CN101521658A - Realizing method for Ethernet ARP scanning which is applied in broadband router - Google Patents
Realizing method for Ethernet ARP scanning which is applied in broadband router Download PDFInfo
- Publication number
- CN101521658A CN101521658A CN200810034128A CN200810034128A CN101521658A CN 101521658 A CN101521658 A CN 101521658A CN 200810034128 A CN200810034128 A CN 200810034128A CN 200810034128 A CN200810034128 A CN 200810034128A CN 101521658 A CN101521658 A CN 101521658A
- Authority
- CN
- China
- Prior art keywords
- arp
- address
- scanning
- list item
- ethernet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a realizing method for Ethernet ARP scanning which is applied in a broadband router. The method adopts and searches an MAC address corresponding to an IP address in a local area network; the MAC corresponding to the IP address is bound and is added to an ARP table entry to become a static table entry; before the next scanning, all the table entries keep constant and can provide the setting of the range of IP network segment and scanning is carried out in the range. By the operation, a router can fast inquire the MAC address corresponding to a host, does not need to send additional an ARP request, and the speed of the router for processing message is accelerated. Simultaneously, for ARP attacks, good prevention effect is provided so as to lead the attackers not to carry out ARP spoof, thus improving the security and stability in the local area network.
Description
Technical field:
The present invention relates to Network Transmission, information security and data communication field, particularly a kind of implementation method that is applied to the Ethernet ARP scanning in the broadband router.
Background technology:
Ethernet is present widely used LAN.Because it realizes simple, bookkeeping is convenient, is convenient to advantages such as expansion, thereby has obtained having obtained use in vast field.But Ethernet also exists fail safe relatively poor relatively, the problem that attacked by ARP.Some lawless persons are by this ARP deception, utilize the fail safe deficiency of ip, palm off a legitimate ip address invasion network steal information with the mapping relations of revising MAC Address in the dynamic ARP correspondence table and IP address, perhaps palm off gateway to intercept and capture the communication information.The communication security of the Internet in this serious threat.
At this problem, commonplace countermeasure has following several at present:
(1) adopting the method for two-way binding, by mac--static in the network is set〉the ip correspondence table prevents the ARP deception, i.e. the IP and the MAC Address of binding security gateway on PC earlier, the manually IP and the MAC Address of user bound main frame one by one on security gateway then.
(2) use ARP server or third party's acting server, respond the ARP broadcasting of other machines by its ARP conversion table of searching oneself.But need guarantee that this ARP server is not hacked.
(3) use the core switch that to defend the ARP spoofing attack by transforming hardware, bundling port-MAC-IP, restriction arp traffic, in time find and block automatically the ARP attacked port, rationally divide VLAN, thoroughly stop and usurp IP, MAC Address, stop the attack of ARP deception.
(4) keeper regularly obtains a rarp request in the ip bag with response, checks the authenticity of arp response then, and the arp cache on the main frame is checked in perhaps periodic polling.
Such scheme is at practical application complicated operation not only during at broadband network, and very passive and poor efficiency.For broadband router, also a kind of without comparison method more feasible than more efficient can solve and prevent the ARP deception at present.
Summary of the invention:
In view of safety problem and the deficiencies in the prior art that above-mentioned Ethernet exists, the purpose of this invention is to provide a kind of implementation method that is applied to the Ethernet ARP scanning in the broadband router.This technical scheme suffers the attack of ARP deception and the problems such as speed of accelerating to handle message easily in order to solve ethernet broadband router, promptly search for the IP address of enlivening main frame in the local area network (LAN) by automatic scan, MAC Address binding with itself and this main frame, like this at present widely used broadband network particularly in the cafe environment, simplified manual operation, raise the efficiency, prevent to cause the situation that main frame goes offline in the network to occur because attacked by ARP.And broadband router has realized that the ARP static binding also makes the raising of message processing speed, reduces the transmission of ARP message, improves the efficient of network data message transmissions.In addition, the method for scanning network segment configuration that the present invention has gone back adoption of innovation is bound the network segment of certain particular range, has improved flexibility.
In order to realize the foregoing invention purpose, the Ethernet ARP scan method of broadband router that is applied to of the present invention is mainly by in local area network, according to the IP address that disposes on this Ethernet, search obtains the pairing MAC Address in IP address of the main frame of all existence in this network segment, and carry out IP address and ARP binding, thereby realized the ARP scan function.
Concrete steps are: broadband router at first obtains the IP address on the port, and calculates the scope of all IP addresses of this network segment.Then, in this scope, all IP addresses, the corresponding MAC Address of search binding.Also comprise list item in this process,, then send the ARP request, obtain after the arp reply, add the Static ARP list item, binding if do not find according to IP address search ARP.At last, for the situation that is provided with IP address scan scope, then only scan the MAC Address of all the IP address correspondences in this scope.Comprise also in the middle of this that according to the IP address range that obtains the IP network segment limit that search is corresponding is bound all IP and MAC Address in this network segment.
More than the described beneficial effect of invention is:
1. owing to take the method for static binding, make host IP address and its MAC Address permanent bindings in the local area network (LAN), its ARP list item can not wear out and abandon in router.When router need or not to send the ARP request message again when this main frame sends message, directly obtain corresponding MAC Address by searching the IP address, accelerated processing speed.
2. owing to taked the method for static binding, when router is subjected to the attack of ARP deception, will directly abandon these attack messages, therefore the ARP list item can not be damaged.Can effectivelyly avoid being subjected to ARP attacks.
3. owing to taked the setting of IP address range, can in certain local area network (LAN), the IP address of the part network segment be bound, and, then carry out the MAC Address dynamic learning other IP addresses.Like this, improved network configuration flexibility.
Description of drawings:
Further specify the present invention below in conjunction with the drawings and specific embodiments.
Fig. 1 is the flow chart of scan A RP of the present invention.
Fig. 2 removes the flow chart of ARP scanning for the present invention.
Embodiment:
For technological means, creation characteristic that the present invention is realized, reach purpose and effect is easy to understand, below in conjunction with concrete diagram, further set forth the present invention.
Say according to above-mentioned institute, the implementation method of Ethernet ARP of the present invention scanning, this method can make and host IP address and its MAC Address static binding in the local area network (LAN) prevent the attack of ARP address spoofing, improved the performance that router message is handled simultaneously, speed up processing.
Step (referring to Fig. 1) when below specifically implementing for this method:
1. by the command configuration of router, obtain corresponding ports information.If disposed IP address range, then these information can obtain in port.
2. under the effective situation of port agreement, carry out ARP scanning.
3. calculate scanning start ip address and scanning end address.
4. the partial content in initialization ARP static entry and the ARP request message.(source IP address, ARP type, purpose MAC broadcast address etc.)
5. the whole network segment that needs scanning of linear search is to each IP address search ARP list item.
6. if there is this list item, then this list item added and become static entry.
7. if list item does not exist, then send the ARP request, and add counting.
8. this task is then hung up in 40 ARP requests of every transmission, makes other tasks to carry out.
Can eliminate static binding by order is set equally.
This method is implemented as follows step (referring to Fig. 2):
1. by command configuration, obtain related port information.
2. linear traversal Static ARP list item, if this IP address is present in this list item, then deletion.
In sum: the ARP scanning configuration among the present invention is as follows:
1. configuration ARP scanning (giving tacit consent to the whole network segment):
Router_config#?interface?FastEthernet0/1
Router_config_f0/1#?atp?scan
2. configuration ARP scanning (certain specific network segment):
Router_config#?interface?FastEthernet0/1
Router_config_f0/1#?arp?scan?192.168.1.3192.168.1.10
3. remove ARP scanning:
Router_config#?interface?FastEthernet0/1
Router_config_f0/1#?no?arp?scan
Above-mentioned parameter is provided as one of realization means, is not unique as an illustration with reference to its form and parameter.
More than show and described basic principle of the present invention and principal character and advantage of the present invention.The technical staff of the industry should understand; the present invention is not restricted to the described embodiments; that describes in the foregoing description and the specification just illustrates principle of the present invention; without departing from the spirit and scope of the present invention; the present invention also has various changes and modifications, and these changes and improvements all fall in the claimed scope of the invention.The claimed scope of the present invention is defined by appending claims and equivalent thereof.
Claims (5)
1, is applied to the implementation method of the Ethernet ARP scanning in the broadband router, described method is by in local area network, according to the IP address that disposes on this Ethernet, search obtains the pairing MAC Address in IP address of the main frame of all existence in this network segment, and carry out IP address and ARP binding, thereby realized the ARP scan function; It is characterized in that: the step of described process comprises:
(1) broadband router at first obtains the IP address on the port, and calculates the scope of all IP addresses of this network segment;
(2) in this scope, all IP addresses, the corresponding MAC Address of search binding;
(3), then only scan the MAC Address of all the IP address correspondences in this scope for the situation that is provided with IP address scan scope.
2, according to the implementation method that is applied to the Ethernet ARP scanning in the broadband router of claim 1, it is characterized in that described step comprises in (2), according to IP address search ARP list item,, then send the ARP request if do not find, obtain after the arp reply, add the Static ARP list item, binding.
3, according to the implementation method that is applied to the Ethernet ARP scanning in the broadband router of claim 1, it is characterized in that described step comprises in (3), according to the IP address range that obtains, the IP network segment limit that search is corresponding is bound all IP and MAC Address in this network segment.
4, according to the implementation method that is applied to the Ethernet ARP scanning in the broadband router of claim 1, it is characterized in that the concrete steps when described method realizes comprise:
(1), obtains corresponding ports information by the command configuration of router.If disposed IP address range, then these information can obtain in port;
(2) under the effective situation of port agreement, carry out ARP scanning;
(3) calculate scanning start ip address and scanning end address;
(4) partial content in initialization ARP static entry and the ARP request message;
(5) the whole network segment that needs scanning of linear search is to each IP address search ARP list item;
(6), then this list item is added and become static entry if there is this list item;
(7), then send the ARP request, and add counting if list item does not exist;
(8) this task is then hung up in 40 ARP requests of every transmission, makes other tasks to carry out.
According to the implementation method that is applied to the Ethernet ARP scanning in the broadband router of claim 1, it is characterized in that 5, described method can also be eliminated static binding by order is set, process is:
(1) by command configuration, obtains related port information;
(2) linear traversal Static ARP list item, if this IP address is present in this list item, then deletion.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810034128A CN101521658A (en) | 2008-02-29 | 2008-02-29 | Realizing method for Ethernet ARP scanning which is applied in broadband router |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810034128A CN101521658A (en) | 2008-02-29 | 2008-02-29 | Realizing method for Ethernet ARP scanning which is applied in broadband router |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101521658A true CN101521658A (en) | 2009-09-02 |
Family
ID=41082035
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200810034128A Pending CN101521658A (en) | 2008-02-29 | 2008-02-29 | Realizing method for Ethernet ARP scanning which is applied in broadband router |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101521658A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101888317A (en) * | 2010-06-22 | 2010-11-17 | 济宁盛世光明软件技术有限公司 | Method for scanning computer in Local Area Network (LAN) by cross-network segment |
| CN102158565A (en) * | 2011-04-07 | 2011-08-17 | 瑞斯康达科技发展股份有限公司 | Method and system for configuring Internet protocol (IP) address for remote device |
| CN102546849A (en) * | 2010-12-30 | 2012-07-04 | 华为技术有限公司 | Detection method for IP (Internet Protocol) address conflict and network equipment |
| CN103701784A (en) * | 2013-12-17 | 2014-04-02 | 迈普通信技术股份有限公司 | Host machine protection method |
| CN103905582A (en) * | 2014-03-18 | 2014-07-02 | 汉柏科技有限公司 | Method and system for automatically detecting and binding IP/MAC |
| CN106375491A (en) * | 2016-08-31 | 2017-02-01 | 浙江远望信息股份有限公司 | Method, device and system for discovering network equipment |
| CN110113218A (en) * | 2019-05-24 | 2019-08-09 | 深圳云里物里科技股份有限公司 | A kind of gateway configuration method, system, computer storage medium and electronic equipment |
-
2008
- 2008-02-29 CN CN200810034128A patent/CN101521658A/en active Pending
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101888317A (en) * | 2010-06-22 | 2010-11-17 | 济宁盛世光明软件技术有限公司 | Method for scanning computer in Local Area Network (LAN) by cross-network segment |
| CN102546849A (en) * | 2010-12-30 | 2012-07-04 | 华为技术有限公司 | Detection method for IP (Internet Protocol) address conflict and network equipment |
| WO2012088884A1 (en) * | 2010-12-30 | 2012-07-05 | 华为技术有限公司 | Method and network device for detecting ip address conflict |
| CN102546849B (en) * | 2010-12-30 | 2014-10-08 | 华为技术有限公司 | Detection method for IP (Internet Protocol) address conflict and network equipment |
| US9166872B2 (en) | 2010-12-30 | 2015-10-20 | Huawei Technologies Co., Ltd. | Method and network device for detecting IP address conflict |
| CN102158565A (en) * | 2011-04-07 | 2011-08-17 | 瑞斯康达科技发展股份有限公司 | Method and system for configuring Internet protocol (IP) address for remote device |
| CN103701784A (en) * | 2013-12-17 | 2014-04-02 | 迈普通信技术股份有限公司 | Host machine protection method |
| CN103701784B (en) * | 2013-12-17 | 2017-02-15 | 迈普通信技术股份有限公司 | Host machine protection method |
| CN103905582A (en) * | 2014-03-18 | 2014-07-02 | 汉柏科技有限公司 | Method and system for automatically detecting and binding IP/MAC |
| CN106375491A (en) * | 2016-08-31 | 2017-02-01 | 浙江远望信息股份有限公司 | Method, device and system for discovering network equipment |
| CN110113218A (en) * | 2019-05-24 | 2019-08-09 | 深圳云里物里科技股份有限公司 | A kind of gateway configuration method, system, computer storage medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101521658A (en) | Realizing method for Ethernet ARP scanning which is applied in broadband router | |
| US20130322438A1 (en) | System and method for identifying frames | |
| CN101022394B (en) | Method for realizing virtual local network aggregating and converging exchanger | |
| Ullrich et al. | {IPv6} security: Attacks and countermeasures in a nutshell | |
| US7818795B1 (en) | Per-port protection against denial-of-service and distributed denial-of-service attacks | |
| CN109688100B (en) | NAT (network Address translation) penetration method, device, equipment and storage medium | |
| CN101237378B (en) | Mapping method and device of virtual LAN | |
| WO2010063228A1 (en) | Preventing domain name system spoofing attack method and device | |
| WO2009094928A1 (en) | A method and equipment for transmitting a message based on the layer-2 tunnel protocol | |
| EP3070902A2 (en) | Mitigating neighbor discovery-based denial of service attacks | |
| KR101064382B1 (en) | Arp attack blocking system in communication network and method thereof | |
| Boppana et al. | Analyzing the vulnerabilities introduced by ddos mitigation techniques for software-defined networks | |
| CN102882861B (en) | The method of anti-IP address swindle is realized based on parsing DHCP message | |
| KR20040109985A (en) | Method for preventing arp/ip spoofing automatically on the dynamic ip address allocating environment using dhcp packet | |
| Bhattacharjya et al. | On mapping of address and port using translation | |
| CN112714102A (en) | SYN Flood attack defense method under multi-core heterogeneous platform | |
| CN103095858B (en) | Method, the network equipment and the system of ARP message processing | |
| Song et al. | A novel frame switching model based on virtual MAC in SDN | |
| Nuhu et al. | Mitigating DHCP starvation attack using snooping technique | |
| CN1859384A (en) | Method for controlling user's message passing through network isolation device | |
| Fayyaz et al. | Using JPCAP to prevent man-in-the-middle attacks in a local area network environment | |
| Najjar et al. | Ipv6 change threats behavior | |
| CN1444363A (en) | Method for implementing Ethernet local area network in public place | |
| KR20070106893A (en) | Method for prevention an arp poison attack | |
| CN1770761A (en) | Address renewing method based on network key exchange protocol |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20090902 |