CN102546663A - Method and device for preventing duplication address detection attack - Google Patents
Method and device for preventing duplication address detection attack Download PDFInfo
- Publication number
- CN102546663A CN102546663A CN2012100447800A CN201210044780A CN102546663A CN 102546663 A CN102546663 A CN 102546663A CN 2012100447800 A CN2012100447800 A CN 2012100447800A CN 201210044780 A CN201210044780 A CN 201210044780A CN 102546663 A CN102546663 A CN 102546663A
- Authority
- CN
- China
- Prior art keywords
- dhcpv6
- message
- neighbours
- access switch
- advertisement message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Small-Scale Networks (AREA)
Abstract
The invention discloses a method for preventing duplication address detection attack. The method comprises the following steps of: A, accessing a switchboard to monitor a DHCPv6 (Dynamic Host Configuration Protocol for Internet Protocol Version 6) requesting process of a DHCPv6 host machine by a DHCPv6; establishing binding information and storing the binding information into a DHCPv6 binding table; B, accessing the switchboard to perform duplication address detection monitoring; analyzing a received neighbor announcement message and obtaining a target address, a source MAC (Media Access Control) address, a virtual local area network identification number and port information; and C, accessing the switchboard to detect whether the target address, the source MAC address, the virtual local area network identification number and the port information, which are analyzed out of the neighbor announcement message, are matched with the binding information of the DHCPv6 binding table; if so, forwarding the neighbor announcement message; and if not, discarding the neighbor announcement message. The method provided by the invention prevents the duplication address detection attack in an IPv6 (Internet Protocol Version 6) network.
Description
Technical field
The present invention relates to the Computer Data Communication field, relate in particular to a kind of method and apparatus that prevents repeated address detection attack.
Background technology
Version number is 6 Internet protocol (Internet Protocol Version 6; IPV6) used the duplicate address detection technology, duplicate address detection at first will be carried out in the IPv6 address of each interface at the beginning of generating, therefore can in this link, broadcast the neighbor request message; Destination address is exactly self the IPv6 address that will detect; If after repeating to send neighbor request message several times, do not receive relevant neighbours' advertisement message, show that then the IPv6 address can use; The state of this IPv6 address is become effective status from interim state, and this host node can use this IPv6 address to carry out network traffic as the source data packet address.But; All send neighbours' advertisement message if there is malicious node to be directed against each repeat to address (RA) request package of carrying out duplicate address detection in the network; Then send the node of neighbor request message and will think that newly-generated address is by other nodes uses; New address will temporarily be in interim state, and node can not use this address to initiate the IPv6 network traffic.
(Dynamic Host Configuration Protocol Version 6 DHCPv6) is the procotol of a local area network (LAN) to the IPv6 version of DHCP, uses User Datagram Protocol (User Datagram Protocol, UDP) work.DHCPv6 mainly contains two purposes: (1) gives the user for the automatic distributing IP v6 of internal network or Internet service provider address; (2) give the internal network keeper as the means of all computers being made central management.DHCPv6 all improves than using the stateless address method of salary distribution to have significantly on fail safe and manageability as a kind of address distribution that state is arranged, and in the network higher to security requirement, will be widely used.And owing to the IPv6 address of host node is distributed unitedly by the DHCPv6 server, so can not go out the situation that current address repeats, the address conflict problem of having avoided stateless address configuration and manual configuration node interface IPv6 address to bring.Therefore can use the correlation function of DHCPv6, prevent the repeated address detection attack of malicious node.
Summary of the invention
To above-mentioned technical problem, the object of the present invention is to provide a kind of method and apparatus that prevents repeated address detection attack, it has effectively solved the problem of the repeated address detection attack that exists in the IPv6 network.
For achieving the above object, the present invention realizes through following technical scheme:
A kind of method that prevents repeated address detection attack comprises the steps:
A, access switch are intercepted the DHCPv6 request process that (SNOOPING) monitors the DHCPv6 main frame through DHCPv6; Create binding information; And this binding information is saved in the DHCPv6 binding table; Wherein, the content of said binding information comprises: the IP address of DHCPv6 main frame, source medium access control (MAC) address, VLAN ID number (VLAN ID) and port information;
B, access switch enable duplicate address detection and monitor, and resolve neighbours' advertisement message of receiving, obtain destination address, source MAC, VLAN ID number and port information;
Whether the binding information that C, access switch detect in the destination address that from said neighbours' advertisement message, parses, source MAC, VLAN ID number and port information and the said DHCPv6 binding table matees; If coupling; Then transmit said neighbours' advertisement message; If do not match, then abandon said neighbours' advertisement message.
Special, access switch is intercepted the DHCPv6 request process of monitoring the DHCPv6 main frame through DHCPv6 and is comprised in the said steps A:
Access switch issues the rule of DHCPv6 message redirecting to this exchange processor to exchange chip; After exchange chip is received the DHCPv6 message; Do not carry out hardware and transmit behavior, but, carry out software by processor and resolve and transmit said message redirecting to access switch processor.
Special, access switch enables duplicate address detection and monitors and comprise among the said step B:
The rule downloading that access switch is redirected to the access switch processor with neighbor request message and neighbours' advertisement message is to exchanging chip; After exchange chip is received neighbor request message or neighbours' advertisement message; Do not carry out hardware and transmit behavior; But, carry out software by processor and resolve and transmit this message redirecting to access switch processor.
Special, neighbours' advertisement message that the access switch parsing is received among the said step B specifically comprises:
Access switch obtains source MAC from the Ethernet head of neighbours' advertisement message of receiving, from sixth version ICMP (ICMPv6) message, obtains destination address, and the VLAN ID of said neighbours' advertisement message number and port information.
The invention also discloses a kind of device that prevents repeated address detection attack, said device is an access switch, comprising:
Binding information is created the unit, is used for intercepting the DHCPv6 request process of monitoring the DHCPv6 main frame through DHCPv6, creates binding information, and this binding information is saved in the DHCPv6 binding table;
The packet parsing unit is used to enable duplicate address detection and monitors, and resolves neighbours' advertisement message of receiving, obtains destination address, source MAC, VLAN ID number and port information;
Processing unit; Creating the unit with packet parsing unit and binding information is connected; Whether the binding information that is used for said destination address that the detection messages resolution unit imports into, source MAC, VLAN ID number and port information and said DHCPv6 binding table matees, if coupling is then transmitted said neighbours' advertisement message; If do not match, then abandon said neighbours' advertisement message.
Special, said binding information establishment unit is intercepted the DHCPv6 request process of monitoring the DHCPv6 main frame through DHCPv6 and is comprised:
Binding information is created the unit issues rule from DHCPv6 message redirecting to access switch processor to exchange chip; After exchange chip is received the DHCPv6 message; Do not carry out hardware and transmit behavior; But with said DHCPv6 message redirecting to the access switch processor, undertaken that software is resolved and transmit by processor.
Special, said packet parsing cell enable duplicate address detection is monitored and is comprised:
The rule downloading that the packet parsing unit is redirected to the access switch processor with neighbor request message and neighbours' advertisement message is to exchanging chip; After exchange chip is received neighbor request message or neighbours' advertisement message; Do not carry out hardware and transmit behavior; But, carry out software by processor and resolve and transmit this message redirecting to access switch processor.
Special, neighbours' advertisement message that said packet parsing unit resolves is received comprises:
The packet parsing unit obtains source MAC from the Ethernet head of neighbours' advertisement message of receiving, from ICMPv6 message, obtains destination address, and the VLAN ID of said neighbours' advertisement message number and port information.
The present invention intercepts the DHCPv6 request process of monitoring the DHCPv6 main frame through DHCPv6; Create binding information,, obtain destination address, source MAC, VLAN ID number and port information through neighbours' advertisement message that parsing is received; And detect said destination address, source MAC, VLAN ID number and port information and said binding information and whether mate; If coupling is then transmitted said neighbours' advertisement message, if do not match; Then abandon said neighbours' advertisement message, effectively prevented the repeated address detection attack that exists in the IPv6 network.
Description of drawings
The method flow diagram that prevents repeated address detection attack that Fig. 1 provides for the embodiment of the invention;
Fig. 2 connects sketch map for the network of the access switch that the embodiment of the invention provides;
The device block diagram that prevents repeated address detection attack that Fig. 3 provides for the embodiment of the invention.
Embodiment
For making the object of the invention, technical scheme and advantage clearer, the present invention is described further below in conjunction with accompanying drawing and embodiment.
Please with reference to shown in Figure 1, the method flow diagram that prevents repeated address detection attack that Fig. 1 provides for the embodiment of the invention.
The method that prevents repeated address detection attack in the present embodiment comprises the steps:
Step 101, access switch enable DHCPv6 and intercept; Issue the rule of DHCPv6 message redirecting to this exchange processor to exchange chip; After exchange chip is received the DHCPv6 message; Do not carry out hardware and transmit behavior, but, carry out software by processor and resolve and transmit said message redirecting to access switch processor.
Step 102, access switch are intercepted the DHCPv6 request process that (SNOOPING) monitors the DHCPv6 main frame through DHCPv6, create binding information, and this binding information is saved in the DHCPv6 binding table.
The detailed process of creating binding information is following:
(1) after access switch is intercepted the DHCPv6 request message of intercepting and capturing the DHCPv6 main frame through DHCPv6; DHCPv6 binding table according to source MAC inquiry access switch; If this MAC Address is in said DHCPv6 binding table; Then said DHCPv6 request message is forwarded from trusted port, otherwise access switch can be created an interim request (REQUEST) binding table earlier; Be used to write down Media Access Control address, the Transaction Identifier number (Transaction-ID) of DHCPv6 request message, VLAN ID number (VLAN ID) and the port information of DHCPv6 main frame, and then the DHCPv6 request message is forwarded from trusted port.
(2) after access switch is intercepted the DHCPv6 response message of intercepting and capturing client through DHCPv6; Resolve Transaction Identifier number, the Internet digital distribution mechanism (Internet Assigned Numbers Authority, the IPv6 address of IANA) distributing and effective life cycle of DHCPv6 response message.Number search inquiry REQUEST binding table according to Transaction Identifier,, then create a binding information, be used to write down MAC Address, IPv6 address, VLAN ID and the port information of DHCPv6 main frame if there is the correspondent transaction identification number.
Step 103, access switch enable duplicate address detection and monitor, and resolve neighbours' advertisement message of receiving, obtain destination address, source MAC, VLAN ID and port information.
Access switch enables duplicate address detection and monitors; The rule downloading that neighbor request message and neighbours' advertisement message are redirected to the access switch processor is to exchanging chip; After exchange chip is received neighbor request message or neighbours' advertisement message; Do not carry out hardware and transmit behavior, but, carry out software by processor and resolve and transmit this message redirecting to access switch processor.
Access switch is after receiving neighbours' advertisement message; To resolve said neighbours' advertisement message; Parse source MAC from the Ethernet head of neighbours' advertisement message; (Internet Control Message Protocol Version 6 ICMPv6) parses destination address (Target Address) in the message, and the VLAN ID and the port information of this neighbours' advertisement message from the sixth version ICMP.
Wherein, the source IP address of said neighbours' advertisement message is for sending an address of the interface of announcing; For the destination address of neighbours' advertisement message then in the following several ways: (1) is if neighbours' advertisement message is replying as a neighbor request message; Then destination address is the source address of the neighbor request message that calls; But; If the source address of neighbor request message is assigned address not, then the destination address of neighbours' advertisement message is the multicast address of All hosts node.(2) if neighbours' advertisement message is not that the multicast address that then uses the All hosts node equally is as destination address as the replying of a neighbor request message.ICMP part for neighbours' advertisement message: type is 136, and code is 0.The destination address of ICMP part is in the following several ways: (1) for not being neighbours' advertisement message of replying the neighbor request message, destination address is exactly that IP address that changes link layer address.(2) for neighbours' advertisement message of replying the neighbor request message; Destination address is identical with the DAF destination address field in the corresponding neighbor request message; What fill is the address of sending the host node of neighbours' advertisement message; That is to say, in the present invention, the IPv6 address that the destination address that partly parses from ICMPv6 is just sent neighbours' advertisement message DHCPv6 main frame.
Whether destination address, source MAC, VLAN ID and port information that step 104, access switch detection parse from neighbours' advertisement message and the binding information in the said DHCPv6 binding table mate; If coupling; Then transmit said neighbours' advertisement message; If do not match, then abandon said neighbours' advertisement message.
Access switch matees destination address, source MAC, VLAN ID and the quaternary group information of port information composition and the binding information in the DHCPv6 binding table; If there is the binding information that matees with said quaternary group information at the DHCPv6 binding table; Show that then said neighbours' advertisement message is legal back message using; Access switch is transmitted this neighbours' advertisement message and is given the DHCPv6 main frame, if do not have the binding information that matees with said quaternary group information at the DHCPv6 binding table, shows that then said neighbours' advertisement message is illegal back message using; Access switch will abandon this neighbours' advertisement message, prevent repeated address detection attack.
Please with reference to Fig. 2 and shown in Figure 3, Fig. 2 connects sketch map, the device block diagram that prevents repeated address detection attack that Fig. 3 provides for the embodiment of the invention for the network of the access switch that the embodiment of the invention provides.
The device that prevents repeated address detection attack in the present embodiment is an access switch 202, comprising: binding information is created unit 2021, packet parsing unit 2022 and processing unit 2023.Wherein, DHCPv6 main frame 201 is connected with access switch 202, compiles switch 203 and is connected with several access switch 202, and DHCPv6 server 204 is connected with convergence switch 203; Said convergence switch 203 is a three-layer switching equipment, connects a plurality of IPv6 network segments.
Said binding information is created unit 2021, is used for intercepting the DHCPv6 request process of monitoring DHCPv6 main frame 201 through DHCPv6, creates binding information, and this binding information is saved in the DHCPv6 binding table.
Binding information establishment unit 2021 enables DHCPv6 and intercepts; Issue the rule of DHCPv6 message redirecting to this exchange processor to exchange chip; After exchange chip is received the DHCPv6 message; Do not carry out hardware and transmit behavior, but, carry out software by processor and resolve and transmit said message redirecting to access switch 202 processors.
The detailed process of creating binding information is following:
(1) after the DHCPv6 request message of intercepting and capturing DHCPv6 main frame 201 is intercepted through DHCPv6 in binding information establishment unit 2021; DHCPv6 binding table according to source MAC inquiry access switch 202; If this MAC Address is in said DHCPv6 binding table; Then said DHCPv6 request message is forwarded from trusted port, otherwise access switch 202 can be created an interim request (REQUEST) binding table earlier; Be used to write down the Media Access Control address of DHCPv6 main frame 201, Transaction Identifier number (Transaction-ID), VLAN ID and the port information of DHCPv6 request message, and then the DHCPv6 request message is forwarded from trusted port.
(2) after the DHCPv6 response message of intercepting and capturing client is intercepted through DHCPv6 in binding information establishment unit 2021; Resolve Transaction Identifier number, the Internet digital distribution mechanism (Internet Assigned Numbers Authority, the IPv6 address of IANA) distributing and effective life cycle of DHCPv6 response message.Number search inquiry REQUEST binding table according to Transaction Identifier,, then create a binding information, be used to write down MAC Address, IPv6 address, VLAN ID and the port information of DHCPv6 main frame 201 if there is the correspondent transaction identification number.
Said packet parsing unit 2022 is used to enable duplicate address detection and monitors, and resolves neighbours' advertisement message of receiving, obtains destination address, source MAC, VLAN ID and port information.
Said processing unit 2023; Creating unit 2021 with packet parsing unit 2022 and binding information is connected; Whether the binding information that is used for detecting said destination address, source MAC, VLAN ID and port information and said DHCPv6 binding table matees, if coupling is then transmitted said neighbours' advertisement message; If do not match, then abandon said neighbours' advertisement message.
Technical scheme of the present invention is intercepted the DHCPv6 request process of monitoring DHCPv6 main frame 201 through DHCPv6; Create binding information,, obtain destination address, source MAC, VLAN ID and port information through neighbours' advertisement message that parsing is received; And detect said destination address, source MAC, VLAN ID and port information and whether said binding information matees; If coupling is then transmitted said neighbours' advertisement message, if do not match; Then abandon said neighbours' advertisement message, solved the problem of the repeated address detection attack that exists in the IPv6 network.
Above-mentioned preferred embodiment of the present invention and the institute's application technology principle of being merely, any technical staff who is familiar with the present technique field is in the technical scope that the present invention discloses, and the variation that can expect easily or replacement all should be encompassed in protection scope of the present invention.
Claims (8)
1. a method that prevents repeated address detection attack is characterized in that, comprises the steps:
A, access switch are intercepted the DHCPv6 request process that (SNOOPING) monitors the DHCPv6 main frame through DHCPv6; Create binding information; And this binding information is saved in the DHCPv6 binding table; Wherein, the content of said binding information comprises: the IP address of DHCPv6 main frame, source medium access control (MAC) address, VLAN ID number (VLAN ID) and port information;
B, access switch enable duplicate address detection and monitor, and resolve neighbours' advertisement message of receiving, obtain destination address, source MAC, VLAN ID number and port information;
Whether the binding information that C, access switch detect in the destination address that from said neighbours' advertisement message, parses, source MAC, VLAN ID number and port information and the said DHCPv6 binding table matees; If coupling; Then transmit said neighbours' advertisement message; If do not match, then abandon said neighbours' advertisement message.
2. the method that prevents repeated address detection attack according to claim 1 is characterized in that, access switch is intercepted the DHCPv6 request process of monitoring the DHCPv6 main frame through DHCPv6 and comprised in the said steps A:
Access switch issues the rule of DHCPv6 message redirecting to this exchange processor to exchange chip; After exchange chip is received the DHCPv6 message; Do not carry out hardware and transmit behavior, but, carry out software by processor and resolve and transmit said message redirecting to access switch processor.
3. the method that prevents repeated address detection attack according to claim 2 is characterized in that, access switch enables duplicate address detection and monitors and to comprise among the said step B:
The rule downloading that access switch is redirected to the access switch processor with neighbor request message and neighbours' advertisement message is to exchanging chip; After exchange chip is received neighbor request message or neighbours' advertisement message; Do not carry out hardware and transmit behavior; But, carry out software by processor and resolve and transmit this message redirecting to access switch processor.
4. the method that prevents repeated address detection attack according to claim 3 is characterized in that, neighbours' advertisement message that the access switch parsing is received among the said step B specifically comprises:
Access switch obtains source MAC from the Ethernet head of neighbours' advertisement message of receiving, from sixth version ICMP (ICMPv6) message, obtains destination address, and the VLAN ID of said neighbours' advertisement message number and port information.
5. a device that prevents repeated address detection attack is characterized in that, said device is an access switch, comprising:
Binding information is created the unit, is used for intercepting the DHCPv6 request process of monitoring the DHCPv6 main frame through DHCPv6, creates binding information, and this binding information is saved in the DHCPv6 binding table;
The packet parsing unit is used to enable duplicate address detection and monitors, and resolves neighbours' advertisement message of receiving, obtains destination address, source MAC, VLAN ID number and port information;
Processing unit; Creating the unit with packet parsing unit and binding information is connected; Whether the binding information that is used for said destination address that the detection messages resolution unit imports into, source MAC, VLAN ID number and port information and said DHCPv6 binding table matees, if coupling is then transmitted said neighbours' advertisement message; If do not match, then abandon said neighbours' advertisement message.
6. the device that prevents repeated address detection attack according to claim 5 is characterized in that, said binding information establishment unit is intercepted the DHCPv6 request process of monitoring the DHCPv6 main frame through DHCPv6 and comprised:
Binding information is created the unit issues rule from DHCPv6 message redirecting to access switch processor to exchange chip; After exchange chip is received the DHCPv6 message; Do not carry out hardware and transmit behavior; But with said DHCPv6 message redirecting to the access switch processor, undertaken that software is resolved and transmit by processor.
7. the device that prevents repeated address detection attack according to claim 6 is characterized in that, said packet parsing cell enable duplicate address detection is monitored and comprised:
The rule downloading that the packet parsing unit is redirected to the access switch processor with neighbor request message and neighbours' advertisement message is to exchanging chip; After exchange chip is received neighbor request message or neighbours' advertisement message; Do not carry out hardware and transmit behavior; But, carry out software by processor and resolve and transmit this message redirecting to access switch processor.
8. the device that prevents repeated address detection attack according to claim 7 is characterized in that, neighbours' advertisement message that said packet parsing unit resolves is received comprises:
The packet parsing unit obtains source MAC from the Ethernet head of neighbours' advertisement message of receiving, from ICMPv6 message, obtains destination address, and the VLAN ID of said neighbours' advertisement message number and port information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012100447800A CN102546663A (en) | 2012-02-23 | 2012-02-23 | Method and device for preventing duplication address detection attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012100447800A CN102546663A (en) | 2012-02-23 | 2012-02-23 | Method and device for preventing duplication address detection attack |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102546663A true CN102546663A (en) | 2012-07-04 |
Family
ID=46352621
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012100447800A Pending CN102546663A (en) | 2012-02-23 | 2012-02-23 | Method and device for preventing duplication address detection attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102546663A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103036895A (en) * | 2012-12-20 | 2013-04-10 | 北京奇虎科技有限公司 | Method and system for state tracking |
| CN103560960A (en) * | 2013-11-04 | 2014-02-05 | 神州数码网络(北京)有限公司 | Access control list dynamic updating method and Ethernet switch |
| CN104394241A (en) * | 2014-11-14 | 2015-03-04 | 华为技术有限公司 | Message sending method and device |
| WO2015120752A1 (en) * | 2014-02-17 | 2015-08-20 | 北京奇虎科技有限公司 | Method and device for handling network threats |
| CN111416887A (en) * | 2020-03-31 | 2020-07-14 | 清华大学 | Address detection method, device, switch and storage medium |
| CN114697136A (en) * | 2022-05-07 | 2022-07-01 | 苏州雄立科技有限公司 | Network attack detection method and system based on switching network |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101572712A (en) * | 2009-06-09 | 2009-11-04 | 杭州华三通信技术有限公司 | Method for preventing attack of counterfeit message and repeater equipment thereof |
| CN102316101A (en) * | 2011-08-09 | 2012-01-11 | 神州数码网络(北京)有限公司 | Safe access method based on dynamic host configuration protocol (DHCP) SNOOPING |
-
2012
- 2012-02-23 CN CN2012100447800A patent/CN102546663A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101572712A (en) * | 2009-06-09 | 2009-11-04 | 杭州华三通信技术有限公司 | Method for preventing attack of counterfeit message and repeater equipment thereof |
| CN102316101A (en) * | 2011-08-09 | 2012-01-11 | 神州数码网络(北京)有限公司 | Safe access method based on dynamic host configuration protocol (DHCP) SNOOPING |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103036895A (en) * | 2012-12-20 | 2013-04-10 | 北京奇虎科技有限公司 | Method and system for state tracking |
| CN103036895B (en) * | 2012-12-20 | 2015-11-11 | 北京奇虎科技有限公司 | A kind of status tracking method and system |
| CN103560960A (en) * | 2013-11-04 | 2014-02-05 | 神州数码网络(北京)有限公司 | Access control list dynamic updating method and Ethernet switch |
| WO2015120752A1 (en) * | 2014-02-17 | 2015-08-20 | 北京奇虎科技有限公司 | Method and device for handling network threats |
| CN104394241A (en) * | 2014-11-14 | 2015-03-04 | 华为技术有限公司 | Message sending method and device |
| CN104394241B (en) * | 2014-11-14 | 2018-07-03 | 华为技术有限公司 | A kind of file transmitting method and device |
| CN111416887A (en) * | 2020-03-31 | 2020-07-14 | 清华大学 | Address detection method, device, switch and storage medium |
| CN114697136A (en) * | 2022-05-07 | 2022-07-01 | 苏州雄立科技有限公司 | Network attack detection method and system based on switching network |
| CN114697136B (en) * | 2022-05-07 | 2024-05-14 | 苏州雄立科技有限公司 | Network attack detection method and system based on switching network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8189580B2 (en) | Method for blocking host in IPv6 network | |
| CN101764734B (en) | Method for improving neighbor discovery safety in IPv6 (Internet Protocol Version 6) environment and broadband access equipment | |
| CN102546666B (en) | The method preventing IGMP from cheating and to attack and device | |
| CN100583904C (en) | Automatic configuration method for host address in IPV6 network | |
| CN102546663A (en) | Method and device for preventing duplication address detection attack | |
| US20200112544A1 (en) | Systems and methods for blocking spoofed traffic | |
| CN101459653B (en) | Method for preventing DHCP packet attack based on Snooping technique | |
| CN102546428A (en) | System and method for internet protocol version 6 (IPv6) message switching based on dynamic host configuration protocol for IPv6 (DHCPv6) interception | |
| US20200396160A1 (en) | Server-Based Local Address Assignment Protocol | |
| EP4013004A1 (en) | Data processing method and device | |
| CN102752266B (en) | Access control method and equipment thereof | |
| CN104506437B (en) | A kind of item establishing method and device | |
| CN102201963A (en) | Media access control-forced forwarding method and functional unit | |
| Li et al. | SDN-Ti: a general solution based on SDN to attacker traceback and identification in IPv6 networks | |
| CN104683500A (en) | Generation method and device for security entries | |
| Syed et al. | Analysis of Dynamic Host Control Protocol Implementation to Assess DoS Attacks | |
| CN102594808A (en) | System and method for preventing Dynamic Host Configuration Protocol for Internet Protocol Version 6 (DHCPv6) server spoofing | |
| CN105376346B (en) | A kind of method and system improving DHCP protocol safety | |
| Yan et al. | SAVI-based IPv6 source address validation implementation of the access network | |
| KR102092015B1 (en) | Method, apparatus and computer program for recognizing network equipment in a software defined network | |
| KR101188308B1 (en) | Pseudo packet monitoring system for address resolution protocol spoofing monitoring of malicious code and pseudo packet monitoring method therefor | |
| CN102571816B (en) | A kind of method and system preventing neighbor learning attack | |
| EP2362610B1 (en) | Method and system for assigning an IPv6 link-local address | |
| Zou et al. | Advanced routing worm and its security challenges | |
| Liang et al. | A SDN-Based Hierarchical Authentication Mechanism for IPv6 Address |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20120704 |