CN101834870A - Method and device for preventing deceptive attack of MAC (Medium Access Control) address - Google Patents
Method and device for preventing deceptive attack of MAC (Medium Access Control) address Download PDFInfo
- Publication number
- CN101834870A CN101834870A CN201010171167A CN201010171167A CN101834870A CN 101834870 A CN101834870 A CN 101834870A CN 201010171167 A CN201010171167 A CN 201010171167A CN 201010171167 A CN201010171167 A CN 201010171167A CN 101834870 A CN101834870 A CN 101834870A
- Authority
- CN
- China
- Prior art keywords
- dhcp
- message
- mac address
- dhcp message
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/5014—Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses a method and a device for preventing deceptive attack of an MAC (Medium Access Control) address. In the method, the legality of a non-dynamic host configuration protocol (DHCP) message is detected based on a preset static MAC address table when exchange equipment receives a non-dynamic host configuration protocol transmitted by a user port side; and the non-dynamic host configuration protocol message is discarded when being illegal. The device comprises a message receiving module and a non-DHCP message forwarding/filtering module. The method prevents the MAC address deception of access equipment and effectively avoid the condition that an MAC address protocol of the excess equipment migrates, which causes the chaos of data forward and the condition that users are attacked by Dos(Disk Operating System).
Description
Technical field
The present invention relates to communication technical field, relate in particular to the method and apparatus of a kind of MAC of preventing (Media Access Control, medium access control) false address attack.
Background technology
Along with the expansion of network size and the raising of network complexity, network configuration becomes increasingly complex, and the situation that computer location variation (as portable machine or wireless network) and number of computers surpass assignable IP address often occurs.Dynamic host configuration protocol DHCP (Dynamic Host Configuration Protocol) grows up for satisfying these demands, under the bigger situation of network size, adopts DHCPServer to finish IP address assignment usually.
Itself does not have fail safe the DHCP agreement, has the risk of being attacked in the network environment of application DHCP agreement.The assailant can utilize and simulate the software of giving out a contract for a project, and sends the message that a large amount of forgeries source MAC changes.The magnanimity MAC that the very fast victim of switch content-addressable memory sends is congested and overflow, and can't learn new MAC Address, and message will produce broadcasting by all of the port in VLAN.The broadcasting that the assailant utilizes VLAN to go up all of the port can be carried out flow and monitor, scan wherein useful information, attack to realize spreading of broadcast storm from the assailant by MAC Address, switch is worked in the mode of HUB, thereby reach the purpose of DoS and produce potential safety hazard.The assailant can also pretend to be the MAC Address of another validated user to send datagram, switching equipment will be MAC address learning to the port of malicious user, thereby cause the migration of validated user MAC address learning, upset the message of equipment and transmit, make normally accesses network of validated user.
Summary of the invention
The invention provides a kind of method and apparatus that prevents that MAC address spoofing from attacking, there is potential safety hazard in DHCP in the prior art in order to solve, and makes normal users exist by the problem of risk of attacks.
Concrete, the invention provides a kind of method that prevents that MAC address spoofing from attacking, comprising:
Switching equipment based on pre-configured static mac address table, detects the legitimacy of described non-DHCP message when the non-DHCP message that receives that the user side oral-lateral sends, when described non-DHCP message is illegal, abandon this message.
In the described method, comprise in the static mac address table: finish the pairing MAC Address of user of IP application IP addresses and the user port number of binding by DHCP with this MAC Address.
In the described method, illegal being meant of non-DHCP message:
The source MAC of described non-DHCP message is not in pre-configured static mac address table; Perhaps, the source MAC of described non-DHCP message is in described static mac address table, but user port number is not corresponding in the receiving port number of non-DHCP message and the described static mac address list item.
In the described method, during non-DHCP message that described switching equipment receives that Dynamic Host Configuration Protocol server or convergence switch send, whether the source MAC of judging described non-DHCP message is in the dynamic MAC address table that described switching equipment is safeguarded, if transmit described non-DHCP message; Otherwise, the source MAC of described non-DHCP message is learnt to receive on the port of this message, and transmits described non-DHCP message.
In the described method, switching equipment carries out establishment, renewal or the deletion of DHCP user profile binding table based on the type of described DHCP message when receiving the DHCP message, and finishes described DHCP message forwarding.
In the described method, the configuration mode of static mac address table comprises:
When described switching equipment is the ACK message in the type that receives DHCP message and described DHCP message, the DHCP user profile binding table of having created based on described ACK information updating, and user's MAC address and user port number in the DHCP user profile binding table after will upgrading are configured in the described static mac address table.
Further, when described switching equipment is Release or Decline message in the type of the described DHCP message that receives, when perhaps a certain list item rental period expires in described DHCP user profile binding table, delete the mac address information of respective user in the described static mac address table.
The present invention also provides a kind of switching equipment, comprising:
The message receiver module is used for triggering non-DHCP message forwarding/filtering module when the non-DHCP message that receives that the user side oral-lateral sends;
Non-DHCP message forwarding/filtering module is used for detecting the legitimacy of described non-DHCP message based on pre-configured static mac address table, when described non-DHCP message is illegal, abandons described non-DHCP message.
Switching equipment provided by the invention further has following characteristics:
Static mac address table comprises in the described non-DHCP message forwarding/filtering module: finish the pairing MAC Address of user of IP application IP addresses and the user port number of binding with this MAC Address by DHCP.
Illegal being meant of non-DHCP message in the described non-DHCP message forwarding/filtering module:
The source MAC of described non-DHCP message is not in pre-configured static mac address table; Perhaps, the source MAC of described non-DHCP message is in described static mac address table, but user port number is not corresponding in the receiving port number of non-DHCP message and the described static mac address list item.
Described switching equipment also comprises: the DHCP message is intercepted module;
Described message receiver module also is used for when receiving the DHCP message, triggers described DHCP message and intercepts module
The DHCP message is intercepted module, is used for carrying out based on the type of described DHCP message establishment, renewal or the deletion of DHCP user profile binding table, and finishes described DHCP message forwarding.
Further, described DHCP message is intercepted module when the type of described DHCP message is the ACK message, the DHCP user profile binding table of having created based on described ACK information updating, and user's MAC address and user port number in the DHCP user profile binding table after will upgrading are configured in the described static mac address table.
Described DHCP message is intercepted module when the type of the described DHCP message that receives is Release or Decline message, when perhaps a certain list item rental period expires in described DHCP user profile binding table, delete the mac address information of respective user in the described static mac address table.
Compared with prior art, beneficial effect of the present invention is as follows:
Method provided by the invention, according to static mac address table, message from the user side oral-lateral is carried out source MAC address filtering, discard the not message in static mac address table of message source MAC Address, thereby prevented the MAC address spoofing of access device, and effectively avoided the MAC Address agreement on the switching equipment to move, caused the data forwarding disorder, the situation that makes the user attacked by Dos.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do one to the accompanying drawing of required use in embodiment or the description of the Prior Art below introduces simply, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the access network basic block diagram;
Fig. 2 is the method flow diagram that prevents that MAC address spoofing from attacking provided by the invention;
Fig. 3 is the structure drawing of device that prevents that MAC address spoofing from attacking provided by the invention;
Fig. 4 intercepts the process chart that module is carried out the DHCP message for DHCP among the present invention;
Fig. 5 is the process chart of non-DHCP message forwarding/filtering module among the present invention to non-DHCP message.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
In order to solve problems of the prior art, the invention provides a kind of method and apparatus that prevents that MAC address spoofing from attacking.
Before carrying out the method elaboration, at first the access network that described method is used carries out simple declaration, as shown in Figure 1, is the basic block diagram of access network.Concrete, this access network comprises user terminal, switching equipment and Dynamic Host Configuration Protocol server.
Wherein, user terminal generally is PC, obtains IP address and other configuration informations as DHCP Client by the DHCP agreement;
Switching equipment carries out message according to MAC Address and transmits;
Dynamic Host Configuration Protocol server, the DHCP request of process user terminal is distributed to DHCP Client and is comprised IP, gateway, configuration informations such as DNS.
The method of the invention is in order to solve problems of the prior art, and the port that above-mentioned switching equipment connects user terminal is set to non-trusted port; Connect the port of legal Dynamic Host Configuration Protocol server or the uplink port of connection convergence switch and be set to trusted port.For distrusting port, close MAC address learning, and the message except that DHCP is carried out the source MAC inspection; For trusted port, carry out dynamic MAC address study, do not carry out the source MAC inspection.
Principle statement based on above-mentioned provides the specific implementation process that prevents the MAC address spoofing attack method provided by the invention below, as shown in Figure 2, may further comprise the steps:
Step S201, switching equipment receive the non-DHCP message that user side oral-lateral (being non-trusted port) sends.
Step S202, detect the legitimacy of described non-DHCP message based on pre-configured static mac address table, if legal, execution in step S203; Otherwise, execution in step S204.
Wherein, comprise in the static mac address table: finish the pairing MAC Address of user of IP application IP addresses and the user port number of binding by DHCP with this MAC Address.
Step S203, search the target MAC (Media Access Control) address of described non-DHCP message,,, finish message and transmit according to target MAC (Media Access Control) address if find; If do not find, finish message by the mode of broadcasting and transmit.
Step S204, abandon described non-DHCP message.
Method provided by the invention has effectively prevented the MAC address spoofing of access device, and has effectively avoided the MAC Address agreement on the switching equipment to move, and causes the data forwarding disorder, the situation that makes the user attacked by Dos.
For clearer statement the present invention, the concrete structure below in conjunction with switching equipment is described the method for the invention, makes it that specific implementation process of the method for the invention provides can be described better.
As shown in Figure 3, concrete for the structured flowchart of switching equipment, this switching equipment comprises: message receiver module 310, and non-DHCP message forwarding/filtering module 320, mac address table module 330, DHCP message are intercepted module 340; Wherein:
Message receiver module 310: receive the message that trusted port and non-trusted port send, feature according to the DHCP protocol massages, from the message that receives, extract the DHCP message, the DHCP message is sent and corresponding user port information passes to DHCP and intercepts module 340; Non-DHCP message and corresponding user port information thereof are passed to non-DHCP message forwarding/filtering module 320.
Non-DHCP message forwarding/filtering module 320: when receiving non-DHCP message, the user port information of detection messages, if user port information is non-trusted port, based on the static mac address list item in the mac address table module 330, source MAC to described non-DHCP message carries out validity checking, when non-DHCP message is illegal, abandon this non-DHCP message; Otherwise, obtain the target MAC (Media Access Control) address of described non-DHCP message, and search the MAC that stores in the switching equipment according to the target MAC (Media Access Control) address that gets access to and transmit, storage transmits the message that receives with the MAC Address corresponding ports in transmitting according to this MAC; Yet,, this message is transmitted to all of the port except that receiving port by the mode of broadcasting if in MAC transmits, search less than target MAC (Media Access Control) address.
Wherein, illegal being meant of non-DHCP message: the source MAC of non-DHCP message, do not exist in the static mac address list item in mac address table module 330, the source MAC of perhaps non-DHCP message is in described static mac address table, but the user port number that writes down in the receiving port of this non-DHCP message and the static mac address list item is not corresponding.
Another kind of situation, if user port information is a trusted port, whether the source MAC of judging non-DHCP message in the dynamic MAC address table in mac address table module 330, if transmit according to the MAC that stores in this message target MAC (Media Access Control) address and the switching equipment and to transmit this message; Otherwise, the source MAC of described non-DHCP message is learnt to receive on the port of this message, and transmits this message of forwarding according to the MAC that stores in this message target MAC (Media Access Control) address and the switching equipment.
Need to prove, in the above-mentioned message repeating process,, then this message is transmitted to all of the port except that receiving port by the mode of broadcasting if in the MAC of switching equipment transmits, search less than target MAC (Media Access Control) address.
Mac address table module 330: the foundation that these module right and wrong DHCP message forwarding/filtering module 320 messages are transmitted and filtered; Comprise static mac address table and dynamic MAC address table in this mac address table, dynamic MAC address right and wrong DHCP message forwarding/filtering module 320 is learnt from trusted port; Static mac address table is that DHCP intercepts module and disposes according to DHCP user profile binding table.
The DHCP message is intercepted module 340: when receiving the DHCP message, carry out establishment, renewal or the deletion of DHCP user profile binding table based on the type of described DHCP message, and finish described DHCP message forwarding.Preferably, this DHCP message is intercepted module and also can be configured the static mac address table in the mac address table module 330 based on the DHCP user profile binding table of creating.
Concrete, this DHCP message is intercepted module 340 and is comprised: DHCP packet parsing module 341, DHCP user profile binding table module 342 and DHCP packet forwarding module 343.
DHCP packet parsing module 341: be used for the DHCP message that receives is resolved, obtain user configuration information, be used for carrying out the establishment and the maintenance of DHCP user profile binding table.Wherein, configuration information comprises IP address, MAC Address, user port information and rental period.
DHCP user profile binding table module 342: the user configuration information according to DHCP packet parsing module 341 is obtained generates, safeguards or the renewal binding table that binding table comprises: IP address, rental period, user port, MAC Address.Each list item in the binding table all has a timer that wears out according to the rental period, carries out the aging deletion of list item when surpassing this cycle.
Describe below in conjunction with the type of DHCP message establishment, maintenance and renewal process, and describe, specifically comprise in conjunction with the layoutprocedure of the DHCP user profile binding table that obtains to static mac address table to DHCP user profile binding table:
If the DHCP message that receives is request message Discover, then set up DHCP user profile binding table based on the configuration information of message, insert user's MAC address, user port, the rental period is set to 60 seconds, does not at this moment have User IP, and IP is set to 0.
If the DHCP message that receives is request message Request, check whether there is corresponding D HCP user profile binding table, do not exist and then create DHCP user profile binding table, otherwise, safeguard the DHCP user profile binding table of current existence.
If the DHCP message that receives is response message ACK, from message, obtain information such as IP address allocated and rental period, upgrade binding table, be set in the corresponding DHCP user profile binding list item distributing to user's IP address, the rental period is set to the rental period in the message; And user MAC in the binding table and user port be set in the static mac address table, make the binding of MAC Address and user port.
If the DHCP message that receives is Release or Decline, delete this user's DHCP user profile binding list item, delete this user's MAC address information in the static mac address table simultaneously, remove the binding relationship of user's MAC address and user port.
If the rental period of certain list item has arrived in the DHCP user profile binding table, then delete the respective user binding table, delete this user's MAC address information in the static mac address table simultaneously, remove the related of user's MAC address and user port.
DHCP packet forwarding module 343: for increasing the fail safe of DHCP protocol application, the broadcasting packet that reduces double layer network simultaneously sends, and saves network bandwidth resources, and it is to transmit according to the DHCP user profile binding table of having created that the DHCP message is transmitted; Concrete, for the DHCP request message,, only transmit to trusted port according to interface attributes; For the dhcp response message, according to the subscriber's main station MAC Address that from message, gets access to, inquiry DHCP user profile binding table, the user port in DHCP user profile binding table is transmitted the DHCP message.
Below by Fig. 4 DHCP is intercepted module and carry out the handling process of DHCP message and further specify, as shown in Figure 4, this process may further comprise the steps:
Step S401, DHCP intercept module and receive the DHCP message that passes over from the message receiver module.
Step S402, parsing DHCP message obtain user configuration information.
The type of step S403, judgement DHCP message is request message or response message, if request message, execution in step S404; If response message, execution in step S408.
Step S404, judge whether it is Discover or Request message, if, execution in step S405; If not then request message is Release or Decline message, execution in step S406.
Step S405, for Discover or Request message, check whether there is corresponding D HCP user profile binding table, do not exist and then create DHCP user profile binding table, and E-Packet to trusted port.
Step S406, for Release or Decline message, the DHCP user profile binding list item of deletion respective user, the user's MAC address of deletion in the static mac address table are removed and the binding relationship of user port.
Step S407, E-Packet to trusted port.
Step S408, for response message, judge whether the message sink mouth is trusted port, if non-trusted port, execution in step S409; If trusted port, execution in step S410.
Step S409, dropping packets.
Step S410, when response message is the ACK message, from message, obtain relevant information, upgrade DHCP user profile binding table (promptly upgrading IP address and rental period information in the list item), user's MAC address and user port in the DHCP user profile binding table after upgrading are set in the static mac address table, make the binding of MAC Address and user port; Simultaneously, transmit this ACK message according to user's MAC address and user port in the DHCP user profile binding table after upgrading;
When response message is the Offer message, transmit this Offer message according to user MAC in the DHCP user profile binding table and user access port;
When response message is the Nak message, transmit this Nak message according to user MAC in the DHCP user profile binding table and user access port, and delete DHCP user profile binding list item, the user's MAC address of deletion in the static mac address table of this user's correspondence, remove and the binding relationship of user port.
As shown in Figure 5, be the handling process of non-DHCP message forwarding/filtering module, may further comprise the steps message:
Step S501, the non-DHCP message of reception.
The non-DHCP message port that step S502, judgement receive is that trusted port also is non-trusted port, if trusted port, execution in step S506; If non-trusted port, execution in step S503.
Step S503, for message from non-trusted port, whether based on static mac address table, it is legal to detect non-DHCP message, if, execution in step S505; Otherwise, execution in step S504.
Step S504, abandon this non-DHCP message.
Step S505, carry out message and transmit.
Step S506, for message from trusted port, whether the source MAC of detection messages in the MAC of switching equipment transmits, if at, execution in step S508; Otherwise, execution in step S507.
Step S507, the source MAC of message is carried out dynamic MAC address study, execution in step S508 then.
Step S508, carry out message and transmit.
Method and apparatus provided by the invention, static mac address table based on configuration, non-DHCP message from the user side oral-lateral is filtered, by this validity checking of source MAC to message, make to have only and apply for IP address user ability accesses network, thereby prevented the MAC address spoofing of access device, and effectively avoided the MAC Address agreement on the switching equipment to move by DHCP, cause the data forwarding disorder, the situation that makes the user attacked by Dos.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.
Claims (13)
1. a method that prevents that the medium access control MAC address spoofing from attacking is characterized in that, comprising:
Switching equipment based on pre-configured static mac address table, detects the legitimacy of described non-DHCP message when the non-dynamic host configuration protocol DHCP message that receives that the user side oral-lateral sends, when described non-DHCP message is illegal, abandon this message.
2. the method for claim 1 is characterized in that, comprises in the described static mac address table: finish the pairing MAC Address of user of IP application IP addresses and the user port number of binding with this MAC Address by DHCP.
3. method as claimed in claim 2 is characterized in that, illegal being meant of described non-DHCP message:
The source MAC of described non-DHCP message is not in pre-configured static mac address table; Perhaps, the source MAC of described non-DHCP message is in described static mac address table, but user port number is not corresponding in the receiving port number of non-DHCP message and the described static mac address list item.
4. as claim 1 or 2 or 3 described methods, it is characterized in that, during non-DHCP message that described switching equipment receives that Dynamic Host Configuration Protocol server or convergence switch send, whether the source MAC of judging described non-DHCP message is in the dynamic MAC address table that described switching equipment is safeguarded, if transmit described non-DHCP message; Otherwise, the source MAC of described non-DHCP message is learnt to receive on the port of this message, and transmits described non-DHCP message.
5. the method for claim 1 is characterized in that, described switching equipment carries out establishment, renewal or the deletion of DHCP user profile binding table based on the type of described DHCP message when receiving the DHCP message, and finishes described DHCP message forwarding.
6. method as claimed in claim 5 is characterized in that, the configuration mode of described static mac address table comprises:
When described switching equipment is the ACK message in the type that receives DHCP message and described DHCP message, the DHCP user profile binding table of having created based on described ACK information updating, and user's MAC address and user port number in the DHCP user profile binding table after will upgrading are configured in the described static mac address table.
7. method as claimed in claim 5, it is characterized in that, when described switching equipment is Release or Decline message in the type of the described DHCP message that receives, when perhaps a certain list item rental period expires in described DHCP user profile binding table, delete the mac address information of respective user in the described static mac address table.
8. a switching equipment is characterized in that, comprising:
The message receiver module is used for triggering non-DHCP message forwarding/filtering module when the non-DHCP message that receives that the user side oral-lateral sends;
Non-DHCP message forwarding/filtering module is used for detecting the legitimacy of described non-DHCP message based on pre-configured static mac address table, when described non-DHCP message is illegal, abandons described non-DHCP message.
9. switching equipment as claimed in claim 8, it is characterized in that static mac address table comprises in the described non-DHCP message forwarding/filtering module: finish the pairing MAC Address of user of IP application IP addresses and the user port number of binding by DHCP with this MAC Address.
10. switching equipment as claimed in claim 9 is characterized in that, illegal being meant of non-DHCP message in the described non-DHCP message forwarding/filtering module:
The source MAC of described non-DHCP message is not in pre-configured static mac address table; Perhaps, the source MAC of described non-DHCP message is in described static mac address table, but user port number is not corresponding in the receiving port of non-DHCP message and the described static mac address list item.
11. switching equipment as claimed in claim 8 is characterized in that, also comprises: the DHCP message is intercepted module;
Described message receiver module also is used for when receiving the DHCP message, triggers described DHCP message and intercepts module
The DHCP message is intercepted module, is used for carrying out based on the type of described DHCP message establishment, renewal or the deletion of DHCP user profile binding table, and finishes described DHCP message forwarding.
12. switching equipment as claimed in claim 11 is characterized in that,
Described DHCP message is intercepted module when the type of described DHCP message is the ACK message, the DHCP user profile binding table of having created based on described ACK information updating, and user's MAC address and user port number in the DHCP user profile binding table after will upgrading are configured in the described static mac address table.
13. switching equipment as claimed in claim 11, it is characterized in that, described DHCP message is intercepted module when the type of the described DHCP message that receives is Release or Decline message, when perhaps a certain list item rental period expires in described DHCP user profile binding table, delete the mac address information of respective user in the described static mac address table.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010171167A CN101834870A (en) | 2010-05-13 | 2010-05-13 | Method and device for preventing deceptive attack of MAC (Medium Access Control) address |
| PCT/CN2010/078957 WO2011140795A1 (en) | 2010-05-13 | 2010-11-22 | Method and switching device for preventing media access control address spoofing attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010171167A CN101834870A (en) | 2010-05-13 | 2010-05-13 | Method and device for preventing deceptive attack of MAC (Medium Access Control) address |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101834870A true CN101834870A (en) | 2010-09-15 |
Family
ID=42718799
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010171167A Pending CN101834870A (en) | 2010-05-13 | 2010-05-13 | Method and device for preventing deceptive attack of MAC (Medium Access Control) address |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101834870A (en) |
| WO (1) | WO2011140795A1 (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101984693A (en) * | 2010-11-16 | 2011-03-09 | 中兴通讯股份有限公司 | Monitoring method and monitoring device for access of terminal to local area network (LAN) |
| CN102137109A (en) * | 2011-03-18 | 2011-07-27 | 华为技术有限公司 | Access control method, access equipment and system |
| WO2011140795A1 (en) * | 2010-05-13 | 2011-11-17 | 中兴通讯股份有限公司 | Method and switching device for preventing media access control address spoofing attack |
| CN102710811A (en) * | 2012-06-14 | 2012-10-03 | 杭州华三通信技术有限公司 | Method for realizing security assignment of DHCP (Dynamic Host Configuration Protocol) address and switch board |
| CN103491081A (en) * | 2013-09-16 | 2014-01-01 | 北京星网锐捷网络技术有限公司 | Method and device for detecting DHCP attack source |
| CN103685257A (en) * | 2013-12-06 | 2014-03-26 | 上海斐讯数据通信技术有限公司 | DHCP network protection system and method |
| CN104009967A (en) * | 2013-02-27 | 2014-08-27 | 上海斐讯数据通信技术有限公司 | Method for preventing attack of untrusted servers |
| CN104837138A (en) * | 2015-03-27 | 2015-08-12 | 广东欧珀移动通信有限公司 | Detection method of terminal hardware identifier, and detection device of terminal hardware identifier |
| WO2017219777A1 (en) * | 2016-06-24 | 2017-12-28 | 中兴通讯股份有限公司 | Packet processing method and device |
| CN107786679A (en) * | 2016-08-25 | 2018-03-09 | 大连楼兰科技股份有限公司 | Ensure the method and device of ARP message safeties |
| CN108429823A (en) * | 2018-02-28 | 2018-08-21 | 迈普通信技术股份有限公司 | The method and switching equipment that MAC Address drifts about are prevented in DHCP networks |
| CN112688940A (en) * | 2020-12-23 | 2021-04-20 | 新华三技术有限公司 | Message processing method and device |
| CN114520800A (en) * | 2022-01-07 | 2022-05-20 | 锐捷网络股份有限公司 | MAC address table updating method and device |
| CN115766434A (en) * | 2021-09-03 | 2023-03-07 | 中国移动通信集团山东有限公司 | VXLAN configuration method and equipment |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103171277B (en) * | 2011-12-21 | 2016-06-01 | 北大方正集团有限公司 | The authorization method of printing equipment and device |
| CN105471615A (en) * | 2014-09-12 | 2016-04-06 | 中兴通讯股份有限公司 | Processing method and device of dynamic host configuration protocol (DHCP) information abnormality |
| CN110557397A (en) * | 2019-09-12 | 2019-12-10 | 贵州电网有限责任公司 | DDoS attack detection method based on chaos theory analysis |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1567839A (en) * | 2003-06-24 | 2005-01-19 | 华为技术有限公司 | Port based network access control method |
| US20060114863A1 (en) * | 2004-12-01 | 2006-06-01 | Cisco Technology, Inc. | Method to secure 802.11 traffic against MAC address spoofing |
| CN101060495A (en) * | 2007-05-22 | 2007-10-24 | 华为技术有限公司 | Message processing method, system and equipment |
| CN101115063A (en) * | 2007-08-30 | 2008-01-30 | 中兴通讯股份有限公司 | Method for prevent MAC address/IP address spuriousness of broadband access equipment |
| CN101179583A (en) * | 2007-12-17 | 2008-05-14 | 杭州华三通信技术有限公司 | Method and equipment preventing user counterfeit internet |
| CN101415012A (en) * | 2008-11-06 | 2009-04-22 | 杭州华三通信技术有限公司 | Method and system for defending address analysis protocol message aggression |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1233135C (en) * | 2002-06-22 | 2005-12-21 | 华为技术有限公司 | Method for preventing IP address deceit in dynamic address distribution |
| KR100807933B1 (en) * | 2006-11-28 | 2008-03-03 | 엘지노텔 주식회사 | System and method for detecting arp spoofing and computer readable storage medium storing program for detecting arp spoofing |
| CN101635731B (en) * | 2009-08-31 | 2012-09-05 | 杭州华三通信技术有限公司 | Method and equipment for defending MAC address deception attack |
| CN101834870A (en) * | 2010-05-13 | 2010-09-15 | 中兴通讯股份有限公司 | Method and device for preventing deceptive attack of MAC (Medium Access Control) address |
-
2010
- 2010-05-13 CN CN201010171167A patent/CN101834870A/en active Pending
- 2010-11-22 WO PCT/CN2010/078957 patent/WO2011140795A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1567839A (en) * | 2003-06-24 | 2005-01-19 | 华为技术有限公司 | Port based network access control method |
| US20060114863A1 (en) * | 2004-12-01 | 2006-06-01 | Cisco Technology, Inc. | Method to secure 802.11 traffic against MAC address spoofing |
| CN101060495A (en) * | 2007-05-22 | 2007-10-24 | 华为技术有限公司 | Message processing method, system and equipment |
| CN101115063A (en) * | 2007-08-30 | 2008-01-30 | 中兴通讯股份有限公司 | Method for prevent MAC address/IP address spuriousness of broadband access equipment |
| CN101179583A (en) * | 2007-12-17 | 2008-05-14 | 杭州华三通信技术有限公司 | Method and equipment preventing user counterfeit internet |
| CN101415012A (en) * | 2008-11-06 | 2009-04-22 | 杭州华三通信技术有限公司 | Method and system for defending address analysis protocol message aggression |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2011140795A1 (en) * | 2010-05-13 | 2011-11-17 | 中兴通讯股份有限公司 | Method and switching device for preventing media access control address spoofing attack |
| CN101984693A (en) * | 2010-11-16 | 2011-03-09 | 中兴通讯股份有限公司 | Monitoring method and monitoring device for access of terminal to local area network (LAN) |
| CN102137109B (en) * | 2011-03-18 | 2013-08-28 | 华为技术有限公司 | Access control method, access equipment and system |
| CN102137109A (en) * | 2011-03-18 | 2011-07-27 | 华为技术有限公司 | Access control method, access equipment and system |
| WO2012126335A1 (en) * | 2011-03-18 | 2012-09-27 | 华为技术有限公司 | Access control method, access device and system |
| CN102710811B (en) * | 2012-06-14 | 2016-02-03 | 杭州华三通信技术有限公司 | Realize method and the switch of dhcp address safety distribution |
| CN102710811A (en) * | 2012-06-14 | 2012-10-03 | 杭州华三通信技术有限公司 | Method for realizing security assignment of DHCP (Dynamic Host Configuration Protocol) address and switch board |
| CN104009967A (en) * | 2013-02-27 | 2014-08-27 | 上海斐讯数据通信技术有限公司 | Method for preventing attack of untrusted servers |
| CN103491081B (en) * | 2013-09-16 | 2017-01-04 | 北京星网锐捷网络技术有限公司 | The method and apparatus of detection DHCP attack source |
| CN103491081A (en) * | 2013-09-16 | 2014-01-01 | 北京星网锐捷网络技术有限公司 | Method and device for detecting DHCP attack source |
| CN103685257B (en) * | 2013-12-06 | 2018-04-06 | 上海斐讯数据通信技术有限公司 | A kind of DHCP network protection system and method |
| CN103685257A (en) * | 2013-12-06 | 2014-03-26 | 上海斐讯数据通信技术有限公司 | DHCP network protection system and method |
| CN104837138A (en) * | 2015-03-27 | 2015-08-12 | 广东欧珀移动通信有限公司 | Detection method of terminal hardware identifier, and detection device of terminal hardware identifier |
| WO2017219777A1 (en) * | 2016-06-24 | 2017-12-28 | 中兴通讯股份有限公司 | Packet processing method and device |
| CN107547667A (en) * | 2016-06-24 | 2018-01-05 | 中兴通讯股份有限公司 | A kind of message processing method and device |
| CN107786679A (en) * | 2016-08-25 | 2018-03-09 | 大连楼兰科技股份有限公司 | Ensure the method and device of ARP message safeties |
| CN108429823A (en) * | 2018-02-28 | 2018-08-21 | 迈普通信技术股份有限公司 | The method and switching equipment that MAC Address drifts about are prevented in DHCP networks |
| CN108429823B (en) * | 2018-02-28 | 2021-06-29 | 迈普通信技术股份有限公司 | Method for preventing MAC address drift in DHCP network and switching equipment |
| CN112688940A (en) * | 2020-12-23 | 2021-04-20 | 新华三技术有限公司 | Message processing method and device |
| CN115766434A (en) * | 2021-09-03 | 2023-03-07 | 中国移动通信集团山东有限公司 | VXLAN configuration method and equipment |
| CN114520800A (en) * | 2022-01-07 | 2022-05-20 | 锐捷网络股份有限公司 | MAC address table updating method and device |
| CN114520800B (en) * | 2022-01-07 | 2024-04-16 | 锐捷网络股份有限公司 | Method and device for updating MAC address table |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2011140795A1 (en) | 2011-11-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101834870A (en) | Method and device for preventing deceptive attack of MAC (Medium Access Control) address | |
| EP3481029B1 (en) | Internet defense method and authentication server | |
| US8495738B2 (en) | Stealth network node | |
| US8180874B2 (en) | Facilitating defense against MAC table overflow attacks | |
| EP2615793A1 (en) | Methods and systems for protecting network devices from intrusion | |
| CN102438028B (en) | A kind of prevent Dynamic Host Configuration Protocol server from cheating method, Apparatus and system | |
| CN104853001B (en) | A kind of processing method and equipment of ARP message | |
| TWI506472B (en) | Network device and method for avoiding arp attacks | |
| CN101170515B (en) | A method, system and gateway device for processing packets | |
| CN108270722B (en) | Attack behavior detection method and device | |
| KR20080063209A (en) | Network security elements using endpoint resources | |
| CN105262738A (en) | Router and method for preventing ARP attacks thereof | |
| CN101459653B (en) | Method for preventing DHCP packet attack based on Snooping technique | |
| KR20130005973A (en) | A network security system and network security method | |
| CN114244801B (en) | ARP spoofing prevention method and system based on government enterprise gateway | |
| OConnor | Detecting and responding to data link layer attacks | |
| US9686311B2 (en) | Interdicting undesired service | |
| CN101945053B (en) | Method and device for transmitting message | |
| KR20180000100A (en) | Sdn-based network-attacks blocking system for micro server management system protection | |
| CN101494536B (en) | Method, apparatus and system for preventing ARP aggression | |
| CN102752266A (en) | Access control method and equipment thereof | |
| Kishimoto et al. | An adaptive honeypot system to capture ipv6 address scans | |
| KR101188308B1 (en) | Pseudo packet monitoring system for address resolution protocol spoofing monitoring of malicious code and pseudo packet monitoring method therefor | |
| TWI427995B (en) | Customer premises equipment and method for avoiding attacks thereof | |
| EP3200433A1 (en) | Ipv6 address management method, device and terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20100915 |