CN104038494A - Method for recording attack source and exchanger - Google Patents
Method for recording attack source and exchanger Download PDFInfo
- Publication number
- CN104038494A CN104038494A CN201410259074.7A CN201410259074A CN104038494A CN 104038494 A CN104038494 A CN 104038494A CN 201410259074 A CN201410259074 A CN 201410259074A CN 104038494 A CN104038494 A CN 104038494A
- Authority
- CN
- China
- Prior art keywords
- attack
- message
- cpu
- attack message
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention is applied to the field of communication and provides a method for recording an attack source and an exchanger. The method includes that an attack message is received; the attack message is sent to an exchanger central processing unit (CPU); the CPU analyzes the attack message to obtain information of the attack message, and the information of the attack message includes attack message content and attack source information; the CPU sends the attack source information and/or the attack message content by a simple network management protocol trap (SNMP Trap) message to a host of an SNMP network management system to alarm. By means of the method for recording the attack source and the exchanger, alarm of address resolution protocol (ARP) spoofing attack and internet protocol (IP) source attack can be achieved, the attack message can be recorded, and conveniences can be brought to network managers during checking of hostile attack in the network.
Description
Technical field
The invention belongs to the communications field, relate in particular to a kind of method and switch that records attack source.
Background technology
In network, often can there is address resolution protocol (the Address Resolution Protocol of malice; ARP) spoofing attack and IP source are attacked; network manager is necessary for the network equipment and carries out corresponding safeguard procedures, just can avoid equipment under attack.
Ethernet switch ARP cheats safeguard function: ARP agreement, for IP address to MAC address provides a kind of mechanism of dynamic mapping, forms ARP table in network host, and this is the precondition that Ethernet communication can normally be carried out.But because ARP agreement is too simple and easy, whether the network host ARP message that does not receive district office is the ARP message of oneself asking, just revise the ARP table in buffer memory according to the transmitting terminal IP of ARP message and transmitting terminal MAC Address, this mechanism makes it easily be subject to ARP spoofing attack to cause ARP table to be tampered and then affect proper communication.The ARP deception safeguard function of Ethernet switch can effectively be stopped ARP spoofing attack, for the main frame of each access network based on ethernet is bound a quaternary table clause (the binding entry being made up of host ip, host MAC address, affiliated VLAN, four of port numbers being connected with switch) in access-layer switch, the ARP message that only meets quaternary table clause could be forwarded in network by switch, so just ARP spoofing attack source can be stopped on source.
Ethernet switch IP source guard function: the network equipment on Ethernet does not often check the source address E-Packeting, assailant can utilize a large amount of non-existent IP address to ask the server in network, make server cannot respond normal service request, cause denial of service (Denial of Service, DoS) to attack.The IP source guard function of Ethernet switch can effectively be guaranteed the legitimacy of the main frame in access network, and only meeting the IP packet that the main frame of binding entry (entry that host ip, host MAC address, three bindings of port that are connected with switch form) sends could be forwarded by switch.
The existing ARP deception safeguard function of Ethernet switch and IP source guard function can effectively be protected ARP spoofing attack in network and the attack of IP source, but these two functions are just simply carried out discard processing by invalid packet, do not record any information having about attack message, network manager cannot seat offence source, thereby cannot investigate the malicious attack in network.
Summary of the invention
The object of the present invention is to provide a kind of method and switch that records attack source, be intended to solve existing ARP deception safeguard function and IP source guard function and do not record any information having about attack message, network manager cannot seat offence source, thereby cannot investigate the problem of the malicious attack in network.
First aspect, the invention provides a kind of method that records attack source, and described method comprises:
Receive attack message;
Described attack message is sent to switch CPU;
CPU resolves described attack message and obtains the information of described attack message, and the information of described attack message comprises content and the attack source information of attack message;
CPU sends to the content of described attack source information and/or attack message on the main frame of SNMP network management system and carries out alarm with simple network management protocol trap SNMP Trap message.
Second aspect, the invention provides a kind of switch, and described switch comprises:
Receiver module, for receiving attack message;
The first sending module, for being sent to switch CPU by described attack message;
Parsing module, resolves described attack message and obtains the information of described attack message for CPU, the information of described attack message comprises content and the attack source information of attack message;
The second sending module, sends to the content of described attack source information and/or attack message for CPU on the main frame of SNMP network management system and carries out alarm with SNMP Trap message.
In the present invention, after receiving attack message, be sent to switch CPU, CPU resolves described attack message and obtains the information of described attack message, and CPU sends to the content of described attack source information and/or attack message on the main frame of SNMP network management system and carries out alarm with SNMP Trap message.Therefore realized ARP spoofing attack and the attack of IP source are carried out to alarm and attack message record, the malicious attack of investigating in network for network manager brings convenience.
Brief description of the drawings
Fig. 1 is the flow chart of the method that records attack source that provides of the embodiment of the present invention one.
Fig. 2 is in the method that records attack source that provides of the embodiment of the present invention one, the flow chart of S104.
Fig. 3 is the structural representation of the switch that provides of the embodiment of the present invention two.
Embodiment
In order to make object of the present invention, technical scheme and beneficial effect clearer, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein, only in order to explain the present invention, is not intended to limit the present invention.
For technical solutions according to the invention are described, describe below by specific embodiment.
embodiment mono-:
Refer to Fig. 1, the method for what the embodiment of the present invention one provided record attack source comprises the following steps:
S101, reception attack message;
In the embodiment of the present invention one, attack message can be ARP spoofing attack message and/or IP source attack message.
S102, described attack message is sent to switch CPU;
In the embodiment of the present invention one, S102 specifically can comprise the following steps:
Described attack message is carried out to speed limit processing; Wherein, speed limit is in order to protect the CPU can excess load in the time at a high speed receiving message;
Attack message after treatment speed limit is sent to switch CPU.
S103, CPU resolve described attack message and obtain the information of described attack message, and the information of described attack message comprises content and the attack source information of attack message;
In the embodiment of the present invention one, attack message content comprises: the source MAC of message and source IP address, as required other message content information of follow-up interpolation.Attack source information is exactly the port number information that message enters from switch.
In the embodiment of the present invention one, before S103, described method can also comprise the following steps:
CPU sends to described attack message in message Processing tasks in the mode of message;
Judge whether to receive attack message, if so, carry out S103, judge whether to receive attack message otherwise return.
In the embodiment of the present invention one, after S103, described method can also comprise:
CPU records the information of described attack message, is specially the information of described attack message is kept at memory pool corresponding to port numbers that message enters from switch, the information that memory pool corresponding to described port numbers only preserved the last attack message;
Mark is attacked in CPU set, is about to attack mark and is set to 1;
CPU abandons described attack message.
S104, CPU send to the content of described attack source information and/or attack message on the main frame of SNMP network management system and carry out alarm with Simple Network Management Protocol (Simple Network Management Protocol, SNMP) trap (Trap) message.
In the embodiment of the present invention one, S104 specifically can comprise the following steps:
S1041, judge CPU whether set attack mark, if so, carry out S1042, otherwise return judge CPU whether set attack and indicate;
S1042, read the information of described attack message;
S1043, the content of described attack source information and/or attack message is encapsulated as to SNMP Trap message;
S1044, described SNMP Trap message is sent on the main frame of SNMP network management system and carry out alarm, thereby network manager can be by the attack source Information locating in SNMP Trap message to the main frame of launching a offensive.
In the embodiment of the present invention one, S1041 is specifically as follows: timing judge CPU whether set attack mark, if so, carry out S1042, otherwise return judge CPU whether set attack and indicate.
S1042 is specifically as follows: read the information of the last attack message, be specially the information that reads the last attack message memory pool corresponding to the port numbers that enters from switch from each message.
S1043 is specifically as follows: the content of the attack source information of described the last attack message and/or attack message is encapsulated as to SNMP Trap message, and the attack source information of described the last attack message and/or the content of attack message specifically refer to attack source information in the information of the last attack message reading memory pool corresponding to the port numbers that enters from switch from each message and/or the content of attack message.
Due to switch memory restriction, cannot reserve enough spaces and go to preserve the information of each attack message, when particularly continuing to receive attack message, so only preserve the information of the last attack message that each port receives, the information of the attack message of source different port can not cover mutually.This kind records the mode of attack message information and works together in conjunction with the mode of timing inquiry attack mark transmission SNMP Trap message, the frequent SNMP Trap message that sends can effectively avoid continuing to receive attack message time, can also guarantee that network manager receives up-to-date attack message information in fixed time interval, is unlikely to be disturbed by too much message information.
SNMP is the application layer protocol in ICP/IP protocol bunch, uses udp port 161/162 to carry out data transmission, and it provides the method for collection network management information in a kind of equipment from network.Network management system based on snmp protocol is owing to having the compatible management that is widely used in the network equipment of good platform.Snmp protocol has three versions, and the function of SNMP Trap message is provided in v2 and v3 version.
In the present invention, after receiving attack message, be sent to CPU, CPU resolves described attack message and obtains the information of described attack message, and CPU sends to the content of described attack source information and/or attack message on the main frame of SNMP network management system and carries out alarm with SNMP Trap message.Therefore realized ARP spoofing attack and the attack of IP source are carried out to alarm and attack message record, the malicious attack of investigating in network for network manager brings convenience.
embodiment bis-:
Refer to Fig. 3, the switch that the embodiment of the present invention two provides comprises: receiver module 11, the first sending module 12, parsing module 13 and the second sending module 14, wherein,
Receiver module 11, for receiving attack message;
In the embodiment of the present invention two, attack message can be ARP spoofing attack message and/or IP source attack message.
The first sending module 12, for being sent to switch CPU by described attack message;
Parsing module 13, resolves described attack message and obtains the information of described attack message for CPU, the information of described attack message comprises content and the attack source information of attack message;
In the embodiment of the present invention two, attack message content comprises: the source MAC of message and source IP address, as required other message content information of follow-up interpolation.
Attack source information is exactly the port number information that message enters from switch.
The second sending module 14, sends to the content of described attack source information and/or attack message for CPU on the main frame of SNMP network management system and carries out alarm with simple network management protocol trap SNMP Trap message.
In the embodiment of the present invention two, described the first sending module 12 specifically can comprise:
Speed limit module, for carrying out speed limit processing to described attack message;
The 3rd sending module, for being sent to switch CPU by attack message after treatment speed limit.
In the embodiment of the present invention two, described switch can also comprise:
The 4th sending module, sends to message Processing tasks by described attack message in the mode of message for CPU;
The first judge module, for judging whether to receive attack message, if so, carries out described CPU by described parsing module and resolves described attack message and obtain the step of the information of described attack message, judges whether to receive attack message otherwise return;
Logging modle, record the information of described attack message for CPU, be specially the information of described attack message is kept at memory pool corresponding to port numbers that message enters from switch, the information that memory pool corresponding to described port numbers only preserved the last attack message;
Module is set, attacks mark for CPU set;
Discard module, abandons described attack message for CPU.
In the embodiment of the present invention two, described the second sending module specifically can comprise:
The second judge module, for judge CPU whether set attack mark, if so, directly read the information of described attack message by read module, otherwise return judge CPU whether set attack indicate;
Read module, for reading the information of described attack message;
Package module, for being encapsulated as SNMP Trap message by the content of described attack source information and/or attack message;
The 5th sending module, carries out alarm for described SNMP Trap message being sent on the main frame of SNMP network management system.
In the embodiment of the present invention two, the second judge module specifically can for timing judge CPU whether set attack mark, if so, read the information of the last attack message by described read module, judge whether to receive attack message otherwise return;
Described read module is specifically for reading the information of the last attack message, is specially the information that reads the last attack message memory pool corresponding to the port numbers that enters from switch from each message;
Described package module is specifically for the content of the attack source information of described the last attack message and/or attack message is encapsulated as to SNMP Trap message, and the attack source information of described the last attack message and/or the content of attack message specifically refer to attack source information in the information of the last attack message reading memory pool corresponding to the port numbers that enters from switch from each message and/or the content of attack message.
Due to switch memory restriction, cannot reserve enough spaces and go to preserve the information of each attack message, when particularly continuing to receive attack message, so only preserve the information of the last attack message that each port receives, the information of the attack message of source different port can not cover mutually.This kind records the mode of attack message information and works together in conjunction with the mode of timing inquiry attack mark transmission SNMP Trap message, the frequent SNMP Trap message that sends can effectively avoid continuing to receive attack message time, can also guarantee that network manager receives up-to-date attack message information in fixed time interval, is unlikely to be disturbed by too much message information.
One of ordinary skill in the art will appreciate that all or part of step realizing in above-described embodiment method is can carry out the hardware that instruction is relevant by program to complete, described program can be stored in a computer read/write memory medium, described storage medium, as ROM/RAM, disk, CD etc.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, all any amendments of doing within the spirit and principles in the present invention, be equal to and replace and improvement etc., within all should being included in protection scope of the present invention.
Claims (10)
1. a method that records attack source, is characterized in that, described method comprises:
Receive attack message;
Described attack message is sent to switch CPU;
CPU resolves described attack message and obtains the information of described attack message, and the information of described attack message comprises content and the attack source information of attack message;
CPU sends to the content of described attack source information and/or attack message on the main frame of SNMP network management system and carries out alarm with simple network management protocol trap SNMP Trap message.
2. the method for claim 1, is characterized in that, describedly described attack message is sent to switch CPU specifically comprises:
Described attack message is carried out to speed limit processing;
Attack message after treatment speed limit is sent to switch CPU.
3. method as claimed in claim 1 or 2, is characterized in that, described CPU resolves before described attack message obtains the information of described attack message, and described method also comprises:
CPU sends to described attack message in message Processing tasks in the mode of message;
Judge whether to receive attack message, if so, carry out described CPU and resolve described attack message and obtain the step of the information of described attack message, judge whether to receive attack message otherwise return.
4. method as claimed in claim 1 or 2, is characterized in that, described CPU resolves after described attack message obtains the information of described attack message, and described method also comprises:
CPU records the information of described attack message;
Mark is attacked in CPU set;
CPU abandons described attack message.
5. method as claimed in claim 1 or 2, it is characterized in that, described CPU sends to the content of described attack source information and/or attack message and on the main frame of SNMP network management system, carries out alarm and specifically comprise with simple network management protocol trap SNMP Trap message:
Judge CPU whether set attack mark, if so, directly read the information of described attack message, otherwise return judge described CPU whether set attack and indicate;
The content of described attack source information and/or attack message is encapsulated as to SNMP Trap message;
Described SNMP Trap message is sent on the main frame of SNMP network management system and carry out alarm.
6. method as claimed in claim 5, is characterized in that, the described CPU of judgement whether set attack mark be specially: timing judge CPU whether set attack mark;
The described information that reads described attack message is specially: the information that reads the last attack message;
The described content by described attack source information and/or attack message is encapsulated as SNMP Trap message and is specially: the content of the attack source information of described the last attack message and/or attack message is encapsulated as to SNMP Trap message.
7. a switch, is characterized in that, described switch comprises:
Receiver module, for receiving attack message;
The first sending module, for being sent to switch CPU by described attack message;
Parsing module, resolves described attack message and obtains the information of described attack message for CPU, the information of described attack message comprises content and the attack source information of attack message;
The second sending module, sends to the content of described attack source information and/or attack message for CPU on the main frame of SNMP network management system and carries out alarm with simple network management protocol trap SNMP Trap message.
8. switch as claimed in claim 7, is characterized in that, described the first sending module specifically comprises:
Speed limit module, for carrying out speed limit processing to described attack message;
The 3rd sending module, for being sent to switch CPU by attack message after treatment speed limit.
9. switch as claimed in claim 7 or 8, is characterized in that, described switch also comprises:
The 4th sending module, sends to message Processing tasks by described attack message in the mode of message for CPU;
The first judge module, for judging whether to receive attack message, if so, carries out described CPU by described parsing module and resolves described attack message and obtain the step of the information of described attack message, judges whether to receive attack message otherwise return;
Logging modle, records the information of described attack message for CPU;
Module is set, attacks mark for CPU set;
Discard module, abandons described attack message for CPU.
10. switch as claimed in claim 7 or 8, is characterized in that, described the second sending module specifically comprises:
The second judge module, for judge CPU whether set attack mark, if so, directly read the information of described attack message by read module, otherwise return judge CPU whether set attack indicate;
Read module, for reading the information of described attack message;
Package module, for being encapsulated as SNMP Trap message by the content of described attack source information and/or attack message;
The 5th sending module, carries out alarm for described SNMP Trap message being sent on the main frame of SNMP network management system.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410259074.7A CN104038494A (en) | 2014-06-11 | 2014-06-11 | Method for recording attack source and exchanger |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410259074.7A CN104038494A (en) | 2014-06-11 | 2014-06-11 | Method for recording attack source and exchanger |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104038494A true CN104038494A (en) | 2014-09-10 |
Family
ID=51469083
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410259074.7A Pending CN104038494A (en) | 2014-06-11 | 2014-06-11 | Method for recording attack source and exchanger |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104038494A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106878258A (en) * | 2016-12-14 | 2017-06-20 | 新华三技术有限公司 | One kind attacks localization method and device |
CN107948157A (en) * | 2017-11-24 | 2018-04-20 | 锐捷网络股份有限公司 | A kind of message processing method and device |
CN109245982A (en) * | 2017-07-10 | 2019-01-18 | 重庆邮电大学 | A kind of inside and outside network data real-time exchange system based on the stateless end to end connection being unidirectionally divided |
CN115037541A (en) * | 2022-06-09 | 2022-09-09 | 克拉玛依油城数据有限公司 | Method for automatically positioning physical position of attack source based on IP address in intranet environment |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1655516A (en) * | 2004-02-11 | 2005-08-17 | 上海三零卫士信息安全有限公司 | Computer network emergency response early-warning treatment system |
CN1725732A (en) * | 2005-06-08 | 2006-01-25 | 杭州华为三康技术有限公司 | Message speed limit method |
CN101083563A (en) * | 2007-07-20 | 2007-12-05 | 杭州华三通信技术有限公司 | Method and apparatus for preventing distributed refuse service attack |
CN101123492A (en) * | 2007-09-06 | 2008-02-13 | 杭州华三通信技术有限公司 | Method and device for detecting scanning attack |
CN101127594A (en) * | 2007-10-10 | 2008-02-20 | 杭州华三通信技术有限公司 | A device and method for secure information joint processing |
CN101465760A (en) * | 2007-12-17 | 2009-06-24 | 北京启明星辰信息技术股份有限公司 | Method and system for detecting abnegation service aggression |
CN102075365A (en) * | 2011-02-15 | 2011-05-25 | 中国工商银行股份有限公司 | Method and device for locating and protecting network attack source |
US8176553B1 (en) * | 2001-06-29 | 2012-05-08 | Mcafee, Inc. | Secure gateway with firewall and intrusion detection capabilities |
CN102487339A (en) * | 2010-12-01 | 2012-06-06 | 中兴通讯股份有限公司 | Attack preventing method for network equipment and device |
US20120246303A1 (en) * | 2011-03-23 | 2012-09-27 | LogRhythm Inc. | Log collection, structuring and processing |
CN103441946A (en) * | 2013-09-05 | 2013-12-11 | 上海斐讯数据通信技术有限公司 | CPU-protecting mass-flow attack identification method and device |
CN103561011A (en) * | 2013-10-28 | 2014-02-05 | 中国科学院信息工程研究所 | Method and system for preventing blind DDoS attacks on SDN controllers |
-
2014
- 2014-06-11 CN CN201410259074.7A patent/CN104038494A/en active Pending
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8176553B1 (en) * | 2001-06-29 | 2012-05-08 | Mcafee, Inc. | Secure gateway with firewall and intrusion detection capabilities |
CN1655516A (en) * | 2004-02-11 | 2005-08-17 | 上海三零卫士信息安全有限公司 | Computer network emergency response early-warning treatment system |
CN1725732A (en) * | 2005-06-08 | 2006-01-25 | 杭州华为三康技术有限公司 | Message speed limit method |
CN101083563A (en) * | 2007-07-20 | 2007-12-05 | 杭州华三通信技术有限公司 | Method and apparatus for preventing distributed refuse service attack |
CN101123492A (en) * | 2007-09-06 | 2008-02-13 | 杭州华三通信技术有限公司 | Method and device for detecting scanning attack |
CN101127594A (en) * | 2007-10-10 | 2008-02-20 | 杭州华三通信技术有限公司 | A device and method for secure information joint processing |
CN101465760A (en) * | 2007-12-17 | 2009-06-24 | 北京启明星辰信息技术股份有限公司 | Method and system for detecting abnegation service aggression |
CN102487339A (en) * | 2010-12-01 | 2012-06-06 | 中兴通讯股份有限公司 | Attack preventing method for network equipment and device |
CN102075365A (en) * | 2011-02-15 | 2011-05-25 | 中国工商银行股份有限公司 | Method and device for locating and protecting network attack source |
US20120246303A1 (en) * | 2011-03-23 | 2012-09-27 | LogRhythm Inc. | Log collection, structuring and processing |
CN103441946A (en) * | 2013-09-05 | 2013-12-11 | 上海斐讯数据通信技术有限公司 | CPU-protecting mass-flow attack identification method and device |
CN103561011A (en) * | 2013-10-28 | 2014-02-05 | 中国科学院信息工程研究所 | Method and system for preventing blind DDoS attacks on SDN controllers |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106878258A (en) * | 2016-12-14 | 2017-06-20 | 新华三技术有限公司 | One kind attacks localization method and device |
CN109245982A (en) * | 2017-07-10 | 2019-01-18 | 重庆邮电大学 | A kind of inside and outside network data real-time exchange system based on the stateless end to end connection being unidirectionally divided |
CN109245982B (en) * | 2017-07-10 | 2020-11-24 | 重庆邮电大学 | Internal and external network data real-time exchange system based on one-way light splitting and stateless end-to-end connection |
CN107948157A (en) * | 2017-11-24 | 2018-04-20 | 锐捷网络股份有限公司 | A kind of message processing method and device |
CN115037541A (en) * | 2022-06-09 | 2022-09-09 | 克拉玛依油城数据有限公司 | Method for automatically positioning physical position of attack source based on IP address in intranet environment |
CN115037541B (en) * | 2022-06-09 | 2024-06-07 | 克拉玛依油城数据有限公司 | Method for automatically positioning physical position of attack source based on IP address in intranet environment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110445770B (en) | Network attack source positioning and protecting method, electronic equipment and computer storage medium | |
US8438270B2 (en) | System and method for correlating network identities and addresses | |
US8886927B2 (en) | Method, apparatus and system for preventing DDoS attacks in cloud system | |
US20040003292A1 (en) | User identifying technique on networks having different address systems | |
EP2469787B1 (en) | Method and device for preventing network attacks | |
KR102340468B1 (en) | Logging traffic on computer networks | |
CN109391635B (en) | Data transmission method, device, equipment and medium based on bidirectional gatekeeper | |
US20120317613A1 (en) | Network apparatus based on content name and method for protecting content | |
US20100175122A1 (en) | System and method for preventing header spoofing | |
CN104967609A (en) | Intranet development server access method, intranet development server access device and intranet development server access system | |
US8588056B1 (en) | Elimination of unwanted packets entering a restricted bandwidth network | |
KR101472685B1 (en) | Network connection gateway, a network isolation method and a computer network system using such a gateway | |
CA2774281C (en) | User access method, system, access server, and access device | |
CN102438028A (en) | Method, device and system for preventing fraud of dynamic host configuration protocol (DHCP) server | |
CN113783885B (en) | Honeypot network proxy method and related device | |
CN104038494A (en) | Method for recording attack source and exchanger | |
CN116708041B (en) | Camouflage proxy method, device, equipment and medium | |
KR101522139B1 (en) | Method for blocking selectively in dns server and change the dns address using proxy | |
CN113132364A (en) | ARP (Address resolution protocol) draft table item generation method and electronic equipment | |
CN113014680B (en) | Broadband access method, device, equipment and storage medium | |
CN110995763A (en) | Data processing method and device, electronic equipment and computer storage medium | |
KR102298736B1 (en) | Apparatus and method for concealing network, computer-readable storage medium and computer program for controlling the holder device | |
CN111866005A (en) | ARP spoofing attack defense method, system and device based on block chain | |
US20230269236A1 (en) | Automatic proxy system, automatic proxy method and non-transitory computer readable medium | |
CN110213399A (en) | Dynamic Host Configuration Protocol server detection method, storage medium and terminal based on NETFILTER mechanism |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140910 |
|
RJ01 | Rejection of invention patent application after publication |