CN103152335A - Method and device for preventing ARP (address resolution protocol) deceit on network equipment - Google Patents
Method and device for preventing ARP (address resolution protocol) deceit on network equipment Download PDFInfo
- Publication number
- CN103152335A CN103152335A CN2013100548454A CN201310054845A CN103152335A CN 103152335 A CN103152335 A CN 103152335A CN 2013100548454 A CN2013100548454 A CN 2013100548454A CN 201310054845 A CN201310054845 A CN 201310054845A CN 103152335 A CN103152335 A CN 103152335A
- Authority
- CN
- China
- Prior art keywords
- arp
- address
- message
- transmitting terminal
- legal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and a device for preventing ARP (address resolution protocol) deceit on network equipment. The method comprises the following steps of: receiving a legal ARP message; extracting a sending end IP (internet protocol) address and a sending end MAC (media access control) address of the legal ARP message, and constructing and sending an ARP request message; judging whether an ARP response message corresponding to the ARP request message or an ARP response message larger than a corresponding ARP request message with a same source MAC address in each ARP response message is received or not in a set time threshold; if yes, the validation on credibility of the legal ARP message is passed; and the sending end IP address and the sending end MAC address of the legal ARP message which passes the validation on credibility are taken as an ARP clause to be added into an ARP list of network equipment. According to the technical scheme provided by the method and the device, a learned ARP clause can be enabled to be credible, and the problem of ARP deceits and attacks frequently received by gateway equipment is solved.
Description
Technical field
The present invention relates to the network security technology field, relate in particular to the method and the device that prevent the ARP deception on a kind of network equipment.
Background technology
Fig. 1 is the application scenarios figure that background technology of the present invention provides.Referring to Fig. 1, network operation service provider passes through the network equipment: broadband router and switch, realize Internet internet information sharing between each user.When switch is sent to each user with internet information, must be with each user's IP (Internet Protocol, network interconnection agreement) address transition becomes corresponding MAC(Media Access Control, medium access control) address (hardware address), just can realize with each user between communicate by letter, and MAC Address obtains by ARP (Address Resolution Protocol, address resolution protocol).
ARP is the basic network agreement of the data link layers such as Ethernet, be responsible for completing the conversion of IP address to MAC address, its groundwork process is: the main frame of transmitting terminal or network equipment A(be switch for example) when need resolving MAC Address corresponding to IP address, meeting broadcast transmission ARP request message, comprise for example a certain subscriber's main station of destination host or network equipment B(in the ARP request data frame) the IP address, the meaning is " if you are the owner of this IP address, please answer your MAC Address "; The main frame of destination end or network equipment B receive the ARP request, to identify this be main frame or network equipment A can reply behind inquiry its IP address, simultaneously according to the IP address of main frame or network equipment A and MAC Address as an arp entry, be added in the ARP list of main frame or network equipment B; After main frame or network equipment A receive and reply, the IP address of main frame in response message or network equipment B and the mapping relations of MAC Address can be recorded equally, as an arp entry, be added in the ARP list of main frame or network equipment A.Arp entry in the ARP list is recording IP address, MAC Address and the corresponding relation between the two of each main frame of arriving of study or the network equipment.When realizing the communication of main frame or LA Management Room, for the arp entry of having learnt, can directly inquire about and obtain.
ARP deception is one of attack means of commonly using of hacker, it is by the continual IP address that contains forgery and the arp response bag of MAC Address of sending, make the arp entry in the ARP list on other destination hosts or the network equipment change, cause network to interrupt or man-in-the-middle attack.In open network environment (for example Internet bar), ARP deception causes one of major reason of large tracts of land suspension often, and gently network is slack-off to be subject to the ARP deception, and time connects when disconnected, heavy cause the large tracts of land suspension, the important informations such as game, Bank Account Number password are stolen.How can make the network equipment possess the function of anti-ARP deception, be an important demand.
Summary of the invention
The object of the invention is to propose to prevent on a kind of network equipment method and the device of ARP deception, can guarantee that the arp entry of learning is all static, believable, overcome the drawback that ARP dynamic learning on traditional network equipment easily is subject to the ARP deception, guaranteed the stable operation of network.
For reaching this purpose, the present invention by the following technical solutions:
Prevent the method for ARP deception on a kind of network equipment, described method comprises:
S1, the legal ARP message of reception; Wherein, described ARP message content comprises target MAC (Media Access Control) address, source MAC, transmitting terminal MAC Address, transmitting terminal IP address, destination end MAC Address, destination end IP address;
S2, described legal ARP message is carried out credible checking:
Extract transmitting terminal IP address and the transmitting terminal MAC Address of described legal ARP message, construct and send the ARP request message; Wherein, the source MAC of described ARP request message and transmitting terminal MAC Address are the MAC Address that receives legal ARP message interface, target MAC (Media Access Control) address is full F, the destination end MAC Address is full 0, transmitting terminal IP address is for receiving the IP address of legal ARP message interface, and destination end IP address is the transmitting terminal IP address of described legal ARP message;
Whether judgement receives an arp response message corresponding with described ARP request message in the time threshold of setting, or
Greater than an arp response message corresponding with described ARP request message, but the source MAC in described each arp response message is identical;
If so, the credible of described legal ARP message is verified;
S3, when credible being verified of described legal ARP message, the transmitting terminal IP address of the described legal ARP message of described extraction and transmitting terminal MAC Address as an arp entry, are added in the ARP list of the network equipment.
Further, described legal ARP message should satisfy:
Described ARP message meets the ARP message format;
The source MAC of described ARP message is consistent with the transmitting terminal MAC Address;
The transmitting terminal IP address of described ARP message is not in the ARP of described network equipment list;
When described ARP message was gratuitous ARP packet, transmitting terminal IP address was consistent with destination end IP address;
When described ARP message was non-gratuitous ARP packet, the IP address of destination end IP address and described network device interface was in the same network segment;
When described ARP message was the arp response message, the MAC Address of target MAC (Media Access Control) address, destination end MAC Address, described network device interface was consistent.
Further, the time threshold of described setting is preferably 1 second.
Further, described step S3 also comprises: the arp entry in the described ARP list that is added into the described network equipment is arranged the Flag flag bit, and described Flag value is 1.
Further, described method also comprises each arp entry is carried out burin-in process:
When timer triggers, travel through each arp entry in described ARP list;
Be that the Flag value of 1 arp entry refreshes with the Flag value be 0;
Be that 0 arp entry re-starts credible checking with the Flag value, it is 1 that the Flag value of the arp entry by described credible checking is refreshed, and deletion simultaneously is the arp entry by described credible checking not;
After traversal is completed, the replacement timer.
Accordingly, the present invention also provides the device that prevents the ARP deception on a kind of network equipment, and described device comprises:
The message receiver module is used for receiving legal ARP message; Wherein, described ARP message content comprises target MAC (Media Access Control) address, source MAC, transmitting terminal MAC Address, transmitting terminal IP address, destination end MAC Address, destination end IP address;
Credible authentication module is used for described legal ARP message is carried out credible checking:
Extract transmitting terminal IP address and the transmitting terminal MAC Address of described legal ARP message, construct and send the ARP request message; Wherein, the source MAC of described ARP request message and transmitting terminal MAC Address are the MAC Address that receives legal ARP message interface, target MAC (Media Access Control) address is full F, the destination end MAC Address is full 0, transmitting terminal IP address is for receiving the IP address of legal ARP message interface, and destination end IP address is the transmitting terminal IP address of described legal ARP message;
Whether judgement receives an arp response message corresponding with described ARP request message in the time threshold of setting, or
Greater than an arp response message corresponding with described ARP request message, but the source MAC in described each arp response message is identical;
If so, the credible of described legal ARP message is verified;
The list management module when being used for credible being verified when described legal ARP message, as an arp entry, is added into the transmitting terminal IP address of the described legal ARP message of described extraction and transmitting terminal MAC Address in the ARP list of the network equipment.
Further, described legal ARP message should satisfy:
Described ARP message meets the ARP message format;
The source MAC of described ARP message is consistent with the transmitting terminal MAC Address;
The transmitting terminal IP address of described ARP message is not in the ARP of described network equipment list;
When described ARP message was gratuitous ARP packet, transmitting terminal IP address was consistent with destination end IP address;
When described ARP message was non-gratuitous ARP packet, the IP address of destination end IP address and described network device interface was in the same network segment;
When described ARP message was the arp response message, the MAC Address of target MAC (Media Access Control) address, destination end MAC Address, described network device interface was consistent.
Further, the time threshold of described setting is preferably 1 second.
Further, described list management module also is used for: the described arp entry that is added into the ARP list of the described network equipment is arranged the Flag flag bit, and described Flag value is 1.
Further, described list management module also is used for each arp entry is carried out burin-in process:
When timer triggers, travel through each arp entry in described ARP list;
Be that the Flag value of 1 arp entry refreshes with the Flag value be 0;
Be that 0 arp entry re-starts credible checking with the Flag value, it is 1 that the Flag value of the arp entry by described credible checking is refreshed, and deletion simultaneously is the arp entry by described credible checking not;
After traversal is completed, the replacement timer.
Useful technique effect of the present invention is:
Enabling credible proof procedure by the legal ARP message that the network equipment is received verifies, guarantee that the arp entry of learning is all static, believable, overcome the drawback that ARP dynamic learning on the legacy network devices easily is subject to the ARP deception, guaranteed the believable stable operation that guarantees network of stable operation of network.
Description of drawings
Fig. 1 is the application scenarios figure that background technology of the present invention provides;
The method flow schematic diagram of ARP deception is provided on a kind of network equipment of providing of the embodiment of the present invention one Fig. 2;
Fig. 3 is the legal checking schematic flow sheet of the ARP message that provides of the embodiment of the present invention one;
Fig. 4 is the credible checking schematic flow sheet of the legal ARP message that provides of the embodiment of the present invention one;
Fig. 5 is the arp entry burin-in process schematic flow sheet that the embodiment of the present invention two provides;
The device schematic diagram of ARP deception is provided on a kind of network equipment of providing of the embodiment of the present invention three Fig. 6.
Embodiment
The present invention is described in further detail below in conjunction with drawings and Examples.Be understandable that, specific embodiment described herein only is used for explaining the present invention, but not limitation of the invention.Also need to prove in addition, for convenience of description, only show part related to the present invention in accompanying drawing but not full content.
Embodiment one
The method flow schematic diagram of ARP deception is provided on a kind of network equipment of providing of the embodiment of the present invention one Fig. 2, and referring to Fig. 2, the method comprises:
S201: receive legal ARP message.Wherein, the ARP message content comprises target MAC (Media Access Control) address, source MAC, transmitting terminal MAC Address, transmitting terminal IP address, destination end MAC Address, destination end IP address.Each address for the ARP message content is well-known to those skilled in the art, repeats no more here.
For guaranteeing the confidence level of ARP message, need carry out legal checking, verify that legal ARP message is just received, otherwise abandon this ARP message.Fig. 3 is the legal checking schematic flow sheet of the ARP message that provides of the embodiment of the present invention one, and referring to Fig. 3, this proof procedure comprises:
S2010: judge whether the ARP message meets the ARP message format, if so, execution in step S2011, otherwise, jump to step S2019; Wherein, the ARP message format is: target MAC (Media Access Control) address, source MAC, frame type, type of hardware, protocol type, MAC Address length, IP address size, transmitting terminal MAC Address, transmitting terminal IP address, destination end MAC Address, destination end IP address;
S2011: judge whether the source MAC of ARP message is consistent with the transmitting terminal MAC Address, if so, execution in step S2012, otherwise jump to step S2019;
S2012: judge that the transmitting terminal IP address of ARP message is whether in the ARP of network equipment list, in case the more ARP list of new network device of dynamic.If not, execution in step S2013, otherwise, jump to step S2019;
S2013: judge whether the ARP message is gratuitous ARP packet, if so, execution in step S2014, otherwise, execution in step S2015;
S2014: judge whether transmitting terminal IP address is consistent with destination end IP address, if so, jumps to step S2018, otherwise, jump to step S2019;
S2015: whether the IP address that judges destination end IP address and network device interface is in the same network segment, if so, and execution in step S2016, otherwise, jump to step S2019;
S2016: judge whether the ARP message is the arp response message, if so, execution in step S2017, otherwise, jump to step S2018;
S2017: whether the MAC Address that judges target MAC (Media Access Control) address, destination end MAC Address, network device interface is consistent, if so, and execution in step S2018, otherwise, jump to step S2019.
S2018: this ARP message is legal ARP message, and checking finishes.
S2019: abandon this ARP message, checking finishes.
Receiving the ARP message, and verify legal after, execution in step S202.
S202: legal ARP message is carried out credible checking.
Fig. 4 is the credible checking schematic flow sheet of the legal ARP message that provides of the embodiment of the present invention one.Referring to Fig. 4, described credible proof procedure is:
S2020: extract transmitting terminal IP address and the transmitting terminal MAC Address of legal ARP message, structure ARP request message; Wherein, the source MAC of ARP request message and transmitting terminal MAC Address are the MAC Address that receives legal ARP message interface, target MAC (Media Access Control) address is full F, the destination end MAC Address is full 0, transmitting terminal IP address is for receiving the IP address of legal ARP message interface, and destination end IP address is the transmitting terminal IP address of described legal ARP message.
S2021: the ARP request message of structure is sent in the mode of broadcasting from the interface that receives described legal ARP message.
S2022: whether judgement receives correct arp response message in the time threshold of setting, if so, and execution in step S2023, otherwise, execution in step S2024; Wherein, correct arp response message should be a unique arp response message corresponding with the ARP request message, or greater than an arp response message corresponding with the ARP request message, but the source MAC in each arp response message is identical; Preferably, can come computing time by enabling timer, time threshold is 1 second.
S2023: credible being verified of described legal ARP message.
S2024: the credible authentication failed of described legal ARP message, do not do subsequent treatment.
In step S202, when to credible being verified of legal ARP message, execution in step S203.
S203: to the transmitting terminal IP address of the legal ARP message that extracts when carrying out above-mentioned steps S2020 and transmitting terminal MAC Address as an arp entry, be added in the ARP list of the network equipment, simultaneously described arp entry is arranged the Flag flag bit, its Flag value is 1.
Prevent the method for ARP deception on the network equipment that the embodiment of the present invention one provides, enabling credible proof procedure by the legal ARP message that the network equipment is received verifies, guarantee that the arp entry of learning is all believable, and can not dynamically update arp entry, solve gateway device and frequently received the problem of ARP spoofing attack, guaranteed the stable operation of network.
Embodiment two
In order more effectively to prevent the ARP deception, the confidence level of the arp entry in maintaining network device A RP list is done to improve further to the embodiment of the present invention one.
A kind of method that prevents the ARP deception on network equipment is:
On the basis of embodiment one step S201-S203, also comprise and regular each arp entry is carried out burin-in process.Fig. 5 is the arp entry burin-in process schematic flow sheet that the embodiment of the present invention two provides, and referring to Fig. 5, described burin-in process process is:
S501: trigger the ARP ageing timer, start the arp entry burin-in process.
S502: each arp entry in traversal ARP list, refresh Flag value in each arp entry.Wherein, be 1 arp entry for the Flag value, it is 0 that its Flag value is refreshed; Be 0 arp entry for the Flag value, extract its corresponding transmitting terminal IP address and transmitting terminal MAC Address, structure ARP request message, re-start credible checking, if by credible checking, it is 1 that the Flag value of this arp entry is refreshed, if not by credible checking, delete this arp entry.
S503: each arp entry in traversal ARP list, refreshed in each arp entry after Flag value replacement timer, wait arp entry burin-in process next time.
Prevent the method for ARP deception on the network equipment that the embodiment of the present invention two provides, enabling credible proof procedure by the legal ARP message that the network equipment is received verifies, guarantee that the arp entry of learning is all believable, and regular carries out burin-in process to each arp entry, effectively safeguarded the confidence level of the arp entry in network equipment ARP list, and can not dynamically update arp entry, solve gateway device and frequently received the problem of ARP spoofing attack, guaranteed the stable operation of network.
Embodiment three
The device schematic diagram of ARP deception is provided on a kind of network equipment of providing of the embodiment of the present invention three Fig. 6.Referring to Fig. 6, this device comprises:
For guaranteeing the confidence level of ARP message, need carry out legal checking, verify that legal ARP message is just received, otherwise abandon this ARP message.Proof procedure to legal ARP message in the proof procedure of 601 pairs of legal ARP messages of message receiver module and embodiment one is identical, repeats no more here.
Extract transmitting terminal IP address and the transmitting terminal MAC Address of legal ARP message, structure ARP request message; Wherein, the source MAC of ARP request message and transmitting terminal MAC Address are the MAC Address that receives legal ARP message interface, target MAC (Media Access Control) address is full F, the destination end MAC Address is full 0, transmitting terminal IP address is for receiving the IP address of legal ARP message interface, and destination end IP address is the transmitting terminal IP address of described legal ARP message;
The ARP request message of structure is sent in the mode of broadcasting from the interface that receives described legal ARP message;
Whether judgement receives correct arp response message in the time threshold of setting, if so, and credible being verified of legal ARP message, otherwise, the credible authentication failed of legal ARP message; Wherein, correct arp response message should be a unique arp response message corresponding with the ARP request message, or greater than an arp response message corresponding with the ARP request message, but the source MAC in each arp response message is identical; Preferably, can come computing time by enabling timer, time threshold is 1 second.
Prevent the device of ARP deception on the network equipment that the embodiment of the present invention three provides, the legal ARP message that receives by 602 pairs of message receiver modules 601 of credible authentication module is enabled credible proof procedure and is verified, guarantee that the arp entry that list management module 603 is learnt is all believable, and can not dynamically update arp entry, solve gateway device and frequently received the problem of ARP spoofing attack, guaranteed the stable operation of network.
Embodiment four
In order more effectively to prevent the ARP deception, the confidence level of the arp entry in maintaining network device A RP list is improved further to embodiment of the present invention triple-cropping.
Prevent the device of ARP deception on a kind of network equipment, comprise message receiver module 601, credible authentication module 602, list management module 603 that embodiment three proposes.Wherein, each Model Implement function is except identical with embodiment three, and list management module 603 is also carried out burin-in process for regular to each arp entry:
Trigger the ARP ageing timer, start the arp entry burin-in process;
Each arp entry in traversal ARP list refreshes Flag value in each arp entry; Wherein, be 1 arp entry for the Flag value, it is 0 that its Flag value is refreshed; Be 0 arp entry for the Flag value, extract its corresponding transmitting terminal IP address and transmitting terminal MAC Address, structure ARP request message, re-start credible checking, if by credible checking, it is 1 that the Flag value of this arp entry is refreshed, if not by credible checking, delete this arp entry;
Each arp entry in traversal ARP list has refreshed in each arp entry after Flag value replacement timer, wait arp entry burin-in process next time.
prevent the device of ARP deception on the network equipment that the embodiment of the present invention four provides, the legal ARP message that receives by 602 pairs of message receiver modules 601 of credible authentication module is enabled credible proof procedure and is verified, guarantee that the arp entry that list management module 603 is learnt is all believable, and list management module 603 is also carried out burin-in process for regular to each arp entry, effectively safeguarded the confidence level of the arp entry in network equipment ARP list, and can not dynamically update arp entry, solve gateway device and frequently received the problem of ARP spoofing attack, guaranteed the stable operation of network.
All or part of content in the technical scheme that above embodiment provides can realize by software programming, and its software program is stored in the storage medium that can read, storage medium for example: the hard disk in computer, CD or floppy disk.
The above is only preferred embodiment of the present invention, and is in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of doing, is equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (10)
1. prevent the method that ARP cheats on a network equipment, it is characterized in that, described method comprises:
S1, the legal ARP message of reception; Wherein, described ARP message content comprises target MAC (Media Access Control) address, source MAC, transmitting terminal MAC Address, transmitting terminal IP address, destination end MAC Address, destination end IP address;
S2, described legal ARP message is carried out credible checking:
Extract transmitting terminal IP address and the transmitting terminal MAC Address of described legal ARP message, construct and send the ARP request message; Wherein, the source MAC of described ARP request message and transmitting terminal MAC Address are the MAC Address that receives legal ARP message interface, target MAC (Media Access Control) address is full F, the destination end MAC Address is full 0, transmitting terminal IP address is for receiving the IP address of legal ARP message interface, and destination end IP address is the transmitting terminal IP address of described legal ARP message;
Whether judgement receives an arp response message corresponding with described ARP request message in the time threshold of setting, or
Greater than an arp response message corresponding with described ARP request message, but the source MAC in described each arp response message is identical;
If so, the credible of described legal ARP message is verified;
S3, when credible being verified of described legal ARP message, the transmitting terminal IP address of the described legal ARP message of described extraction and transmitting terminal MAC Address as an arp entry, are added in the ARP list of the network equipment.
2. prevent the method for ARP deception on the network equipment according to claim 1, it is characterized in that, described legal ARP message should satisfy:
Described ARP message meets the ARP message format;
The source MAC of described ARP message is consistent with the transmitting terminal MAC Address;
The transmitting terminal IP address of described ARP message is not in the ARP of described network equipment list;
When described ARP message was gratuitous ARP packet, transmitting terminal IP address was consistent with destination end IP address;
When described ARP message was non-gratuitous ARP packet, the IP address of destination end IP address and described network device interface was in the same network segment;
When described ARP message was the arp response message, the MAC Address of target MAC (Media Access Control) address, destination end MAC Address, described network device interface was consistent.
3. prevent the method for ARP deception on the network equipment according to claim 1, it is characterized in that, the time threshold of described setting is preferably 1 second.
4. prevent the method for ARP deception on the network equipment according to claim 1, it is characterized in that, described step S3 also comprises: the arp entry in the described ARP list that is added into the described network equipment is arranged the Flag flag bit, and described Flag value is 1.
5. prevent the method for ARP deception on the network equipment according to claim 4, it is characterized in that, described method also comprises carries out burin-in process to each arp entry:
When timer triggers, travel through each arp entry in described ARP list;
Be that the Flag value of 1 arp entry refreshes with the Flag value be 0;
Be that 0 arp entry re-starts credible checking with the Flag value, it is 1 that the Flag value of the arp entry by described credible checking is refreshed, and deletion simultaneously is the arp entry by described credible checking not;
After traversal is completed, the replacement timer.
6. prevent the device that ARP cheats on a network equipment, it is characterized in that, described device comprises:
The message receiver module is used for receiving legal ARP message; Wherein, described ARP message content comprises target MAC (Media Access Control) address, source MAC, transmitting terminal MAC Address, transmitting terminal IP address, destination end MAC Address, destination end IP address;
Credible authentication module is used for described legal ARP message is carried out credible checking:
Extract transmitting terminal IP address and the transmitting terminal MAC Address of described legal ARP message, construct and send the ARP request message; Wherein, the source MAC of described ARP request message and transmitting terminal MAC Address are the MAC Address that receives legal ARP message interface, target MAC (Media Access Control) address is full F, the destination end MAC Address is full 0, transmitting terminal IP address is for receiving the IP address of legal ARP message interface, and destination end IP address is the transmitting terminal IP address of described legal ARP message;
Whether judgement receives an arp response message corresponding with described ARP request message in the time threshold of setting, or
Greater than an arp response message corresponding with described ARP request message, but the source MAC in described each arp response message is identical;
If so, the credible of described legal ARP message is verified;
The list management module when being used for credible being verified when described legal ARP message, as an arp entry, is added into the transmitting terminal IP address of the described legal ARP message of described extraction and transmitting terminal MAC Address in the ARP list of the network equipment.
7. prevent the device of ARP deception on the network equipment according to claim 6, it is characterized in that, described legal ARP message should satisfy:
Described ARP message meets the ARP message format;
The source MAC of described ARP message is consistent with the transmitting terminal MAC Address;
The transmitting terminal IP address of described ARP message is not in the ARP of described network equipment list;
When described ARP message was gratuitous ARP packet, transmitting terminal IP address was consistent with destination end IP address;
When described ARP message was non-gratuitous ARP packet, the IP address of destination end IP address and described network device interface was in the same network segment;
When described ARP message was the arp response message, the MAC Address of target MAC (Media Access Control) address, destination end MAC Address, described network device interface was consistent.
8. prevent the device of ARP deception on the network equipment according to claim 6, it is characterized in that, the time threshold of described setting is preferably 1 second.
9. prevent the device of ARP deception on the network equipment according to claim 6, it is characterized in that, described list management module also is used for: the described arp entry that is added into the ARP list of the described network equipment is arranged the Flag flag bit, and described Flag value is 1.
10. prevent the device of ARP deception on the network equipment according to claim 9, it is characterized in that, described list management module also is used for each arp entry is carried out burin-in process:
When timer triggers, travel through each arp entry in described ARP list;
Be that the Flag value of 1 arp entry refreshes with the Flag value be 0;
Be that 0 arp entry re-starts credible checking with the Flag value, it is 1 that the Flag value of the arp entry by described credible checking is refreshed, and deletion simultaneously is the arp entry by described credible checking not;
After traversal is completed, the replacement timer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013100548454A CN103152335A (en) | 2013-02-20 | 2013-02-20 | Method and device for preventing ARP (address resolution protocol) deceit on network equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013100548454A CN103152335A (en) | 2013-02-20 | 2013-02-20 | Method and device for preventing ARP (address resolution protocol) deceit on network equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103152335A true CN103152335A (en) | 2013-06-12 |
Family
ID=48550198
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013100548454A Pending CN103152335A (en) | 2013-02-20 | 2013-02-20 | Method and device for preventing ARP (address resolution protocol) deceit on network equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103152335A (en) |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103873478A (en) * | 2014-03-28 | 2014-06-18 | 上海斐讯数据通信技术有限公司 | Method for ensuring security of ARP message |
| CN104219339A (en) * | 2014-09-17 | 2014-12-17 | 北京金山安全软件有限公司 | Method and device for detecting address resolution protocol attack in local area network |
| CN104660563A (en) * | 2013-11-21 | 2015-05-27 | 中国移动通信集团公司 | Method, equipment and system for processing active detection response |
| CN104780139A (en) * | 2014-01-09 | 2015-07-15 | 北京东土科技股份有限公司 | Defense system based on MAC (Medium/Media Access Control) address attack and system |
| CN106453308A (en) * | 2016-10-10 | 2017-02-22 | 合肥红珊瑚软件服务有限公司 | Method for preventing ARP cheating |
| CN106878320A (en) * | 2017-03-09 | 2017-06-20 | 郑州云海信息技术有限公司 | A kind of method and apparatus for preventing IP address spoofing |
| CN108174385A (en) * | 2018-02-12 | 2018-06-15 | 海信集团有限公司 | The detection method and device of a kind of communication link |
| CN108574673A (en) * | 2017-03-10 | 2018-09-25 | 武汉安天信息技术有限责任公司 | ARP message aggression detection method and device applied to gateway |
| CN110704832A (en) * | 2019-09-27 | 2020-01-17 | 杭州顺网科技股份有限公司 | Judgment method for identifying uniqueness of entity account business place based on big data processing |
| CN111541721A (en) * | 2020-05-21 | 2020-08-14 | 四川英得赛克科技有限公司 | Attack monitoring method and system applied to industrial control environment |
| CN111597556A (en) * | 2020-05-21 | 2020-08-28 | 四川英得赛克科技有限公司 | ARP scanning detection method and system applied to industrial control environment |
| CN111835764A (en) * | 2020-07-13 | 2020-10-27 | 中国联合网络通信集团有限公司 | ARP anti-spoofing method, tunnel endpoint and electronic equipment |
| CN113014530A (en) * | 2019-12-19 | 2021-06-22 | 中国航发上海商用航空发动机制造有限责任公司 | ARP spoofing attack prevention method and system |
| CN113507476A (en) * | 2021-07-15 | 2021-10-15 | 北京融汇画方科技有限公司 | Method, system, device and storage medium for defending against ARP spoofing attack |
| US11277442B2 (en) * | 2019-04-05 | 2022-03-15 | Cisco Technology, Inc. | Verifying the trust-worthiness of ARP senders and receivers using attestation-based methods |
| CN114978942A (en) * | 2022-05-13 | 2022-08-30 | 深信服科技股份有限公司 | Router detection method and device, electronic equipment and storage medium |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1859377A (en) * | 2005-11-17 | 2006-11-08 | 华为技术有限公司 | Method for maintaining static route based on link layer protocol |
| CN101009689A (en) * | 2006-01-26 | 2007-08-01 | 西门子(中国)有限公司 | A method for preventing the address parsing cheating |
| CN101094235A (en) * | 2007-07-04 | 2007-12-26 | 中兴通讯股份有限公司 | Method for preventing attack of address resolution protocol |
| US7490351B1 (en) * | 2003-03-12 | 2009-02-10 | Occam Networks | Controlling ARP traffic to enhance network security and scalability in TCP/IP networks |
| CN101635733A (en) * | 2009-08-27 | 2010-01-27 | 厦门敏讯信息技术股份有限公司 | Arp virus detecting and positioning method and arp virus immunizing method |
| CN101771618A (en) * | 2010-03-11 | 2010-07-07 | 中兴通讯股份有限公司 | Host routing reachable method and system in access ring of packet transport network |
| CN102075591A (en) * | 2010-12-21 | 2011-05-25 | 华为技术有限公司 | Method, device and system for acquiring media access control address |
| CN102427460A (en) * | 2011-12-29 | 2012-04-25 | 深信服网络科技(深圳)有限公司 | Multistage detection and defense method to ARP spoof |
| CN102546849A (en) * | 2010-12-30 | 2012-07-04 | 华为技术有限公司 | Detection method for IP (Internet Protocol) address conflict and network equipment |
-
2013
- 2013-02-20 CN CN2013100548454A patent/CN103152335A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7490351B1 (en) * | 2003-03-12 | 2009-02-10 | Occam Networks | Controlling ARP traffic to enhance network security and scalability in TCP/IP networks |
| CN1859377A (en) * | 2005-11-17 | 2006-11-08 | 华为技术有限公司 | Method for maintaining static route based on link layer protocol |
| CN101009689A (en) * | 2006-01-26 | 2007-08-01 | 西门子(中国)有限公司 | A method for preventing the address parsing cheating |
| CN101094235A (en) * | 2007-07-04 | 2007-12-26 | 中兴通讯股份有限公司 | Method for preventing attack of address resolution protocol |
| CN101635733A (en) * | 2009-08-27 | 2010-01-27 | 厦门敏讯信息技术股份有限公司 | Arp virus detecting and positioning method and arp virus immunizing method |
| CN101771618A (en) * | 2010-03-11 | 2010-07-07 | 中兴通讯股份有限公司 | Host routing reachable method and system in access ring of packet transport network |
| CN102075591A (en) * | 2010-12-21 | 2011-05-25 | 华为技术有限公司 | Method, device and system for acquiring media access control address |
| CN102546849A (en) * | 2010-12-30 | 2012-07-04 | 华为技术有限公司 | Detection method for IP (Internet Protocol) address conflict and network equipment |
| CN102427460A (en) * | 2011-12-29 | 2012-04-25 | 深信服网络科技(深圳)有限公司 | Multistage detection and defense method to ARP spoof |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104660563A (en) * | 2013-11-21 | 2015-05-27 | 中国移动通信集团公司 | Method, equipment and system for processing active detection response |
| CN104660563B (en) * | 2013-11-21 | 2018-05-04 | 中国移动通信集团公司 | A kind of processing method, equipment and the system of active probe response |
| CN104780139A (en) * | 2014-01-09 | 2015-07-15 | 北京东土科技股份有限公司 | Defense system based on MAC (Medium/Media Access Control) address attack and system |
| CN104780139B (en) * | 2014-01-09 | 2018-02-13 | 北京东土科技股份有限公司 | A kind of defence method and system based on MAC Address attack |
| CN103873478A (en) * | 2014-03-28 | 2014-06-18 | 上海斐讯数据通信技术有限公司 | Method for ensuring security of ARP message |
| CN104219339A (en) * | 2014-09-17 | 2014-12-17 | 北京金山安全软件有限公司 | Method and device for detecting address resolution protocol attack in local area network |
| CN106453308A (en) * | 2016-10-10 | 2017-02-22 | 合肥红珊瑚软件服务有限公司 | Method for preventing ARP cheating |
| CN106878320A (en) * | 2017-03-09 | 2017-06-20 | 郑州云海信息技术有限公司 | A kind of method and apparatus for preventing IP address spoofing |
| CN108574673A (en) * | 2017-03-10 | 2018-09-25 | 武汉安天信息技术有限责任公司 | ARP message aggression detection method and device applied to gateway |
| CN108174385A (en) * | 2018-02-12 | 2018-06-15 | 海信集团有限公司 | The detection method and device of a kind of communication link |
| US11277442B2 (en) * | 2019-04-05 | 2022-03-15 | Cisco Technology, Inc. | Verifying the trust-worthiness of ARP senders and receivers using attestation-based methods |
| CN110704832A (en) * | 2019-09-27 | 2020-01-17 | 杭州顺网科技股份有限公司 | Judgment method for identifying uniqueness of entity account business place based on big data processing |
| CN110704832B (en) * | 2019-09-27 | 2022-03-01 | 杭州顺网科技股份有限公司 | Judgment method for identifying uniqueness of entity account business place based on big data processing |
| CN113014530A (en) * | 2019-12-19 | 2021-06-22 | 中国航发上海商用航空发动机制造有限责任公司 | ARP spoofing attack prevention method and system |
| CN111597556A (en) * | 2020-05-21 | 2020-08-28 | 四川英得赛克科技有限公司 | ARP scanning detection method and system applied to industrial control environment |
| CN111541721A (en) * | 2020-05-21 | 2020-08-14 | 四川英得赛克科技有限公司 | Attack monitoring method and system applied to industrial control environment |
| CN111541721B (en) * | 2020-05-21 | 2022-05-27 | 四川英得赛克科技有限公司 | Attack monitoring method and system applied to industrial control environment |
| CN111597556B (en) * | 2020-05-21 | 2023-05-02 | 四川英得赛克科技有限公司 | ARP scanning detection method and system applied to industrial control environment |
| CN111835764A (en) * | 2020-07-13 | 2020-10-27 | 中国联合网络通信集团有限公司 | ARP anti-spoofing method, tunnel endpoint and electronic equipment |
| CN113507476A (en) * | 2021-07-15 | 2021-10-15 | 北京融汇画方科技有限公司 | Method, system, device and storage medium for defending against ARP spoofing attack |
| CN114978942A (en) * | 2022-05-13 | 2022-08-30 | 深信服科技股份有限公司 | Router detection method and device, electronic equipment and storage medium |
| CN114978942B (en) * | 2022-05-13 | 2024-05-24 | 深信服科技股份有限公司 | Router detection method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103152335A (en) | Method and device for preventing ARP (address resolution protocol) deceit on network equipment | |
| CN101110821B (en) | Method and apparatus for preventing ARP address cheating attack | |
| US8495738B2 (en) | Stealth network node | |
| US10944744B2 (en) | Verifying terminal device | |
| US8107396B1 (en) | Host tracking in a layer 2 IP ethernet network | |
| CN109525601B (en) | Method and device for isolating transverse flow between terminals in intranet | |
| CN103095861B (en) | Determine whether equipment is in network internal | |
| US8578468B1 (en) | Multi-factor client authentication | |
| CN106034104A (en) | Verification method, verification device and verification system for network application accessing | |
| US9398045B2 (en) | Network device and method for avoiding address resolution protocol attack | |
| US9746907B2 (en) | Secure wakeup for computer systems over a network | |
| US8572366B1 (en) | Authenticating clients | |
| CN105262773B (en) | A kind of verification method and device of Internet of things system | |
| Song et al. | DS‐ARP: A New Detection Scheme for ARP Spoofing Attacks Based on Routing Trace for Ubiquitous Environments | |
| Tripathi et al. | Analysis of various ARP poisoning mitigation techniques: A comparison | |
| CN109309684A (en) | A kind of business access method, apparatus, terminal, server and storage medium | |
| US8769623B2 (en) | Grouping multiple network addresses of a subscriber into a single communication session | |
| US9202038B1 (en) | Risk based authentication | |
| CN112423277B (en) | Security certificate recovery in bluetooth mesh networks | |
| CN102143154A (en) | Method for preventing attack on media server and media server | |
| CN104038494A (en) | Method for recording attack source and exchanger | |
| US20110216770A1 (en) | Method and apparatus for routing network packets and related packet processing circuit | |
| CN109951298A (en) | Access method, equipment and the computer readable storage medium of server | |
| KR20150060050A (en) | Network device and method of forming tunnel of network device | |
| US10938772B2 (en) | Access device for analysis of physical links and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130612 |