CN104883410A - Network transmission method and network transmission device - Google Patents
Network transmission method and network transmission device Download PDFInfo
- Publication number
- CN104883410A CN104883410A CN201510262214.0A CN201510262214A CN104883410A CN 104883410 A CN104883410 A CN 104883410A CN 201510262214 A CN201510262214 A CN 201510262214A CN 104883410 A CN104883410 A CN 104883410A
- Authority
- CN
- China
- Prior art keywords
- address
- message
- camouflage
- address information
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network transmission method and a network transmission device. The network transmission method comprises a step of receiving a message from network side equipment; a step of detecting whether an Internet protocol IP address requested in the message is included in preset first camouflage address information or not if the message is an address resolution protocol APP request message, wherein the first camouflage address information includes a to-be-camouflaged IP address and a corresponding pseudo physical address; and a step of sending an APP response message carrying a pseudo physical address of the first camouflage address information to the network side equipment if the IP address requested in the message is included in the preset first camouflage address information. The technical scheme provided by the invention provides a new network attack defending method, the maintenance cost and the management difficulty of network security can be effectively reduced, and the security and the reliability of the network are improved.
Description
Technical field
The present invention relates to communication field, be specifically related to a kind of network transfer method and network transmission device.
Background technology
Address resolution protocol (ARP, Address Resolution Protocol) is a transmission control protocol (TCP, Transmission Control the Protocol)/IP agreement according to IP address acquisition physical address.During main frame transmission information, the ARP request message comprising target ip address is broadcast to the All hosts on network, and receives ARP back message, determine the physical address (MAC, Media AccessControl) of destination host with this.ARP is an early stage procotol, and it utilizes the inundation feature of Ethernet, can be used for inquiring about the MAC of main frame very easily.Internet protocol address (IP, Internet Protocol Address) springboard attack be a kind of common network penetration technology, assailant is when the main frame using First invaded is as springboard invasion intranet host, usually all Port Scan Techniques can be used, the weak spot of destination host is found by the known port of target of investication main frame, thus offensive attack.
At present, the conventional LAN safety technology that prevents mainly contains intrusion prevention system (IPS, Intrusion Prevention System), the method such as intruding detection system (IDS, Intrusion Detection Systems) antivirus software, Network Isolation and deployment trap honey jar.
But there is following problem in existing LAN safety technology:
1, majority is remedial technique: such as IPS/IDS, antivirus software etc., all must rely on the characteristic of malware analysis of cloud server, needs constantly to upgrade;
2, cost is higher: such as higher owing to serving the cost of frequently restarting, and usually only can change a lower port in first time, when threatening (APT, Advanced Persistent Threat) in the face of senior continuation, still there is very large may being guessed; The mode of disposing trap honey jar takies hardware resource due to needs, is difficult to dispose a lot of platform simultaneously;
3, management not easily: IPS, IDS and antivirus software etc. all need regular upgrading, and detectability lacks standard, and effect is uncontrollable; During comparatively large or frequent variation, management is not easily in network size for Network Isolation.
Summary of the invention
The invention provides a kind of network transfer method and network transmission device, for reducing maintenance cost and the management difficulty of network security, improve the safety and reliability of network.
First aspect present invention provides a kind of network transfer method, comprising:
Receive the message from network equipment;
If above-mentioned message is ARP request message, whether then detect the internet protocol address of asking in above-mentioned message is present in the first default camouflage address information, wherein, above-mentioned first camouflage address information comprises the IP address of needs camouflage and pseudo-physical address;
The IP address of asking in above-mentioned message if detect is present in above-mentioned first camouflage address information, then send the ARP back message of the pseudo-physical address carried in above-mentioned first camouflage address information to above-mentioned network equipment.
Second aspect present invention provides a kind of network transmission device, comprising:
First receiving element, for receiving the message from network equipment;
First detecting unit, for when the message that above-mentioned first receiving element receives is ARP request message, whether detect the internet protocol address of asking in above-mentioned message is present in the first default camouflage address information, wherein, above-mentioned first camouflage address information comprises the IP address of needs camouflage and pseudo-physical address;
Transmitting element, during for detecting that when above-mentioned first detecting unit the internet protocol address of asking in above-mentioned message is present in the first default camouflage address information, send the ARP back message of the pseudo-physical address carried in above-mentioned first camouflage address information to above-mentioned network equipment.
Therefore, the ARP request message from network equipment is being received in the present invention, and the IP address of this ARP request message request is when being present in default first camouflage address information, the ARP back message of the pseudo-physical address carried in the first camouflage address information is sent to this network equipment, make malice scanning person and assailant only can detect through camouflage pseudo-physical address, thus add the ability of main frame and the anti-scanner uni attack resistance of place local area network (LAN), improve the safety and reliability of network, in addition, relative to existing LAN safety technology, this programme does not need frequently to upgrade, effectively reduce maintenance cost and the management difficulty of network security.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is a kind of network transfer method provided by the invention embodiment schematic flow sheet;
Fig. 2 is another embodiment schematic flow sheet of a kind of network transfer method provided by the invention
Fig. 3 is a kind of network transmission device provided by the invention example structure schematic diagram.
Embodiment
For making goal of the invention of the present invention, feature, advantage can be more obvious and understandable, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, and not all embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
The embodiment of the present invention provides a kind of network transfer method, comprising: receive the message from network equipment; If above-mentioned message is ARP request message, whether then detect the internet protocol address of asking in above-mentioned message is present in the first default camouflage address information, wherein, above-mentioned first camouflage address information comprises the IP address of needs camouflage and pseudo-physical address; The IP address of asking in above-mentioned message if detect is present in above-mentioned first camouflage address information, then send the ARP back message of the pseudo-physical address carried in above-mentioned first camouflage address information to above-mentioned network equipment.The embodiment of the present invention also provides corresponding network transmission device, is described in detail respectively below.
Be described a kind of network transfer method that the embodiment of the present invention provides below, refer to Fig. 1, the network transfer method in the embodiment of the present invention comprises:
101, the message from network equipment is received;
In the embodiment of the present invention, network transmission device receives the message from network equipment, and particularly, network transmission device receives the message from network equipment from local area network (LAN) (LAN, Local Area Network).Further, network transmission device is resolved this message, to know the type of this message.
If 102 these messages are ARP request message, then detect the IP address of asking in this message and whether be present in the first default camouflage address information;
In the embodiment of the present invention, pre-set the first camouflage address information, this first camouflage address information comprises the IP address of needs camouflage and pseudo-physical address.
Alternatively, this the first camouflage address information can by having with this network transmission device device periodically that communication is connected or being irregularly handed down to this network transmission device, this network transmission device is when receiving the first camouflage address information, this the first camouflage address information is carried out renewal storage thus realizes the first camouflage address information dynamically updating, strengthen the difficulty that assailant cracks main frame true address, the effect of further raising Initiative Defense, also can send gratuitous ARP notifies that other network equipment upgrades its ARP simultaneously.Certainly, this first camouflage address information also can configure control by user by the first camouflage address information that this network transmission device provides and carries out manual input configuration or automatically generate according to certain rule, is not construed as limiting herein.
In the embodiment of the present invention, when the message that network transmission device determining step 101 receives is ARP request message, whether detect the IP address of asking in this message is present in the first default camouflage address information, whether namely detect this ARP request message will ask the IP address of physical address (i.e. MAC Address) to be present in the first default camouflage address information, if be present in the first default camouflage address information, then judge that this ARP request message needs to perform camouflage strategy, network transmission device performs step 103, the IP address of asking in this message if detect is not present in the first default camouflage address information, then perform step 104, or, do not respond or directly forward this message.
103, the ARP back message of a pseudo-MAC Address of carrying in above-mentioned first camouflage address information is sent to above-mentioned network equipment;
In the embodiment of the present invention, when the IP address that this ARP request message of detection is asked is present in the first default camouflage address information, a MAC Address in first camouflage address information is returned to requestor's (i.e. above-mentioned network equipment) by network transmission device, so that requestor thinks that the MAC corresponding to institute's IP address requesting is the MAC Address that network transmission device returns, concrete, this MAC Address is the MAC Address of another IP address, or, also can one be virtual MAC Address, be not construed as limiting herein.Optionally, when the IP address that this ARP request message of detection is asked is present in the first default camouflage address information, the MAC Address of specifying in the first camouflage address information is returned to above-mentioned network equipment by network transmission device, such as, in above-mentioned first camouflage address information, there are mapping relations in an IP address and a pseudo-MAC Address, when the IP address that this ARP request message of detection is asked is present in the first default camouflage address information, the MAC Address corresponding with the IP address that this ARP request message is asked in first camouflage address information is returned to above-mentioned network equipment by ARP back message by network transmission device, or, in above-mentioned first camouflage address information, also mapping relations can be there are with multiple pseudo-MAC Address in an IP address, then when network transmission device detect IP address that this ARP request message asks be present in the first default camouflage address information time, multiple MAC Address that network transmission device is corresponding with the IP address that this ARP request message is asked from the first camouflage address information are random or select a pseudo-MAC Address with other preset rules, by ARP back message, the pseudo-MAC Address selected is returned to above-mentioned network equipment afterwards, or, in the first camouflage address information, also mapping relations can not be there are with MAC Address in IP address, when the IP address of then asking when this ARP request message of detection is present in the first default camouflage address information, network transmission device is random or select a pseudo-MAC Address with other preset rules from the one or more MAC Address the first camouflage address information, by ARP back message, the pseudo-MAC Address selected is returned to above-mentioned network equipment afterwards.
104, the ARP back message carried on the real MAC address corresponding with the IP address of this message request is sent to above-mentioned network equipment;
In the embodiment of the present invention, network transmission device can possess MAC address learning ability, and this MAC address learning ability can with reference to the MAC address learning function of switch.For switch, MAC address learning is described below: when switch receives arbitrary Frame, first it can record the source port of this Frame and the mapping of source MAC, if there is this mapping item in mac address table, then upgrade the life cycle of mapping, if, do not preserve this mapping item in mac address table, so that the forwarding of next time, this function is called MAC address learning ability.Switch can learning MAC address, but can not the ARP inquiry of active response MAC Address non-indigenous.
It should be noted that, in the embodiment of the present invention, when network transmission device detects that the IP address of asking in this message is not present in the first default camouflage address information, the ARP back message carried on the real MAC address corresponding with the IP address of this message request is sent to above-mentioned network equipment, certainly, in other embodiments, when network transmission device detects that the IP address of asking in this message is not present in the first default camouflage address information, network transmission device also can directly forward or abandon this message, or other process is carried out to this message, be not construed as limiting herein.
It should be noted that, the network transmission device in the embodiment of the present invention is specifically as follows switch or other possesses the equipment of exchange route function, is not construed as limiting herein.
Therefore, the ARP request message from network equipment is being received in the present invention, and the IP address of this ARP request message request is when being present in default first camouflage address information, the ARP back message of the pseudo-physical address carried in the first camouflage address information is sent to this network equipment, make malice scanning person and assailant only can detect through camouflage pseudo-physical address, thus add the ability of main frame and the anti-scanner uni attack resistance of place local area network (LAN), improve the safety and reliability of network, in addition, relative to existing LAN safety technology, this programme does not need frequently to upgrade, do not need to take too many hardware resource when cross-VLAN (Vlan, Virtual Local Area Network) is disposed, and, network application layer unaware can be made, effectively reduce maintenance cost and the management difficulty of network security.
Be described a kind of network transfer method in the embodiment of the present invention with another embodiment below, refer to Fig. 2, the network transfer method in the embodiment of the present invention comprises:
201, the message from network equipment is received;
In the embodiment of the present invention, network transmission device receives the message from network equipment, and particularly, network transmission device receives the message from network equipment from LAN.
202, judge whether above-mentioned message is ARP request message;
In the embodiment of the present invention, network transmission device is resolved the message received, to judge whether this message is ARP request message, when network transmission device judges that the message that step 201 receives is ARP request message, enter step 203, when network transmission device judges that the message that step 201 receives is not ARP request message, enter step 206.
Whether 203, detect the IP address of asking in this message is present in the first default camouflage address information;
In the embodiment of the present invention, pre-set the first camouflage address information, this first camouflage address information comprises the IP address of needs camouflage and pseudo-physical address.
Alternatively, this the first camouflage address information can by having with this network transmission device device periodically that communication is connected or being irregularly handed down to this network transmission device, this network transmission device is when receiving the first camouflage address information, this the first camouflage address information is carried out renewal store, thus realize the first camouflage address information and dynamically update, strengthen the difficulty that assailant cracks main frame true address, the effect of further raising Initiative Defense, also can send gratuitous ARP notifies that other network equipment upgrades its ARP simultaneously.Certainly, this first camouflage address information also can configure control by user by the first camouflage address information that this network transmission device provides and carries out manual input configuration or automatically generate according to certain rule, is not construed as limiting herein.
In the embodiment of the present invention, when the message that network transmission device determining step 201 receives is ARP request message, whether detect the IP address of asking in this message is present in the first default camouflage address information, whether namely detect this ARP request message will ask the IP address of physical address (i.e. MAC Address) to be present in the first default camouflage address information, if be present in the first default camouflage address information, then judge that this ARP request message needs to perform camouflage strategy, network transmission device performs step 204, whether the IP address of asking in this message if detect is not present in the first default camouflage address information, then perform step 205.
204, the ARP back message of a pseudo-MAC Address of carrying in above-mentioned first camouflage address information is sent to above-mentioned network equipment;
In the embodiment of the present invention, when the IP address that this ARP request message of detection is asked is present in the first default camouflage address information, a MAC Address in first camouflage address information is returned to requestor's (i.e. above-mentioned network equipment) by network transmission device, so that requestor thinks that the MAC corresponding to institute's IP address requesting is the MAC Address that network transmission device returns, concrete, this MAC Address is the MAC Address of another IP address, or, also can one be virtual MAC Address, be not construed as limiting herein.Optionally, when the IP address that this ARP request message of detection is asked is present in the first default camouflage address information, the MAC Address of specifying in the first camouflage address information is returned to above-mentioned network equipment by network transmission device, such as, in the first camouflage address information, there are mapping relations in an IP address and a pseudo-MAC Address, when the IP address that this ARP request message of detection is asked is present in the first default camouflage address information, the MAC Address corresponding with the IP address that this ARP request message is asked in first camouflage address information is returned to above-mentioned network equipment by ARP back message by network transmission device, or, in above-mentioned first camouflage address information, also mapping relations can be there are with multiple pseudo-MAC Address in an IP address, then when network transmission device detect IP address that this ARP request message asks be present in the first default camouflage address information time, multiple MAC Address that network transmission device is corresponding with the IP address that this ARP request message is asked from the first camouflage address information are random or select a pseudo-MAC Address with other preset rules, by ARP back message, the pseudo-MAC Address selected is returned to above-mentioned network equipment afterwards, or, in the first camouflage address information, also mapping relations can not be there are with MAC Address in IP address, when the IP address of then asking when this ARP request message of detection is present in the first default camouflage address information, network transmission device is random or select a pseudo-MAC Address with other preset rules from the one or more MAC Address the first camouflage address information, by ARP back message, the pseudo-MAC Address selected is returned to above-mentioned network equipment afterwards.
205, the ARP back message carried on the real MAC address corresponding with the IP address of this message request is sent to above-mentioned network equipment;
In the embodiment of the present invention, network transmission device can possess MAC address learning ability, and this MAC address learning ability can with reference to the MAC address learning function of switch.For switch, MAC address learning is described below: when switch receives arbitrary Frame, first it can record the source port of this Frame and the mapping of source MAC, if there is this mapping item in mac address table, then upgrade the life cycle of mapping, if, do not preserve this mapping item in mac address table, so that the forwarding of next time, this function is called MAC address learning ability.Switch can learning MAC address, but can not the ARP inquiry of active response MAC Address non-indigenous.
It should be noted that, in the embodiment of the present invention, when network transmission device detects that the IP address of asking in this message is not present in the first default camouflage address information, the ARP back message carried on the real MAC address corresponding with the IP address of this message request is sent to above-mentioned network equipment, certainly, in other embodiments, when network transmission device detects that the IP address of asking in this message is not present in the first default camouflage address information, network transmission device also can directly forward or abandon this message, or other process is carried out to this message, be not construed as limiting herein.
Whether the destination address 206, detecting above-mentioned message is the camouflage address in the second default camouflage address information;
In the embodiment of the present invention, pre-set the second camouflage address information, this second camouflage address information comprises the mapping relations of the camouflage address of main frame and the true address of main frame.Concrete, camouflage address and the corresponding true address of the main frame comprised in this second camouflage address information comprise one or more combinations following: IP address, logical port number, vlan identification number (i.e. vlan tag) and MAC Address.
Alternatively, this the second camouflage address information can by having with this network transmission device device periodically that communication is connected or being irregularly handed down to this network transmission device, this network transmission device is when receiving the second camouflage address information, this the second camouflage address information is carried out renewal store, thus realize the second camouflage address information and dynamically update, strengthen the difficulty that assailant cracks main frame true address, improve the effect of Initiative Defense further.Certainly, this second camouflage address information also can configure control by user by the second camouflage address information that this network transmission device provides and carry out manual input configuration, is not construed as limiting herein.
In the embodiment of the present invention, when the message that network transmission device determining step 201 receives is not for ARP request message, whether the destination address detecting this message is the camouflage address in the second default camouflage address information, if detect that the destination address of this message is the camouflage address in the second default camouflage address information, then judge that this message needs to perform camouflage strategy, network transmission device performs step 207, if detect that the destination address of this message does not pretend the camouflage address in address information for preset second, then perform step 208.
207, according to the mapping relations of camouflage address and the true address in the second camouflage address information, the destination address in above-mentioned message be converted to corresponding true address and forward the message after changing;
In the embodiment of the present invention, the message received when network transmission device determining step 201 is not ARP request message, and the destination address detecting this message is when being the camouflage address in default second camouflage address information, network transmission device is according to the camouflage address in the second camouflage address information and the mapping relations of true address, destination address in above-mentioned message is converted to corresponding true address, set up address transition with true main frame to be afterwards connected, setting up after address transition is connected with true main frame, exchange message by this connection and true main frame.
Further, after step 207, the source address of the message being sent to network equipment from true main frame is converted to the camouflage address of main frame by network transmission device.Concrete step is as follows: network transmission device receives the message of from host; According to the mapping relations of camouflage address and the true address in the second camouflage address information, the source address in the message of from host is in the future converted to corresponding camouflage address and forwards the message after changing.
208, directly this message is forwarded;
In the embodiment of the present invention, the message received when network transmission device determining step 201 is not ARP request message, and the destination address detecting this message for a camouflage address in the second camouflage address information of presetting time, network transmission device directly forwards this message, or, in other embodiments, network transmission device also can abandon this message or adopt other strategy to process this message, is not construed as limiting herein.
It should be noted that, the network transmission device in the embodiment of the present invention is specifically as follows switch or other possesses the equipment of exchange route function, is not construed as limiting herein.
Therefore, the ARP request message from network equipment is being received in the present invention, and the IP address of this ARP request message request is when being present in default first camouflage address information, the ARP back message of the pseudo-physical address carried in the first camouflage address information is sent to this network equipment, make malice scanning person and assailant only can detect through camouflage pseudo-physical address, thus add the ability of main frame and the anti-scanner uni attack resistance of place local area network (LAN), improve the safety and reliability of network management, in addition, relative to existing LAN safety technology, this programme does not need frequently to upgrade, do not need to take too many hardware resource when disposing honey jar across Vlan, and, network application layer unaware can be made, effectively reduce maintenance cost and the management difficulty of network security.In addition, when disposing honey jar, effectively logical port information can be hidden.
Scheme in the embodiment of the present invention is applied in local area network (LAN), also has following advantage:
1, concerning the application layer on main frame, this improvement can not produce any impact, is unaware, transparent;
2, concerning the attack of malice and scanning person, the local area network (LAN) logical topology that it scans, is through camouflage, cannot simply judges to increase the difficulty of its detecting host leak by the network service that its main frame provides from port numbers;
3, this programme can by camouflage address information issue automation, like this, concerning attack maliciously and scanning person, its network scanned may be dynamically changeable, just reach the effect of Network traffic model intelligence change, increase the difficulty of its detecting host leak further, if coordinate the mode first set up new address transition, delete old address conversion again, the packet loss that when can greatly reduce to pretend address dynamic mapping, legitimate packet exchanges, reaches better Consumer's Experience;
What 4, network management personnel can use the scheme in the embodiment of the present invention to realize low cost invents multiple honey jar and trap by the honey jar on network and trap across Vlan, and the network fingerprinting of fuzzy honey jar (i.e. logical port number), thus reduce the possibility that malicious attacker detects honey jar, increase the probability that malicious attacker jumps into honey jar, enhance the effective utilization of honey jar.
Be described the network transmission device in the embodiment of the present invention with another embodiment below, refer to Fig. 3, the network transmission device 300 in the embodiment of the present invention comprises:
First receiving element 301, for receiving the message from network equipment;
First detecting unit 302, for when the message that the first receiving element 301 receives is ARP request message, whether detect the internet protocol address of asking in above-mentioned message is present in the first default camouflage address information, wherein, above-mentioned first camouflage address information comprises the IP address of needs camouflage and pseudo-physical address;
Transmitting element 303, during for detecting that when the first detecting unit 302 internet protocol address of asking in above-mentioned message is present in the first default camouflage address information, send the ARP back message of the pseudo-physical address carried in above-mentioned first camouflage address information to above-mentioned network equipment.
Optionally, the network transmission device in the embodiment of the present invention also comprises:
Second detecting unit, for when the message that the first receiving element 301 receives is not for ARP request message, whether the destination address detecting above-mentioned message is the camouflage address in the second default camouflage address information, wherein, comprise in above-mentioned second camouflage address information: the mapping relations of the camouflage address of main frame and the true address of main frame;
Transmitting element 303 also for: when above-mentioned second detecting unit detect the destination address of above-mentioned message be above-mentioned second camouflage address information in a camouflaging purpose address time, according to the mapping relations of above-mentioned camouflage address and true address, the destination address in above-mentioned message is converted to corresponding true address and message after forwarding conversion.
Optionally, the network transmission device in the embodiment of the present invention also comprises: the second receiving element, for receiving the message of from host; Transmitting element 303 also for: according to the mapping relations of above-mentioned camouflage address and true address, by above-mentioned come from host message in source address be converted to corresponding camouflage address and the message forwarded after conversion.
Optionally, transmitting element 303 also for: when the destination address that above-mentioned second detecting unit detects above-mentioned message is for a camouflage address in the second camouflage address information of presetting, directly forwards above-mentioned message or abandon above-mentioned message.
Optionally, the network transmission device in the embodiment of the present invention also comprises: the 3rd receiving element, for receiving the first camouflage address information; Upgrade memory cell, the first camouflage address information for being received by above-mentioned 3rd receiving element is carried out renewal and is stored.Optionally, above-mentioned 3rd receiving element, for receiving the first camouflage address information; Above-mentioned renewal memory cell, the first camouflage address information for being received by above-mentioned 3rd receiving element is carried out renewal and is stored.
It should be noted that, the network transmission device in the embodiment of the present invention is specifically as follows switch or other possesses the equipment of exchange route function, is not construed as limiting herein.
Should understand, network transmission device in the embodiment of the present invention can as the network transmission device mentioned in above-mentioned embodiment of the method, may be used for the whole technical schemes realized in said method embodiment, the function of its each functional module can according to the method specific implementation in said method embodiment, its specific implementation process can refer to the associated description in above-described embodiment, repeats no more herein.
Therefore, the ARP request message from network equipment is being received in the present invention, and the IP address of this ARP request message request is when being present in default first camouflage address information, the ARP back message of the pseudo-physical address carried in the first camouflage address information is sent to this network equipment, make malice scanning person and assailant only can detect through camouflage pseudo-physical address, thus add the ability of main frame and the anti-scanner uni attack resistance of place local area network (LAN), improve the safety and reliability of network management, in addition, relative to existing LAN safety technology, this programme does not need frequently to upgrade, do not need to take too many hardware resource yet, effectively reduce maintenance cost and the management difficulty of network security.
In several embodiments that the application provides, should be understood that disclosed apparatus and method can realize by another way.Such as, device embodiment described above is only schematic, such as, the division of said units, be only a kind of logic function to divide, actual can have other dividing mode when realizing, such as multiple unit or assembly can in conjunction with or another system can be integrated into, or some features can be ignored, or do not perform.Another point, shown or discussed coupling each other or direct-coupling or communication connection can be by some interfaces, and the indirect coupling of device or unit or communication connection can be electrical, machinery or other form.
The above-mentioned unit illustrated as separating component or can may not be and physically separates, and the parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of unit wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, also can be that the independent physics of unit exists, also can two or more unit in a unit integrated.Above-mentioned integrated unit can adopt the various combination of software, firmware and/or hardware to realize.
Above-mentioned integrated unit can at network element (such as interchanger, router, bridger, fire compartment wall etc.) upper realization, network element mentioned here is a networking gear, comprise software restraint, its communication on other equipment on network (such as, other network elements, terminal station etc.) interconnection, some network elements are multifunctional network elements, its be multiple networking function (such as, Route Selection, bridge joint, exchange, the second layer is polymerized, session-orient E-Service, service quality and/or user management) provide support and/or provide support for multiple application service.
If above-mentioned integrated unit using the form of SFU software functional unit realize and as independently production marketing or use time, can be stored in a computer read/write memory medium.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words or all or part of of this technical scheme can embody with the form of software product, this computer software product is stored in a storage medium, comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform all or part of step of each embodiment said method of the present invention.And aforesaid storage medium comprises: USB flash disk, portable hard drive, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. various can be program code stored medium.
It should be noted that, for aforesaid each embodiment of the method, in order to easy description, therefore it is all expressed as a series of combination of actions, but those skilled in the art should know, the present invention is not by the restriction of described sequence of movement, because according to the present invention, some step can adopt other order or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in specification all belongs to preferred embodiment, and involved action and module might not be all that the present invention is necessary.
In the above-described embodiments, the description of each embodiment is all emphasized particularly on different fields, in certain embodiment, there is no the part described in detail, can see the associated description of other embodiment.
It is more than the description to a kind of network transfer method provided by the present invention and network transmission device, for one of ordinary skill in the art, according to the thought of the embodiment of the present invention, all will change in specific embodiments and applications, to sum up, this description should not be construed as limitation of the present invention.
Claims (10)
1. a network transfer method, is characterized in that, comprising:
Receive the message from network equipment;
If above-mentioned message is ARP request message, whether then detect the internet protocol address of asking in described message is present in the first default camouflage address information, wherein, described first camouflage address information comprises the IP address of needs camouflage and pseudo-physical address;
The IP address of asking in described message if detect is present in described first camouflage address information, then send the ARP back message of the pseudo-physical address carried in described first camouflage address information to described network equipment.
2. method according to claim 1, is characterized in that, described reception, from the message of network equipment, comprises afterwards:
If described message is not ARP request message, whether the destination address then detecting described message is the camouflage address in the second default camouflage address information, wherein, comprise in described second camouflage address information: the mapping relations of the camouflage address of main frame and the true address of main frame.Wherein, described address can comprise: IP, MAC, Vlan, logical port number;
If detect, the destination address of described message is the camouflaging purpose address in described second camouflage address information, then: according to the mapping relations of described camouflage address and true address, the destination address in described message is converted to corresponding true address and message after forwarding conversion.
3. method according to claim 2, is characterized in that, described being converted to by destination address in message after corresponding true address also forwards the message method after changing also comprises:
Receive the message of from host;
According to the mapping relations of described camouflage address and true address, by described come from host message in source address be converted to corresponding camouflage address and the message forwarded after conversion.
4. the method according to any one of claims 1 to 3, is characterized in that, comprises before the message of described reception from network equipment:
Receive the first camouflage address information;
Receive first camouflage address information is carried out renewal store.
5. method according to claim 4, is characterized in that, comprises before the message of described reception from network equipment:
Receive the second camouflage address information;
Receive second camouflage address information is carried out renewal store.
6. a network transmission device, is characterized in that, comprising:
First receiving element, for receiving the message from network equipment;
First detecting unit, for when the message that described first receiving element receives is ARP request message, whether detect the internet protocol address of asking in described message is present in the first default camouflage address information, wherein, described first camouflage address information comprises the IP address of needs camouflage and pseudo-physical address;
Transmitting element, during for detecting that when described first detecting unit the internet protocol address of asking in described message is present in the first default camouflage address information, send the ARP back message of the pseudo-physical address carried in described first camouflage address information to described network equipment.
7. network transmission device according to claim 6, is characterized in that, described network transmission device also comprises:
Second detecting unit, for when the message that described first receiving element receives is not for ARP request message, whether the destination address detecting described message is the camouflage address in the second default camouflage address information, wherein, comprise in described second camouflage address information: the mapping relations of the camouflage address of main frame and the true address of main frame;
Described transmitting element also for: when described second detecting unit detect the destination address of described message be described second camouflage address information in a camouflaging purpose address time, according to the mapping relations of described camouflage address and true address, the destination address in described message is converted to corresponding true address and message after forwarding conversion.
8. network transmission device according to claim 7, is characterized in that, described network transmission device also comprises: the second receiving element, for receiving the message of from host;
Described transmitting element also for: according to the mapping relations of described camouflage address and true address, by described come from host message in source address be converted to corresponding camouflage address and the message forwarded after conversion.
9. the network transmission device according to any one of claim 6 to 8, is characterized in that, described network transmission device also comprises:
3rd receiving element, for receiving the first camouflage address information;
Upgrade memory cell, the first camouflage address information for being received by described 3rd receiving element is carried out renewal and is stored.
10. network transmission device according to claim 9, is characterized in that, described 3rd receiving element, also for receiving the second camouflage address information;
Described renewal memory cell, the first camouflage address information also for being received by described 3rd receiving element is carried out renewal and is stored.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510262214.0A CN104883410B (en) | 2015-05-21 | 2015-05-21 | A kind of network transfer method and network transmission device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510262214.0A CN104883410B (en) | 2015-05-21 | 2015-05-21 | A kind of network transfer method and network transmission device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104883410A true CN104883410A (en) | 2015-09-02 |
| CN104883410B CN104883410B (en) | 2018-03-02 |
Family
ID=53950743
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510262214.0A Active CN104883410B (en) | 2015-05-21 | 2015-05-21 | A kind of network transfer method and network transmission device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104883410B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105721442A (en) * | 2016-01-22 | 2016-06-29 | 耿童童 | Spurious response system and method based on dynamic variation and network security system and method |
| CN105721457A (en) * | 2016-01-30 | 2016-06-29 | 耿童童 | Network security defense system and network security defense method based on dynamic transformation |
| CN106302525A (en) * | 2016-09-27 | 2017-01-04 | 黄小勇 | A kind of cyberspace security defend method and system based on camouflage |
| CN108243262A (en) * | 2016-12-26 | 2018-07-03 | 大唐移动通信设备有限公司 | Learning method, device and the network three-layer equipment of ARP table |
| CN110650154A (en) * | 2019-07-03 | 2020-01-03 | 广州非凡信息安全技术有限公司 | System and method for deploying virtual honeypots in multiple network segments based on real network environment |
| CN111385236A (en) * | 2018-12-27 | 2020-07-07 | 北京卫达信息技术有限公司 | Dynamic defense system based on network spoofing |
| CN111786940A (en) * | 2020-05-07 | 2020-10-16 | 宁波小遛共享信息科技有限公司 | Data processing method and device |
| CN107770072B (en) * | 2016-08-18 | 2021-01-08 | 阿里巴巴集团控股有限公司 | Method and equipment for sending and receiving message |
| CN113141347A (en) * | 2021-03-16 | 2021-07-20 | 中国科学院信息工程研究所 | Social work information protection method and device, electronic equipment and storage medium |
| CN115065494A (en) * | 2022-04-02 | 2022-09-16 | 北京北信源软件股份有限公司 | Method, device, equipment and medium for establishing network connection |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1411208A (en) * | 2002-04-23 | 2003-04-16 | 华为技术有限公司 | Method of guarding network attack |
| CN1585346A (en) * | 2004-05-28 | 2005-02-23 | 南京邮电学院 | Method for realizing chaff network data flow heavy orientation |
| CN1604586A (en) * | 2003-09-29 | 2005-04-06 | 华为技术有限公司 | A method for preventing counterfeit host in IP Ethernet |
| CN101123614A (en) * | 2007-09-04 | 2008-02-13 | 中兴通讯股份有限公司 | A method and communication device for processing address parsing protocol packet |
| CN101635713A (en) * | 2009-06-09 | 2010-01-27 | 北京安天电子设备有限公司 | Method and system for preventing local area network ARP defection attacks |
| JP2010118745A (en) * | 2008-11-11 | 2010-05-27 | Sumitomo Electric System Solutions Co Ltd | Quarantine control device, quarantine controlling computer program, communication jamming method, terminal device, agent computer program, computer program set, and incorrect learning processing method |
| CN104427004A (en) * | 2013-08-19 | 2015-03-18 | 北京怀教网络技术服务有限公司 | ARP message management method based on network equipment |
-
2015
- 2015-05-21 CN CN201510262214.0A patent/CN104883410B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1411208A (en) * | 2002-04-23 | 2003-04-16 | 华为技术有限公司 | Method of guarding network attack |
| CN1604586A (en) * | 2003-09-29 | 2005-04-06 | 华为技术有限公司 | A method for preventing counterfeit host in IP Ethernet |
| CN1585346A (en) * | 2004-05-28 | 2005-02-23 | 南京邮电学院 | Method for realizing chaff network data flow heavy orientation |
| CN101123614A (en) * | 2007-09-04 | 2008-02-13 | 中兴通讯股份有限公司 | A method and communication device for processing address parsing protocol packet |
| JP2010118745A (en) * | 2008-11-11 | 2010-05-27 | Sumitomo Electric System Solutions Co Ltd | Quarantine control device, quarantine controlling computer program, communication jamming method, terminal device, agent computer program, computer program set, and incorrect learning processing method |
| CN101635713A (en) * | 2009-06-09 | 2010-01-27 | 北京安天电子设备有限公司 | Method and system for preventing local area network ARP defection attacks |
| CN104427004A (en) * | 2013-08-19 | 2015-03-18 | 北京怀教网络技术服务有限公司 | ARP message management method based on network equipment |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105721442B (en) * | 2016-01-22 | 2019-03-22 | 北京卫达信息技术有限公司 | Based on dynamic mapping false response system, method and network safety system and method |
| CN105721442A (en) * | 2016-01-22 | 2016-06-29 | 耿童童 | Spurious response system and method based on dynamic variation and network security system and method |
| CN105721457A (en) * | 2016-01-30 | 2016-06-29 | 耿童童 | Network security defense system and network security defense method based on dynamic transformation |
| CN105721457B (en) * | 2016-01-30 | 2019-04-30 | 北京卫达信息技术有限公司 | Network security protection system and network security defence method based on dynamic mapping |
| CN107770072B (en) * | 2016-08-18 | 2021-01-08 | 阿里巴巴集团控股有限公司 | Method and equipment for sending and receiving message |
| CN106302525A (en) * | 2016-09-27 | 2017-01-04 | 黄小勇 | A kind of cyberspace security defend method and system based on camouflage |
| CN106302525B (en) * | 2016-09-27 | 2021-02-02 | 黄小勇 | Network space security defense method and system based on camouflage |
| CN108243262A (en) * | 2016-12-26 | 2018-07-03 | 大唐移动通信设备有限公司 | Learning method, device and the network three-layer equipment of ARP table |
| CN108243262B (en) * | 2016-12-26 | 2020-04-21 | 大唐移动通信设备有限公司 | ARP table learning method and device and network three-layer equipment |
| CN111385236A (en) * | 2018-12-27 | 2020-07-07 | 北京卫达信息技术有限公司 | Dynamic defense system based on network spoofing |
| CN110650154A (en) * | 2019-07-03 | 2020-01-03 | 广州非凡信息安全技术有限公司 | System and method for deploying virtual honeypots in multiple network segments based on real network environment |
| CN111786940A (en) * | 2020-05-07 | 2020-10-16 | 宁波小遛共享信息科技有限公司 | Data processing method and device |
| CN113141347A (en) * | 2021-03-16 | 2021-07-20 | 中国科学院信息工程研究所 | Social work information protection method and device, electronic equipment and storage medium |
| CN113141347B (en) * | 2021-03-16 | 2022-06-10 | 中国科学院信息工程研究所 | Social work information protection method and device, electronic equipment and storage medium |
| CN115065494A (en) * | 2022-04-02 | 2022-09-16 | 北京北信源软件股份有限公司 | Method, device, equipment and medium for establishing network connection |
| CN115065494B (en) * | 2022-04-02 | 2023-11-14 | 北京北信源软件股份有限公司 | Method, device, equipment and medium for establishing network connection |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104883410B (en) | 2018-03-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104883410A (en) | Network transmission method and network transmission device | |
| US11153336B2 (en) | Network security analysis for smart appliances | |
| CN110445770B (en) | Network attack source positioning and protecting method, electronic equipment and computer storage medium | |
| US9497213B2 (en) | System and method to manage sinkholes | |
| CN112769771A (en) | Network protection method, system and system architecture based on false topology generation | |
| CN107135187A (en) | Preventing control method, the apparatus and system of network attack | |
| CN112134891B (en) | Configuration method, system and monitoring method for generating multiple honey can nodes by single host based on linux system | |
| CN103607399A (en) | Special IP network safety monitor system and method based on hidden network | |
| US7596808B1 (en) | Zero hop algorithm for network threat identification and mitigation | |
| CN111683106B (en) | Active protection system and method | |
| CN112688900B (en) | Local area network safety protection system and method for preventing ARP spoofing and network scanning | |
| CN101834870A (en) | Method and device for preventing deceptive attack of MAC (Medium Access Control) address | |
| CN106302525B (en) | Network space security defense method and system based on camouflage | |
| CN102737119A (en) | Searching method, filtering method and related equipment and systems of uniform resource locator | |
| CN108092940A (en) | The means of defence and relevant device of a kind of DNS | |
| CN101931627B (en) | Security detection method, security detection device and network equipment | |
| CN103780589A (en) | Virus prompting method, client-terminal device and server | |
| CN101330409A (en) | Method and system for detecting network loophole | |
| US20220239671A1 (en) | Impeding forecast threat propagation in computer networks | |
| CN111698221B (en) | Message processing method, entry, device, storage medium and processor | |
| CN108282786B (en) | Method and equipment for detecting DNS spoofing attack in wireless local area network | |
| KR20170109949A (en) | Method and apparatus for enhancing network security in dynamic network environment | |
| Guo et al. | IoTSTEED: Bot-side defense to IoT-based DDoS attacks (extended) | |
| Kishimoto et al. | An adaptive honeypot system to capture ipv6 address scans | |
| US20220272107A1 (en) | Impeding location threat propagation in computer networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20160413 Address after: 200433, room 1945, 1402 Siping Road, Shanghai, Yangpu District Applicant after: Shanghai Hujing Information Technology Co., Ltd. Address before: 518000, Changhong building, Nanshan District Science Park, Shenzhen, Guangdong Province, China 903 Applicant before: Shenzhen chin or cheek and network technology Co., Ltd |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |