CN105471615A - Processing method and device of dynamic host configuration protocol (DHCP) information abnormality - Google Patents
Processing method and device of dynamic host configuration protocol (DHCP) information abnormality Download PDFInfo
- Publication number
- CN105471615A CN105471615A CN201410465493.6A CN201410465493A CN105471615A CN 105471615 A CN105471615 A CN 105471615A CN 201410465493 A CN201410465493 A CN 201410465493A CN 105471615 A CN105471615 A CN 105471615A
- Authority
- CN
- China
- Prior art keywords
- message
- relay
- relay forwarding
- dhcpv6
- dhcp
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a processing method and device of dynamic host configuration protocol (DHCP) information abnormality. The processing method comprises a step of obtaining the abnormality type of a DHCPv6 message which is considered as abnormal, a step of configuring a first forwarding path for the DHCPv6 message when the abnormality type is that the DHCPv6 message is a message with an unknown type, and generating a first relay forward message, and a step of sending the first relay forward message to the server according to the first forwarding path. According to the scheme, through obtaining the abnormality type of the DHCPv6 message and configuring the forwarding path for the DHCPv6 message when the abnormality type is that the DHCPv6 message is the unknown type message, the relay forward message is generated and is forwarded out through the forwarding path, the inappropriate discard of the message or the inappropriate processing of the message by other DHCPv6 relay agents to increase a relay agent load caused by that the DHCPv6 relay agent is not clear in how to handle the message is avoided, and the safety and stability of the system are improved effectively.
Description
Technical field
The present invention relates to communication technical field, particularly a kind of processing method of dynamic host configuration protocol DHCP Information abnormity and device.
Background technology
Although compared with DHCPv6 (DynamicHostConfigurationProtocolforIPv6) and other IPv6 address distribution (manual configuration, automatically configured by the network prefix stateless in Router Advertisement message), DHCPv6 has the advantage such as agreement of distributing IP v6 address, IPv6 prefix and other network configuration parameters, but in following several sight, itself but there is inadequate natural endowment in DHCPv6 agreement:
1, when assailant pretends to be client to send a large amount of illegal DHCPv6 request messages to DHCPv6 server, to ask DHCPv6 server to distribute corresponding IPv6 address/prefix and network configuration parameters for it, thus DoS (denial of service) attack will be caused.
2, although DHCPv6 defines as the user in TCP/IP network transmits the technology mechanism of IPv6 configuration information, but DHCPv6 does not provide the processing method of the message packet to UNKNOWN TYPE, simultaneously clearly should by its relaying to server or client after DHCPv6 relay agent receives the DHCPv6 message packet of UNKNOWN TYPE yet, therefore when there is the DHCPv6 message packet of UNKNOWN TYPE, may cause that DHCPv6 relay agent is inappropriate abandons these messages, or cause other DHCPv6 relay agent these messages of inappropriate process, to increase the load of relay agent.
3, when DHCPv6 relaying or server consume corresponding system resource because receiving the message of some exceptions time, prior art does not provide carries out perception fast, tracking obtain the method for abnormal information to DHCPv6 relaying or server exception message.
In above-mentioned sight, if assailant utilizes DHCPv6 agreement these self intrinsic defect and fragility, all can cause corresponding DoS attack, thus increase the load of DHCPv6 server or DHCPv6 relaying, its resource such as CPU, internal memory of a large amount of consumption, until whole system paralysis.
Summary of the invention
The technical problem to be solved in the present invention is to provide a kind of processing method and device of dynamic host configuration protocol DHCP Information abnormity, solves the problem that DHCPv6 agreement in prior art cannot correctly process for the DHCPv6 message packet of UNKNOWN TYPE.
In order to solve the problems of the technologies described above, the embodiment of the present invention provides a kind of processing method of dynamic host configuration protocol DHCP Information abnormity, comprising:
Obtain the Exception Type of the dhcp message message being considered to abnormal;
When described Exception Type be described dhcp message message is UNKNOWN TYPE message, for described dhcp message message configures the first forward-path, and generate the first relay forwarding message;
According to described first forward-path, described first relay forwarding message is sent to server.
Above-mentioned processing method, wherein, the step obtaining the Exception Type of the dhcp message message being considered to abnormal comprises:
Receive the described dhcp message message from client;
Whether extremely, detect described dhcp message message;
If it is abnormal that testing result is described dhcp message message, then inquire about the Exception Type of described dhcp message message.
Above-mentioned processing method, wherein, when described Exception Type be described dhcp message message is UNKNOWN TYPE message, be described dhcp message message configuration forward-path, and the step generating the first relay forwarding message comprises:
PATH is obtained according to global address or site-bound address and prefix;
The first relay forwarding message is generated according to described PATH and described Exception Type.
Above-mentioned processing method, wherein, inserts described PATH in the link address field of described first relay forwarding message, is inserted by described Exception Type in the Option Field of described first relay forwarding message.
Above-mentioned processing method, wherein, the hop count in described first relay forwarding message be set to 0 or described first relay forwarding message comprise interface ID option.
Above-mentioned processing method, wherein, also comprises after described first relay forwarding message is sent to server:
The first relaying response message that reception server returns;
Message needed for described Exception Type and first is obtained from described first relaying response message;
Message generation second relay forwarding message needed for described Exception Type and described first.
Above-mentioned processing method, wherein, also comprises after generating described second relay forwarding message:
For described second message arrangement second forward-path, and according to described second forward-path, described second relay forwarding message is sent to client.
Above-mentioned processing method, wherein, also comprises after obtaining message needed for described Exception Type and first:
Delete the content except relay messages option in described first relaying response message.
Above-mentioned processing method, wherein, also comprises:
If described first relaying response message comprises interface ID option and link address field in described first relaying response message is set to 0, then on the link by described interface ID Option, send described second relay forwarding message to described second forward-path.
Above-mentioned processing method, wherein, also comprises:
If the link address field in described first relaying response message is not set to 0, then on the link by described link address field identification, send described second relay forwarding message to described second forward-path.
Present invention also offers a kind of processing method of dynamic host configuration protocol DHCP Information abnormity, comprising:
Receive the first relay forwarding message from relay agent;
Message needed for the Exception Type and second being considered to abnormal dhcp message message is obtained from described first relay forwarding message;
For described first relay forwarding message arrangement the 3rd forward-path, and needed for described Exception Type and described second message generation first relaying response message;
According to described 3rd forward-path, described first relaying response message is sent to described relay agent.
Above-mentioned processing method, wherein, the step obtaining the Exception Type of the dhcp message message being considered to abnormal comprises:
Whether extremely, detect described first relay forwarding message;
If testing result is that described first relay forwarding message is abnormal, then inquiry obtains the Exception Type of described first relay forwarding message.
Above-mentioned processing method, wherein, if described Exception Type is described dhcp message message is UNKNOWN TYPE message, then also comprises after obtaining content needed for described Exception Type and described second:
Delete described 3rd relay forwarding message.
Present invention also offers a kind of processing method of dynamic host configuration protocol DHCP Information abnormity, comprising:
Receive the second relay forwarding message from relay agent;
The Exception Type of the dhcp message message being considered to abnormal is obtained from described second relay forwarding message;
Exception reporting is generated according to described Exception Type;
Described exception reporting is shown.
Above-mentioned processing method, wherein, the step obtaining the Exception Type of the dhcp message message being considered to abnormal comprises:
Whether extremely, detect described second relay forwarding message;
If testing result is that described second relay forwarding message is abnormal, then inquiry obtains the Exception Type of described second relay forwarding message.
Above-mentioned processing method, wherein, if described Exception Type is described dhcp message message is UNKNOWN TYPE message, then also comprises after obtaining described Exception Type:
Delete described second relay forwarding message.
Present invention also offers a kind of processing unit of dynamic host configuration protocol DHCP Information abnormity, comprising:
First acquisition module, for obtaining the Exception Type of the dhcp message message being considered to abnormal;
First configuration generation module, when being UNKNOWN TYPE message for being described dhcp message message at described Exception Type, for described dhcp message message configures the first forward-path, and generates the first relay forwarding message;
First sending module, for being sent to server according to described first forward-path by described first relay forwarding message.
Present invention also offers a kind of processing unit of dynamic host configuration protocol DHCP Information abnormity, comprising:
First receiver module, for receiving the first relay forwarding message from relay agent;
Second acquisition module, for obtain from described first relay forwarding message be considered to abnormal dhcp message message Exception Type and second needed for message;
Second configuration generation module, for being described first relay forwarding message arrangement the 3rd forward-path, and needed for described Exception Type and described second message generation first relaying response message;
Second sending module, for being sent to described relay agent according to described 3rd forward-path by described first relaying response message.
Present invention also offers a kind of processing unit of dynamic host configuration protocol DHCP Information abnormity, comprising:
Second receiver module, for receiving the second relay forwarding message from relay agent;
3rd acquisition module, for obtaining the Exception Type of the dhcp message message being considered to abnormal from described second relay forwarding message;
First generation module, for generating exception reporting according to described Exception Type;
Display module, for showing described exception reporting.
The beneficial effect of technique scheme of the present invention is as follows:
In such scheme, the processing method of described dynamic host configuration protocol DHCP Information abnormity is by obtaining the Exception Type of dhcp message message, and be dhcp message message configuration forward-path when Exception Type be dhcp message message is UNKNOWN TYPE message, and generate relay forwarding message, relay forwarding message is sent by forward-path, avoid and how to process this message because dhcp relay agent is indefinite, cause inappropriately abandoning this message, or cause this message of the inappropriate process of other dhcp relay agent to increase relay agent's load, effectively improve fail safe and the stability of system.
Accompanying drawing explanation
Fig. 1 is the process method step schematic diagram one of the dynamic host configuration protocol DHCP v6 Information abnormity of the embodiment of the present invention;
Fig. 2 is the process method step schematic diagram two of the dynamic host configuration protocol DHCP v6 Information abnormity of the embodiment of the present invention;
Fig. 3 is the process method step schematic diagram three of the dynamic host configuration protocol DHCP v6 Information abnormity of the embodiment of the present invention;
Fig. 4 is the DHCPv6 type of message classification schematic diagram of the embodiment of the present invention;
Fig. 5 is that the DHCPv6 relay agent of the embodiment of the present invention forwards the schematic flow sheet of a message to server;
Fig. 6 is that the DHCPv6 relay agent of the embodiment of the present invention forwards a message to the schematic flow sheet of client;
Fig. 7 is abnormal Option Field and the formal definition schematic diagram of the embodiment of the present invention;
Fig. 8 is the schematic diagram of the DHCPv6 deployment scenario of the embodiment of the present invention;
Fig. 9 is the DHCPv6 client and server message structure schematic diagram of the embodiment of the present invention;
Figure 10 is the DHCPv6 relay agent course of work schematic diagram of the embodiment of the present invention;
Figure 11 is the Option Field form schematic diagram between the DHCPv6 client and server of the embodiment of the present invention;
Figure 12 is the Option Field form schematic diagram between the DHCPv6 server of the embodiment of the present invention and relay agent;
Figure 13 is the relay messages choice format schematic diagram of the DHCPv6 of the embodiment of the present invention;
Figure 14 is the processing unit structural representation one of the dynamic host configuration protocol DHCP v6 Information abnormity of the embodiment of the present invention;
Figure 15 is the processing unit structural representation two of the dynamic host configuration protocol DHCP v6 Information abnormity of the embodiment of the present invention;
Figure 16 is the processing unit structural representation three of the dynamic host configuration protocol DHCP v6 Information abnormity of the embodiment of the present invention.
Embodiment
For making the technical problem to be solved in the present invention, technical scheme and advantage clearly, be described in detail below in conjunction with the accompanying drawings and the specific embodiments.
The present invention is directed to the problem that DHCPv6 agreement in existing technology cannot correctly process for the DHCPv6 message packet of UNKNOWN TYPE, the processing method of a kind of dynamic host configuration protocol DHCP (DHCPv6) Information abnormity be provided, as shown in Figure 1, comprise:
Step 11: the Exception Type obtaining the DHCPv6 message packet being considered to abnormal;
Step 12: when described Exception Type be described DHCPv6 message packet is UNKNOWN TYPE message, for described DHCPv6 message packet configures the first forward-path, and generate the first relay forwarding message;
Step 13: described first relay forwarding message is sent to server according to described first forward-path.
The processing method of the described dynamic host configuration protocol DHCP v6 Information abnormity that the embodiment of the present invention provides is by obtaining the Exception Type of DHCPv6 message packet, and be DHCPv6 message packet configuration forward-path when Exception Type be DHCPv6 message packet is UNKNOWN TYPE message, and generate relay forwarding message, relay forwarding message is sent by forward-path, avoid and how to process this message because DHCPv6 relay agent (DHCPv6 relaying/dhcp relay agent/DHCP relay/relay agent/relaying) is indefinite, cause inappropriately abandoning this message, or cause other DHCPv6 relay agent this message of inappropriate process to increase relay agent's load, effectively improve fail safe and the stability of system.
Concrete, the step obtaining the Exception Type of the DHCPv6 message packet being considered to abnormal comprises: receive the described DHCPv6 message packet from client; Whether extremely, detect described DHCPv6 message packet; If it is abnormal that testing result is described DHCPv6 message packet, then inquire about the Exception Type of described DHCPv6 message packet.
Wherein, when described Exception Type be described DHCPv6 message packet is UNKNOWN TYPE message, for described DHCPv6 message packet configuration forward-path, and the step generating the first relay forwarding message comprises: obtain PATH according to global address or site-bound address and prefix; The first relay forwarding message is generated according to described PATH and described Exception Type.
Further, described PATH is inserted in the link address field of described first relay forwarding message, described Exception Type is inserted in the Option Field of described first relay forwarding message.
In the embodiment of the present invention, the hop count in described first relay forwarding message is set to 0 or described first relay forwarding message comprise interface ID option.If relay agent's (relaying) can not use the address designation interface (by this interface relaying to the response of client) in link address field, relay agent must comprise interface ID option (Interface-id option) in relay forwarding (Relay-forward) message.Relaying response (Relay-reply) message at it is comprised Interface-id option by server.
Also comprise after described first relay forwarding message being sent to server in the described processing method that the embodiment of the present invention provides: the first relaying response message that reception server returns; Message needed for described Exception Type and first is obtained from described first relaying response message; Message generation second relay forwarding message needed for described Exception Type and described first.
Wherein, also comprise after generating described second relay forwarding message: be described second message arrangement second forward-path, and according to described second forward-path, described second relay forwarding message be sent to client.
In order to save the memory space of relay agent and improve the speed of service, also comprise after obtaining message needed for described Exception Type and first in the described processing method that the embodiment of the present invention provides: delete the content except relay messages option in described first relaying response message.
In the local transmission of relay agent, the priority of link address field is higher than interface ID, so, in the described processing method that the embodiment of the present invention provides: if described first relaying response message comprises interface ID option and link address field in described first relaying response message is set to 0, then send described second relay forwarding message to described second forward-path on the link by described interface ID Option; If the link address field in described first relaying response message is not set to 0, then on the link by described link address field identification, send described second relay forwarding message to described second forward-path.
In order to solve the problems of the technologies described above, the embodiment of the present invention additionally provides a kind of processing method of dynamic host configuration protocol DHCP v6 Information abnormity, as shown in Figure 2, comprising:
Step 21: receive the first relay forwarding message from relay agent;
Step 22: obtain message needed for the Exception Type and second being considered to abnormal DHCPv6 message packet from described first relay forwarding message;
Step 23: be described first relay forwarding message arrangement the 3rd forward-path, and needed for described Exception Type and described second message generation first relaying response message;
Step 24: described first relaying response message is sent to described relay agent according to described 3rd forward-path.
The processing method of the described dynamic host configuration protocol DHCP v6 Information abnormity that the embodiment of the present invention provides makes server clearly can process the DHCPv6 message packet of UNKNOWN TYPE, saves the time, reduces the probability broken down.
Wherein, the step obtaining the Exception Type of the DHCPv6 message packet being considered to abnormal comprises: whether extremely detect described first relay forwarding message; If testing result is that described first relay forwarding message is abnormal, then inquiry obtains the Exception Type of described first relay forwarding message.
In order to save the memory space of server and improve operational efficiency, if described Exception Type is described DHCPv6 message packet is UNKNOWN TYPE message, then also comprise after obtaining content needed for described Exception Type and described second: delete described 3rd relay forwarding message.
In order to solve the problems of the technologies described above, the embodiment of the present invention additionally provides a kind of processing method of dynamic host configuration protocol DHCP v6 Information abnormity, as shown in Figure 3, comprising:
Step 31: receive the second relay forwarding message from relay agent;
Step 32: the Exception Type obtaining the DHCPv6 message packet being considered to abnormal from described second relay forwarding message;
Step 33: generate exception reporting according to described Exception Type;
Step 34: described exception reporting is shown.
The processing method of the described dynamic host configuration protocol DHCP v6 Information abnormity that the embodiment of the present invention provides makes client pass through to resolve the current DHCPv6 server of Exception Type Real-time Obtaining of DHCPv6 message packet or whether relay agent exists risk, thus corresponding security strategy is implemented to it, the generation of various attack in DHCPv6 message packet processing procedure is reduced with this.
Wherein, the step obtaining the Exception Type of the DHCPv6 message packet being considered to abnormal comprises: whether extremely detect described second relay forwarding message; If testing result is that described second relay forwarding message is abnormal, then inquiry obtains the Exception Type of described second relay forwarding message.
In order to save the memory space of client and improve operational efficiency, if in the described processing method that the embodiment of the present invention provides, described Exception Type is described DHCPv6 message packet is UNKNOWN TYPE message, then also comprise after obtaining described Exception Type: delete described second relay forwarding message.
Below the processing method of the described dynamic host configuration protocol DHCP v6 Information abnormity that the embodiment of the present invention provides is specifically described.
For solving the problem, the invention provides a kind of processing method and device of DHCPv6 Information abnormity, mainly solve potential DoS attack defect intrinsic in DHCPv6 processing procedure, HDCPv6 agreement itself does not provide corresponding processing method to the message packet of UNKNOWN TYPE yet simultaneously, and after HDCPv6 receives abnormal information, how to provide the problems such as more effective, intelligentized analysis and means of tracking for user, effectively improve the fail safe of system, robustness and stability.Technical scheme of the present invention comprises:
Message rate-limiting and filtration invalid packet: by limiting the speed of data message, reducing the load of system process, realizing the filtration to invalid packet by access control technology simultaneously;
Message rate-limiting, processes at DHCPv6 server or DHCPv6 relay agent in the process of a large amount of DHCPv6 request messages, if the quene threshold value setting of DHCPv6 server or DHCPv6 relay agent is too low, then the possibility of DoS attack generation is larger.This method introduces speed limiting function in the message processing procedure of DHCPv6 server or DHCPv6 relay agent, is adjusted in real time, reduce the generation of DoS attack with this by user to the speed of Message Processing.
Filter invalid packet, DoS attack is formed for reducing a large amount of invalid packet request, this method adopts ACL (AccessControlList: Access Control List (ACL)) technology to realize filtering illegal DHCPv6 request message, with the resource preventing DHCPv6 server or DHCPv6 relay agent to consume server because resolving illegal request.
UNKNOWN TYPE message processing module, by being divided into data surface and chain of command message to the message packet of DHCPv6, and the message packet of UNKNOWN TYPE is attributed to data surface message, then respectively for the process behavior separately of DHCPv6 server, relaying and client, corresponding process and solution is provided;
In the present embodiment, for completing the process to UNKNOWN TYPE DHCPv6 message packet, need on DHCPv6 agreement original base, increase the processing method to UNKNOWN TYPE message respectively to DHCPv6 relaying, DHCPv6 server and DHCPv6 customer side, concrete implementation detail is as follows.
Relay agent side:
After receiving message packet, by reading the message type field of message, obtaining corresponding type of message, and carrying out subsequent treatment.
In order to improve treatment effeciency, the message packet (comprising the DHCPv6 message of known type and the DHCPv6 message of UNKNOWN TYPE) of DHCPv6 is decomposed into chain of command message and the large class of data surface message two, wherein the various abnormal informations of data message are advertised to message promoter by data surface primary responsibility, determine whether abandon this message to facilitate message promoter; Chain of command primary responsibility finds and transmits the functions such as various network configuration parameters, as shown in Figure 4.
Data surface message comprises: the various DHCPv6 message etc. about exception reporting type of Relay-Forw (relay forwarding), Relay-Reply (relaying response) and oneself definition;
Chain of command message comprises: the DHCPv6 message for finding and transmit network configuration parameters such as Solicit (requirement), Request (request), Confirm (confirmation), Renew (renewal), Rebind (again binding), Release (issue), Decline (refusal), Information-Request (information request), Advertise (bulletin), Reply (response), Reconfigure (reconfiguring).
According to current DHCPv6 protocol conventions, relay agent is to server and client side according to type of message difference relay message, wherein relaying response (Relay-reply) message is sent to client, and the message of relay forwarding (Relay-forward) message and other type is sent to server.
Wherein owing to specifying a destination address in relaying response (Relay-reply) message, therefore the response parsing server (Relay-reply) message will be replied by relay agent from relaying, and is transmitted to corresponding DHCPv6 client.
But because any message except relaying response (Relay-reply) does not all comprise concrete destination address, therefore this method utilizes and configure a default forward-path to DHCPv6 server in relay agent, and guaranteeing can by successfully relaying in relay agent to the DHCPv6 message packet of legal UNKNOWN TYPE.
In the present embodiment, for making the DHCPv6 message packet process of DHCPv6 relaying realization to UNKNOWN TYPE, DHCPv6 relaying needs the efficient message for receiving, construct a DHCPv6 relay forwarding message, forward corresponding message to DHCPv6 server or DHCPv6 client, concrete implementation detail is as follows.
For efficient message constructs new relay forwarding (Relay-forward) message.
Relay agent according to type of message, both can relaying from the message of client, again can relaying from relay forwarding (Relay-forward) message of other relay agents.Therefore, when a relay agent receives an efficient message by relaying, relay agent will be its structure relay forwarding (Relay-forward) message.
But time in DHCPv6 agreement for structure relay forwarding (Relay-forward) message, the message not defining that type is effective.Therefore arrange in the present embodiment, all message meeting one of following situations, the present invention is all identified as effective message, and is its structure new relay forwarding (Relay-forward) message:
If a) message itself is relay forwarding (Relay-forward) message, or
If b) relay agent can the type of identification message, but can not determine the predeterminated target of message, or
If c) relay agent can not identification message type;
For satisfied active provide or be sent to the message of relay agent time, may need for DHCPv6 definition or increase new type of message, and current hop agency does not provide the processing method of the DHCPv6 message to UNKNOWN TYPE, if therefore relay agent achieves the processing method of the DHCPv6 message to UNKNOWN TYPE, so after relay agent receives the DHCPv6 message packet of UNKNOWN TYPE, will determine its relaying to server or client according to previous configuration.
Relaying message is to server, and the step constructing new relay forwarding message is as follows, as shown in Figure 5.
In the present embodiment, mainly be divided into relay agent have received relay forwarding (Relay-forward) message, relay agent receives message not to be relay forwarding (Relay-forward) and relaying response (Relay-reply), but relay agent can not type two kinds of dispositions of identification message.
Step 50: receive a message, and by this message relay to server time, the type according to this message enters step 51 or step 55.
The first situation:
Step 51: if relay agent have received relay forwarding (Relay-forward) message (namely relaying is from the message of other relay agents or client), then relay agent will be handled as follows.
Step 52: if relay agent receives relay forwarding (Relay-forward) message, and the hop-count in message is more than or equal to HOP_COUNT_LIMIT, and relay agent abandons the message received.
Step 53: if relay agent receives relay forwarding (Relay-forward) message, and the hop-count in message is less than HOP_COUNT_LIMIT, then source address from the IP datagram (receiving message in this datagram) of client copies to the opposite end-address field in relay forwarding (Relay-forward) message in relay agent, and to arrange hop-count field be that the hop-count field value received in message adds 1;
Step 54: if be global address or site-local address (and the equipment running relay agent thereon belongs to a unique website) from the source address of the IP datagram stem receiving message, it is 0 that relay agent arranges link address field; Otherwise relay agent arranges link address field for distributing to global address or the site-local address of this interface (message receives from this interface), or comprise Interface-ID (interface-ID) option of this interface of mark (message receives from this interface).
The second situation:
Step 55: if the message that relay agent receives is not relay forwarding (Relay-forward) and relaying response (Relay-reply), but relay agent can not the type of identification message, then will forward them according to following manner.
Step 56: if relay agent receive from client by relay message, relay agent puts global address or site-bound address and prefix together, this prefix distributes to the prefix of link, should give the address (this address and above-mentioned prefix) in client distribute links address field on the link.This address will be used by server, for determine should from which bar link assignment address and other configuration informations to client.
Step 57: the hop-count in relay forwarding (Relay-forward) message is set to 0.
Step 58: if relay agent can not use the address designation interface (by this interface relaying to the response of client) in link address field, relay agent must comprise Interface-id option in relay forwarding (Relay-forward) message.Relaying response (Relay-reply) message at it is comprised Interface-id option by server.
Relaying message is to client, and the step constructing new relay forwarding message is as follows, as shown in Figure 6.
Step 61:DHCP relay agent reception server message;
Step 62: judge whether the message received is relaying response message;
Step 63: if relay agent have received relaying response (Relay-reply) message, no matter whether type of message is encapsulated in RelayMessage (relay messages) option, can processing messages in the following manner:
Step 631: relay agent's process is comprised in any option (obtaining Exception Type etc.) in relaying response (Relay-reply) message, except RelayMessage option, then abandons the option handled by these.
Step 632: relay agent extracts message and the address comprised in the content that obtains to the opposite end-address field of relaying response (Relay-reply) message after this message of relaying and process from RelayMessage option.
Step 633: if relaying response (Relay-reply) message comprises Interface-id option, and link address field is set to 0, then relay agent is on the link by Interface-id Option, the content obtained after this message of server to client end relaying and process.
Step 634: otherwise, if link address field is not set to 0, then the content (priority of link address field is higher than interface-ID) that obtains after this message of relaying and process on the link identified by link-address field of relay agent.
Server side:
Server abandons after obtaining the message needed without exception for the DHCPv6 message of received UNKNOWN TYPE, and generates relaying response message.
Client-side:
Client abandons after obtaining the message needed without exception for the DHCPv6 message of received UNKNOWN TYPE, and the Exception Type of message is shown to client by the message according to obtaining, client is made to obtain current DHCPv6 server dynamically or whether relaying exists risk, thus corresponding security strategy is implemented to it, the generation of various attack in DHCPv6 processing procedure is reduced with this.
The processing method of the dynamic host configuration protocol DHCP v6 Information abnormity that the embodiment of the present invention provides comprises the Exception Type obtaining DHCPv6 message packet, and structure and the application of the Exception Type of concrete DHCPv6 message packet are as follows:
For relay agent and server after receiving information, utilize the changeability characteristic of the Option Field in DHCPv6 message format, define corresponding abnormal information option as required, by abnormal identification field and the corresponding abnormal information of Exception Type field record, and be advertised to user, specific as follows.
In the present embodiment, notice for DHCPv6 message abnormality, adopt Option Field to carry out the mode of exception reporting process.Because Option Field is variable, therefore according to this characteristic of Option Field, the abnormal information advertised information of DHCPv6 server or relay agent can be constructed.
The data division of Option Field is carried out as given a definition, as shown in Figure 7:
About fix in Option Field, option code can set according to the needs of oneself, in this case describes the convenience of problem, and option is set as 1 byte at this.
First be DHCPv6 exception reporting field by the data field definition of option, be wherein made up of exception (exception) flag bit and Exception Type (exceptiontype) two fields.
According to the definition of exception reporting field, exception reporting field can adjust accordingly according to the length of actual demand to field, in this case describes the convenience of problem, might as well suppose that exception reporting field takies 1 byte, wherein abnormality mark takies 3bit, and Exception Type takies 5bit.
According to abnormal identification field, can set as required.In this hypothesis, when abnormality mark position=000, represent DHCPv6 message situation without exception, then directly process this message; When abnormality mark position=001, represent that this message exists abnormal, trigger abnormity early warning event, read follow-up corresponding exception class offset simultaneously, send exception reporting information, and be advertised to user.
According to above-mentioned statement, Exception Type is utilized to deposit DHCPv6 corresponding message exception error type.For describing the convenience of problem, suppose that concrete Exception Type example definition is as follows:
(1) if the threshold values upper limit of the request message speed >=setting of DHCPv6 server or relay process, then represent with 00000.
(2) if the lower threshold of the request message speed≤setting of DHCPv6 server or relay process, then represent with 00001.
(3) if DHCPv6 relay process be the abnormal DHCPv6 message that need abandon time, then represent with 00010.
(4) if DHCPv6 relay process be UNKNOWN TYPE DHCPv6 message time, then represent with 00011.
After user receives exception notification information, by resolving the value of the abnormality field recorded in DHCPv6 Option Field, current DHCPv6 server can be obtained dynamically or whether relaying exists risk, thus corresponding security strategy is implemented to it, the generation of various attack in DHCPv6 processing procedure is reduced with this.
The invention provides a kind of method that DHCPv6 of preventing suffers DoS attack, provide one for DHCPv6 agreement to UNKNOWN TYPE message treatment method simultaneously, and for real-time, the intelligentized method for early warning of abnormal information, fill up the blank of DHCPv6 agreement to the processing method of UNKNOWN TYPE message, by to the defence of DoS attack and abnormality processing, effectively enhance the fail safe of system, robustness and stability.
Present invention achieves and a kind ofly solve the processing method of DHCPv6 agreement to abnormal information, UNKNOWN TYPE message, also corresponding early warning process has been carried out to handled various abnormal informations simultaneously, solve and compensate for DHCPv6 agreement inherent shortcoming, the present invention has following advantage:
The filtration to illegitimate client request message is realized by ACL technology; Speed limit module is utilized to realize controlling the speed of request message, to reduce the load of server;
Chain of command message and data surface message two kinds of type of messages are divided into according to DHCPv6 type of message, and a kind of processing method to the unknown type of message of DHCPv6 is provided, by managing two class message respectively by message queue mechanism, realize defending in advance various potential attack with this, effectively improve the fail safe of DHCPv6, robustness and stability;
By providing a kind of Risk-warning scheme, corresponding early warning notice is carried out at the illegal packet of message processing procedure or the message of unknown type of message, by the Option Field in message packet, carry out the rank customization of dynamic Risk-warning, for user sends corresponding abnormity early warning, be convenient to user and carry out real-time tracking and the operating state grasping HDCPv6 server.
Wherein, the representative network of DHCPv6 is disposed as shown in Figure 8, and DHCPv6 typical case networking comprises following Three role:
DHCPv6 client (DHCPv6client): the equipment of Dynamic Acquisition IPv6 address, IPv6 prefix or other network configuration parameters.
DHCPv6 server (DHCPv6server): the equipment being responsible for DHCPv6 client distributing IP v6 address, IPv6 prefix and other network configuration parameters.DHCPv6 server can be not only DHCPv6 client distributing IP v6 address, can also be its distributing IP v6 prefix.
DHCPv6 server in Fig. 8 is after DHCPv6 client distributing IP v6 prefix, DHCPv6 client sends RA (RouterAdvertisement-router advertisement) message comprising this prefix information to place network (IPv6Network), so that the main frame in network is according to the automatic configuration of IP v6 address of this prefix.
DHCPv6 relaying (DHCPv6relayagent): DHCPv6 client passes through multicast address and the DHCPv6 server communication of link-local scope, to obtain IPv6 address and other network configuration parameters.If server and client side is not in same link range, then need to be E-Packeted by DHCPv6 relaying, can avoid like this disposing DHCPv6 server in each link range, both provide cost savings, and be convenient to again manage concentratedly.
DHCPv6 client and server message structure as shown in Figure 9.
Wherein type of message, long 1 byte of field, represents the type of DHCPv6 message.The type of message of concrete definition is as shown in the table.
Things ID, long 3 bytes of field, depend on client, for by the packet in DHCPv6 message switching.DHCPv6 server copies to corresponding response message the value of things ID from request message.
Option, field length is variable, can comprise one or more option, these options for comprise client and server authorization information, have state I Pv6 address and other configuration arrange.
The DHCPv6 relaying course of work as shown in Figure 10.
By DHCPv6 relaying Dynamic Acquisition IPv6 address/prefix with in the process of other network configuration parameters, DHCPv6 client is substantially not identical with processing mode when not passing through DHCPv6 relaying with the processing mode of DHCPv6 server.Figure 10 only illustrates the repeating process of DHCPv6 relaying:
Step 101:DHCPv6 client sends request to the multicast address FF02::1:2 of all DHCPv6 servers and relaying;
After step 102:DHCPv6 relay reception to request, be encapsulated in the relay message option (RelayMessageOption) of Relay-forward message, and Relay-forward message is sent to DHCPv6 server;
Step 103:DHCPv6 server parses the request of client from Relay-forward message, for client chooses IPv6 address and other parameters, structure response message, response message is encapsulated in the relay message option of Relay-reply message, and Relay-reply message is sent to DHCPv6 relaying;
Step 104:DHCPv6 relaying parses the response of server from Relay-reply message, is transmitted to DHCPv6 client; Then DHCPv6 client carries out network configuration according to the IPv6 address/prefix of DHCPv6 server-assignment and other parameters.
Option Field form between DHCPv6 client and server as shown in figure 11.
Option-code: long 2 bytes of field, represent the type of DHCPv6 option.
Option-length: long 2 bytes of field, represent the byte number of option data field.
Option-data: field length is variable, contain the data of option, and the form of these data depends on the definition of option.
Option Field form between DHCPv6 server and relay agent as shown in figure 12.
Hop count: long 1 byte of field, represents the quantity having received the relay agent of this message.If exceed the hop count maximum set, then receive relay agent and can abandon this message.
Link address: long 16 bytes of field, comprise the non-link local address of certain interface of the relay agent distributed in the subnet of client computer place.According to link address, server can determine for striving for address in the IPv5 scope of allocation address.
Peering address: long 16 bytes of field, contain the IPv6 address of the relay agent of client computer IPv6 address or previous this message of forwarding sending this message.
Be DHCPv6 Option Field after peering address field, it is for representing " relay messages " option.The message and other Relay Option of wanting relaying is comprised in " relay messages " option." relay messages " option encapsulates the DHCPv6 message exchanged between client-server.
The RelayMessage choice format of DHCPv6 as shown in figure 13.
Option-code (option-code): OPTION_RELAY_MSG (9).
Option-length (option-length): DHCP relay-message-length.
DHCP relay message (DHCP-relay-message): in relay forwarding message, the message received, is word for word relayed to next relay agent or server; In relaying response message, be replicated and be relayed to the message of relay agent or client, its address is in the opposite end-address field of Relay-reply message.
In order to solve the problems of the technologies described above, the embodiment of the present invention additionally provides a kind of processing unit of dynamic host configuration protocol DHCP v6 Information abnormity, as shown in figure 14, comprising:
First acquisition module 141, for obtaining the Exception Type of the DHCPv6 message packet being considered to abnormal;
First configuration generation module 142, when being UNKNOWN TYPE message for being described DHCPv6 message packet at described Exception Type, for described DHCPv6 message packet configures the first forward-path, and generates the first relay forwarding message;
First sending module 143, for being sent to server according to described first forward-path by described first relay forwarding message.
The processing unit of the described dynamic host configuration protocol DHCP v6 Information abnormity that the embodiment of the present invention provides is by obtaining the Exception Type of DHCPv6 message packet, and be DHCPv6 message packet configuration forward-path when Exception Type be DHCPv6 message packet is UNKNOWN TYPE message, and generate relay forwarding message, relay forwarding message is sent by forward-path, avoid and how to process this message because DHCPv6 relay agent is indefinite, cause inappropriately abandoning this message, or cause other DHCPv6 relay agent this message of inappropriate process to increase relay agent's load, effectively improve fail safe and the stability of system.
Concrete, described first acquisition module comprises: the first receiving element, for receiving the described DHCPv6 message packet from client; First detecting unit, whether abnormal for detecting described DHCPv6 message packet; First query unit, if be that described DHCPv6 message packet is abnormal for testing result, then inquires about the Exception Type of described DHCPv6 message packet.
Wherein, the first configuration generation module comprises: first obtains unit, for obtaining PATH according to global address or site-bound address and prefix; First generation unit, for generating the first relay forwarding message according to described PATH and described Exception Type.
Further, described PATH is inserted in the link address field of described first relay forwarding message by described first generation unit, is inserted by described Exception Type in the Option Field of described first relay forwarding message.
In the embodiment of the present invention, the hop count in described first relay forwarding message is set to 0 or described first relay forwarding message comprise interface ID option.If relay agent can not use the address designation interface (by this interface relaying to the response of client) in link address field, relay agent must comprise interface ID option (Interface-id option) in relay forwarding (Relay-forward) message.Relaying response (Relay-reply) message at it is comprised Interface-id option by server.
Also comprise in the described processing unit that the embodiment of the present invention provides: the 3rd receiver module, the first relaying response message that after for described first sending module described first relay forwarding message being sent to server, reception server returns; 4th acquisition module, for obtaining message needed for described Exception Type and first from described first relaying response message; Second generation module, for message generation second relay forwarding message needed for described Exception Type and described first.
Wherein, the described processing unit that the embodiment of the present invention provides also comprises: the 3rd configuration generation module, be described second message arrangement second forward-path after generating described second relay forwarding message for described second generation module, and according to described second forward-path, described second relay forwarding message be sent to client.
In order to save the memory space of relay agent and improve the speed of service, the described processing unit that the embodiment of the present invention provides also comprises: the first removing module, deletes the content in described first relaying response message except relay messages option for described 4th acquisition module after obtaining message needed for described Exception Type and first.
In the local transmission of relay agent, the priority of link address field is higher than interface ID, so, the described processing unit that the embodiment of the present invention provides also comprises: the 3rd sending module, if comprise interface ID option for described first relaying response message and link address field in described first relaying response message is set to 0, then on the link by described interface ID Option, send described second relay forwarding message to described second forward-path; 4th sending module, if be not set to 0 for the link address field in described first relaying response message, then sends described second relay forwarding message to described second forward-path on the link by described link address field identification.
In order to solve the problems of the technologies described above, the embodiment of the present invention additionally provides a kind of processing unit of dynamic host configuration protocol DHCP v6 Information abnormity, as shown in figure 15, comprising:
First receiver module 151, for receiving the first relay forwarding message from relay agent;
Second acquisition module 152, for obtain from described first relay forwarding message be considered to abnormal DHCPv6 message packet Exception Type and second needed for message;
Second configuration generation module 153, for being described first relay forwarding message arrangement the 3rd forward-path, and needed for described Exception Type and described second message generation first relaying response message;
Second sending module 154, for being sent to described relay agent according to described 3rd forward-path by described first relaying response message.
The processing unit of the described dynamic host configuration protocol DHCP v6 Information abnormity that the embodiment of the present invention provides makes server clearly can process the DHCPv6 message packet of UNKNOWN TYPE, saves the time, reduces the probability broken down.
Whether wherein, described second acquisition module comprises: the second detecting unit, abnormal for detecting described first relay forwarding message; Second query unit, if be that described first relay forwarding message is abnormal for testing result, then inquiry obtains the Exception Type of described first relay forwarding message.
In order to save the memory space of server and improve operational efficiency, the described processing unit that the embodiment of the present invention provides also comprises: the second removing module, if being described DHCPv6 message packet for described Exception Type is UNKNOWN TYPE message, described second acquisition module deletes described 3rd relay forwarding message after obtaining content needed for described Exception Type and described second.
In order to solve the problems of the technologies described above, the embodiment of the present invention additionally provides a kind of processing unit of dynamic host configuration protocol DHCP v6 Information abnormity, as shown in figure 16, comprising:
Second receiver module 161, for receiving the second relay forwarding message from relay agent;
3rd acquisition module 162, for obtaining the Exception Type of the DHCPv6 message packet being considered to abnormal from described second relay forwarding message;
First generation module 163, for generating exception reporting according to described Exception Type;
Display module 164, for showing described exception reporting.
The processing unit of the described dynamic host configuration protocol DHCP v6 Information abnormity that the embodiment of the present invention provides makes client pass through to resolve the current DHCPv6 server of Exception Type Real-time Obtaining of DHCPv6 message packet or whether relay agent exists risk, thus corresponding security strategy is implemented to it, the generation of various attack in DHCPv6 message packet processing procedure is reduced with this.
Whether wherein, described 3rd acquisition module comprises: the 3rd detecting unit, abnormal for detecting described second relay forwarding message; 3rd query unit, if be that described second relay forwarding message is abnormal for testing result, then inquiry obtains the Exception Type of described second relay forwarding message.
In order to save the memory space of client and improve operational efficiency, the described processing unit that the embodiment of the present invention provides also comprises: the 3rd removing module, if being described DHCPv6 message packet for described Exception Type is UNKNOWN TYPE message, after described 3rd acquisition module obtains described Exception Type, delete described second relay forwarding message.
Wherein, the described embodiment that realizes of the processing method of above-mentioned dynamic host configuration protocol DHCP v6 Information abnormity is all applicable to, in the embodiment of the processing unit of this dynamic host configuration protocol DHCP v6 Information abnormity, also can reach identical technique effect.
Above-described is the preferred embodiment of the present invention; should be understood that the ordinary person for the art; not departing under principle prerequisite of the present invention, can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (19)
1. a processing method for dynamic host configuration protocol DHCP Information abnormity, is characterized in that, comprising:
Obtain the Exception Type of the dhcp message message being considered to abnormal;
When described Exception Type be described dhcp message message is UNKNOWN TYPE message, for described dhcp message message configures the first forward-path, and generate the first relay forwarding message;
According to described first forward-path, described first relay forwarding message is sent to server.
2. processing method as claimed in claim 1, is characterized in that, the step obtaining the Exception Type of the dhcp message message being considered to abnormal comprises:
Receive the described dhcp message message from client;
Whether extremely, detect described dhcp message message;
If it is abnormal that testing result is described dhcp message message, then inquire about the Exception Type of described dhcp message message.
3. processing method as claimed in claim 1, is characterized in that, when described Exception Type be described dhcp message message is UNKNOWN TYPE message, be described dhcp message message configuration forward-path, and the step generating the first relay forwarding message comprises:
PATH is obtained according to global address or site-bound address and prefix;
The first relay forwarding message is generated according to described PATH and described Exception Type.
4. processing method as claimed in claim 3, is characterized in that, inserted by described PATH in the link address field of described first relay forwarding message, inserted by described Exception Type in the Option Field of described first relay forwarding message.
5. processing method as claimed in claim 2, is characterized in that, the hop count in described first relay forwarding message be set to 0 or described first relay forwarding message comprise interface ID option.
6. processing method as claimed in claim 5, is characterized in that, also comprise after described first relay forwarding message is sent to server:
The first relaying response message that reception server returns;
Message needed for described Exception Type and first is obtained from described first relaying response message;
Message generation second relay forwarding message needed for described Exception Type and described first.
7. processing method as claimed in claim 6, is characterized in that, also comprise after generating described second relay forwarding message:
For described second message arrangement second forward-path, and according to described second forward-path, described second relay forwarding message is sent to client.
8. processing method as claimed in claim 6, is characterized in that, also comprise after obtaining message needed for described Exception Type and first:
Delete the content except relay messages option in described first relaying response message.
9. processing method as claimed in claim 7, is characterized in that, also comprise:
If described first relaying response message comprises interface ID option and link address field in described first relaying response message is set to 0, then on the link by described interface ID Option, send described second relay forwarding message to described second forward-path.
10. processing method as claimed in claim 7, is characterized in that, also comprise:
If the link address field in described first relaying response message is not set to 0, then on the link by described link address field identification, send described second relay forwarding message to described second forward-path.
The processing method of 11. 1 kinds of dynamic host configuration protocol DHCP Information abnormity, is characterized in that, comprising:
Receive the first relay forwarding message from relay agent;
Message needed for the Exception Type and second being considered to abnormal dhcp message message is obtained from described first relay forwarding message;
For described first relay forwarding message arrangement the 3rd forward-path, and needed for described Exception Type and described second message generation first relaying response message;
According to described 3rd forward-path, described first relaying response message is sent to described relay agent.
12. processing methods as claimed in claim 11, is characterized in that, the step obtaining the Exception Type of the dhcp message message being considered to abnormal comprises:
Whether extremely, detect described first relay forwarding message;
If testing result is that described first relay forwarding message is abnormal, then inquiry obtains the Exception Type of described first relay forwarding message.
13. processing methods as claimed in claim 11, is characterized in that, if described Exception Type is described dhcp message message is UNKNOWN TYPE message, then also comprise after obtaining content needed for described Exception Type and described second:
Delete described 3rd relay forwarding message.
The processing method of 14. 1 kinds of dynamic host configuration protocol DHCP Information abnormity, is characterized in that, comprising:
Receive the second relay forwarding message from relay agent;
The Exception Type of the dhcp message message being considered to abnormal is obtained from described second relay forwarding message;
Exception reporting is generated according to described Exception Type;
Described exception reporting is shown.
15. processing methods as claimed in claim 14, is characterized in that, the step obtaining the Exception Type of the dhcp message message being considered to abnormal comprises:
Whether extremely, detect described second relay forwarding message;
If testing result is that described second relay forwarding message is abnormal, then inquiry obtains the Exception Type of described second relay forwarding message.
16. processing methods as claimed in claim 14, is characterized in that, if described Exception Type is described dhcp message message is UNKNOWN TYPE message, then also comprise after obtaining described Exception Type:
Delete described second relay forwarding message.
The processing unit of 17. 1 kinds of dynamic host configuration protocol DHCP Information abnormity, is characterized in that, comprising:
First acquisition module, for obtaining the Exception Type of the dhcp message message being considered to abnormal;
First configuration generation module, when being UNKNOWN TYPE message for being described dhcp message message at described Exception Type, for described dhcp message message configures the first forward-path, and generates the first relay forwarding message;
First sending module, for being sent to server according to described first forward-path by described first relay forwarding message.
The processing unit of 18. 1 kinds of dynamic host configuration protocol DHCP Information abnormity, is characterized in that, comprising:
First receiver module, for receiving the first relay forwarding message from relay agent;
Second acquisition module, for obtain from described first relay forwarding message be considered to abnormal dhcp message message Exception Type and second needed for message;
Second configuration generation module, for being described first relay forwarding message arrangement the 3rd forward-path, and needed for described Exception Type and described second message generation first relaying response message;
Second sending module, for being sent to described relay agent according to described 3rd forward-path by described first relaying response message.
The processing unit of 19. 1 kinds of dynamic host configuration protocol DHCP Information abnormity, is characterized in that, comprising:
Second receiver module, for receiving the second relay forwarding message from relay agent;
3rd acquisition module, for obtaining the Exception Type of the dhcp message message being considered to abnormal from described second relay forwarding message;
First generation module, for generating exception reporting according to described Exception Type;
Display module, for showing described exception reporting.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410465493.6A CN105471615A (en) | 2014-09-12 | 2014-09-12 | Processing method and device of dynamic host configuration protocol (DHCP) information abnormality |
| PCT/CN2015/078990 WO2016037490A1 (en) | 2014-09-12 | 2015-05-14 | Method and device for processing dynamic host configuration protocol (dhcp) message |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410465493.6A CN105471615A (en) | 2014-09-12 | 2014-09-12 | Processing method and device of dynamic host configuration protocol (DHCP) information abnormality |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105471615A true CN105471615A (en) | 2016-04-06 |
Family
ID=55458325
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410465493.6A Withdrawn CN105471615A (en) | 2014-09-12 | 2014-09-12 | Processing method and device of dynamic host configuration protocol (DHCP) information abnormality |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN105471615A (en) |
| WO (1) | WO2016037490A1 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116846060B (en) * | 2023-03-08 | 2024-06-21 | 国网江苏省电力有限公司淮安供电分公司 | Working condition safety learning system of IEC61850 intelligent substation |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101453495A (en) * | 2008-12-30 | 2009-06-10 | 杭州华三通信技术有限公司 | Method, system and equipment for preventing authentication address resolution protocol information loss |
| US20100313265A1 (en) * | 2009-06-09 | 2010-12-09 | Hangzhou H3C Technologies Co., Ltd. | Method and Apparatus for Preventing Spoofed Packet Attacks |
| CN102082835A (en) * | 2009-11-27 | 2011-06-01 | 华为技术有限公司 | Method and device for distributing IP (internet protocol) addresses |
| CN102143164A (en) * | 2011-01-24 | 2011-08-03 | 中兴通讯股份有限公司 | Message relaying method, message relaying device and base station |
| WO2011140795A1 (en) * | 2010-05-13 | 2011-11-17 | 中兴通讯股份有限公司 | Method and switching device for preventing media access control address spoofing attack |
| CN102638390A (en) * | 2012-01-18 | 2012-08-15 | 神州数码网络(北京)有限公司 | DHCP (dynamic host configuration protocol) SNOOPING based three-layer switching device and DHCP SNOOPING based three-layer switching method |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101364877B (en) * | 2008-09-28 | 2010-10-27 | 福建星网锐捷网络有限公司 | Security policy configuring method and apparatus thereof |
| CN102035724A (en) * | 2009-09-30 | 2011-04-27 | 华为技术有限公司 | Method, device and system for realizing message forwarding |
| CN102281594B (en) * | 2011-09-06 | 2014-06-11 | 华为技术有限公司 | Message forwarding method, wireless access point (AP) and message forwarding system |
-
2014
- 2014-09-12 CN CN201410465493.6A patent/CN105471615A/en not_active Withdrawn
-
2015
- 2015-05-14 WO PCT/CN2015/078990 patent/WO2016037490A1/en active Application Filing
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101453495A (en) * | 2008-12-30 | 2009-06-10 | 杭州华三通信技术有限公司 | Method, system and equipment for preventing authentication address resolution protocol information loss |
| US20100313265A1 (en) * | 2009-06-09 | 2010-12-09 | Hangzhou H3C Technologies Co., Ltd. | Method and Apparatus for Preventing Spoofed Packet Attacks |
| CN102082835A (en) * | 2009-11-27 | 2011-06-01 | 华为技术有限公司 | Method and device for distributing IP (internet protocol) addresses |
| WO2011140795A1 (en) * | 2010-05-13 | 2011-11-17 | 中兴通讯股份有限公司 | Method and switching device for preventing media access control address spoofing attack |
| CN102143164A (en) * | 2011-01-24 | 2011-08-03 | 中兴通讯股份有限公司 | Message relaying method, message relaying device and base station |
| CN102638390A (en) * | 2012-01-18 | 2012-08-15 | 神州数码网络(北京)有限公司 | DHCP (dynamic host configuration protocol) SNOOPING based three-layer switching device and DHCP SNOOPING based three-layer switching method |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2016037490A1 (en) | 2016-03-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108370337B (en) | Building technology equipment communication system with IoT network equipment | |
| Clausen et al. | Mobile ad hoc network (manet) neighborhood discovery protocol (nhdp) | |
| CN101552783B (en) | Method and apparatus for preventing counterfeit message attack | |
| CN101572712B (en) | Method for preventing attack of counterfeit message and repeater equipment thereof | |
| EP2364543B1 (en) | Broadband network access | |
| CN101582888B (en) | Method for creating neighbor discovery table item and server | |
| CN102474700A (en) | Method and system for filtering of network traffic | |
| CN101656725B (en) | Method for implementing safety access and access equipment | |
| Oliveira et al. | Denial of service mitigation approach for IPv6‐enabled smart object networks | |
| CN101141488B (en) | Multicast service agent implementing method and system and node discovering method | |
| CN103201999A (en) | Request routing processing | |
| US10911400B2 (en) | Network device movement validation | |
| CN101114912B (en) | Communication control apparatus, data processing apparatus, and control method therefor | |
| DE60033162D1 (en) | FACILITATING DATA TRANSFER | |
| CN102694884A (en) | IPv6 address configuration and management method of wireless sensor network | |
| KR20120015358A (en) | Method for obtaining ip address of dynamic host configuration protocol version 6 server, dynamic host configuration protocol version 6 server and dynamic host configuration protocol version 6 communicatioin system | |
| CN100508453C (en) | A method to filter and verify open real IPv6 source address | |
| Wang et al. | A secure IPv6 address configuration scheme for a MANET | |
| CN105471615A (en) | Processing method and device of dynamic host configuration protocol (DHCP) information abnormality | |
| CN103444136A (en) | Communication device, communication system, and communication method | |
| CN102571592B (en) | There is three-layer switching equipment and the data message forwarding method of port binding function | |
| Thubert et al. | Routing for RPL (routing protocol for low-power and lossy networks) leaves | |
| CN108768853B (en) | Distributed mixed domain name system and method based on domain name router | |
| US11070513B2 (en) | DNS-based method of transmitting data | |
| CN104158921A (en) | Method and device of screening equipment in local network area |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20160406 |
|
| WW01 | Invention patent application withdrawn after publication |