CN101610266A - A kind of method and device that detects ARP message validity - Google Patents
A kind of method and device that detects ARP message validity Download PDFInfo
- Publication number
- CN101610266A CN101610266A CNA2009101573724A CN200910157372A CN101610266A CN 101610266 A CN101610266 A CN 101610266A CN A2009101573724 A CNA2009101573724 A CN A2009101573724A CN 200910157372 A CN200910157372 A CN 200910157372A CN 101610266 A CN101610266 A CN 101610266A
- Authority
- CN
- China
- Prior art keywords
- arp message
- message
- address
- interface information
- arp
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a kind of method and device that detects ARP message validity, be applied to comprise in the system of gateway device, said method comprising the steps of: described gateway device receives the ARP message, judges whether the incoming interface of described ARP message is three layer interfaces; If the incoming interface of described ARP message correspondence is three layer interfaces, then described gateway device extracts the transmitting terminal Internet protocol IP address in the described ARP message, with the transmitting terminal IP address in the described ARP message is that destination address carries out route querying, obtains corresponding outgoing interface information; When the outgoing interface information of obtaining was consistent with the incoming interface information that receives described ARP message, described ARP message was legal ARP message; When the outgoing interface information of obtaining when receiving the incoming interface information inconsistency of described ARP message, described ARP message is an attack message.The present invention has realized the detection to illegal ARP message.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of method and device that detects ARP message validity.
Background technology
In the current network technology, destruction to network presents development in pluralism, to the attack of network reliability, fail safe is exactly wherein a kind of, this kind attack is not a purpose with the information of stealing, but at the leak in the network, the change that the equipment in the network is destroyed or is configured, destroy the proper communication of network, even cause network paralysis, wherein, be exactly a kind of common mode of this kind attack to the attack of Ethernet.
In the Ethernet, IP (Internet Protocol, Internet Protocol) to intercom mutually between the equipment, the source IP device of initiating communication need obtain MAC (the Media Access Control of Target IP equipment, media interviews control) address, actual transmissions frame data between the IP device, the MAC Address that comprises Target IP equipment in the frame data, and IP device is distinguished with the IP address in network, then need before the transmit frame data, realize from the conversion of the IP address to MAC address of Target IP equipment, this conversion is by ARP (AddressResolution Protocol, address resolution protocol) realizes, be the IP address that ARP passes through Target IP equipment, the MAC Address of query aim IP device is to guarantee carrying out smoothly of communication.
Support IP protocol of I P equipment for every in the network, the ARP table is all preserved in its inside, IP address in this ARP table is corresponding one by one with MAC Address, has represented the mapping relations of IP device IP address and MAC Address, and these mapping relations can be obtained by the mode of ARP message dynamic learning.The ARP protocol massages is divided into ARP request message and arp reply message, and generally speaking, the ARP request message is a broadcast transmission, the MAC Address of request target IP address correspondence in whole local area network, and announcement its own IP address and MAC Address corresponding relation; The arp reply message is that clean culture sends, and IP device is received from transmitting terminal and got the ARP request message, and the MAC Address of discovery transmitting terminal request self, then sends the arp reply message to this transmitting terminal, and the MAC Address of self is informed transmitting terminal.
As shown in Figure 1, be ARP message structure schematic diagram, comprise Ethernet destination address, ethernet source address, frame type, type of hardware, protocol type, hardware address length, length of protocol address, action type (OP), transmitting terminal MAC Address, transmitting terminal IP address, destination-mac address and target ip address.Wherein, the Ethernet destination address is the target MAC (Media Access Control) address of Ethernet frame head, is used to represent that this ARP message is broadcasting packet or unicast message; Ethernet source address is the source MAC of Ethernet frame head, i.e. the MAC Address of transmit leg equipment; Frame type is represented the type of message; Type of hardware is represented the type of hardware address, and this value is to represent that the type of hardware address was an ethernet address at 1 o'clock; Protocol type is represented the protocol address type of needs mappings, and this value represents that the protocol address type that needs shine upon is the IP address during for 0x0800; Hardware address length and length of protocol address are represented the length of hardware address and protocol address respectively, are unit with the byte, and for the ARP request message or the arp reply message of IP address on the Ethernet, their value is respectively 6 and 4; Action type (OP) is used to represent the type of ARP message, and this value is to represent that this ARP message was the ARP request message at 1 o'clock, and this value is to represent that this ARP message was the arp reply message at 2 o'clock; The transmitting terminal MAC Address is the hardware address of transmit leg equipment; Transmitting terminal IP address is the IP address of transmit leg equipment; Destination-mac address is the hardware address of receiver equipment; Target ip address is the IP address of receiver equipment.
As shown in Figure 2, be ARP message processing procedure schematic diagram of the prior art, host A need obtain the corresponding MAC Address of main frame (being that the IP address is the equipment of 192.168.1.2) before host B sends the IP packet.Host A is at first searched the ARP table of self storing, determine wherein whether to include the ARP list item of host B correspondence, if in the ARP table, find the MAC Address of host B correspondence, then host A directly utilizes the MAC Address in the ARP table, the IP packet is carried out the frame encapsulation, and the packet after will encapsulating sends to host B.
If host A is searched the MAC Address less than the host B correspondence in the ARP table of self storing, buffer memory IP packet then, send the ARP request message with broadcast mode to host B, transmitting terminal IP address in this ARP request message and transmitting terminal MAC Address are respectively the IP address and the MAC Address of host A, and target ip address and destination-mac address are respectively the IP address of host B and complete 0 MAC Address.Because the ARP request message sends with broadcast mode, the All hosts on this network segment can receive this message, but has only host B to handle this message.Particularly, target ip address in host B comparison its own IP address and the ARP request message that receives, when both are identical with in the IP address of the transmitting terminal (host A) in this ARP request message and the ARP table that MAC Address deposits self in, and send the arp response message to host A with mode of unicast, comprised the MAC Address of host B in this arp response message.After host A is received the arp response message, the MAC Address of host B is joined in the ARP table of self storage, simultaneously the IP packet is encapsulated transmission to be used for the forwarding of subsequent packet.
Owing to do not consider the security mechanism problem at the beginning of ARP design, so ARP is an agreement that is very easy under fire, to the attack of Ethernet also based on the ARP message aggression.In the prior art, gateway device is configured to the ARP message that receives is not carried out dissection process, and carries out direct two layers of forwarding of this ARP message, and promptly the ARP message that directly the source IP device is sent is forwarded to Target IP equipment.When gateway device moves in network; suffer the attack of the ARP message of " the transmitting terminal IP address of ARP message is not in this interface range " through regular meeting; and such ARP message need be transferred to CPU (Central Processing Unit, CPU) and handle.Because the resource of gateway device is limited, when the CPU of gateway device handles above-mentioned ARP message, can cause a large amount of normal ARP messages to can not get handling, cause that network interrupts and unusual.
Summary of the invention
The invention provides a kind of method and device of the ARP of detection message validity, realized detection illegal ARP message.
The invention provides a kind of method that detects ARP message validity, be applied to comprise in the system of gateway device, said method comprising the steps of:
Described gateway device receives the ARP message, judges whether the incoming interface of described ARP message is three layer interfaces;
If the incoming interface of described ARP message correspondence is three layer interfaces, then described gateway device extracts the transmitting terminal Internet protocol IP address in the described ARP message, with the transmitting terminal IP address in the described ARP message is that destination address carries out route querying, obtains corresponding outgoing interface information;
When the outgoing interface information of obtaining was consistent with the incoming interface information that receives described ARP message, described ARP message was legal ARP message;
When the outgoing interface information of obtaining when receiving the incoming interface information inconsistency of described ARP message, described ARP message is an attack message.
Preferably, described gateway device is that destination address carries out route querying with the transmitting terminal IP address in the described ARP message, obtains corresponding outgoing interface information, comprising:
Described gateway device is searched the direct-connected route in the routing table, obtains the outgoing interface information that purpose IP address is a transmitting terminal IP address correspondence.
Preferably, described gateway device carries out mark to the direct-connected route in the described routing table in advance.
Preferably, described gateway device is that destination address is when carrying out route querying with the transmitting terminal IP address in the described ARP message, do not find corresponding outgoing interface information, then under the close inspection pattern, think that this ARP message is an attack message, under loose pattern, think that this ARP message is legal ARP message.
Preferably, when described gateway device thought that described ARP message is legal ARP message, this gateway device carried out two layers to this ARP message and transmits or this ARP message is served a layer software processes; When described gateway device thinks that described ARP message is attack message, this gateway device this ARP message is filtered or, not only filtered but also alarmed or, not only filter but also count.
The present invention also provides a kind of device of the ARP of detection message validity, comprising:
Transceiver module is used to receive the ARP message, judges whether the incoming interface of described ARP message is three layer interfaces;
Extraction module is used for extracting the transmitting terminal IP address in the described ARP message when described transceiver module judges that the incoming interface of described ARP message correspondence is three layer interfaces;
Acquisition module, the transmitting terminal IP address that is used for the described ARP message that extracts with described extraction module is that destination address carries out route querying, obtains corresponding outgoing interface information;
Detection module is used for the outgoing interface information obtained when described acquisition module when consistent with the incoming interface information that receives described ARP message, thinks that described ARP message is legal ARP message; The outgoing interface information of obtaining when described acquisition module thinks that described ARP message is an attack message when receiving the incoming interface information inconsistency of described ARP message.
Preferably, described acquisition module specifically is used for searching the direct-connected route of routing table, obtains the outgoing interface information that purpose IP address is a transmitting terminal IP address correspondence.
Preferably, described device also comprises:
Identification module is used in advance the direct-connected route of described routing table being carried out mark, so that described acquisition module is searched described direct-connected route.
Preferably, described detection module, also be used for when described acquisition module be that destination address is when carrying out route querying with the transmitting terminal IP address of described ARP message, do not find corresponding outgoing interface information, then under the close inspection pattern, think that this ARP message is an attack message, under loose pattern, think that this ARP message is legal ARP message.
Preferably, described detection module also is used for when thinking that described ARP message is legal ARP message, this ARP message is carried out two layers transmit or this ARP message is served a layer software processes; When thinking that described ARP message is attack message, this ARP message filtered or, not only filtered but also alarmed or, not only filter but also count.
The present invention is according to this ARP message corresponding output port information of the transmitting terminal IP address route querying in the ARP message, and the ingress port information that this outbound port information is write down when receiving this ARP message compares, judge according to lookup result and comparative result whether this ARP message is normal ARP message, can detect and filter illegal ARP message to large extent, reduce the network equipment and suffer the possibility of ARP message aggression.
Description of drawings
Fig. 1 is an ARP message structure schematic diagram;
Fig. 2 is an ARP message processing procedure schematic diagram of the prior art;
Fig. 3 is a kind of method flow diagram that detects the ARP message validity among the present invention;
Fig. 4 is the process schematic diagram of the detection ARP message validity in the application scenarios of the present invention;
Fig. 5 is the flow chart of the detection ARP message validity in the application scenarios one of the present invention;
Fig. 6 is the flow chart of the detection ARP message validity in the application scenarios two of the present invention;
Fig. 7 is a kind of apparatus structure schematic diagram that detects the ARP message validity among the present invention.
Embodiment
The invention provides a kind of method of the ARP of detection message validity, its core concept is, the ARP message that receives is carried out the reverse path consistency check of transmitting terminal IP address, by gateway device identification ARP message, according to the transmitting terminal IP address in the ARP message is that destination address is searched routing table, obtain corresponding outgoing interface information, and compare according to the incoming interface information of outgoing interface information in the routing table and ARP message, if comparative result is inconsistent, judge that then the ARP message that receives is the ARP attack message, and to abnormality processing such as this message filter; If comparative result is consistent, judges that then the ARP message that receives is normal ARP message, and this message such as is transmitted at normal process.
Below in conjunction with the accompanying drawing among the present invention, technical scheme of the present invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
As shown in Figure 3, be a kind of method flow diagram that detects the ARP message validity among the present invention, be applied to comprise that this method may further comprise the steps in the system of gateway device:
Particularly, the incoming interface information of the ARP message that gateway device recorder is arrived judges according to this incoming interface information whether the incoming interface of this ARP message is three layer interfaces.Wherein, the logical identifier of the VLAN (Virtual Local Area Network, VLAN), port numbers or the other types that enter for this ARP message of the incoming interface information of ARP message.Whether gateway device can be provided with fixed IP addresses by detecting the incoming interface that receives the ARP message, and distinguishing this incoming interface is that three layer interfaces still are two layer interfaces.Three layer interfaces are the interface that is used for two layers of forwarding and three layers of forwarding in the gateway device, are provided with fixed IP addresses; Two layer interfaces are the interface that only is used for two layers of forwarding in the gateway device, and the value of IP is not set, and can not be used for three layers of forwarding.
Particularly, if the incoming interface of the ARP message correspondence that receives is not three layer interfaces, gateway device does not start the testing mechanism of ARP message, but directly the ARP message that receives is carried out normal process, this ARP message is carried out two layers of forwarding, perhaps this ARP message is transferred to upper layer software (applications) and handled.
Particularly, if the incoming interface of the ARP message correspondence that receives is three layer interfaces, then gateway device is 0x0806 by the field of obtaining expression frame type in this message, discerning this message is the ARP message, and extract transmitting terminal IP address in this message, generate the master data section of this message correspondence, and in this master data section, identify transmitting terminal IP address, be used to represent that this message is the ARP message.
Gateway device is that destination address is searched the direct-connected route in the routing table with the transmitting terminal IP address in the ARP message, obtain the outgoing interface information of purpose IP address for this transmitting terminal IP address correspondence, this outgoing interface information representation is passed through this gateway device when the transmitting terminal of this ARP message sends packet, the interface message of need using comprises the logical identifier of corresponding VLAN, port numbers or other types.
Wherein, direct-connected route is the routing iinformation of the subnet that connects of gateway device interface, find by link layer protocol, refer generally to go to the routing information of the interface IP address place network segment of gateway device, this routing information need not safeguarded by the network manager, also do not need gateway device to pass through to calculate and obtain, as long as this interface is in activity (Active) state, gateway device will be filled up to the routing iinformation that leads to this network segment in the routing table and go.Direct-connected route comprises main frame route and network segment route, and the main frame route is that purpose IP address is the route of main frame; Network segment route also claims interface route, and its purpose IP address is certain section IP address, and next of sensing jumped and be this machine, and under normal circumstances the IP message need be handled by the CPU of gateway device to the coupling of network segment route.Because the particularity of main frame route and network segment route, before the outgoing interface information of gateway device according to the transmitting terminal IP address search ARP message in the ARP message, need in advance the direct-connected route in the routing table to be carried out mark, promptly in routing table, all main frame routes and/or network segment route are provided with marker bit, so that follow-up route querying.
Particularly, when gateway device thought that the ARP message is legal ARP message, this gateway device carried out two layers to this ARP message and transmits or this ARP message is served a layer software processes; When gateway device thinks that the ARP message is attack message, this gateway device this ARP message is filtered or, not only filtered but also alarmed or, not only filter but also count.
In addition, gateway device is a destination address when carrying out route querying with the transmitting terminal IP address in the ARP message, does not find corresponding outgoing interface information, then under the close inspection pattern, think that this ARP message is an attack message, under loose pattern, think that this ARP message is legal ARP message.
Need to prove that the gateway device among the present invention can be equipment such as hardware forwarding chip, NP (NetworkProcessor, network processing unit) or multi-core CPU.
Below in conjunction with concrete application scenarios the method for above-mentioned detection ARP message validity is carried out detailed, concrete description, as shown in Figure 4, be the process schematic diagram of the detection ARP message validity in the application scenarios of the present invention.Wherein, R1, R2 are gateway device, and R2 detects the ARP message that receives, and R1 is connected by the interface among the VLAN 100 with R2, and R2 is that the main frame of 192.158.1.2 is connected by IP address among the interface among the VLAN 10 and the VLAN 10 also.
As shown in Figure 5, the flow chart for the detection ARP message validity in the application scenarios one of the present invention specifically may further comprise the steps:
Particularly, the IP address that gateway device R2 obtains the interface correspondence that receives the ARP message is 192.168.1.1/24, thereby determines that this interface is three layer interfaces.
The message that step 502, gateway device R2 identification receive is the ARP message, extracts the transmitting terminal IP address 192.168.1.2 of this message, and to find purpose IP address in routing table be VLAN 10 for the outgoing interface information of this transmitting terminal IP address correspondence.
Wherein, the content of routing table comprises information such as purpose IP address and VLAN, and gateway device R2 as purpose IP address, searches corresponding VLAN with the transmitting terminal IP address of extracting, and obtains the outgoing interface information of correspondence when the transmitting terminal of ARP message sends packet.
Particularly, because the incoming interface information and the outgoing interface information of ARP message correspondence are VLAN 10, gateway device R2 judges that the incoming interface information of this ARP message correspondence is consistent with outgoing interface information, this ARP message is normal ARP message, and this ARP message is carried out normal process.
As shown in Figure 6, the flow chart for the detection ARP message validity in the application scenarios two of the present invention specifically may further comprise the steps:
Particularly, the IP address that gateway device R2 obtains the interface correspondence that receives the ARP message is 192.168.1.1/24, thereby determines that this interface is three layer interfaces.
The message that step 602, gateway device R2 identification receive is the ARP message, extracts the transmitting terminal IP address 202.10.1.2 of this message, and to find purpose IP address in routing table be VLAN 100 for the outgoing interface information of this transmitting terminal IP address correspondence.
Wherein, the content of routing table comprises information such as purpose IP address and VLAN, and gateway device R2 as purpose IP address, searches corresponding VLAN with the transmitting terminal IP address of extracting, and obtains the outgoing interface information of correspondence when the transmitting terminal of ARP message sends packet.
Particularly, because the incoming interface information of ARP message correspondence is VLAN 10, outgoing interface information is VLAN 100, and gateway device R2 judges that the incoming interface information of this ARP message correspondence and outgoing interface information inconsistency, this ARP message are the ARP attack message, and this ARP message is carried out abnormality processing.
The present invention also provides a kind of device of using said method except the methods and applications scene that above-mentioned detection ARP message validity is provided.
As shown in Figure 7, a kind of apparatus structure schematic diagram that detects the ARP message validity among the present invention comprises:
Above-mentioned acquisition module 730 specifically is used for searching the direct-connected route of routing table, obtains the outgoing interface information that purpose IP address is a transmitting terminal IP address correspondence.
Above-mentioned detection module 740, also be used for when acquisition module 730 be that destination address is when carrying out route querying with the transmitting terminal IP address of ARP message, do not find corresponding outgoing interface information, then under the close inspection pattern, think that this ARP message is an attack message, under loose pattern, think that this ARP message is legal ARP message.
Above-mentioned detection module 740 also is used for when thinking that the ARP message is legal ARP message, this ARP message is carried out two layers transmit or this ARP message is served a layer software processes; When thinking that the ARP message is attack message, this ARP message filtered or, not only filtered but also alarmed or, not only filter but also count.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential general hardware platform, can certainly pass through hardware, but the former is better execution mode under a lot of situation.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium, comprise that some instructions are with so that a computer equipment (can be a personal computer, server, perhaps network equipment etc.) carry out method of the present invention.
It will be appreciated by those skilled in the art that accompanying drawing is the schematic diagram of a preferred embodiment, module in the accompanying drawing or flow process might not be that enforcement the present invention is necessary.
It will be appreciated by those skilled in the art that the module in the device among the present invention can be distributed in the device of embodiment according to the embodiment description, also can carry out respective change and be arranged in the one or more devices that are different from present embodiment.The module of the foregoing description can be merged into a module, also can further split into a plurality of submodules.
More than disclosed only be several specific embodiment of the present invention, still, the present invention is not limited thereto, any those skilled in the art can think variation all should fall into protection scope of the present invention.
Claims (10)
1, a kind of method that detects ARP message validity is applied to comprise in the system of gateway device, it is characterized in that, said method comprising the steps of:
Described gateway device receives the ARP message, judges whether the incoming interface of described ARP message is three layer interfaces;
If the incoming interface of described ARP message correspondence is three layer interfaces, then described gateway device extracts the transmitting terminal Internet protocol IP address in the described ARP message, with the transmitting terminal IP address in the described ARP message is that destination address carries out route querying, obtains corresponding outgoing interface information;
When the outgoing interface information of obtaining was consistent with the incoming interface information that receives described ARP message, described ARP message was legal ARP message;
When the outgoing interface information of obtaining when receiving the incoming interface information inconsistency of described ARP message, described ARP message is an attack message.
2, the method for claim 1 is characterized in that, described gateway device is that destination address carries out route querying with the transmitting terminal IP address in the described ARP message, obtains corresponding outgoing interface information, comprising:
Described gateway device is searched the direct-connected route in the routing table, obtains the outgoing interface information that purpose IP address is a transmitting terminal IP address correspondence.
3, method as claimed in claim 2 is characterized in that, described gateway device carries out mark to the direct-connected route in the described routing table in advance.
4, the method for claim 1, it is characterized in that, described gateway device is that destination address is when carrying out route querying with the transmitting terminal IP address in the described ARP message, do not find corresponding outgoing interface information, then under the close inspection pattern, think that this ARP message is an attack message, under loose pattern, think that this ARP message is legal ARP message.
5, the method for claim 1 is characterized in that, when described gateway device thought that described ARP message is legal ARP message, this gateway device carried out two layers to this ARP message and transmits or this ARP message is served a layer software processes; When described gateway device thinks that described ARP message is attack message, this gateway device this ARP message is filtered or, not only filtered but also alarmed or, not only filter but also count.
6, a kind of device that detects the ARP message validity is characterized in that, comprising:
Transceiver module is used to receive the ARP message, judges whether the incoming interface of described ARP message is three layer interfaces;
Extraction module is used for extracting the transmitting terminal IP address in the described ARP message when described transceiver module judges that the incoming interface of described ARP message correspondence is three layer interfaces;
Acquisition module, the transmitting terminal IP address that is used for the described ARP message that extracts with described extraction module is that destination address carries out route querying, obtains corresponding outgoing interface information;
Detection module is used for the outgoing interface information obtained when described acquisition module when consistent with the incoming interface information that receives described ARP message, thinks that described ARP message is legal ARP message; The outgoing interface information of obtaining when described acquisition module thinks that described ARP message is an attack message when receiving the incoming interface information inconsistency of described ARP message.
7, device as claimed in claim 6 is characterized in that,
Described acquisition module specifically is used for searching the direct-connected route of routing table, obtains the outgoing interface information that purpose IP address is a transmitting terminal IP address correspondence.
8, device as claimed in claim 7 is characterized in that, also comprises:
Identification module is used in advance the direct-connected route of described routing table being carried out mark, so that described acquisition module is searched described direct-connected route.
9, device as claimed in claim 6 is characterized in that,
Described detection module, also be used for when described acquisition module be that destination address is when carrying out route querying with the transmitting terminal IP address of described ARP message, do not find corresponding outgoing interface information, then under the close inspection pattern, think that this ARP message is an attack message, under loose pattern, think that this ARP message is legal ARP message.
10, device as claimed in claim 6 is characterized in that,
Described detection module also is used for when thinking that described ARP message is legal ARP message, this ARP message is carried out two layers transmit or this ARP message is served a layer software processes; When thinking that described ARP message is attack message, this ARP message filtered or, not only filtered but also alarmed or, not only filter but also count.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2009101573724A CN101610266A (en) | 2009-07-28 | 2009-07-28 | A kind of method and device that detects ARP message validity |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2009101573724A CN101610266A (en) | 2009-07-28 | 2009-07-28 | A kind of method and device that detects ARP message validity |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101610266A true CN101610266A (en) | 2009-12-23 |
Family
ID=41483847
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2009101573724A Pending CN101610266A (en) | 2009-07-28 | 2009-07-28 | A kind of method and device that detects ARP message validity |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101610266A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102075364A (en) * | 2011-01-31 | 2011-05-25 | 杭州华三通信技术有限公司 | Method and equipment for determining direct link |
| CN102143009A (en) * | 2010-07-07 | 2011-08-03 | 华为数字技术有限公司 | Message processing method, device and system |
| CN102143061A (en) * | 2010-12-24 | 2011-08-03 | 华为数字技术有限公司 | Method and device for switching service messages of looped network |
| CN104601460A (en) * | 2015-02-16 | 2015-05-06 | 杭州华三通信技术有限公司 | Message forwarding method and device |
| CN106233759A (en) * | 2014-04-22 | 2016-12-14 | 华为技术有限公司 | The retransmission method of internet protocol message, mobile gateway and radio network controller |
| CN107317755A (en) * | 2017-08-23 | 2017-11-03 | 普联技术有限公司 | A kind of hardware forwarding table error correction method, device and computer-readable recording medium |
| CN107579881A (en) * | 2017-10-23 | 2018-01-12 | 上海斐讯数据通信技术有限公司 | A kind of method of testing and system of router address analysis protocol |
| CN114338593A (en) * | 2021-12-23 | 2022-04-12 | 上海观安信息技术股份有限公司 | Behavior detection method and device for network scanning by using address resolution protocol |
-
2009
- 2009-07-28 CN CNA2009101573724A patent/CN101610266A/en active Pending
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102143009A (en) * | 2010-07-07 | 2011-08-03 | 华为数字技术有限公司 | Message processing method, device and system |
| CN102143009B (en) * | 2010-07-07 | 2013-11-06 | 北京华为数字技术有限公司 | Message processing method, device and system |
| CN102143061A (en) * | 2010-12-24 | 2011-08-03 | 华为数字技术有限公司 | Method and device for switching service messages of looped network |
| CN102075364A (en) * | 2011-01-31 | 2011-05-25 | 杭州华三通信技术有限公司 | Method and equipment for determining direct link |
| CN102075364B (en) * | 2011-01-31 | 2013-12-11 | 杭州华三通信技术有限公司 | Method and equipment for determining direct link |
| CN106233759A (en) * | 2014-04-22 | 2016-12-14 | 华为技术有限公司 | The retransmission method of internet protocol message, mobile gateway and radio network controller |
| CN106233759B (en) * | 2014-04-22 | 2020-03-20 | 华为技术有限公司 | Forwarding method of internet protocol message, mobile gateway and wireless network controller |
| CN104601460A (en) * | 2015-02-16 | 2015-05-06 | 杭州华三通信技术有限公司 | Message forwarding method and device |
| CN104601460B (en) * | 2015-02-16 | 2018-12-25 | 新华三技术有限公司 | A kind of message forwarding method and device |
| CN107317755A (en) * | 2017-08-23 | 2017-11-03 | 普联技术有限公司 | A kind of hardware forwarding table error correction method, device and computer-readable recording medium |
| CN107579881A (en) * | 2017-10-23 | 2018-01-12 | 上海斐讯数据通信技术有限公司 | A kind of method of testing and system of router address analysis protocol |
| CN114338593A (en) * | 2021-12-23 | 2022-04-12 | 上海观安信息技术股份有限公司 | Behavior detection method and device for network scanning by using address resolution protocol |
| CN114338593B (en) * | 2021-12-23 | 2023-07-04 | 上海观安信息技术股份有限公司 | Behavior detection method and device for network scanning by using address resolution protocol |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101610266A (en) | A kind of method and device that detects ARP message validity | |
| US8472420B2 (en) | Gateway device | |
| CN106559292A (en) | A kind of broad band access method and device | |
| CN101674306B (en) | Address resolution protocol message processing method and switch | |
| CN101616094B (en) | Method and equipment for acquiring message forwarding path | |
| WO2007107624A2 (en) | Method for the resolution of addresses in a communication system | |
| CN109639552B (en) | Three-layer forwarding method and device | |
| CN105245386A (en) | Method and system for automatic positioning of server connection relation | |
| CN103023779A (en) | Method and device for processing data message | |
| CN103354509A (en) | Link connection information acquisition method and equipment thereof | |
| CN107948150A (en) | Message forwarding method and device | |
| CN105187311A (en) | Message forwarding method and message forwarding device | |
| CN101741745A (en) | Method and system for identifying application traffic of peer-to-peer network | |
| CN107888711B (en) | Cross-network-segment equipment searching and communication method | |
| CN108881247B (en) | Message conversion method, device, gateway equipment and storage medium | |
| CN106850268A (en) | A kind of linear protection switching realizes device and method | |
| CN102263679B (en) | Source role information processing method and forwarding chip | |
| CN104301131A (en) | Fault management method and device | |
| CN107682226A (en) | The monitoring method and device of NAT plates | |
| CN102868616B (en) | Method for establishing virtual MAC (Media Access Control) address table item in network as well as router and system | |
| CN103607350A (en) | Method and device for generating route | |
| CN116719868A (en) | Network asset identification method, device and equipment | |
| CN115022281B (en) | NAT penetration method, client and system | |
| CN107547691B (en) | Address resolution protocol message proxy method and device | |
| JP2003060664A (en) | Gateway apparatus and information apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20091223 |