptly whether the management frames of waiting to reflect is that second wireless device 200 transmits, thereby avoid Denial of Service attack.
Claims (12)
1. a wireless device is used to differentiate the true and false of management frames, and it is characterized in that, described wireless device comprises:
Receiver module is used for receiving management frames to be reflected, and management frames described to be reflected comprises removing and links frame and remove authentication frame;
The stage determination module, be used for determining the new frame stage according to management frames described to be reflected, wherein if the described management frames of waiting to reflect links frame for removing, the then described new frame stage is the second stage in the three phases of connecting state between the mobile radio station of 802.11 agreements regulations and the access point, if the described management frames of waiting to reflect is for removing authentication frame, the then described new frame stage is the phase I in the three phases of connecting state between the mobile radio station of 802.11 agreements regulation and the access point;
Delivery module, be used for transmitting the grade frame and give the expectation original device according to the described new frame stage, wherein, the frame grade of described grade frame is than described pairing frame grade height of new frame stage, and the medium access control address of described expectation original device is identical with the source medium access control address of the described management frames of waiting to reflect;
True and false judge module is used to differentiate described the true and false of management frames that reflect of waiting, described true and false judge module comprises:
Frame is judged submodule, be used to judge whether to receive expecting frame, and determine that when receiving described expecting frame management frames described to be reflected is real, wherein, when the described management frames of waiting to reflect links frame for removing, described expecting frame is all to remove and links frame, when the described management frames of waiting to reflect is that described expecting frame is all the releasing authentication frame when removing authentication frame.
2. wireless device as claimed in claim 1 is characterized in that, described wait to reflect management frames and described expecting frame all comprise medium access control gauge outfit, reason-code and FCS.
3. wireless device as claimed in claim 2, it is characterized in that, described true and false judge module more comprises code judgement submodule, be used to judge whether the reason-code of described expecting frame is expected value, and when being described expected value, the reason-code of described expecting frame determines that management frames described to be reflected is real, wherein if expecting frame is 7 for removing the then described expected value of binding frame, if described expecting frame is 6 for removing the then described expected value of authentication frame.
4. wireless device as claimed in claim 3 is characterized in that, described grade frame is a claim frame.
5. wireless device as claimed in claim 4, it is characterized in that, described true and false judge module more comprises responding judges submodule, is used to judge whether to receive the Echo Frame of described grade frame, and determines that when receiving the Echo Frame of described grade frame the described management frames of waiting to reflect is for false.
6. wireless device as claimed in claim 2, it is characterized in that, more comprise the contradiction judge module, the reason-code that is used to judge the described management frames of waiting to reflect whether with old frame stage contradiction, and do not determine that management frames described to be reflected is real during contradiction in the reason-code of the described management frames of waiting to reflect and described old frame stage, the wherein said old frame stage be receive before the described management frames of waiting to reflect, according to a stage in the three phases of connecting state between the mobile radio station of 802.11 agreements regulation and the access point.
7. a method of differentiating management frames is characterized in that, may further comprise the steps:
Reception management frames to be reflected, management frames described to be reflected comprise removing and link frame and remove authentication frame;
Determine the new frame stage according to management frames described to be reflected, wherein if the described management frames of waiting to reflect links frame for removing, the then described new frame stage is the second stage in the three phases of connecting state between the mobile radio station of 802.11 agreements regulations and the access point, if the described management frames of waiting to reflect is for removing authentication frame, the then described new frame stage is the phase I in the three phases of connecting state between the mobile radio station of 802.11 agreements regulation and the access point;
Transmit the grade frame according to the described new frame stage and give the expectation original device, wherein, the frame grade of described grade frame is than described pairing frame grade height of new frame stage, and the medium access control address of described expectation original device is identical with the source medium access control address of the described management frames of waiting to reflect;
Judge whether to receive expecting frame, wherein, when the described management frames of waiting to reflect was releasing binding frame, described expecting frame was for removing the binding frame, and when the described management frames of waiting to reflect was the releasing authentication frame, described expecting frame was for removing authentication frame; And
If receive described expecting frame, judge that then management frames described to be reflected is real.
8. the method for discriminating management frames as claimed in claim 7 is characterized in that, described wait to reflect management frames and described expecting frame all comprise medium access control gauge outfit, reason-code and FCS.
9. the method for discriminating management frames as claimed in claim 8 is characterized in that, more may further comprise the steps:
Whether the reason-code of judging described expecting frame is expected value, wherein if expecting frame is 7 for removing the then described expected value of binding frame, if described expecting frame is 6 for removing the then described expected value of authentication frame; And
If described expected value judges that then management frames described to be reflected is real.
10. the method for discriminating management frames as claimed in claim 9 is characterized in that, described grade frame is a claim frame.
11. the method for discriminating management frames as claimed in claim 10 is characterized in that, more may further comprise the steps:
Judge whether to receive the Echo Frame of described grade frame; And
If receive the Echo Frame of described grade frame, judge that then the described management frames of waiting to reflect is not real.
12. the method for discriminating management frames as claimed in claim 8 is characterized in that, more may further comprise the steps:
The reason-code of judging the described management frames of waiting to reflect whether with old frame stage contradiction, the wherein said old frame stage be receive before the described management frames of waiting to reflect, according to a stage in the three phases of connecting state between the mobile radio station of 802.11 agreements regulation and the access point; And
If contradiction does not judge that then management frames described to be reflected is real.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610060727A CN101075899B (en) | 2006-05-19 | 2006-05-19 | Wireless device and method for discriminating administrative frame |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610060727A CN101075899B (en) | 2006-05-19 | 2006-05-19 | Wireless device and method for discriminating administrative frame |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101075899A CN101075899A (en) | 2007-11-21 |
| CN101075899B true CN101075899B (en) | 2010-05-26 |
Family
ID=38976729
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200610060727A Expired - Fee Related CN101075899B (en) | 2006-05-19 | 2006-05-19 | Wireless device and method for discriminating administrative frame |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101075899B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105323760B (en) * | 2014-07-28 | 2019-01-01 | 中国移动通信集团公司 | A kind of correlating method, wireless access point and the terminal of wireless access point and terminal |
| CN105282144B (en) * | 2015-09-11 | 2018-11-30 | 三明学院 | Novel anti-802.11 wireless releases authentication frame flood Denial of Service attack methods |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1588878A (en) * | 2004-08-05 | 2005-03-02 | Ut斯达康通讯有限公司 | Method for detecting illegally cut-in point in radio cocal network |
| CN1750456A (en) * | 2004-09-14 | 2006-03-22 | 阿尔卡特公司 | Cookie-based mechanism providing lightweight authentication of layer-2 frames |
-
2006
- 2006-05-19 CN CN200610060727A patent/CN101075899B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1588878A (en) * | 2004-08-05 | 2005-03-02 | Ut斯达康通讯有限公司 | Method for detecting illegally cut-in point in radio cocal network |
| CN1750456A (en) * | 2004-09-14 | 2006-03-22 | 阿尔卡特公司 | Cookie-based mechanism providing lightweight authentication of layer-2 frames |
Non-Patent Citations (2)
| Title |
|---|
| 冯柳平,刘祥南.基于IEEE802.11认证协议的DoS攻击.计算机应用25 3.2005,25(3),546-550. |
| 冯柳平,刘祥南.基于IEEE802.11认证协议的DoS攻击.计算机应用25 3.2005,25(3),546-550. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101075899A (en) | 2007-11-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8214643B2 (en) | Service verifying system, authentication requesting terminal, service utilizing terminal, and service providing method | |
| US8229358B2 (en) | Identification, authentication and coverage control method | |
| CN102480729B (en) | Method and the access point of fake user is prevented in wireless access network | |
| US20040255243A1 (en) | System for creating and editing mark up language forms and documents | |
| EP2234453A1 (en) | Wireless communication terminal and wireless communication method | |
| JPH11127468A (en) | Communication controller and radio communication system | |
| US20100037295A1 (en) | Method and system for exchanging security situation information between mobile terminals | |
| SE515164C2 (en) | Authentication system for mobile communication terminal | |
| CN1024241C (en) | Method of carrying out authentication check between base station and mobile station in mobile radio system | |
| CN103037534A (en) | Mobile terminal point-to-point data transmission method and corresponding control device | |
| CN103874065A (en) | Method and device for judging user position abnormity | |
| CN100518374C (en) | Access point and its method for determining preshared key | |
| JPWO2016111246A1 (en) | Wireless terminal | |
| CN105072704A (en) | Method and system for obtaining information between strange intelligent terminals | |
| CN104540135A (en) | Safety access method of wireless network, device and terminal | |
| EP0453538A1 (en) | Cordless telephone registration method | |
| CN110072229A (en) | A kind of base station 4G obtains the system and device of terminal recognition code | |
| CN101075899B (en) | Wireless device and method for discriminating administrative frame | |
| US20080075034A1 (en) | Wireless communication method, wireless bridge device and wireless communication system | |
| US5559814A (en) | Verification of integrity of data exchanged between two telecommunication network stations | |
| CN109151790B (en) | Bluetooth device connection method and system based on network security | |
| JPWO2002082852A1 (en) | Portable information terminal, wireless communication system, and link establishment method | |
| CN107454557B (en) | Router connection method and system | |
| KR20100076264A (en) | System and method for network registration in mobile telecommunication | |
| CN100544288C (en) | Client and connection method for detecting thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100526 Termination date: 20110519 |