CN101257379A - Collocating method for preventing attack of network, method and apparatus for preventing attack - Google Patents
Collocating method for preventing attack of network, method and apparatus for preventing attack Download PDFInfo
- Publication number
- CN101257379A CN101257379A CNA2008100664401A CN200810066440A CN101257379A CN 101257379 A CN101257379 A CN 101257379A CN A2008100664401 A CNA2008100664401 A CN A2008100664401A CN 200810066440 A CN200810066440 A CN 200810066440A CN 101257379 A CN101257379 A CN 101257379A
- Authority
- CN
- China
- Prior art keywords
- message
- user
- particular type
- vlan
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention relates to a communication field, especially a network configuring method preventing from attack, a method and a system thereof. In the network configuring method preventing from attack, the network comprises a route device and a user device. The user device configures the network by the network communication of the route device and the access operator. The method comprises: configuring user VLAN ID for the user; configuring the QinQ mode access to the user at the user access interface of the route device; sending the user device message after packed to the QinQ message; configuring the inhibition speed and the default behavior of the specific typed message on the basis of the user VLAN ID of the inner layer of QinQ message. The method and the device can prevent the specific typed message in the communication network from attacking.
Description
Technical field
The present invention relates to the communications field, relate in particular to a kind of collocation method that prevents the network attacked, prevent the method and apparatus attacked.
Background technology
ARP (Address Resolution Protocol, address resolution protocol) attack is a kind of common attack form at the network equipment, concrete attack pattern has: (1) sends a large amount of ARP request/response messages to gateway device, this attack pattern can take the device port bandwidth, gateway device is busy with handling the ARP message, take the cpu resource of equipment, cause that network capabilities descends faults such as interruption; (2) send the scanning message that destination address continuous changes to gateway device, wrap as PING; This attack pattern can cause that gateway device produces a large amount of ARP miss message (the non-existent message of expression ARP list item), takies the equipment cpu resource, causes faults such as network capabilities decline, interruption.
In the prior art, (Access Control List ACL) can filter the message that enters the network equipment according to source, destination address to use Access Control List (ACL) on the network equipment.When ARP attacks generation, identify attack source by manual intervention, the feature configuration acl rule according to attack message filters out attack message again.This scheme needs manual intervention, is difficult to be implemented in attack when taking place protect automatically; And can avoid the filtration of acl rule behind the source of assailant's conversion message, destination address.
Another kind of prior art is the speed by source, destination address restriction ARP message.The network manager is according to the rate-limit of a rational ARP message of actual conditions configuration of network, when the ARP of certain source address or destination address message rate has surpassed the rate-limit that is provided with, think the ARP attack has taken place, at this moment the message that surpasses the limiting speed upper limit segment will be dropped, and other ARP message is unaffected.Because the access time that this scheme must keep all ARP messages, therefore the resource that consumes is bigger, and may lose efficacy in the frequent variations of assailant's address.
Summary of the invention
Embodiments of the present invention provide the collocation method that prevents the network attacked, prevent the method and apparatus attacked, solve the problem that prevents the particular type message aggression in the present communication network.
For solving the problems of the technologies described above, an embodiment of the invention provide a kind of collocation method that prevents the network attacked, this network comprises routing device and subscriber equipment, described subscriber equipment is by described routing device and access carrier network service, and the method that disposes this network comprises: be described user device configuration user vlan ID; User's access interface at described routing device is that described user device configuration QinQ mode inserts; After being encapsulated as the QinQ message, this subscriber equipment message sends; Dispose the inhibition speed and the default behavior of the message of particular type according to the user vlan ID of QinQ message internal layer.
For solving the problems of the technologies described above, another embodiment of the invention provides a kind of method of attacking of preventing, this method is used for disposing the network that QinQ inserts, user vlan ID according to the QinQ internal layer discerns the user, this method comprises: whether the message of judging the particular type of receiving has been configured message rate-limiting, if judge then whether the speed of the message of this particular type reaches rate-limit, if then abandon this message; If the message of the particular type of receiving does not have the configuration message speed limit, then carry out default action.
For solving the problems of the technologies described above, another embodiment of the invention provides a kind of device of attacking of preventing, comprise dispensing unit, speed limit judging unit, speed limit upper limit judging unit, performance element, wherein, described dispensing unit, be used for inserting, dispose the rate-limit and the default action of particular type message according to the user vlan ID of QinQ message internal layer in user's access interface configuration QinQ of routing device mode; Described speed limit judging unit, be used to judge whether the particular type message of receiving has been configured message rate-limiting, if be configured the described rate-limit of message, whether the speed of then transferring to the message of described this particular type of speed limit upper limit judgment unit judges reaches described rate-limit, and described performance element is carried out action according to the judged result of described speed limit upper limit judging unit; Do not have the described rate-limit of configuration message if described speed limit judging unit is determined the particular type message of receiving, then change performance element and carry out described default action.
Compared with prior art, adopt embodiments of the present invention, can automatic protection particular type message aggression after the networking configuration is finished, do not need manual intervention; Even attack, also the scope of attacking influence can be narrowed down to the specific user, can not have influence under the same interface other and have the user of different VLAN ID or the proper network of customer group connects; Assailant's conversion source, purpose IP address also are difficult to evade the protection of security strategy, can not bring extra performance cost simultaneously; Dispose prevention policies according to the user who connects, the consumption of system resource is limited, reduces the pressure to hardware performance; Can block the network segment scanning attack when preventing the particular type message aggression.
Description of drawings
Fig. 1 is the networking diagram of one embodiment of the present invention;
Fig. 2 prevents the collocation method flow chart attacked for one embodiment of the present invention;
Fig. 3 prevents the method flow diagram attacked for another execution mode of the present invention;
Fig. 4 prevents the device flow chart attacked for another execution mode of the present invention;
Embodiment
Below in conjunction with embodiment implementation procedure of the present invention is described.
In IEEE 802.1Q standard, the Ethernet frame format is revised, the 802.1Q Tag that between source MAC (Source Address) field and agreement length/type field (Length/Typee), has added 4 bytes, wherein used different VID (the Virtual Local AreaNetwork Identifier of 12bit sign, virtual local area network identifiers), shown in dash area message field (MFLD) in the table 1.
Table 1 is based on the VLAN frame format of 802.1Q
Along with the continuous expansion of network size, the VLAN ID of 4K can not satisfy present networking and use, and inserts in order to realize more user, and each producer all releases the solution of oneself, and QinQ is wherein a kind of.QinQ adds a 802.1Q label again outside original 802.1Q label, with user of two-layer VLANID sign, be 802.1Q in 802.1Q, the tag head that increases one deck 802.1Q on the basis of 802.1Q label packet again reaches the function in expansion VLAN space.
QinQ the earliest is in order to realize the application of a kind of similar VPN (Virtual Private Network, Virtual Private Network), and promptly the message internal layer is user vlan ID, and skin is the VLAN ID of operator.Message uses outside VLAN ID passing through provider network, realizes user's intercommunication with inner VLAN ID.The QinQ technology has more become the sign to the user now.These characteristics that just are to use QinQ in the technical scheme of embodiment of the present invention are as the identify label that inserts the user, and the restriction of carrying out the ARP message according to different user vlan ID is to reach the purpose of protection.
The networking diagram of one embodiment of the present invention as shown in Figure 1.This network comprises access carrier network, edge router, Layer 2 switch and user A, user B, user C.User A, user B, user C are by switch and edge router and access carrier network service.The IP address of supposing user A is 192.168.0.10, and affiliated VLAN numbering (being the VLAN ID of user A) is 100; The IP address of user B is 192.168.0.11, and affiliated VLAN numbering (being the VLAN ID of user B) is 101; The IP address of user C is 192.168.0.12, and affiliated VLAN numbering (being the VLAN ID of user C) is 102; With the port of communicating by letter with user A, B, C in the Layer 2 switch that user A, B, C and edge router are communicated by letter is Trunk100~110, and the IP address of edge router is 192.168.0.1, and the outside VLAN ID that QinQ inserts is 10.Wherein any one among user A, B, the C can be the sole user, also can be the outlet of a user network, and a plurality of subscriber equipmenies are arranged below, as long as these subscriber equipmenies below the user network outlet are all in a security strategy territory.The IP address that marks among Fig. 1 and VLAN numbering be for networking mode is described for example, as to present embodiment or restriction of the present invention.Layer 2 switch herein also can be three-tier switch, routing device or other network equipment that can realize the QinQ access function.
The flow process of configuration edge router comprises step as shown in Figure 2:
20, be user's configure user VLAN ID
With networking diagram shown in Figure 1 is example, is to be all user A, B, C configure user VLAN ID, and this step and common access are disposed basic identical.Suppose that the IP address of user A is 192.168.0.10 herein, the VLAN numbering (being the VLAN ID of user A) of configure user A is 100; The IP address of user B is 192.168.0.11, and the VLAN of configure user B is numbered 101 (being the VLANID of user B); The IP address of user C is 192.168.0.12, and the VLAN of configure user C is numbered 102 (being the VLAN ID of user C).Can finish by network manager's manual configuration for the work of all user A, B, C configure user VLAN ID, perhaps finish by system's setting.The IP address of user A, B, C can be finished by network manager's manual configuration, is perhaps finished by system's setting.
22, insert in user's access interface configuration QinQ mode
With network shown in Figure 1 is example, is that user's access interface with edge router is configured to QinQ and inserts.
24, dispose the inhibition speed of ARP message according to user vlan ID, and dispose default behavior pattern
According to user vlan ID, dispose each ARP message that inserts the user at user's access interface and suppress speed, just dispose the rate-limit that each inserts user's ARP message.With networking diagram shown in Figure 1 is example, and the user who needs configuration ARP message to suppress speed comprises user A, B, C, in the actual networking, may comprise more users or user terminal.Deploy content for example as:
-remote-host vlan 100 to 102 arp-speed-limit 15, promptly disposing VLAN100 is 15/second to the rate-limit of the access user ARP message of VLAN102;
ARP message for the limited subscriber that does not dispose can dispose default behavior pattern, and user A, B, C are arranged in the networking diagram as shown in Figure 1, if only user A has been disposed limiting command, the restriction of user B, C is just carried out according to default behavior.Default behavior is that default action can comprise and abandons or do not add restriction, such as:
Other users' of-remote-host default pass ARP message allows to pass through, and does not limit.
Other users' of-remote-host default drop ARP message all abandons, and does not allow to pass through.
In an embodiment of the invention, Layer 2 switch is with the user in different security strategies territory or the different VLAN ID of message configuration of customer group, be inner VLAN ID, also may be different user or the different VLAN ID of customer group configuration certainly with identical security strategy; Edge router is gone up outside VLAN ID with the message encapsulation that same interface enters.Like this, the message that on edge router, just can send from different users or customer group according to different inner VLAN ID identification.Edge router suppresses by inner VLAN ID configuration ARP message rate, and the configuration default action.In fact, when the user under this edge router or customer group all have VLAN ID, can not need Layer 2 switch to dispose VLANID, Layer 2 switch be used to realize that QinQ inserts.This edge router also can replace with ordinary router.This method also can be used to prevent the message aggression of other particular types.Described interface can be physical interface or logic interfacing.
Fig. 3 prevents the method flow diagram attacked for another execution mode of the present invention, and as shown in Figure 3, when user's message entered edge router, the treatment step of edge router comprised:
30, judge whether ARP message of the message receive, as not being the ARP message, then change step 36, otherwise change step 32.
32, judge whether to dispose the ARP message rate-limiting
Edge router discerns whether disposed the ARP message rate-limiting at this user according to inner VLAN ID, as does not dispose speed limit and then change step 38; For the user who has disposed the ARP message rate-limiting, change step 34.
34, judge whether the speed of ARP message reaches the upper limit of speed limit configuration
For the user who has disposed the ARP message rate-limiting, engine writes down the timestamp that last ARP message reaches, and compares the difference of current time and last registration time, is scaled the speed of the ARP message that receives.Relatively the permission of this speed and configuration receives the ARP message rate upper limit, and then change step 36 as the rate-limit of no show ARP message and stab according to normal ARP message flow processing and refresh time, otherwise dropping packets and to keep the timestamp of last registration constant.
36, handle this message according to normal flow
38, judge default action, so that carry out this default action.If default action, thinks then that all user ARP messages that do not dispose speed limit are unsafe ARP message for abandoning, change step 380; If default action thinks then that for passing through all user ARP messages that do not dispose speed limit are the safety ARP message, change step 36.
380, all abandon this user's who receives ARP message.
Certainly, when abandoning certain user's who receives ARP message, can also count the ARP message that abandons, to be further analyzed processing.Judge whether to be attacked as the speed that increases according to counting, send alarm, log etc. to webmaster.Further can write down the inner VLAN ID of the ARP message that abandons, in order to follow the tracks of the attack source.
Like this, when certain user under the edge router initiates the ARP message aggression, a large amount of ARP messages that the assailant sends can be dropped because of exceeding the required ARP speed of normal communication, so these attack messages can not have influence on the stable of edge router and carrier network.Because edge router is a transmission ARP message rate of calculating each user according to different inner VLAN ID respectively when calculating the ARP message rate, and also only abandon the ARP message that has specific inner VLAN ID when abandoning the ARP message, when therefore any user sends attack message, can not have influence on that other have the user of different user vlan ID or the normal connection of customer group under the same access interface, more can not influence the user under other access interfaces.
Because the identification different user is inner VLAN ID according to message on edge router, it doesn't matter with the IP address of message, and assailant how conversion IP address is difficult to evade the prevention policies of router.
Owing to user or customer group number under the access interface are limited, and there is the user of identical safe class or security strategy can use identical inner VLAN ID, so on access interface, need the user profile that writes down limited, generally, mostly be the 4k bar most.Like this in the resource that takies on the edge router within the scope that can control, can too high requirement not proposed to hardware.
In the method for embodiments of the present invention, be example with networking diagram shown in Figure 1, the edge router keeper can control the IP address number that the user can visit by the ARP list item that configuration allows each user to generate.
Usually can carry out the scanning of network segment address before the assailant initiates network attack, the PING message that promptly sends a large amount of destination address continuous variations judges which the address that can visit has, and determines next step attack pattern again.Meeting sends the ARP request message earlier before sending the PING bag, because use the user of different user vlan ID can not accomplish double layer intercommunication on Layer 2 switch, if the switch among Fig. 1 is a Layer 2 switch, needs by the intercommunication of edge router ability; Just can limit ARP list item that each user can generate like this on edge router controls the IP address that each user can visit simultaneously and blocks network segment scanning attack.Such as the higher limit that can allow to generate list item according to user's VLAN ID configuration, reaching just mustn't regeneration after the upper limit.But, if the Layer 2 switch among Fig. 1 is replaced with three-tier switch or router, even then these users use different user vlan ID, still can realize these users' intercommunication, at this moment, can limit ARP list item that each user can generate on this three-tier switch or router controls the IP address that each user can visit simultaneously and blocks network segment scanning attack.Such as the higher limit that can allow to generate list item according to user's user vlan ID configuration, reaching just mustn't regeneration after the upper limit.
Embodiments of the present invention also provide a kind of device of attacking of preventing, as shown in Figure 4, this device comprises dispensing unit, speed limit judging unit, speed limit upper limit judging unit, performance element, wherein,
Described dispensing unit is used for inserting in user's access interface configuration QinQ of edge router mode, disposes the inhibition speed and the default behavior of ARP message according to the user vlan ID of QinQ message internal layer;
Described speed limit judging unit, be used to judge whether the ARP message of receiving has been configured the ARP message rate-limiting, if be configured the ARP message rate-limiting, whether the speed of then transferring to described this ARP message of speed limit upper limit judgment unit judges reaches rate-limit, and described performance element is carried out action according to the judged result of described speed limit upper limit judging unit; If described speed limit judging unit is determined the ARP message of receiving and do not disposed the ARP message rate-limiting, then change performance element and carry out default action.
Preferably, can also comprise the message judging unit, be used to judge whether ARP message of the message received, if then transfer to this ARP message of described speed limit judgment unit judges and whether disposed the ARP message rate-limiting; Otherwise, transfer to described performance element and carry out the normal process flow process.
Preferably, the step that described performance element is carried out action according to the judged result of described speed limit upper limit judging unit comprises: if the speed of described this ARP message of speed limit upper limit judgment unit judges has reached rate-limit, then abandon this message, otherwise carry out according to normal flow.
Preferably,, can also comprise VLAN ID dispensing unit, be used to described user device configuration user vlan ID if subscriber equipment does not have VLAN ID.
In fact, this edge router also can replace with ordinary router.This method also can be used to prevent the message aggression of other particular types.Described interface can be physical interface or logic interfacing.
Another embodiment of the present invention relates to a kind of computer-readable medium, preserves in this computer-readable medium and carries out the command sequence prevent the method for attacking, and this method comprises:
Judge whether the message of receiving is the ARP message, as not being the ARP message, then handles this message according to normal flow, otherwise judges further whether this ARP message has been configured the ARP message rate-limiting;
Edge router discerns whether disposed the ARP message rate-limiting at this user according to inner VLAN ID, as does not dispose speed limit and then judge default action, so that carry out this default action.If default action, thinks then that all user ARP messages that do not dispose speed limit are unsafe ARP message for abandoning, all abandon this user's who receives ARP message; If default action thinks then that for passing through all user ARP messages that do not dispose speed limit are the safety ARP message, then handle this message according to normal flow.
For the user who has disposed the ARP message rate-limiting, judge further then whether the transmission rate of ARP message reaches the upper limit of speed limit configuration; For the user who has disposed the ARP message rate-limiting, engine writes down the timestamp that last ARP message reaches, and compares the difference of current time and last registration time, is scaled the speed of the ARP message that receives.Relatively the permission of this speed and configuration receives the ARP message rate upper limit, then stab as the no show rate-limit according to normal message flow processing and refresh time, otherwise dropping packets and to keep the timestamp of last registration constant.
In fact, this edge router also can replace with ordinary router.This method also can be used to prevent the message aggression of other particular types.Described interface can be physical interface or logic interfacing.
Adopt embodiments of the present invention, can automatic protection ARP message aggression after the networking configuration is finished, do not need manual intervention; Even attack, also the scope of attacking influence can be narrowed down to the specific user, can not have influence under the same interface other and have the user of different user vlan ID or the proper network of customer group connects; Assailant's conversion source, purpose IP address also are difficult to evade the protection of security strategy, can not bring extra performance cost simultaneously; Dispose prevention policies according to the user who connects, the consumption of system resource is limited, reduces the pressure to hardware performance; Can block the network segment scanning attack when preventing the ARP message aggression.
The above; only be the preferable embodiment of the present invention; but protection scope of the present invention is not limited thereto; the technical scope that any those skilled in the art of being familiar with disclose in the present invention and not breaking away from the technological thought scope of the present invention; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (21)
1. the collocation method of a network that prevents to attack is characterized in that, this network comprises routing device and subscriber equipment, and described subscriber equipment is by described routing device and access carrier network service, and the method that disposes this network comprises:
Be described user device configuration user vlan ID;
User's access interface at described routing device is that described user device configuration QinQ mode inserts; After being encapsulated as the QinQ message, this subscriber equipment message sends;
Dispose the inhibition speed and the default behavior of the message of particular type according to the user vlan ID of QinQ message internal layer.
2. the method for claim 1 is characterized in that, described configuration mode is to be finished or system's setting is finished by keeper's manual configuration of described routing device.
3. the method for claim 1 is characterized in that, the message of described particular type is the ARP message.
4. the method for claim 1 is characterized in that, described default behavior pattern comprises: the message that allows this particular type by or abandon the message of this particular type.
5. the method for claim 1 is characterized in that, the described subscriber equipment that security strategy is different is positioned at different VLAN, has different VLAN ID.
6. the method for claim 1 is characterized in that, described subscriber equipment is at least one network equipment with identical VLAN ID.
7. the method for claim 1 is characterized in that, described routing device is ordinary router or edge router.
8. the method for claim 1 is characterized in that, described network also comprises the switching equipment of realizing that QinQ inserts, and described subscriber equipment is communicated by letter with described routing device by this switching equipment.
9. method as claimed in claim 8 is characterized in that, described switching equipment is Layer 2 switch, three-tier switch or routing device.
10. a method that prevents to attack is characterized in that, this method is used for disposing the network that QinQ inserts, and discerns the user according to the user vlan ID of QinQ internal layer, and this method comprises:
Whether the message of judging the particular type of receiving has been configured message rate-limiting, if judge then whether the speed of the message of this particular type reaches rate-limit, if then abandon this message; If the message of the particular type of receiving does not have the configuration message speed limit, then carry out default action.
11. method as claimed in claim 10 is characterized in that, described default action comprises: the message that allows described this particular type by or abandon the message of described this particular type.
12. method as claimed in claim 11 is characterized in that, when the default action of carrying out is that described method also comprises when abandoning the message of described this particular type:
Message to this particular type of abandoning is counted.
13. method as claimed in claim 11 is characterized in that, the default action of execution is that described method also comprises when abandoning the message of this particular type of this subscriber equipment:
The VLAN ID of the message of this particular type that record abandons.
14. method as claimed in claim 10 is characterized in that, whether the message of this particular type that described judgement is received has been configured before the message rate-limiting, also comprises:
Judge whether the message of receiving is the message of this particular type, if judge further then whether the message of this particular type of receiving has been configured message rate-limiting; Otherwise handle this message according to normal flow.
15. method as claimed in claim 10 is characterized in that, the message of described particular type is the ARP message.
16. a device that prevents to attack is characterized in that, comprises dispensing unit, speed limit judging unit, speed limit upper limit judging unit, performance element, wherein,
Described dispensing unit is used for inserting in user's access interface configuration QinQ of routing device mode, disposes the rate-limit and the default action of particular type message according to the user vlan ID of QinQ message internal layer;
Described speed limit judging unit, be used to judge whether the particular type message of receiving has been configured message rate-limiting, if be configured the described rate-limit of message, whether the speed of then transferring to the message of described this particular type of speed limit upper limit judgment unit judges reaches described rate-limit, and described performance element is carried out action according to the judged result of described speed limit upper limit judging unit;
Do not have the described rate-limit of configuration message if described speed limit judging unit is determined the particular type message of receiving, then change performance element and carry out described default action.
17. device as claimed in claim 16 is characterized in that, also comprises the message judging unit, is used to judge whether the message of receiving is the particular type message, if then transfer to this particular type message of described speed limit judgment unit judges and whether disposed message rate-limiting; Otherwise, transfer to described performance element and carry out the normal process flow process.
18. device as claimed in claim 16 is characterized in that, described judged result according to described speed limit upper limit judging unit is carried out action, comprising:
If the speed of described this particular type message of speed limit upper limit judgment unit judges has reached rate-limit, then abandon this message, otherwise carry out according to normal flow.
19. device as claimed in claim 16 is characterized in that, the message of described particular type is the ARP message.
20. device as claimed in claim 16 is characterized in that, described routing device is ordinary router or edge router.
21. device as claimed in claim 16 is characterized in that, also comprises VLAN ID dispensing unit, is used to described user's user device configuration user vlan ID.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008100664401A CN101257379B (en) | 2008-03-31 | 2008-03-31 | Collocating method for preventing attack of network, method and apparatus for preventing attack |
| PCT/CN2009/070564 WO2009121253A1 (en) | 2008-03-31 | 2009-02-27 | Network configuring method for preventing attack, method and device for preventing attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008100664401A CN101257379B (en) | 2008-03-31 | 2008-03-31 | Collocating method for preventing attack of network, method and apparatus for preventing attack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101257379A true CN101257379A (en) | 2008-09-03 |
| CN101257379B CN101257379B (en) | 2010-12-08 |
Family
ID=39891874
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008100664401A Expired - Fee Related CN101257379B (en) | 2008-03-31 | 2008-03-31 | Collocating method for preventing attack of network, method and apparatus for preventing attack |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101257379B (en) |
| WO (1) | WO2009121253A1 (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009121253A1 (en) * | 2008-03-31 | 2009-10-08 | 华为技术有限公司 | Network configuring method for preventing attack, method and device for preventing attack |
| CN104702560A (en) * | 2013-12-04 | 2015-06-10 | 华为技术有限公司 | Method and device for preventing message attack |
| CN106102122A (en) * | 2016-05-16 | 2016-11-09 | 杭州华三通信技术有限公司 | MAC Address list item update method and device |
| CN108076068A (en) * | 2017-12-27 | 2018-05-25 | 新华三技术有限公司 | A kind of anti-attack method and device |
| CN111935198A (en) * | 2020-10-15 | 2020-11-13 | 南斗六星系统集成有限公司 | Visual V2X network security defense method and equipment |
| CN112383549A (en) * | 2020-11-13 | 2021-02-19 | 国网冀北电力有限公司张家口供电公司 | Dynamic defense method based on dichotomy |
| CN112671783A (en) * | 2020-12-28 | 2021-04-16 | 上海自恒信息科技有限公司 | Host IP scanning prevention method based on VLAN user group |
| CN113810398A (en) * | 2021-09-09 | 2021-12-17 | 新华三信息安全技术有限公司 | Attack protection method, device, equipment and storage medium |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102523224B (en) * | 2011-12-21 | 2015-06-17 | 余姚市供电局 | ARP (address resolution protocol) flow control method and ARP flow control system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1175621C (en) * | 2002-03-29 | 2004-11-10 | 华为技术有限公司 | Method of detecting and monitoring malicious user host machine attack |
| CN100496017C (en) * | 2004-10-28 | 2009-06-03 | 华为技术有限公司 | Method for assuring two-layer Ethernet exchanger data safety in city area transmission equipment |
| CN1941775A (en) * | 2006-07-19 | 2007-04-04 | 华为技术有限公司 | Method and apparatus against Internet message attack |
| CN101257379B (en) * | 2008-03-31 | 2010-12-08 | 华为技术有限公司 | Collocating method for preventing attack of network, method and apparatus for preventing attack |
-
2008
- 2008-03-31 CN CN2008100664401A patent/CN101257379B/en not_active Expired - Fee Related
-
2009
- 2009-02-27 WO PCT/CN2009/070564 patent/WO2009121253A1/en active Application Filing
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009121253A1 (en) * | 2008-03-31 | 2009-10-08 | 华为技术有限公司 | Network configuring method for preventing attack, method and device for preventing attack |
| CN104702560A (en) * | 2013-12-04 | 2015-06-10 | 华为技术有限公司 | Method and device for preventing message attack |
| CN106102122A (en) * | 2016-05-16 | 2016-11-09 | 杭州华三通信技术有限公司 | MAC Address list item update method and device |
| CN108076068A (en) * | 2017-12-27 | 2018-05-25 | 新华三技术有限公司 | A kind of anti-attack method and device |
| CN108076068B (en) * | 2017-12-27 | 2021-05-07 | 新华三技术有限公司 | Anti-attack method and device |
| CN111935198A (en) * | 2020-10-15 | 2020-11-13 | 南斗六星系统集成有限公司 | Visual V2X network security defense method and equipment |
| CN111935198B (en) * | 2020-10-15 | 2021-01-15 | 南斗六星系统集成有限公司 | Visual V2X network security defense method and equipment |
| CN112383549A (en) * | 2020-11-13 | 2021-02-19 | 国网冀北电力有限公司张家口供电公司 | Dynamic defense method based on dichotomy |
| CN112671783A (en) * | 2020-12-28 | 2021-04-16 | 上海自恒信息科技有限公司 | Host IP scanning prevention method based on VLAN user group |
| CN113810398A (en) * | 2021-09-09 | 2021-12-17 | 新华三信息安全技术有限公司 | Attack protection method, device, equipment and storage medium |
| CN113810398B (en) * | 2021-09-09 | 2023-09-26 | 新华三信息安全技术有限公司 | Attack protection method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2009121253A1 (en) | 2009-10-08 |
| CN101257379B (en) | 2010-12-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101257379B (en) | Collocating method for preventing attack of network, method and apparatus for preventing attack | |
| CN101155109B (en) | Ethernet switching system and equipment | |
| EP2568670B1 (en) | Method for message forwarding and device for deep packet inspection | |
| EP2507953B1 (en) | User isolation between network devices | |
| US20050163102A1 (en) | Carrier network of virtual network system and communication node of carrier network | |
| US20070041373A1 (en) | Intelligent switching for secure and reliable voice-over-IP PBX service | |
| CN101106518B (en) | Service denial method for providing load protection of central processor | |
| CN101557343B (en) | Detecting and protecting method of double-layer loop in VRRP topological network | |
| CN101820383B (en) | Method and device for restricting remote access of switcher | |
| US20140130047A1 (en) | Method, Apparatus, and System for Processing Service Flow | |
| EP3017569A1 (en) | Virtual network | |
| RU2402881C2 (en) | Method and facility for control of data streams of protected distributed information systems in network of coded communication | |
| CN101340440A (en) | Method and apparatus for defending network attack | |
| CN102571738A (en) | Intrusion prevention system (IPS) based on virtual local area network (VLAN) exchange and system thereof | |
| CN102546355A (en) | Load balancing method of routers | |
| WO2012014509A1 (en) | Unauthorized access blocking control method | |
| JP2013070325A (en) | Communication system, communication apparatus, server, and communication method | |
| CN112511439B (en) | Data forwarding method, device, equipment and computer readable storage medium | |
| JP2001249866A (en) | Network with distributed fire wall function, fire wall server with fire wall distribution function and edge node with fire wall function | |
| EP2518948A1 (en) | Methods, system and apparatus for protecting control virtual local network in ethernet ring network | |
| KR101629089B1 (en) | Hybrid openFlow method for combining legacy switch protocol function and SDN function | |
| EP2014018B1 (en) | Configurable resolution policy for data switch feature failures | |
| US8646081B1 (en) | Method and system to detect a security event in a packet flow and block the packet flow at an egress point in a communication network | |
| WO2011017892A1 (en) | Method and apparatus for implementing load sharing for communication traffic | |
| CN105635145A (en) | Chip-level safety protection method of CAPWAP DTLS tunnel |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20101208 Termination date: 20150331 |
|
| EXPY | Termination of patent right or utility model |