CN101222513B - Method and network appliance for preventing repeated address detection attack - Google Patents
Method and network appliance for preventing repeated address detection attack Download PDFInfo
- Publication number
- CN101222513B CN101222513B CN200810056991XA CN200810056991A CN101222513B CN 101222513 B CN101222513 B CN 101222513B CN 200810056991X A CN200810056991X A CN 200810056991XA CN 200810056991 A CN200810056991 A CN 200810056991A CN 101222513 B CN101222513 B CN 101222513B
- Authority
- CN
- China
- Prior art keywords
- message
- dad
- list item
- receiving
- port
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for preventing the repetitive address detection attack, wherein a first port which firstly receives the DAD NS message of detecting a first IPv6 address is recorded; based on the recorded first port, the DAD NS message corresponding to the first IPv6 address and the DAD NA message, which are received from other ports, are discarded; because the DAD NA message and the DAD NS message which affect the enable of the first IPv6 address are discarded, the DAD attack initiated by an attacker is effectively prevented, and the user node can successfully distribute the IPv6 address; moreover, the invention also discloses network equipment for preventing the repetitive address detection attack.
Description
Technical field
The present invention relates to the IPv6 technology, refer to a kind of method and network equipment that prevents that duplicate address detection (DAD, DuplicatedAddress Detection) from attacking especially.
Background technology
The Internet engineering duty group (IETF, Internet Engineering Task Force) has proposed Next Generation Internet agreement---IPv6 in the nineties in 20th century, IPv6 has been acknowledged as the following upgraded version of IPv4 at present.Wherein, the IPv6 technology improvement of essence the most is exactly that original address size has been increased to 128 by 32, thereby has brought almost unlimited address space.Simultaneously; Use based on Internet Control Message Protocol sixth version (ICMPv6; Internet Control Messages Protocol version6) neighbours find (ND; Neighbor Discovery) agreement has substituted address resolution protocol (ARP, Address Resolution Protocol) and has realized functions such as duplicate address detection, address resolution, router discovery.
Duplicate address detection is the operation that node is carried out when configuration of IP v6 address.Referring to Fig. 1, the situation of doing the DAD detection for user node 1 shown in Figure 1.When user node 1 was wanted configuration of IP v6 address 2000::1, sending destination address was by the DAD NS message of requesting node multicast address, and whether the corresponding subnet of sharing same prefix space of this destination address is used for detecting the current configured address of wanting and is used.Wherein, the Target IP v6 address 2000::1 of request configuration is carried in the message.Simultaneously, user node 1 starts timer when sending DAD NS message.According to the regulation of agreement, disposed 2000::1 if receive the user node of this DAD NS message, then reply DAD NA message, destination address is all node multicast address, user node 2 as shown in Figure 1.If the user node that sends DAD NS message timer then before; Receive that the DAD NA message of other nodes transmissions perhaps is directed against the DAD NS message of same destination address; User node 3 shown in Fig. 1 has sent the DAD NS message to same destination address; Think that then conflict appears in the address, destination address is marked as reuses (Duplicated) and do not come into force.If timer then after, all do not receive corresponding DAD NA message or DAD NS message, then destination address is effective, disposes this destination address.
It is to attack node after receiving the DAD NS message that validated user sends that DAD attacks; Malice is returned DAD NA message or the DAD NS that receives is redispatched away; Make that make validated user node that DAD detects thinks the destination address of current request configuration by other users' configuration or request, and the situation of this IPv6 address of abandoning coming into force.As everyone knows; Node could proper communication only after configuration address, if user node always can not successful configuration address; Then this user node also will be all the time can't proper communication, will influence the normal operation of the regular traffic and the network of user node so greatly.If the attack node is all done all DAD NS messages of receiving reply, will cause each node configuration IPv6 address failure in the whole subnet, whole like this subnet is at a standstill, has influenced the normal operation of network greatly.
Summary of the invention
In view of this, the invention provides a kind of method and network equipment that prevents repeated address detection attack, use the method provided by the present invention and the network equipment and can effectively stop repeated address detection attack.
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of method that prevents repeated address detection attack, this method comprises:
The network equipment is judged the current list item that records said IPv6 address correspondence that whether exists when announcing the NA message to the duplicate address detection DAD neighbor request NS message of an IPv6 address or DAD neighbours receiving,
If when different and this list item of the port that in the current port of receiving message and said list item, writes down has marked interim state, abandon the current message of receiving; What receive is the port that writes down in port and the said list item of DAD NA message and this DAD NA message when identical, deletes the interim state that marks into said list item;
If not, when receiving DAD NS message, create the list item that records a said IPv6 address and the port numbers that receives current DAD NS message, and, transmit the DAD NS message of receiving for this list item marks interim state.
A kind of network equipment that prevents repeated address detection attack, this network equipment comprises:
Receiving element is used to receive duplicate address detection DAD neighbor request NS message and DAD neighbours and announces the NA message, and sends the message of receiving;
Control unit; After receiving message from receiving element; The current list item that records said IPv6 address correspondence that whether exists is judged in an IPv6 address corresponding according to message, if; When different and this list item of the port that in the current port of receiving message and said list item, writes down has marked interim state, abandon the current message of receiving; Receive be DAD NA message and this DAD NA message port with this list item under the identical situation of the port that writes down, delete the interim state that marks into said list item; If not, when receiving DAD NS message, create the list item that records a said IPv6 address and the port numbers that receives current DAD NS message, and, transmit the DAD NS message of receiving for this list item marks interim state;
Memory cell is used to preserve the list item that control unit writes down.
A kind of technical scheme that prevents repeated address detection attack provided by the present invention is through writing down first port that first receives the DAD NS message that detects an IPv6 address; Then according to first port that writes down; Abandon from the DAD NS message and the DAD NA message of correspondence the one IPv6 address that other ports are received; Because having abandoned influences DAD NA message and the DAD NS message that comes into force an IPv6 address; Therefore the DAD that has effectively stoped the assailant to initiate attacks, and makes user node configuration of IP v6 address smoothly.In addition, the realization of technical scheme of the present invention need not make amendment, upgrade user node, only the network equipment has been carried out corresponding improvement, realizes that cost is little, is a kind of simple and effective method.
Description of drawings
Fig. 1 is for carrying out the application scenarios that DAD detects in the prior art;
Fig. 2 is the method flow diagram of preferred embodiment of the present invention;
Fig. 3 is the application scenarios of preferred embodiment of the present invention;
Fig. 4 is the network equipment structure chart of preferred embodiment of the present invention.
Embodiment
The process that the analytical attack node mobilizes DAD to attack can be known when mobilizing DAD to attack, and attacks the DAD NS message that node must receive earlier that other user nodes send, and implements to attack to the destination address of carrying in the message.It is thus clear that the destination address that the attack node is attacked is inevitable before sending DAD NS message can not to be appeared in the subnet.Like this, can confirm that first user who sends DAD NS message must be validated user in a sub-net.
The user who is utilized in first transmission DAD NS message in the subnet is validated user; Technical scheme of the present invention is achieved in that by the network equipment of being responsible for message interaction between the user node in the subnet message of receiving is monitored, writes down first port that first receives the DAD NS message that detects an IPv6 address; According to first port of record, abandon then from the DAD NS message and the DAD NA message of correspondence the one IPv6 address that other ports are received.Because the network equipment has abandoned and has influenced DAD NA message and the DAD NS message that comes into force an IPv6 address; And then the address of first validated user node that sends DADNS message request of will behind timer expiry, will coming into force, the DAD that has effectively stoped the assailant to initiate attacks.Specifically can realize through following flow process:
The network equipment is being received when announcing the NA message to the duplicate address detection DAD neighbor request NS message of an IPv6 address or DAD neighbours; Judge the current list item that records a said IPv6 address that whether exists; If; When different and this list item of the port that in the current port of receiving message and said list item, writes down has marked interim state, abandon the current message of receiving; If not, when receiving the DADNS message, create the list item that records a said IPv6 address and the port numbers that receives current DAD NS message, and, transmit the DAD NS message of receiving for this list item marks interim state.
In addition, user node receives when correspondence comes into force the DAD NS message of address that after configured address comes into force then return DAD NA message, this this destination address of address user node of the detection of announcement is used again; And when receiving DAD NA message, do not process.It is thus clear that user node even receive DAD NS message or DAD NA message, can not exert an influence to the address of coming into force after configured address comes into force yet.Therefore, after coming into force in an IPv6 address of request configuration, the network equipment can normally be transmitted the DAD NA message of receiving, and DAD NS message.In addition, owing to user node does not process for the DAD NA message of receiving, so the network equipment also can abandon and receive DAD NA message after configuration address comes into force.
Here; Consider when user node comes into force in the address; Can send initiatively DAD NA message, therefore in technical scheme of the present invention, the network equipment can be when receiving DAD NA message from the user node corresponding port; Confirm that user node request configured address comes into force, delete interim state into the port mark.
The network equipment can further be recorded to the corresponding list item in a said IPv6 address with source medium access control (MAC) address of the current DAD of receiving NS message by the network equipment when port and an IPv6 address are recorded to list item.The network equipment then can E-Packet with this list item as neighbor entry behind the interim state of deletion for said list item mark.Like this, after coming into force in an IPv6 address of user node configuration, the network equipment can directly mail to the message of this user node according to the list item of setting up, removed the operation of in the process of E-Packeting, creating neighbor entry from, has accelerated the speed that message is transmitted.
Existing to enumerate preferred embodiment, technical scheme of the present invention is described in detail.
Referring to Fig. 2, Fig. 2 is the method flow diagram of preferred embodiment of the present invention.The pairing scene of present embodiment is as shown in Figure 3.In Fig. 3, user node 1,2 and 3 is positioned at same local area network (LAN), is connected on port A, B and the C of the network equipment.Here, suppose that user node 1 wants configuration address 2000::1, and user node 1 is the user node of first configuration address 2000::1; User node 2 is for attacking node, and carries out DAD in the process that user node 1 carries out DAD and attack; User node 3 is initiate node after user node 1 comes into force the address, and disposes identical address 2000::1.The idiographic flow of embodiment of the invention method is following:
In step 201, user node 1 configuration address 2000::1 is called an IPv6 address at this, and is DAD to an IPv6 address and detects.Be specially: send DAD NS message, wherein carry an IPv6 address of request configuration; Start timer simultaneously.
In step 202; The network equipment receives the DAD NS message that user node 1 sends from port A; When definite this DAD NS message detected the message of an IPv6 address for first, according to the DAD NS message of receiving, an IPv6 address and port A that source MAC, request are disposed were recorded in neighbor entry; And this list item is labeled as (Tentative) state temporarily, this DAD NS message is done 2 layers of forwarding.
Wherein, Confirm that the DAD NS message of receiving for the concrete grammar that first detects the message of an IPv6 address can be; Judge whether existed in the network equipment and the corresponding neighbor entry in an IPv6 address, do not explain then that this DAD NS message detects the message of an IPv6 address for first.Here, neighbor entry is labeled as interim state except being used for confirming whether come into force an IPv6 address of configuration of user node 1, can also be used to identifying corresponding neighbor entry and whether can do three layers of forwarding.
In step 203, attack node and receive the DAD NS message that the network equipment sends, send corresponding DAD NS message or DAD NA message, carry out DAD and attack.
In step 204; The network equipment is received from the port B that attacks the node place and is attacked DAD NS message or the DAD NA message that node sends; According to its corresponding IPv6 address search neighbor entry; Obtaining in neighbor entry with an IPv6 address corresponding port is that port A and this neighbor entry are labeled as interim state, and the network equipment abandons DAD NS message or the DAD NA message of receiving.
Here, attack DAD NS message or the DAD NA message that node is used to attack because the network equipment has abandoned, so this message just can not be forwarded to user node 1 again.And then user node 1 will be behind timer expiry, and configured address comes into force.
Wherein, The DAD NS message that the network equipment is received also might be the DAD NS message of another one validated user node detection the one IPv6 address, and this moment, the network equipment abandoned the problem that all can not come into force in IPv6 address that the DAD NS message received can avoid two user nodes to cause disposing with the Times conflict.Therefore, technical scheme of the present invention not only can effectively stop DAD to attack, and can also avoid two user nodes to be DAD simultaneously and detect, and causes all can not the come into force situation of IPv6 address of two user nodes.
In step 205, user node 1 timer expiry, the IPv6 address of configuration of coming into force, and initiatively send DAD NA message.
In step 206; The network equipment receives DAD NA message from port A; According to its corresponding IPv6 address search neighbor entry, obtain neighbor entry with an IPv6 address corresponding port is port A, the current just port that receives DAD NA message; Then this DAD NA message is done two layers of forwarding, and delete the interim state of its respective neighbours list item.
Behind the interim state mark of deletion neighbor entry, the network equipment then can be used for three layers of forwarding with this neighbor entry.
In step 207, after coming into force in user node 1 configuration the one IPv6 address, the node 3 that Adds User in the local area network (LAN) disposes an IPv6 address equally, is DAD and detects.Be specially: send DAD NS message, wherein carry an IPv6 address of request configuration; Start timer simultaneously.
In step 208; The network equipment is received the DAD NS message that user node 3 sends from port C; According to its corresponding IPv6 address search neighbor entry; Obtain neighbor entry and an IPv6 address corresponding port is port A, after definite this neighbor entry does not mark interim state, two layers of DAD NS message that forwarding is received.
Here, neighbor entry does not mark interim state show that an original IPv6 address enters into force on user node.Transmit DAD NS message and can the address that enter into force not be exerted an influence this moment, more can not cause DAD to attack, so can normally transmit the DAD NS message of receiving.Equally, after an IPv6 of user node 1 came into force, the network equipment also can be transmitted the DAD NA message of receiving from other user nodes, and its concrete process of handling is identical with the process of DAD NS message, is not described in detail in this.
In step 209, user node 1 is received the DADNS message that sends from user node 3 through the network equipment, replys DAD NA message.Because the network equipment is received DAD NA message from port A, so the network equipment is transmitted the DAD NA message of receiving.
In step 210, user node 3 is received the DAD NA message that the network equipment is transmitted, and an IPv6 address of learning self current configuration is by other user nodes configurations, and be Duplicated and do not come into force with an IPv6 address mark this moment.
In the introduction of present embodiment, what mainly describe is that user node only detects scene once to an IPv6 address.In some cases, the unfavorable factor that causes for fear of network environment, user node may be used for detecting the IPv6 address according to the transmission of configuration cycle property DAD NS message repeatedly.Here; It is to be noted the situation that technical scheme of the present invention also can this user node of good treatment be repeatedly sent DAD NS message; Because the technical scheme of the embodiment of the invention is after record port A; Will abandon DAD NS message and the DAD NA message received from other ports, and can not abandon DAD NS and the DAD NA message of receiving from port A.
In addition, when the network equipment detects the port inefficacy, can delete the neighbor entry corresponding with this port.Here the inefficacy of indication comprises: user node is changed network interface card or is changed port and causes port that the situation of Down incident takes place.User node also can be done the process of above-mentioned DAD again after changing network interface card or changing port.
In addition, referring to Fig. 4, the structure chart of a kind of network equipment that Fig. 4 provides for the embodiment of the invention comprises receiving element and performance element.
Receiving element is used for the duplicate address detection DAD neighbor request NS message and the DAD neighbours that receive are announced the NA message, sends the message of receiving;
Performance element; Be used for after receiving message from receiving element; The current list item that records a said IPv6 address that whether exists is judged in an IPv6 address corresponding according to message, if; When different and this list item of the port that in the current port of receiving message and said list item, writes down has marked interim state, abandon the current message of receiving; If not, when receiving DAD NS message, create the list item that records a said IPv6 address and the port numbers that receives current DAD NS message, and, transmit the DAD NS message of receiving for this list item marks interim state.
Concrete; Said control unit, after receiving message from receiving element, an IPv6 address corresponding according to message; Judge the current list item that records a said IPv6 address that whether exists; If when different and this list item of the port that in the current port of receiving message and said list item, writes down has marked interim state, abandon the current message of receiving; If not, when receiving DAD NS message, create the list item that records a said IPv6 address and the port numbers that receives current DAD NS message, and, transmit the DAD NS message of receiving for this list item marks interim state; Said memory cell is used to preserve the list item that control unit writes down.
Said control unit is further used for judging when current existence records the list item of a said IPv6 address, under the identical situation of the port that in the port that receives DAD NA message and this list item, writes down, deletes the interim state that marks into said list item.
Said control unit also can be used for the source medium access control MAC Address of the current DAD of receiving NS message is recorded to the corresponding list item in a said IPv6 address; And behind the interim state of deletion, E-Packet according to said list item for said list item mark.
Said control unit when the port that also can be further used in detecting list item, writing down lost efficacy, is deleted the list item corresponding with this port.
In the present invention, the employed network equipment can be switching equipment, for example three-layer switching equipment
In the technical scheme of the embodiment of the invention, through the network equipment message of receiving is monitored, write down first port that first receives the DAD NS message that detects an IPv6 address; Then according to first port that writes down; Abandon from the DAD NS message and the DAD NA message of correspondence the one IPv6 address that other ports are received; Because the network equipment has abandoned and influenced DADNA message and the DAD NS message that comes into force an IPv6 address, and then the DAD that has effectively stoped the assailant to initiate attacks.
Simultaneously, the realization of technical scheme of the present invention need not operated user node, only the network equipment has been carried out corresponding improvement, realizes that cost is little, is a kind of simple and effective method.
The above is merely preferred embodiment of the present invention, and is in order to restriction the present invention, not all within spirit of the present invention and principle, any modification of being made, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (6)
1. a method that prevents repeated address detection attack is characterized in that, this method comprises:
The network equipment is judged the current list item that records said IPv6 address correspondence that whether exists when announcing the NA message to the duplicate address detection DAD neighbor request NS message of an IPv6 address or DAD neighbours receiving,
If when different and this list item of the port that in the current port of receiving message and said list item, writes down has marked interim state, abandon the current message of receiving; Receive be DAD NA message and the port that receives this DAD NA message with said list item in the port that writes down when identical, delete the interim state that marks into said list item;
If not, when receiving DAD NS message, create the list item that records a said IPv6 address and the port numbers that receives current DAD NS message, and, transmit the DAD NS message of receiving for this list item marks interim state.
2. method according to claim 1 is characterized in that, this method further comprises:
The network equipment is when receiving DAD NS message and creating corresponding list item, and further the source medium access control MAC Address with the current DAD of receiving NS message is recorded to the corresponding list item in a said IPv6 address;
The network equipment E-Packets according to said list item behind the interim state of deletion for said list item mark.
3. method according to claim 1 is characterized in that, this method further comprises: when the network equipment detects the port inefficacy of writing down in the list item, delete the list item corresponding with this port.
4. a network equipment that prevents repeated address detection attack is characterized in that, this network equipment comprises:
Receiving element is used to receive duplicate address detection DAD neighbor request NS message and DAD neighbours and announces the NA message, and sends the message of receiving;
Control unit; After receiving message from receiving element; The current list item that records said IPv6 address correspondence that whether exists is judged in an IPv6 address corresponding according to message, if; When different and this list item of the port that in the current port of receiving message and said list item, writes down has marked interim state, abandon the current message of receiving; What receive is under the identical situation of the port that writes down in this DAD NA message port and this list item of DAD NA message and receiving, and deletes the interim state that marks into said list item; If not, when receiving DAD NS message, create the list item that records a said IPv6 address and the port numbers that receives current DADNS message, and, transmit the DAD NS message of receiving for this list item marks interim state;
Memory cell is used to preserve the list item that control unit writes down.
5. the network equipment according to claim 4 is characterized in that,
Said control unit is further used for the source medium access control MAC Address of the current DAD of receiving NS message is recorded to the corresponding list item in a said IPv6 address when receiving DAD NS message and creating corresponding list item; And behind the interim state of deletion, E-Packet according to said list item for said list item mark.
6. the network equipment according to claim 4 is characterized in that,
Said control unit when the port that is further used in detecting list item, writing down lost efficacy, is deleted the list item corresponding with this port.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810056991XA CN101222513B (en) | 2008-01-28 | 2008-01-28 | Method and network appliance for preventing repeated address detection attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810056991XA CN101222513B (en) | 2008-01-28 | 2008-01-28 | Method and network appliance for preventing repeated address detection attack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101222513A CN101222513A (en) | 2008-07-16 |
| CN101222513B true CN101222513B (en) | 2012-06-20 |
Family
ID=39632081
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200810056991XA Expired - Fee Related CN101222513B (en) | 2008-01-28 | 2008-01-28 | Method and network appliance for preventing repeated address detection attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101222513B (en) |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101764734B (en) * | 2008-12-25 | 2012-12-19 | 中兴通讯股份有限公司 | Method for improving neighbor discovery safety in IPv6 (Internet Protocol Version 6) environment and broadband access equipment |
| CN101552677B (en) * | 2009-05-12 | 2011-06-01 | 杭州华三通信技术有限公司 | Processing method and exchange equipment for address detected message |
| CN101552783B (en) * | 2009-05-20 | 2012-07-04 | 杭州华三通信技术有限公司 | Method and apparatus for preventing counterfeit message attack |
| CN101577723B (en) * | 2009-06-03 | 2012-09-26 | 杭州华三通信技术有限公司 | Method for preventing neighbor discovery protocol message attack and device |
| CN101621525B (en) * | 2009-08-05 | 2012-09-05 | 杭州华三通信技术有限公司 | Method and equipment for treating legal entries |
| CN102082801B (en) * | 2011-02-16 | 2014-10-22 | 中兴通讯股份有限公司 | Method and system for preventing IPv6 (Internet Protocol Version 6) from duplicate address detection attack |
| CN103347102B (en) * | 2013-06-28 | 2016-08-10 | 华为技术有限公司 | The recognition methods of conflict address detected message and device |
| CN104394243B (en) * | 2014-12-15 | 2018-10-19 | 北京搜狐新媒体信息技术有限公司 | A kind of repeat address detecting method and device |
| US10630700B2 (en) | 2016-10-28 | 2020-04-21 | Hewlett Packard Enterprise Development Lp | Probe counter state for neighbor discovery |
| CN106506410B (en) * | 2016-10-31 | 2020-05-12 | 新华三技术有限公司 | Method and device for establishing safety table item |
| CN107547510B (en) * | 2017-07-04 | 2020-03-06 | 新华三技术有限公司 | Neighbor discovery protocol security table item processing method and device |
| CN109120741B (en) * | 2018-08-27 | 2020-10-02 | 南京中兴新软件有限责任公司 | Duplicate address detection method and device and computer readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1771709A (en) * | 2003-05-30 | 2006-05-10 | 国际商业机器公司 | Network attack signature generation |
| CN1929483A (en) * | 2006-09-19 | 2007-03-14 | 清华大学 | Admittance control method for IPv6 switch-in network true source address access |
| WO2007121361A2 (en) * | 2006-04-17 | 2007-10-25 | Winnow Technologies, Inc. | Malicious attack detection system and an associated method of use |
-
2008
- 2008-01-28 CN CN200810056991XA patent/CN101222513B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1771709A (en) * | 2003-05-30 | 2006-05-10 | 国际商业机器公司 | Network attack signature generation |
| WO2007121361A2 (en) * | 2006-04-17 | 2007-10-25 | Winnow Technologies, Inc. | Malicious attack detection system and an associated method of use |
| CN1929483A (en) * | 2006-09-19 | 2007-03-14 | 清华大学 | Admittance control method for IPv6 switch-in network true source address access |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101222513A (en) | 2008-07-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101222513B (en) | Method and network appliance for preventing repeated address detection attack | |
| CN101764734B (en) | Method for improving neighbor discovery safety in IPv6 (Internet Protocol Version 6) environment and broadband access equipment | |
| KR100908320B1 (en) | Method for protecting and searching host in internet protocol version 6 network | |
| KR100477653B1 (en) | Apparatus and method for searching DNS server on outer net | |
| US10911400B2 (en) | Network device movement validation | |
| US20100124220A1 (en) | Method And Systems For Incrementally Resolving A Host Name To A Network Address | |
| Thaler | Multi-link subnet issues | |
| CN101753637A (en) | Method and network address translation device preventing network attacks | |
| US8194683B2 (en) | Teredo connectivity between clients behind symmetric NATs | |
| CN101179515B (en) | Method and device for inhibiting black hole routing | |
| WO2013186969A1 (en) | Communication information detecting device and communication information detecting method | |
| CN102347903A (en) | Data message forwarding method as well as device and system | |
| US20150032898A1 (en) | Method for establishing a virtual community network connection and a system for implementing said method | |
| WO2014156143A1 (en) | Home gateway device and packet forwarding method | |
| US7693091B2 (en) | Teredo connectivity between clients behind symmetric NATs | |
| CN112929284A (en) | ND message identification method and system under IPv6VXLAN scene | |
| US9912557B2 (en) | Node information detection apparatus, node information detection method, and program | |
| Roy et al. | IPv6 Neighbor Discovery On-Link Assumption Considered Harmful | |
| JP6417720B2 (en) | Communication apparatus, network system, address resolution control method and program | |
| CN114257473B (en) | Method, device, equipment and medium for realizing multiple transparent bridges in resource pool | |
| CN113992583B (en) | Table item maintenance method and device | |
| Huang et al. | Networking without dynamic host configuration protocol server in Ethernet and wireless local area network | |
| WO2019123630A1 (en) | Communication device and communication method | |
| Costa et al. | Duplicate Address Detection Proxy | |
| JP2014171017A (en) | Communication information detecting device, method, and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |
|
| CP03 | Change of name, title or address | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120620 Termination date: 20200128 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |