CN105282035A - IP-address-bounce-based high-security network communication method - Google Patents
IP-address-bounce-based high-security network communication method Download PDFInfo
- Publication number
- CN105282035A CN105282035A CN201510754125.8A CN201510754125A CN105282035A CN 105282035 A CN105282035 A CN 105282035A CN 201510754125 A CN201510754125 A CN 201510754125A CN 105282035 A CN105282035 A CN 105282035A
- Authority
- CN
- China
- Prior art keywords
- address
- main frame
- host
- sent
- agreement
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention, which relates to the technical field of information security, discloses an IP-address-bounce -based high-security network communication method. The method is characterized in that the method comprises: step1, a first host and a second host carry out IP address synchronous handshake communication, so that the second host sends information representing an IP address of a current time period to the first host conveniently, wherein the second host has a plurality of IP addresses and the IP addresses are switched automatically according to an IP address switching protocol of the second host; step 2, the first host cut to-be-sent data into a plurality of segments and then the cut data segments are packaged into different data packets; step 3, the first host sends one data packet to the IP address of the second host during the current time period; and step 4, the first host determines the IP address of the second host during a next time period according to the IP address switching protocol of the second host and a next data packet is sent to the IP address; and the step 4 is repeated until the first host send all to-be-sent data to the second host.
Description
Technical field
The present invention relates to field of information security technology, especially a kind of high secure network communication method of beating based on IP address.
Background technology
In current network, main frame generally only has an IP address, and is easy to be obtained by other people.If this main frame is used for confidential departments, so other people intercept and capture the data of the transmission of this main frame and reception easily via its IP address, and information security exists very large hidden danger.
For above-mentioned present situation, necessary proposition builds the new tool of comparatively safe communication based on incontrollable network, builds the new tool realizing secure communication based on incontrollable network, solves End-to-End Security communication issue.
Summary of the invention
Technical problem to be solved by this invention is: for above-mentioned Problems existing, provides a kind of high secure network communication method of beating based on IP address.
The technical solution used in the present invention is as follows, comprising:
Step 1: the first main frame and the second main frame carry out IP address synchronization handshake communication so that the information of the IP address characterizing its present period is sent to the first main frame by the second main frame; Wherein, the second main frame has multiple IP address, and automatically switches according to the IP address switchover agreement of self in its IP address;
Step 2: data truncation to be sent is some sections by the first main frame, is then encapsulated in different packets by blocking the data segment obtained;
Step 3: the first main frame sends a packet to the IP address of the second main frame in described present period;
Step 4: the first main frame determines the IP address of the second main frame in the ensuing period according to the IP address switchover agreement of its local the second main frame stored, and sends next packet to this IP address;
Repeat step 4 until data to be sent are all sent in the second main frame by the first main frame.
Further, the first main frame has multiple IP address, and automatically switches according to the IP address switchover agreement of self in its IP address.
Further, described IP address switchover agreement determines the IP address of main frame in different time sections.
Further, the time interval that in adjustment IP address switchover agreement, IP switches with M the packet enabling information to be sent and the be divided into channel corresponding in N number of different IP address, wherein M >=N.
Owing to have employed technique scheme, the invention has the beneficial effects as follows:
The present invention is by host IP address " beating ", carry out segment encapsulation to data to be sent, thus reach packet data package and transmitted by different routed path at random, the information that effectively reduces transmit in incontrollable network intercepted and captured, monitored probability, meanwhile, the network attack for particular ip address can be resisted.
Accompanying drawing explanation
Examples of the present invention will be described by way of reference to the accompanying drawings, wherein:
Fig. 1 is the schematic diagram that the present invention builds virtual multiple communication channels.
Fig. 2 is that the end-to-end IP address of the present invention is to schematic diagram of synchronously beating.
Embodiment
All features disclosed in this specification, or the step in disclosed all methods or process, except mutually exclusive feature and/or step, all can combine by any way.
Arbitrary feature disclosed in this specification, unless specifically stated otherwise, all can be replaced by other equivalences or the alternative features with similar object.That is, unless specifically stated otherwise, each feature is an example in a series of equivalence or similar characteristics.
A kind of high secure network communication method of beating based on IP address provided by the invention, comprises and builds virtual multiple communication channels and end-to-end IP address to two parts of synchronously beating.
See Fig. 1, building virtual multiple communication channels and refer to a multiple IP address of host assignment, by changing main frame local ip address at random, fictionalizing multiple communication channels.
Concrete, main frame stores the IP address switchover agreement of himself and the IP address switchover agreement of main frame that communicates with it.In the present embodiment, IP address switchover agreement is a form, describes the IP address of main frame in different time sections in form.Main frame has multiple according to the implementation method of IP address switchover protocol switching own IP address.
Wherein one is, main frame is connected with the Internet by network interface card, network interface card is determined the IP address of the main frame in self present period according to IP address switchover agreement and is jumped on this IP address by the IP address of network interface card self, and the external IP address of this main frame is the current IP address of network interface card.
Another kind method is, main frame is connected with the Internet by router, router determines the IP address of the main frame in self present period according to IP address switchover agreement and by the IP address maps of router self on this IP address, the external IP address of this main frame is the current IP address of router.
See Fig. 2, when end-to-end IP address refers to synchronously beating and carries out data communication between two main frames, send the IP address of a root according to the other side in the IP address switchover agreement determination present period of the other side of data, and by this IP address of Packet Generation.IP address synchronization handshake communication can be carried out before two main frames carry out transfer of data, in the IP address synchronization handshake communication stage, be at least the IP address determining oneself present period as the main frame of data receiver according to IP address switchover agreement, and send to the main frame as data receiver.In other embodiments, also can be both sides' main frame all to send in present period self IP address to the other side, and then reach the object of IP address synchronization.
Send to host B the implementation procedure that the example of data further illustrates the inventive method below in conjunction with host A.
Host A and host B first carry out IP address synchronization handshake communication.
Data truncation to be sent is 3 data segments by host A, is then encapsulated in 3 packets by corresponding for these 3 data segments.
Host A sends a packet to the IP address of host B in present period.
Host A stores the IP address switchover agreement of host B, it determines the IP address of host B in the ensuing time period according to the IP address switchover agreement of host B.Host A sends second packet to this IP address.
Host A again determine to fetch again according to the IP address switchover agreement of host B under period in the IP address of host B, and send the 3rd packet to this IP address described.
In the present embodiment, the sending order of packet is variable at random, adjustment IP switch the time interval information to be sent is divided into M packet data package in N number of different channel, wherein M >=N.
The present invention is not limited to aforesaid embodiment.The present invention expands to any new feature of disclosing in this manual or any combination newly, and the step of the arbitrary new method disclosed or process or any combination newly.
Claims (4)
1., based on the high secure network communication method beated in IP address, it is characterized in that, comprising:
Step 1: the first main frame and the second main frame carry out IP address synchronization handshake communication so that the information of the IP address characterizing its present period is sent to the first main frame by the second main frame; Wherein, the second main frame has multiple IP address, and automatically switches according to the IP address switchover agreement of self in its IP address;
Step 2: data truncation to be sent is some sections by the first main frame, is then encapsulated in different packets by blocking the data segment obtained;
Step 3: the first main frame sends a packet to the IP address of the second main frame in described present period;
Step 4: the first main frame determines the IP address of the second main frame in the ensuing period according to the IP address switchover agreement of its local the second main frame stored, and sends next packet to this IP address;
Repeat step 4 until data to be sent are all sent in the second main frame by the first main frame.
2. a kind of high secure network communication method of beating based on IP address according to claim 1, it is characterized in that, the first main frame has multiple IP address, and automatically switches according to the IP address switchover agreement of self in its IP address.
3. a kind of high secure network communication method of beating based on IP address according to claim 1 and 2, it is characterized in that, described IP address switchover agreement determines the IP address of main frame in different time sections.
4. a kind of high secure network communication method of beating based on IP address according to claim 3, it is characterized in that, the time interval that in adjustment IP address switchover agreement, IP switches with M the packet enabling information to be sent and the be divided into channel corresponding in N number of different IP address, wherein M >=N.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510754125.8A CN105282035B (en) | 2015-11-09 | 2015-11-09 | A kind of high safety network communication method based on IP address bounce |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510754125.8A CN105282035B (en) | 2015-11-09 | 2015-11-09 | A kind of high safety network communication method based on IP address bounce |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105282035A true CN105282035A (en) | 2016-01-27 |
CN105282035B CN105282035B (en) | 2018-08-03 |
Family
ID=55150390
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510754125.8A Active CN105282035B (en) | 2015-11-09 | 2015-11-09 | A kind of high safety network communication method based on IP address bounce |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105282035B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018149406A1 (en) * | 2017-02-16 | 2018-08-23 | 中兴通讯股份有限公司 | Ip address hopping method and apparatus for software defined network (sdn) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101283582A (en) * | 2005-10-11 | 2008-10-08 | 三星电子株式会社 | Method and apparatus for transmitting/receiving esg in dvb system |
CN101459530A (en) * | 2007-12-14 | 2009-06-17 | 华为技术有限公司 | Method, system and equipment for wireless network management and maintenance |
CN102244687A (en) * | 2010-05-13 | 2011-11-16 | 华为技术有限公司 | Method, device and system for acquiring multi-address message |
US20130205011A1 (en) * | 2011-10-17 | 2013-08-08 | Hitachi, Ltd. | Service providing system |
-
2015
- 2015-11-09 CN CN201510754125.8A patent/CN105282035B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101283582A (en) * | 2005-10-11 | 2008-10-08 | 三星电子株式会社 | Method and apparatus for transmitting/receiving esg in dvb system |
CN101459530A (en) * | 2007-12-14 | 2009-06-17 | 华为技术有限公司 | Method, system and equipment for wireless network management and maintenance |
CN102244687A (en) * | 2010-05-13 | 2011-11-16 | 华为技术有限公司 | Method, device and system for acquiring multi-address message |
US20130205011A1 (en) * | 2011-10-17 | 2013-08-08 | Hitachi, Ltd. | Service providing system |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018149406A1 (en) * | 2017-02-16 | 2018-08-23 | 中兴通讯股份有限公司 | Ip address hopping method and apparatus for software defined network (sdn) |
Also Published As
Publication number | Publication date |
---|---|
CN105282035B (en) | 2018-08-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104468624B (en) | SDN controllers, routing/exchanging equipment and network defense method | |
US10541899B2 (en) | Data packet sending method and apparatus in IPv6 network | |
CN104506531A (en) | Security defending system and security defending method aiming at flow attack | |
WO2014053979A9 (en) | Methods and devices for adjusting resource management procedures based on machine device capability information | |
MX2017014535A (en) | A terminal device, network device and data transmission method. | |
CN104009827B (en) | A kind of transmission method and equipment of user equipment specific demodulated reference signal | |
BR112012012985A2 (en) | METHOD AND APPARATUS FOR CELL IDENTIFIER SHARING BETWEEN LOCATIONS AND CELL IDENTIFIER DETERMINATION FOR LOCATION IN COOPERATIVE COMMUNICATION. | |
CN104853417A (en) | Digital front end, base band main processing unit and channel function dividing method | |
CN106470116A (en) | A kind of Network Fault Detection and restoration methods and device | |
KR20150081889A (en) | Detecting device for industrial control network intrusion and detecting method of the same | |
CN105323163A (en) | Routing calculation method and device based on ISIS | |
CN104580029A (en) | Address distribution method and device | |
CN105282735A (en) | Privacy protection method and protection system used based on mobile terminal networking | |
CN104301449A (en) | Method and device for modifying IP address | |
RU2015137969A (en) | METHOD FOR RESTRICTING USE OF CHANNELS | |
CN102891850A (en) | Method for preventing parameter resetting in IPSec (IP Security) channel updating | |
CN105282035A (en) | IP-address-bounce-based high-security network communication method | |
US10708174B2 (en) | Communication system, transmitter, receiver, communication method, transmission method, and reception method | |
CN103580845B (en) | A kind of clock synchronizing method based on virtual switch cluster and device | |
CN106549784B (en) | A kind of data processing method and equipment | |
CN104683233B (en) | Shorten the method for active/standby router switching time | |
CN103703843B (en) | System message acquisition method and equipment | |
CN102523150A (en) | Method, device and system for tunnel message processing | |
Shang et al. | Identification and prevention of impersonation attack based on a new flag byte | |
CN104768178A (en) | Heartbeat transmitting method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant |