CN104601566A - Authentication method and device - Google Patents
Authentication method and device Download PDFInfo
- Publication number
- CN104601566A CN104601566A CN201510010119.1A CN201510010119A CN104601566A CN 104601566 A CN104601566 A CN 104601566A CN 201510010119 A CN201510010119 A CN 201510010119A CN 104601566 A CN104601566 A CN 104601566A
- Authority
- CN
- China
- Prior art keywords
- message
- port
- inbound port
- sent
- control strategy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention provides an authentication method and device. The method comprises binding the ingress port of a network device with a designated port; delivering a preset control strategy to the bound ingress port; receiving a message sent by a client through the ingress port of the network device; determining whether the message is a message sent to the local, and if so, when the message hits the preset control strategy, sending the message to an authentication server for authentication. Therefore, the security of the authentication server can be effectively enhanced.
Description
Technical field
The present invention relates to communication technical field, particularly relate to a kind of authentication method and device.
Background technology
At present, for ensureing network security, many certificate servers of disposing in a network are to limit unwarranted user/equipment by inbound port accesses network, and certificate server designs based on security protocol and cryptographic technique, effectively can ensure the legitimacy of the user of access network.But, in prior art, when user reaches the standard grade, namely message identifying can be sent to certificate server, so, if there is disabled user to attack certificate server by sending attack message to certificate server, then the problems such as certificate server paralysis are very likely caused.
Summary of the invention
For the defect of prior art, the invention provides a kind of authentication method and device.
The invention provides a kind of authentication method, be applied to the network equipment, wherein the method comprises:
The inbound port of the described network equipment and designated port are bound;
Issue predetermined control strategy to the inbound port after binding, the message that described predetermined control strategy is used for receiving filters, and by the message up sending of the described predetermined control strategy of hit to certificate server;
The message of client transmission is received by the inbound port after binding;
Judge whether described message is be sent to local message, if so, when described message hit predetermined control strategy, described message is sent to certificate server and carries out certification.
Present invention also offers a kind of authenticate device, be applied to the network equipment, described device comprises:
Binding unit, for binding the inbound port of the described network equipment and designated port;
Issue unit, for issuing predetermined control strategy to the inbound port after binding, the message that described predetermined control strategy is used for receiving filters, and by the message up sending of the described predetermined control strategy of hit to certificate server;
Receiving element, for receiving the message that client sends by the inbound port after binding;
Judging unit, for judging whether described message is be sent to local message, if so, when described message hit predetermined control strategy, being sent to certificate server by described message and carrying out certification.
Authentication method provided by the invention and device, by the inbound port of the network equipment and designated port are bound, and issue predetermined control strategy to the inbound port after binding, with when receiving the message being sent to this locality, if this message hit predetermined control strategy, described message is sent to certificate server and carries out certification, avoid and other non-authentication protocol massages is sent to certificate server, thus effectively improve the fail safe of certificate server.
Accompanying drawing explanation
Fig. 1 is the network environment schematic diagram in the embodiment of the present invention;
Fig. 2 is a kind of authentication method schematic flow sheet in the embodiment of the present invention;
Fig. 3 is the logical construction schematic diagram of a kind of authenticate device in the embodiment of the present invention;
Fig. 4 is the hardware structure schematic diagram of the authenticate device place network equipment in the embodiment of the present invention.
Embodiment
For making the object of the application, technical scheme and advantage are clearly understood, are described in further detail the application's scheme referring to accompanying drawing.
In order to solve problems of the prior art, the invention provides a kind of authentication method and device.
The network environment schematic diagram that Fig. 1 applies for authentication method of the present invention, this networking comprises multiple client (client 1, client 2 and client 3), the two-layer equipment connecting client, BRAS (BroadbandRemote Access Server, Broadband Remote Access Server) equipment, certificate server (Radius Server) and gateway device.In actual applications, for realizing the dual-host backup of business, this BRAS equipment can be also two or more, is respectively a BRAS main equipment and BRAS for equipment (not shown BRAS is for equipment in Fig. 1).PE (Provider Edge can also be had between BRAS equipment and gateway device, provider edge router) equipment (in Fig. 1 not shown PE equipment), for BRAS equipment being sent to the data message forwarding of gateway device to gateway device.Wherein, the BRAS equipment shown in Fig. 1 can be BRAS main equipment, and BRAS equipment can comprise multiple port (Port1, Port2, Port3, Port4 and Port5 as in BRAS equipment).
Please refer to Fig. 2, for the handling process schematic diagram of authentication method provided by the invention, this authentication method can be applicable to the network equipment, and this network equipment can be BRAS equipment, the present invention is described to be applied to BRAS equipment, and this authentication method comprises the following steps:
Step 201, binds the inbound port of the described network equipment and designated port;
In actual applications, first the inbound port of BRAS equipment and designated port can be bound by the embodiment of the present invention, this designated port can be VSI (Virtual Switch Interface, virtual switch interface) private network port, also can be Vlan (Virtual Local Area Network, VLAN) two layers of mouth such as port, the data message being sent to gateway device received from inbound port through and the designated port bound of inbound port forward.Such as, this inbound port is the Port1 in Fig. 1, designated port is Port2, the inbound port Port1 of BRAS equipment and designated port Port2 is bound, forwards for the data message being sent to gateway device received from inbound port Port1 is passed through the designated port Port2 bound with inbound port Port1.Wherein, after inbound port and designated port being bound, the MAC Address of designated port and IP address are MAC Address and the IP address of inbound port.
In addition, this step can also learn the IP (InternetProtocol of gateway device by gateway device distally, the agreement of network interconnection) address and MAC (Medium/Media Access Control, medium access control) address, and the MAC Address of this BRAS equipment inbound port and IP address are all revised as MAC Address and the IP address of gateway device, can send via described BRAS equipment with the authentication protocol message making to be sent to certificate server or the data message that is sent to gateway device; Now, the MAC Address of designated port and IP address are also the MAC Address of amended inbound port and IP address (i.e. the MAC Address of gateway device and IP address).
Step 202, issues predetermined control strategy to the inbound port after binding, and the message that described predetermined control strategy is used for receiving filters, and by the message up sending of the described predetermined control strategy of hit to certificate server;
Then, in advance for the inbound port after binding issues predetermined control strategy, this predetermined control strategy can be ACL (Access Control List, Access Control List (ACL)) etc.For the inbound port after binding issues ACL for filtering the message received, and by the message up sending of the described predetermined control strategy of hit to certificate server.Such as, occurrence in this ACL can be DHCP (Dynamic Host Configuration Protocol, DHCP) message, Http (Hypertext transfer protocol, HTTP) message and AAA (Authentication, checking, Authorization, mandate, Accounting, book keeping operation) message characteristic of UDP (User Datagram Protocol, the User Datagram Protoco (UDP)) message such as message.When receiving the message of hit ACL occurrence to make the inbound port after by binding, by this message up sending to certificate server.
Step 203, receives the message of client transmission by the inbound port after binding;
Step 204, judges whether described message is be sent to local message, if so, when described message hit predetermined control strategy, described message is sent to certificate server and carries out certification.
BRAS equipment in the embodiment of the present invention can establish a communications link with certificate server, on the client during line, first client obtains IP address by the mode of DHCP, afterwards using obtain IP address as source IP address, using the IP address of gateway device as object IP address, generation authentication protocol message is sent to certificate server and carries out certification, and after certification is passed through, carries out data interaction with other clients.
After BRAS equipment to receive the message that client sends by inbound port, resolve this message, check whether the MAC Address of the target MAC (Media Access Control) address of this message and object IP address and the amended incoming interface of BRAS equipment and IP address (i.e. the MAC Address of gateway device and IP address) be consistent, if consistent, determine that this message is be sent to local message.And check whether this message is the message that ACL is preset in hit further, if the message characteristic in the occurrence of this message hit ACL, then can carry out certification as the authentication protocol message carrying out certification by unbundling port (such as Port5) delivers to certificate server using this message.
After certification is passed through, the certification back message of reply is sent to BRAS equipment by certificate server, is sent to client, to notify that client certificate passes through by this BRAS equipment via the port receiving authentication protocol message.
It can thus be appreciated that, in the embodiment of the present invention when receiving local message, only the authentication protocol message of hit predetermined control strategy is sent to certificate server, the attack message that other non-authentication protocol massages or disabled user send to certificate server then can be isolated out, effectively prevent and aggressive message is sent to certificate server, thus improve the fail safe of certificate server.
The present invention is preferably in execution mode, after the inbound port by described BRAS equipment receives the message of client transmission, if the message characteristic preset in this message is miss ACL, the type of message of this message is then judged according to Type (type) field of this message, if determine, this message is the data message being sent to gateway device, illustrate that the client sending described data message is by certification, is so forwarded to gateway device by described data message by the designated port bound with the inbound port receiving this data message.If also there is PE equipment between BRAS equipment and gateway device, so also the inbound port of PE equipment and its designated port can be bound, by BRAS equipment by this data message forwarding to PE equipment, then by the designated port corresponding to the inbound port that receives this data message with PE equipment, this data message is sent to gateway device.
It should be noted that, the present invention is in the data retransmission of three-layer network, and the designated port bound with inbound port can be VSI private network port; In the forwarded of two layers, the designated port bound with inbound port can be Vlan port.The present invention is to be applied in three-layer network forwarding, and the designated port bound with inbound port is VSI private network port is that the present invention will be described for example.When the designated port bound with inbound port in the data retransmission of double layer network is Vlan port, when performing the handling process of the inventive method, need by the STP of two-layer equipment in networking (Spanning Tree Protocol, Spanning-Tree Protocol) function enables, in case major structure becomes loop, remaining handling process can be the handling process of VSI private network port with reference to designated port in the embodiment of the present invention, will not enumerate at this.
In prior art; after receiving in BRAS equipment the data message being forwarded to gateway device; usual meeting generates ARP (the AddressResolution Protocol with client identification and outbound port corresponding relation in BRAS equipment; address resolution protocol) show or FIB (Fowarding information base; forwarding information base) forwarding-table item such as table grade; with when subsequently received reverse message from gateway device to client, inquire about this ARP table or fib table forwards.
But, in the embodiment of the present invention, BRAS equipment is after by data message forwarding to gateway device, do not generate the forwarding-table item such as ARP table or fib table, but after gateway device receives this data message, by gateway device according to this data message generating forwarding-table item information (ARP table or fib table), when gateway device receives the reverse message being sent to client, inquire about the forwarding-table item information that it prestores, according to the information inquired, this reverse message is sent to the VSI private network port of the BRAS equipment recorded in forwarding-table item information, the VSI private network port of BRAS equipment is after receiving this reverse message, can by this reverse message by being sent to corresponding client with the inbound port of this VSI private network port binding.
So, the BRAS equipment in the embodiment of the present invention, when forwarding data packets, can complete the forwarding of data message and reverse message without the need to setting up the forwarding-table item such as ARP table or fib table.Share on gateway device by the ARP table of Bras equipment and fib table simultaneously, significantly alleviate the pressure of BRAS equipment, the resource occupation for BRAS equipment also can reduce relatively.And due to the BRAS equipment not list item such as regeneration ARP and FIB, the utilance of its CPU also can reduce accordingly, and then makes the stability of system be able to effective raising.
Such as, in prior art, the message of client 1, client 2 and client 3 receives by a fixing inbound port Port1 usually, if Port1 occurs abnormal, the business of client 1, client 2 and client 3 all cannot normal process.And in the present invention, the inbound port Port1 in BRAS equipment and VSI private network port Port2 is bound, as VSI-1, the business between process client 1 and gateway device; Inbound port Port3 and VSI private network port Port4 binds, as VSI-2, and the business between process client 2 and gateway device.Suppose that VSI-1 breaks down, also can't affect the business of client 2 at VSI-2.Thus, the inventive method has more reliability.
In addition, the present invention, when being applied in two-unit standby system, can realizing the 1:1 backup of data, also can realize 1:N backup, as long as BRAS connects for the incoming interface between equipment and BRAS main equipment.In actual applications, can carry out as required increasing or reduce BRAS for equipment, have more flexibility to make the present invention.
In two-unit standby system, if BRAS main equipment breaks down, can be linked by tack or the function such as monitorlink (monitoring link) interlock, finishing service at BRAS main equipment, BRAS for the switching of equipment.When the BRAS equipment stated on the invention is BRAS main equipment, if the message that the inbound port via BRAS main equipment receives client transmission is data message, the Session generated according to described data message (session) list item can be pushed to BRAS in two-unit standby system for equipment to back up, if have multiple BRAS for equipment, then the Session list item of generation is pushed to other AC mouth, all BRAS herein mainly in two-unit standby system are for device backup.Certainly, when there being multiple BRAS for equipment, also the Session list item of generation can be pushed to one or more BRAS of specifying for device backup,
The present invention also provides a kind of authenticate device, and Fig. 3 is the structural representation of this authenticate device, and this device can be applied on network devices, and this authenticate device can comprise binding unit 301, issue unit 302, receiving element 303 and judging unit 304, wherein:
Binding unit 301, for binding the inbound port of the described network equipment and designated port; Wherein, after inbound port and designated port being bound, the MAC Address of designated port and IP address are MAC Address and the IP address of inbound port;
Issue unit 302, for issuing predetermined control strategy to the inbound port after binding, the message that described predetermined control strategy is used for receiving filters, and by the message up sending of the described predetermined control strategy of hit to certificate server;
Receiving element 303, for receiving the message that client sends by the inbound port after binding;
Judging unit 304, for judging whether described message is be sent to local message, if so, when described message hit predetermined control strategy, being sent to certificate server by described message and carrying out certification.
Further, described binding unit 301 can also be used for the address information address information of described inbound port being revised as gateway device; Now, the MAC Address of the designated port bound with inbound port and IP address are also the MAC Address of amended inbound port and IP address (i.e. the MAC Address of gateway device and IP address).
Described judging unit 304, can also be used for after the inbound port by the described network equipment receives the message of client transmission, if the address information of described message is consistent with the address information of amended inbound port, determines that described message is sent to local message.
Further, described judging unit 304 can also be used for when the message that the inbound port by the described network equipment receives client transmission is data message, determine that described client passes through certification, described data message is forwarded to gateway device, to make gateway device according to described data message generating forwarding-table item information by the designated port bound with described inbound port.
Further, described judging unit 304 can also be used for when the described network equipment is the main equipment in two-unit standby system, if the message that described inbound port receives client transmission is data message, the Session list item generated is sent to the standby equipment in two-unit standby system according to described data message.
Further, described forwarding-table item information comprises at least one item of ARP information and fib table item information.
Further, described predetermined control strategy is access control list ACL; Described designated port is VSI private network port or Vlan port.
In addition, the present invention is applied to the authenticate device of the network equipment can be consistent with the handling process of above-mentioned authentication method in concrete handling process, do not repeat them here.
Said apparatus can pass through software simulating, also hardware implementing can be passed through, for example is convenient, the hardware structure schematic diagram of authenticate device place controlled device of the present invention and remote control equipment all can with reference to shown in figure 4, its basic hardware environment comprises CPU, forwarding chip, memory and other hardware, wherein memory device comprises machine readable instructions, and CPU reads and performs the function that machine readable instructions performs each unit in Fig. 3.
As can be seen from the execution mode of above various method and apparatus, in the embodiment of the present invention when receiving local message, only the authentication protocol message of hit predetermined control strategy is sent to certificate server, when disabled user knows certificate server IP address, the attack message sent to certificate server then can be isolated out, avoid this attack message to be sent to certificate server, thus effectively improve the fail safe of certificate server.In addition, because inbound port and designated port are bound by the present invention, BRAS equipment by data message forwarding to gateway device time, only by gateway device according to this data message generating forward list item, BRAS equipment without the need to regeneration forwarding-table item, thus significantly alleviates the pressure of BRAS equipment.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment made, equivalent replacement, improvement etc., all should be included within the scope of protection of the invention.
Claims (10)
1. an authentication method, is applied to the network equipment, it is characterized in that, described method comprises:
The inbound port of the described network equipment and designated port are bound;
Issue predetermined control strategy to the inbound port after binding, the message that described predetermined control strategy is used for receiving filters, and by the message up sending of the described predetermined control strategy of hit to certificate server;
The message of client transmission is received by the inbound port after binding;
Judge whether described message is be sent to local message, if so, when described message hits described predetermined control strategy, described message is sent to certificate server and carries out certification.
2. the method for claim 1, is characterized in that, before the inbound port by the described network equipment receives the message of client transmission, the address information of described inbound port is revised as the address information of gateway device;
Describedly judge that whether message is be sent to local message specifically to comprise:
After the inbound port by the described network equipment receives the message of client transmission, if the address information of described message is consistent with the address information of amended inbound port, determine that described message is sent to local message.
3. the method for claim 1, is characterized in that, described predetermined control strategy is access control list ACL;
Described designated port is virtual switch interface VSI private network port or VLAN Vlan port.
4. the method for claim 1, is characterized in that, described method also comprises:
If judge, described message is sent to local message, and described message is data message, determine that described client passes through certification, described data message is forwarded to gateway device, to make gateway device according to described data message generating forwarding-table item information by the designated port bound with described inbound port.
5. the method as described in as arbitrary in Claims 1 to 4, it is characterized in that, described method also comprises:
When the described network equipment is the main equipment in two-unit standby system, if the message that described inbound port receives client transmission is data message, the session Session list item generated is sent to the standby equipment in two-unit standby system according to described data message.
6. an authenticate device, is applied to the network equipment, it is characterized in that, described device comprises:
Binding unit, for binding the inbound port of the described network equipment and designated port;
Issue unit, for issuing predetermined control strategy to the inbound port after binding, the message that described predetermined control strategy is used for receiving filters, and by the message up sending of the described predetermined control strategy of hit to certificate server;
Receiving element, for receiving the message that client sends by the inbound port after binding;
Judging unit, for judging whether described message is be sent to local message, if so, when described message hit predetermined control strategy, being sent to certificate server by described message and carrying out certification.
7. device as claimed in claim 6, is characterized in that, described binding unit also for:
The address information of described inbound port is revised as the address information of gateway device;
Described judging unit specifically for:
After the inbound port by the described network equipment receives the message of client transmission, if the address information of described message is consistent with the address information of amended inbound port, determine that described message is sent to local message.
8. method as claimed in claim 6, it is characterized in that, described predetermined control strategy is access control list ACL; Described designated port is virtual switch interface VSI private network port or VLAN Vlan port.
9. device as claimed in claim 6, is characterized in that, described judging unit also for:
When the message that the inbound port by the described network equipment receives client transmission is data message, determine that described client passes through certification, described data message is forwarded to gateway device, to make gateway device according to described data message generating forwarding-table item information by the designated port bound with described inbound port.
10. the device as described in as arbitrary in claim 6 ~ 9, is characterized in that, described judging unit also for:
When the described network equipment is the main equipment in two-unit standby system, if the message that described inbound port receives client transmission is data message, the session Session list item generated is sent to the standby equipment in two-unit standby system according to described data message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510010119.1A CN104601566B (en) | 2015-01-08 | 2015-01-08 | authentication method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510010119.1A CN104601566B (en) | 2015-01-08 | 2015-01-08 | authentication method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104601566A true CN104601566A (en) | 2015-05-06 |
| CN104601566B CN104601566B (en) | 2018-07-24 |
Family
ID=53127072
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510010119.1A Active CN104601566B (en) | 2015-01-08 | 2015-01-08 | authentication method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104601566B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105471905A (en) * | 2015-12-30 | 2016-04-06 | 迈普通信技术股份有限公司 | AAA implementation method and system in stacking system |
| CN106230740A (en) * | 2016-08-23 | 2016-12-14 | 杭州华三通信技术有限公司 | Message forwarding method in a kind of VXLAN and device |
| CN108076123A (en) * | 2016-11-11 | 2018-05-25 | 腾讯科技(深圳)有限公司 | Webpage adjustment method, apparatus and system |
| CN108366083A (en) * | 2017-07-03 | 2018-08-03 | 新华三技术有限公司 | The method and apparatus for preventing subscriber network access from interrupting |
| CN110290124A (en) * | 2019-06-14 | 2019-09-27 | 杭州迪普科技股份有限公司 | A kind of interchanger inbound port blocking-up method and device |
| CN111474885A (en) * | 2020-04-29 | 2020-07-31 | 江苏建筑职业技术学院 | Solar wireless intelligent networking control platform |
| CN114285819A (en) * | 2021-12-29 | 2022-04-05 | 深圳市共进电子股份有限公司 | Method and device for visiting intranet by visitor network, computer equipment and medium |
| CN114785534A (en) * | 2022-01-06 | 2022-07-22 | 新华三技术有限公司 | Communication method and device |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6754832B1 (en) * | 1999-08-12 | 2004-06-22 | International Business Machines Corporation | Security rule database searching in a network security environment |
| CN101022360A (en) * | 2007-03-16 | 2007-08-22 | 北京工业大学 | Local network safety management method based on IEEE 802.1X protocol |
| CN101179583A (en) * | 2007-12-17 | 2008-05-14 | 杭州华三通信技术有限公司 | Method and equipment preventing user counterfeit internet |
| CN101370019A (en) * | 2008-09-26 | 2009-02-18 | 北京星网锐捷网络技术有限公司 | Method and switchboard for preventing packet cheating attack of address analysis protocol |
| CN101488951A (en) * | 2008-12-31 | 2009-07-22 | 成都市华为赛门铁克科技有限公司 | Method, equipment and communication network for preventing from address resolution protocol attack |
| CN101984693A (en) * | 2010-11-16 | 2011-03-09 | 中兴通讯股份有限公司 | Monitoring method and monitoring device for access of terminal to local area network (LAN) |
| CN102006296A (en) * | 2010-11-26 | 2011-04-06 | 杭州华三通信技术有限公司 | Security certification method and equipment |
| US20140173722A1 (en) * | 2012-12-14 | 2014-06-19 | Verizon Patent And Licensing Inc. | Methods and Systems for Mitigating Attack Traffic Directed at a Network Element |
-
2015
- 2015-01-08 CN CN201510010119.1A patent/CN104601566B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6754832B1 (en) * | 1999-08-12 | 2004-06-22 | International Business Machines Corporation | Security rule database searching in a network security environment |
| CN101022360A (en) * | 2007-03-16 | 2007-08-22 | 北京工业大学 | Local network safety management method based on IEEE 802.1X protocol |
| CN101179583A (en) * | 2007-12-17 | 2008-05-14 | 杭州华三通信技术有限公司 | Method and equipment preventing user counterfeit internet |
| CN101370019A (en) * | 2008-09-26 | 2009-02-18 | 北京星网锐捷网络技术有限公司 | Method and switchboard for preventing packet cheating attack of address analysis protocol |
| CN101488951A (en) * | 2008-12-31 | 2009-07-22 | 成都市华为赛门铁克科技有限公司 | Method, equipment and communication network for preventing from address resolution protocol attack |
| CN101984693A (en) * | 2010-11-16 | 2011-03-09 | 中兴通讯股份有限公司 | Monitoring method and monitoring device for access of terminal to local area network (LAN) |
| CN102006296A (en) * | 2010-11-26 | 2011-04-06 | 杭州华三通信技术有限公司 | Security certification method and equipment |
| US20140173722A1 (en) * | 2012-12-14 | 2014-06-19 | Verizon Patent And Licensing Inc. | Methods and Systems for Mitigating Attack Traffic Directed at a Network Element |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105471905B (en) * | 2015-12-30 | 2018-12-07 | 迈普通信技术股份有限公司 | The realization method and system of AAA in a kind of stacking system |
| CN105471905A (en) * | 2015-12-30 | 2016-04-06 | 迈普通信技术股份有限公司 | AAA implementation method and system in stacking system |
| CN106230740A (en) * | 2016-08-23 | 2016-12-14 | 杭州华三通信技术有限公司 | Message forwarding method in a kind of VXLAN and device |
| CN108076123A (en) * | 2016-11-11 | 2018-05-25 | 腾讯科技(深圳)有限公司 | Webpage adjustment method, apparatus and system |
| CN108076123B (en) * | 2016-11-11 | 2021-08-10 | 腾讯科技(深圳)有限公司 | Webpage debugging method, device and system |
| CN108366083A (en) * | 2017-07-03 | 2018-08-03 | 新华三技术有限公司 | The method and apparatus for preventing subscriber network access from interrupting |
| CN108366083B (en) * | 2017-07-03 | 2021-02-26 | 新华三技术有限公司 | Method and device for preventing user network access from being interrupted |
| CN110290124B (en) * | 2019-06-14 | 2022-09-30 | 杭州迪普科技股份有限公司 | Switch input port blocking method and device |
| CN110290124A (en) * | 2019-06-14 | 2019-09-27 | 杭州迪普科技股份有限公司 | A kind of interchanger inbound port blocking-up method and device |
| CN111474885A (en) * | 2020-04-29 | 2020-07-31 | 江苏建筑职业技术学院 | Solar wireless intelligent networking control platform |
| CN114285819A (en) * | 2021-12-29 | 2022-04-05 | 深圳市共进电子股份有限公司 | Method and device for visiting intranet by visitor network, computer equipment and medium |
| CN114785534A (en) * | 2022-01-06 | 2022-07-22 | 新华三技术有限公司 | Communication method and device |
| CN114785534B (en) * | 2022-01-06 | 2023-10-27 | 新华三技术有限公司 | Communication method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104601566B (en) | 2018-07-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104601566A (en) | Authentication method and device | |
| US20170034174A1 (en) | Method for providing access to a web server | |
| CN101415012B (en) | Method and system for defending address analysis protocol message aggression | |
| US8886934B2 (en) | Authorizing physical access-links for secure network connections | |
| Winter et al. | Transport layer security (TLS) encryption for RADIUS | |
| CN108881308B (en) | User terminal and authentication method, system and medium thereof | |
| WO2022247751A1 (en) | Method, system and apparatus for remotely accessing application, device, and storage medium | |
| CN110958272B (en) | Identity authentication method, identity authentication system and related equipment | |
| WO2014019451A1 (en) | Method, device, and system for quick notification of cgn exception | |
| CN101459653B (en) | Method for preventing DHCP packet attack based on Snooping technique | |
| US10348687B2 (en) | Method and apparatus for using software defined networking and network function virtualization to secure residential networks | |
| WO2013020501A1 (en) | Method and device for verifying address resolution protocol (arp) request message | |
| CN104426837A (en) | Application specific packet filter method and device of file transfer protocol | |
| CN112910863A (en) | Network tracing method and system | |
| CN104580553A (en) | Identification method and device for network address translation device | |
| WO2010000171A1 (en) | Communication establishing method, system and device | |
| Watsen | NETCONF call home and RESTCONF call home | |
| CN102546428A (en) | System and method for internet protocol version 6 (IPv6) message switching based on dynamic host configuration protocol for IPv6 (DHCPv6) interception | |
| CN105207778A (en) | Method of realizing package identity identification and digital signature on access gateway equipment | |
| CN104662871A (en) | Method and device for securely accessing a web service | |
| CN105592062A (en) | Method and device for remaining IP address unchanged | |
| CN103067411B (en) | Prevent the DoS attack method and apparatus in DS-Lite networking | |
| CN107547621B (en) | Message forwarding method and device | |
| Syed et al. | Analysis of Dynamic Host Control Protocol Implementation to Assess DoS Attacks | |
| JP2005122695A (en) | Authentication method, server computer, client computer, and program therefor |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant after: Xinhua three Technology Co., Ltd. Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant before: Huasan Communication Technology Co., Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |