CN105517188A - Method and device for establishing communication connection - Google Patents

Method and device for establishing communication connection Download PDF

Info

Publication number
CN105517188A
CN105517188A CN201510869055.0A CN201510869055A CN105517188A CN 105517188 A CN105517188 A CN 105517188A CN 201510869055 A CN201510869055 A CN 201510869055A CN 105517188 A CN105517188 A CN 105517188A
Authority
CN
China
Prior art keywords
terminal
arp
physical address
local area
wireless local
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510869055.0A
Other languages
Chinese (zh)
Inventor
徐建新
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhuhai Baoqu Technology Co Ltd
Original Assignee
Beijing Kingsoft Internet Security Software Co Ltd
Zhuhai Juntian Electronic Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Kingsoft Internet Security Software Co Ltd, Zhuhai Juntian Electronic Technology Co Ltd filed Critical Beijing Kingsoft Internet Security Software Co Ltd
Priority to CN201510869055.0A priority Critical patent/CN105517188A/en
Publication of CN105517188A publication Critical patent/CN105517188A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • H04L61/103Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/02Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
    • H04W84/10Small scale networks; Flat hierarchical networks
    • H04W84/12WLAN [Wireless Local Area Networks]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the invention discloses a method and a device for establishing communication connection, which relate to the technical field of communication and are applied to equipment for constructing a wireless local area network, wherein the method comprises the following steps: receiving an Address Resolution Protocol (ARP) request aiming at a second terminal sent by a first terminal, and acquiring a physical address M of the second terminal according to a network address of the second terminal and a preset ARP list contained in the ARP requestTThe physical address MTSending the address M to the first terminal so that the first terminal can send the address M according to the physical address M sent by the equipmentTAnd establishing a communication connection with the second terminal. The scheme provided by the embodiment of the invention is applied to establish the communication connection between the terminals, so that the data loss of the wireless local area network access terminal in the communication process can be reduced, and the information security of the wireless local area network access terminal is improved.

Description

A kind of method of establishing a communications link and device
Technical field
The present invention relates to Internet technical field, particularly a kind of method of establishing a communications link and device.
Background technology
At present, electronic equipment is usually provided with WLAN (wireless local area network) and shares software, when this electronic equipment start this kind of WLAN (wireless local area network) share software time, other electronic equipments can be connected on this electronic equipment.
When first terminal and the second terminal have been connected into the WLAN (wireless local area network) local area network (LAN) of an electronic equipment foundation all, if first terminal needs to communicate with the second terminal, first terminal is by ARP (AddressResolutionProtocol, address resolution protocol) ask to send to this electronic equipment, this electronic equipment sends the ARP request comprising destination network addresses with broadcast mode, second terminal is after receiving this ARP request, destination network addresses in being asked by ARP is mated with the network address of self, if above-mentioned two network address of matching result display are consistent, the above-mentioned ARP request of second terminal response, the physical address of self is sent to first terminal by this electronic equipment, like this, first terminal just can establish a communications link according to the network address of the second terminal and physical address and the second terminal.
Under normal circumstances, first terminal can successfully establish a communications link with the second terminal in the manner described above, but, because first terminal sends ARP request with broadcast mode, therefore, the every other terminal being connected into above-mentioned local area network (LAN) all can receive this ARP asks, if be connected in the terminal of above-mentioned local area network (LAN) the terminal existing and infect ARP virus etc., these terminals can forge the arp response of asking for above-mentioned ARP, and this arp response is sent to first terminal, the physical address that the arp response of above-mentioned forgery comprises is the physical address of non-second terminal, such first terminal establishes a communications link according to the physical address comprised in the arp response of above-mentioned forgery, follow-up when communicating based on this communication connection, the data that first terminal can be stored are sent to terminal corresponding to the physical address that comprises in the arp response of above-mentioned forgery, therefore, after application aforesaid way establishes a communications link, easily in communication process, terminal data is caused to lose, poor stability.
Summary of the invention
The object of the embodiment of the present invention is to provide a kind of method of establishing a communications link and device, to access terminal the loss of data in communication process, improve its Information Security to reduce WLAN (wireless local area network).
For achieving the above object, the embodiment of the invention discloses a kind of method established a communications link, be applied to the equipment building WLAN (wireless local area network), it is characterized in that, described method comprises step:
Receive the ARP request for the second terminal that first terminal sends, wherein, comprise the network address of described second terminal in described ARP request, described first terminal and described second terminal have been connected into the WLAN (wireless local area network) of described device build all;
According to the network address and the default ARP list of described second terminal comprised in described ARP request, obtain the physical address M of described second terminal t, wherein, described default ARP list is for the corresponding relation of the physical address He its network address that store the terminal of the WLAN (wireless local area network) being connected into described device build;
By described physical address M tsend to described first terminal, with the described physical address M making described first terminal send according to described equipment testablish a communications link with described second terminal.
In a kind of specific implementation of the present invention, described method also comprises:
Refusal forwards described ARP request.
In a kind of specific implementation of the present invention, described method also comprises:
Receive the ARP inquiry that described first terminal sends;
Refusal forwards described ARP inquiry.
In a kind of specific implementation of the present invention, described method also comprises:
The described ARP request that accumulative described first terminal sends and/or the number of times that described ARP inquires about;
When described number of times is greater than preset value, determine that described first terminal is that ARP attacks terminal.
In a kind of specific implementation of the present invention, describedly determine that described first terminal is that ARP attacks after terminal, also comprise:
The mark of described first terminal is stored in the abnormal terminals record sheet preset; Or,
The network cut off between described first terminal and the WLAN (wireless local area network) of described device build is connected; Or,
The described ARP request that the described first terminal of refusal response sends and/or described ARP inquire about.
In a kind of specific implementation of the present invention, described method also comprises:
Any terminal T that network is connected into request is sent according to described equipment xphysical address and the corresponding relation of the network address upgrade described default ARP list, wherein, described terminal T xthe network address be described equipment according to the regular allocation preset.
For achieving the above object, the embodiment of the invention also discloses a kind of device established a communications link, be applied to the equipment building WLAN (wireless local area network), it is characterized in that, described device comprises: ARP request reception unit, physical address obtain unit and physical address transmitting element;
Wherein, described ARP request reception unit, for receiving the ARP request for the second terminal that first terminal sends, wherein, comprise the network address of described second terminal in described ARP request, described first terminal and described second terminal have been connected into the WLAN (wireless local area network) of described device build all;
Described physical address obtains unit, for according to the network address of described second terminal comprised in described ARP request and the ARP list preset, obtains the physical address M of described second terminal t, wherein, described default ARP list is for the corresponding relation of the physical address He its network address that store the terminal of the WLAN (wireless local area network) being connected into described device build;
Described physical address transmitting element, for by described physical address M tsend to described first terminal, with the described physical address M making described first terminal send according to described equipment testablish a communications link with described second terminal.
In a kind of specific implementation of the present invention, described device also comprises: ARP request forward refusal unit, asks for refusing to forward described ARP.
In a kind of specific implementation of the present invention, described device also comprises: ARP inquire-receive unit and ARP inquiry forward refusal unit;
Wherein, described ARP inquire-receive unit, for receiving the ARP inquiry that described first terminal sends;
Described ARP inquiry forwards refusal unit, inquires about for refusing to forward described ARP.
In a kind of specific implementation of the present invention, described device also comprises: number of times accumulated unit and attack terminal determining unit;
Wherein, described number of times accumulated unit, the number of times that the described ARP request sent for accumulative described first terminal and/or described ARP inquire about;
Described attack terminal determining unit, for when described number of times is greater than preset value, determines that described first terminal is that ARP attacks terminal.
In a kind of specific implementation of the present invention, described device also comprises: exception processing unit,
For storing the mark of described first terminal in the abnormal terminals record sheet preset; Or
Be connected for the network cut off between described first terminal and the WLAN (wireless local area network) of described device build; Or
Described ARP for refusing to respond the transmission of described first terminal asks and/or described ARP inquires about.
In a kind of specific implementation of the present invention, described device also comprises: ARP list update unit, for sending according to described equipment any terminal T that network is connected into request xphysical address and the corresponding relation of the network address upgrade described default ARP list, wherein, described terminal T xthe network address be described equipment according to the regular allocation preset.
Visible, in the embodiment of the present invention, the equipment building WLAN (wireless local area network) receives the ARP request of first terminal transmission, the physical address that the network address of the second terminal comprised in asking with this ARP is corresponding is obtained from the ARP list preset, and this address is sent to first terminal, first terminal establishes a communications link according to this physical address and the second terminal, obtain from the ARP list that it prestores because this physical address is the said equipment, can ensure that the terminal established a communications link with first terminal is the second terminal like this, and then effectively can reduce the loss of data of first terminal in communication process, the fail safe of the information of first terminal can be improved.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
The schematic flow sheet of a kind of method established a communications link that Fig. 1 provides for the embodiment of the present invention;
The schematic flow sheet of the method that the another kind that Fig. 2 provides for the embodiment of the present invention establishes a communications link;
The schematic flow sheet of the method that the another kind that Fig. 3 provides for the embodiment of the present invention establishes a communications link;
The structural representation of a kind of device established a communications link that Fig. 4 provides for the embodiment of the present invention;
The structural representation of the device that the another kind that Fig. 5 provides for the embodiment of the present invention establishes a communications link;
The structural representation of the device that the another kind that Fig. 6 provides for the embodiment of the present invention establishes a communications link.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
The embodiment of the invention discloses a kind of method of establishing a communications link and device, relate to communication technical field, be applied to the equipment building WLAN (wireless local area network), the method comprises: receive the ARP request for the second terminal that first terminal sends, the network address of the second terminal comprised in asking according to this ARP and default ARP list, obtain the physical address M of the second terminal t, by this physical address M tsend to first terminal, with this physical address M making first terminal send according to the said equipment testablish a communications link with the second terminal.
Below by specific embodiment, the present invention is described in detail.
With reference to the schematic flow sheet of a kind of method established a communications link that figure 1, Fig. 1 provides for the embodiment of the present invention, the method is applied to the equipment building WLAN (wireless local area network), can comprise the steps:
S101: receive the ARP request for the second terminal that first terminal sends;
Wherein, comprise the network address of the second terminal in ARP request, and first terminal and the second terminal have been connected into the WLAN (wireless local area network) that the said equipment builds all.In the embodiment of the present invention, the information such as the network address of first terminal and physical address can also be comprised, so that the physical address obtained according to the network address of the second terminal is fed back to first terminal according to the network address of first terminal and physical address by the said equipment in ARP request.
S102: according to the network address and the default ARP list of described second terminal comprised in described ARP request, obtain the physical address M of described second terminal t;
Wherein, the ARP list preset is for storing the physical address of terminal and the corresponding relation of its network address that are connected into the WLAN (wireless local area network) that the said equipment builds.
In one particular embodiment of the present invention, this method established a communications link can also comprise:
Any terminal T that network is connected into request is sent according to the said equipment xphysical address and the corresponding relation of the network address upgrade the ARP list preset, wherein, terminal T xthe network address be the said equipment according to the regular allocation preset.
Suppose, be connected into request when last terminal a have sent network to the equipment b of above-mentioned structure wireless network, this network is connected in request the physical address 0a:1a:0a:00:1a comprising terminal a; The said equipment b receives after this network is connected into request, by DHCP (DynamicHostConfigurationProtocol, DHCP) distribute a network address 1.1.1.1 for terminal a, by physical address 0a:1a:0a:00:1a and network address 1.1.1.1 corresponding stored in ARP list, and the WLAN (wireless local area network) allowing this terminal a to be connected into the said equipment b to build.In addition, whenever having new terminal request to add this WLAN (wireless local area network), upgrade ARP list all according to the method described above, by the physical address of new terminal and network address corresponding stored in ARP list.If the network address that the physical address of the terminal stored in ARP list is corresponding there occurs change, upgrade the network address that the physical address of the terminal that this has stored is corresponding.
Concrete, be terminal distribution network address by DHCP, and safeguard according to aforesaid way and upgrade default ARP list, can effectively avoid the WLAN (wireless local area network) because storing in ARP request or the arp response ARP list that goes wrong and cause to be connected into the information errors of terminal, and then the terminal that impact has been connected into WLAN (wireless local area network) is normally surfed the Net.
S103: by described physical address M tsend to described first terminal.
It should be noted that, the physical address M that first terminal sends according to the said equipment testablish a communications link with the second terminal.
Suppose, the equipment b of above-mentioned structure WLAN (wireless local area network) accesses terminal according to WLAN (wireless local area network) the network address 1.1.1.1 of the second terminal comprised in ARP request that a sends, physical address 0a:1a:0a:00:1a corresponding to network address 1.1.1.1 is obtained from the ARP list preset, and this physical address 0a:1a:0a:00:1a is fed back to terminal a, terminal a, according to this physical address 0a:1a:0a:00:1a and network address 1.1.1.1, establishes a communications link with the second terminal.
In a kind of implementation of the present invention, can also improve first terminal side, first terminal is after the physical address received, judge whether this physical address is that the said equipment sends, only when determining that this physical address is the said equipment transmission, first terminal just second terminal corresponding with this physical address establishes a communications link, like this, more effectively can reduce the loss of data of first terminal in communication process, improve its Information Security.According to above-mentioned hypothesis, equipment b is while feedback physical address 0a:1a:0a:00:1a, can also by the physical address of equipment b, the network address or other can the identification feedback of indication equipment b to terminal a, facilitate whether the physical address that terminal a judges to receive is that the said equipment b sends like this, terminal a only when determine physical address that it receives be the said equipment b send physical address 0a:1a:0a:00:1a to establish a communications link Serial Communication of going forward side by side according to physical address 0a:1a:0a:00:1a and the second terminal.
In practical application, to access terminal the loss of data in communication process to reduce WLAN (wireless local area network), improve its Information Security, the above-mentioned method established a communications link can also comprise multiple implementation, concrete reference diagram 2, the schematic flow sheet of the method that the another kind that Fig. 2 provides for the embodiment of the present invention establishes a communications link, the method can also comprise step:
S104a: refusal forwards described ARP request.
In practical application, step S104a can occur after step slol, also can occur after step s 102, and can also occur after step s 103, the present invention does not limit this.
When the ARP request that above-mentioned ARP request sends for first terminal, step S104a occurs after step s 103, can ensure that first terminal can establish a communications link with the second terminal more fast, and refusal forwards the ARP request that first terminal sends; When step S104a occurs after step slol, can refuse fast to forward ARP request, fault is sent in order to avoid to set up in the process communicated with the second terminal at first terminal, cause ARP to ask to send to the second terminal by mistake, now, if the physical address stored during this ARP asks is the physical address of mistake, the terminal causing the second terminal with mistake is set up and is communicated by this, and then causes the loss of data of the second terminal.
Suppose, current have access terminal a, terminal a of a WLAN (wireless local area network) to have sent an ARP request to the equipment b of above-mentioned structure WLAN (wireless local area network), and when the said equipment b receives after this ARP asks, refusal forwards this ARP and asks.The abnormal ARP request can effectively avoiding abnormal WLAN (wireless local area network) to access terminal like this sending is received by other-end, and then can effectively avoid other WLAN (wireless local area network) to access terminal accessing terminal to set up with the network address and abnormal WLAN (wireless local area network) according to the physical address comprised in this abnormal ARP request communicating, cause WLAN (wireless local area network) to access terminal loss of data.
In addition, the above-mentioned method established a communications link can also comprise:
Receive the ARP inquiry that first terminal sends;
Refusal forwards ARP inquiry.
Concrete, above-mentioned ARP request and above-mentioned ARP inquiry are the one of ARP packet, and ARP packet can also be ARP broadcast or arp response, and the application does not limit this.
It should be noted that, above-mentioned ARP packet can be that any terminal being connected into the WLAN (wireless local area network) that the said equipment builds sends, that is this terminal can be above-mentioned first terminal, also can be the other-end outside first terminal, the said equipment is all refused to forward any ARP packet, farthest can ensure the safety of WLAN (wireless local area network) information of access terminal.
In practical application, the above-mentioned method established a communications link can also comprise multiple implementation, the schematic flow sheet of the method that concrete reference diagram 3, Fig. 3 establishes a communications link for another kind that the embodiment of the present invention provides, and the method can comprise step:
S104b: the described ARP request that accumulative described first terminal sends and/or the number of times that described ARP inquires about;
S105b: when described number of times is greater than preset value, determines that described first terminal is that ARP attacks terminal.
In practical application, step S104b can occur after step slol, also can occur after step s 102, and can also occur after step s 103, the present invention does not limit this.
When above-mentioned steps S104b occurs after step s 103, can ensure that first terminal can establish a communications link with the second terminal more fast; When step S104b occurs after step slol, can judge whether first terminal is that ARP attacks terminal fast, in order to avoid when first terminal is ARP attack terminal, first terminal is set up with the second terminal and communicated, and causes the loss of data of the second terminal.
In addition, in the better implementation of one of the present invention, after determining that first terminal is ARP attack terminal, can also comprise:
The mark of first terminal is stored in the abnormal terminals record sheet preset; Or,
The network cut off between whole first terminal and the WLAN (wireless local area network) of the device build of above-mentioned structure WLAN (wireless local area network) is connected; Or,
The ARP request that refusal response first terminal sends and/or ARP inquiry.
Suppose, preset value is 20, and access terminal a many times of WLAN (wireless local area network) sends ARP request, and wherein, the number of times that request and other-end establish a communications link is 21, because 21 are greater than 20, therefore determines that terminal a is for attacking terminal.WLAN (wireless local area network) accesses terminal and can not send ARP request or the ARP packet such as ARP inquiry in a large number under normal circumstances, request and other-end establish a communications link or automatically send arp response, when therefore sending the ARP packets such as ARP request or ARP inquiry in a large number in discovery one terminal, generally can think that this terminal is that ARP attacks terminal.According to above-mentioned hypothesis, determine terminal a for after attack terminal, then can by the mark of terminal a stored in the abnormal terminals record sheet preset, its WLAN (wireless local area network) built has been connected into according to the data management in this record sheet to facilitate the equipment for building WLAN (wireless local area network), here the mark of terminal a can be the physical address of this terminal, also can be the network address of this terminal; After determining terminal a safety, the mark of terminal a can also be removed, to ensure the normal access to netwoks of terminal a from the abnormal terminals record sheet preset.In order to ensure the safety of the information that all WLAN (wireless local area network) access terminal, embodiments provide another kind of implementation, determining terminal a for attacking after terminal, the network that directly can cut off terminal a connects, and forbids the network that this terminal is connected into the said equipment and builds.In order to ensure the safety of the information that all WLAN (wireless local area network) access terminal, the embodiment of the present invention additionally provides a kind of implementation, determining terminal a for attacking after terminal, the network that can not cut off terminal a connects, but the ARP request that refusal response terminal a sends, the normal accessed web page of terminal a can be ensured like this, but can not attack to other initiation ARP that access terminal.
It should be noted that, the WLAN (wireless local area network) related in the present embodiment accesses terminal and can be understood as: the terminal being connected into the WLAN (wireless local area network) constructed by equipment building WLAN (wireless local area network).
Apply each embodiment above-mentioned, the equipment building WLAN (wireless local area network) receives the ARP request of first terminal transmission, the physical address that the network address of the second terminal comprised in asking with this ARP is corresponding is obtained from the ARP list preset, and this address is sent to first terminal, first terminal establishes a communications link according to this physical address and the second terminal, obtain from the ARP list that it prestores because this physical address is the said equipment, can ensure that the terminal established a communications link with first terminal is the second terminal like this, and then effectively can reduce the loss of data of first terminal in communication process, the fail safe of the information of first terminal can be improved.
Corresponding with the above-mentioned method established a communications link, the embodiment of the present invention additionally provides a kind of device established a communications link.
The structural representation of a kind of device established a communications link that Fig. 4 provides for the embodiment of the present invention, corresponding with the flow process shown in Fig. 1, be applied to the equipment building WLAN (wireless local area network), this device can comprise: ARP request reception unit 401, physical address obtain unit 402 and physical address transmitting element 403.
Wherein, ARP request reception unit 401, for receiving the ARP request for the second terminal that WLAN (wireless local area network) access first terminal sends.Here, comprise the network address of the second terminal in ARP request, first terminal and the second terminal have been connected into the WLAN (wireless local area network) that the said equipment builds all.
In the embodiment of the present invention, the information such as the network address of first terminal and physical address can also be comprised, so that the physical address obtained according to the network address of the second terminal is fed back to first terminal according to the network address of first terminal and physical address by the said equipment in ARP request.
Physical address obtains unit 402, for according to the network address of the second terminal comprised in ARP request and the ARP list preset, obtains the physical address M of the second terminal t.Here, the ARP list preset is for storing the physical address of terminal and the corresponding relation of its network address that are connected into the WLAN (wireless local area network) that the said equipment builds.
In one particular embodiment of the present invention, this device established a communications link can also comprise: ARP list update unit (not shown in Fig. 4).
Wherein, ARP list update unit, for sending according to the said equipment any terminal T that network is connected into request xphysical address and the corresponding relation of the network address upgrade the ARP list preset.Here, terminal T xthe network address be the said equipment according to the regular allocation preset.
Suppose, be connected into request when last terminal a have sent network to the equipment b of above-mentioned structure wireless network, this network is connected in request the physical address 0a:1a:0a:00:1a comprising terminal a; The said equipment b receives after this network is connected into request, by DHCP (DynamicHostConfigurationProtocol, DHCP) distribute a network address 1.1.1.1 for terminal a, ARP list update unit by physical address 0a:1a:0a:00:1a and network address 1.1.1.1 corresponding stored in ARP list, and the WLAN (wireless local area network) allowing this terminal a to be connected into the said equipment b to build.In addition, whenever having new terminal request to add this WLAN (wireless local area network), ARP list update unit upgrades ARP list all according to the method described above, by the physical address of new terminal and network address corresponding stored in ARP list.If the network address that the physical address of the terminal stored in ARP list is corresponding there occurs change, ARP list update unit upgrades the network address corresponding to the physical address of the terminal that this has stored.
Concrete, be terminal distribution network address by DHCP, and safeguard according to aforesaid way and upgrade default ARP list, can effectively avoid the WLAN (wireless local area network) because storing in ARP request or the arp response ARP list that goes wrong and cause to be connected into the information errors of terminal, and then the terminal that impact has been connected into WLAN (wireless local area network) is normally surfed the Net.
Physical address transmitting element 403, for by physical address M tsend to first terminal.
It should be noted that, the physical address M that first terminal sends according to the said equipment testablish a communications link with the second terminal.
Suppose, the equipment b of above-mentioned structure WLAN (wireless local area network) accesses terminal according to WLAN (wireless local area network) the network address 1.1.1.1 of the second terminal comprised in ARP request that a sends, physical address 0a:1a:0a:00:1a corresponding to network address 1.1.1.1 is obtained from the ARP list preset, this physical address 0a:1a:0a:00:1a is fed back to terminal a by physical address transmitting element 203, terminal a, according to this physical address 0a:1a:0a:00:1a and network address 1.1.1.1, establishes a communications link with the second terminal.
In a kind of implementation of the present invention, can also improve first terminal side, first terminal is after the physical address received, judge whether this physical address is that the said equipment sends, only when determining that this physical address is the said equipment transmission, first terminal just second terminal corresponding with this physical address establishes a communications link, like this, more effectively can reduce the loss of data of first terminal in communication process, improve its Information Security.According to above-mentioned hypothesis, physical address transmitting element 203 in equipment b is while feedback physical address 0a:1a:0a:00:1a, can also by the physical address of equipment b, the network address or other can the identification feedback of indication equipment b to terminal a, facilitate whether the physical address that terminal a judges to receive is that the said equipment b sends like this, terminal a only when determine physical address that it receives be the said equipment b send physical address 0a:1a:0a:00:1a to establish a communications link Serial Communication of going forward side by side according to physical address 0a:1a:0a:00:1a and the second terminal.
In practical application, to access terminal the loss of data in communication process to reduce WLAN (wireless local area network), improve its Information Security, this device established a communications link can also comprise multiple implementation, concrete reference diagram 5, the structural representation of the device that the another kind that Fig. 5 provides for the embodiment of the present invention establishes a communications link, corresponding with the flow process shown in Fig. 2, this device can comprise: ARP request reception unit 401, physical address obtain unit 402, physical address transmitting element 403, ARP request forward refusal unit 404a.
Wherein, packet forwards refusal unit 404a, forwards ARP request for refusing.
Suppose, current have access terminal a, terminal a of a WLAN (wireless local area network) to have sent an ARP request to the equipment b of above-mentioned structure WLAN (wireless local area network), and when the said equipment b receives after this ARP asks, refusal forwards this ARP and asks.The abnormal ARP request can effectively avoiding abnormal WLAN (wireless local area network) to access terminal like this sending is received by other-end, and then can effectively avoid other WLAN (wireless local area network) to access terminal accessing terminal to set up with the network address and abnormal WLAN (wireless local area network) according to the physical address comprised in this abnormal ARP request communicating, cause WLAN (wireless local area network) to access terminal loss of data.
In addition, the above-mentioned device established a communications link can also comprise: ARP inquire-receive unit and ARP inquiry forward refusal unit (not shown in Fig. 5).
Wherein, ARP inquire-receive unit, for receiving the ARP inquiry that first terminal sends.
ARP inquiry forwards refusal unit, forwards ARP inquiry for refusing.
Concrete, above-mentioned ARP request and above-mentioned ARP inquiry are the one of ARP packet, and ARP packet can also be ARP broadcast or arp response, and the application does not limit this.
It should be noted that, above-mentioned ARP packet can be that any terminal being connected into the WLAN (wireless local area network) that the said equipment builds sends, that is this terminal can be above-mentioned first terminal, also can be the other-end outside first terminal, and the said equipment is all refused to forward.
In addition, this device established a communications link can also comprise in practical application, this device established a communications link can also comprise multiple implementation, concrete reference diagram 6, the structural representation of the device that the another kind that Fig. 6 provides for the embodiment of the present invention establishes a communications link, corresponding with the flow process shown in Fig. 3, this device can comprise: ARP request reception unit 401, physical address obtain unit 402, physical address transmitting element 403, number of times accumulated unit 404b and attack terminal determining unit 405b.
Wherein, number of times accumulated unit 404b, the ARP request sent for accumulative first terminal and/or the number of times of ARP inquiry.
Attack terminal determining unit 405b, for when number of times is greater than preset value, determine that first terminal is that ARP attacks terminal.
In addition, in the better implementation of one of the present invention, this device can also comprise: exception processing unit (not shown in Fig. 6).
Wherein, exception processing unit, is used in the mark storing first terminal in default abnormal terminals record sheet; Or
Be connected for the network cut off between WLAN (wireless local area network) that first terminal and the said equipment build; Or
For refusing the ARP request and/or the ARP inquiry that respond first terminal transmission.
Suppose, preset value is 20, and access terminal a many times of WLAN (wireless local area network) sends ARP request, wherein, number recording unit record terminal a asks the number of times established a communications link with other-end to be 21, because 21 are greater than 20, therefore attacks terminal determining unit determination terminal a for attacking terminal.WLAN (wireless local area network) accesses terminal and can not send ARP request or the ARP packet such as ARP inquiry in a large number under normal circumstances, request and other-end establish a communications link or automatically send arp response, when therefore sending the ARP packets such as ARP request or ARP inquiry in a large number in discovery one terminal, generally can think that this terminal is that ARP attacks terminal.According to above-mentioned hypothesis, determine terminal a for after attack terminal, abnormal terminals record cell by the mark of terminal a stored in preset abnormal terminals record sheet in, its WLAN (wireless local area network) built has been connected into according to the data management in this record sheet to facilitate the equipment for building WLAN (wireless local area network), here the mark of terminal a can be the physical address of this terminal, also can be the network address of this terminal; After determining terminal a safety, the mark of terminal a can also be removed, to ensure the normal access to netwoks of terminal a from the abnormal terminals record sheet preset.In order to ensure the safety of the information that all WLAN (wireless local area network) access terminal, embodiments provide another kind of implementation, determining terminal a for attacking after terminal, network connects the network connection that cutting unit directly can cut off terminal a, forbids that this terminal is connected into the network of the said equipment structure.In order to ensure the safety of the information that all WLAN (wireless local area network) access terminal, the embodiment of the present invention additionally provides a kind of implementation, determining terminal a for attacking after terminal, the network that ARP request refusal unit does not cut off terminal a connects, but the ARP request that refusal response terminal a sends, the normal accessed web page of terminal a can be ensured like this, but can not attack to other initiation ARP that access terminal.
It should be noted that, the WLAN (wireless local area network) related in the present embodiment accesses terminal and can be understood as: the terminal being connected into the WLAN (wireless local area network) constructed by equipment building WLAN (wireless local area network).
Apply each embodiment above-mentioned, the equipment building WLAN (wireless local area network) receives the ARP request of first terminal transmission, the physical address that the network address of the second terminal comprised in asking with this ARP is corresponding is obtained from the ARP list preset, and this address is sent to first terminal, first terminal establishes a communications link according to this physical address and the second terminal, obtain from the ARP list that it prestores because this physical address is the said equipment, can ensure that the terminal established a communications link with first terminal is the second terminal like this, and then effectively can reduce the loss of data of first terminal in communication process, the fail safe of the information of first terminal can be improved.
For device embodiment, because it is substantially similar to embodiment of the method, so description is fairly simple, relevant part illustrates see the part of embodiment of the method.
It should be noted that, in this article, the such as relational terms of first and second grades and so on is only used for an entity or operation to separate with another entity or operating space, and not necessarily requires or imply the relation that there is any this reality between these entities or operation or sequentially.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, article or equipment and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, article or equipment.When not more restrictions, the key element limited by statement " comprising ... ", and be not precluded within process, method, article or the equipment comprising described key element and also there is other identical element.
One of ordinary skill in the art will appreciate that all or part of step realized in said method execution mode is that the hardware that can carry out instruction relevant by program has come, described program can be stored in computer read/write memory medium, here the alleged storage medium obtained, as: ROM/RAM, magnetic disc, CD etc.
The foregoing is only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention.All any amendments done within the spirit and principles in the present invention, equivalent replacement, improvement etc., be all included in protection scope of the present invention.

Claims (10)

1. the method established a communications link, be applied to the equipment building WLAN (wireless local area network), it is characterized in that, described method comprises step:
Receive the ARP request for the second terminal that first terminal sends, wherein, comprise the network address of described second terminal in described ARP request, described first terminal and described second terminal have been connected into the WLAN (wireless local area network) of described device build all;
According to the network address and the default ARP list of described second terminal comprised in described ARP request, obtain the physical address M of described second terminal t, wherein, described default ARP list is for the corresponding relation of the physical address He its network address that store the terminal of the WLAN (wireless local area network) being connected into described device build;
By described physical address M tsend to described first terminal, with the described physical address M making described first terminal send according to described equipment testablish a communications link with described second terminal.
2. method according to claim 1, is characterized in that, described method also comprises:
Refusal forwards described ARP request.
3. method according to claim 1, is characterized in that, described method also comprises:
Receive the ARP inquiry that described first terminal sends;
Refusal forwards described ARP inquiry.
4. method according to claim 3, is characterized in that, described method also comprises:
The described ARP request that accumulative described first terminal sends and/or the number of times that described ARP inquires about;
When described number of times is greater than preset value, determine that described first terminal is that ARP attacks terminal.
5. method according to claim 4, is characterized in that, describedly determines that described first terminal is that ARP attacks after terminal, also comprises:
The mark of described first terminal is stored in the abnormal terminals record sheet preset; Or,
The network cut off between described first terminal and the WLAN (wireless local area network) of described device build is connected; Or,
The described ARP request that the described first terminal of refusal response sends and/or described ARP inquire about.
6. method according to claim 1, is characterized in that, described method also comprises:
Any terminal T that network is connected into request is sent according to described equipment xphysical address and the corresponding relation of the network address upgrade described default ARP list, wherein, described terminal T xthe network address be described equipment according to the regular allocation preset.
7. the device established a communications link, be applied to the equipment building WLAN (wireless local area network), it is characterized in that, described device comprises: ARP request reception unit, physical address obtain unit and physical address transmitting element;
Wherein, described ARP request reception unit, for receiving the ARP request for the second terminal that first terminal sends, wherein, comprise the network address of described second terminal in described ARP request, described first terminal and described second terminal have been connected into the WLAN (wireless local area network) of described device build all;
Described physical address obtains unit, for according to the network address of described second terminal comprised in described ARP request and the ARP list preset, obtains the physical address M of described second terminal t, wherein, described default ARP list is for the corresponding relation of the physical address He its network address that store the terminal of the WLAN (wireless local area network) being connected into described device build;
Described physical address transmitting element, for by described physical address M tsend to described first terminal, with the described physical address M making described first terminal send according to described equipment testablish a communications link with described second terminal.
8. device according to claim 7, is characterized in that, described device also comprises: ARP request forward refusal unit, asks for refusing to forward described ARP.
9. device according to claim 7, is characterized in that, described device also comprises: ARP inquire-receive unit and ARP inquiry forward refusal unit;
Wherein, described ARP inquire-receive unit, for receiving the ARP inquiry that described first terminal sends;
Described ARP inquiry forwards refusal unit, inquires about for refusing to forward described ARP.
10. device according to claim 9, is characterized in that, described device also comprises: number of times accumulated unit and attack terminal determining unit;
Wherein, described number of times accumulated unit, the number of times that the described ARP request sent for accumulative described first terminal and/or described ARP inquire about;
Described attack terminal determining unit, for when described number of times is greater than preset value, determines that described first terminal is that ARP attacks terminal.
CN201510869055.0A 2015-11-30 2015-11-30 Method and device for establishing communication connection Pending CN105517188A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510869055.0A CN105517188A (en) 2015-11-30 2015-11-30 Method and device for establishing communication connection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510869055.0A CN105517188A (en) 2015-11-30 2015-11-30 Method and device for establishing communication connection

Publications (1)

Publication Number Publication Date
CN105517188A true CN105517188A (en) 2016-04-20

Family

ID=55724719

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510869055.0A Pending CN105517188A (en) 2015-11-30 2015-11-30 Method and device for establishing communication connection

Country Status (1)

Country Link
CN (1) CN105517188A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102075591A (en) * 2010-12-21 2011-05-25 华为技术有限公司 Method, device and system for acquiring media access control address
CN102427460A (en) * 2011-12-29 2012-04-25 深信服网络科技(深圳)有限公司 Multistage detection and defense method to ARP spoof
CN103024851A (en) * 2012-11-23 2013-04-03 福建星网锐捷网络有限公司 Wireless-network based message transmission method, device and network equipment
CN103248720A (en) * 2012-02-13 2013-08-14 中兴通讯股份有限公司 Method and device for inquiring physical address
CN103685610A (en) * 2013-12-25 2014-03-26 上海寰创通信科技股份有限公司 Method for achieving Address Resolution Protocol (ARP) proxy
US20140269729A1 (en) * 2011-11-29 2014-09-18 Huawei Technologies Co., Ltd. Packet forwarding method, apparatus, and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102075591A (en) * 2010-12-21 2011-05-25 华为技术有限公司 Method, device and system for acquiring media access control address
US20140269729A1 (en) * 2011-11-29 2014-09-18 Huawei Technologies Co., Ltd. Packet forwarding method, apparatus, and system
CN102427460A (en) * 2011-12-29 2012-04-25 深信服网络科技(深圳)有限公司 Multistage detection and defense method to ARP spoof
CN103248720A (en) * 2012-02-13 2013-08-14 中兴通讯股份有限公司 Method and device for inquiring physical address
CN103024851A (en) * 2012-11-23 2013-04-03 福建星网锐捷网络有限公司 Wireless-network based message transmission method, device and network equipment
CN103685610A (en) * 2013-12-25 2014-03-26 上海寰创通信科技股份有限公司 Method for achieving Address Resolution Protocol (ARP) proxy

Similar Documents

Publication Publication Date Title
EP3614786B1 (en) Data transmission method and apparatus
CN101340444B (en) Fireproof wall and server policy synchronization method, system and apparatus
EP3352431B1 (en) Network load balance processing system, method, and apparatus
US11102170B2 (en) Route delivery method and device
US9479611B2 (en) Method, device, and system for implementing communication after virtual machine migration
EP2993838A1 (en) Method for setting identity of gateway device and management gateway device
CN102571996B (en) IP (Internet Protocol) address assignment method, IP address assignment device and network system
JP2005286883A (en) Packet relay device and address assignment method thereof
CN105245629A (en) DHCP-based host communication method and device
CN102572005A (en) IP address allocation method and equipment
US10693967B2 (en) Data connection establishment method, server, and mobile terminal
WO2017177798A1 (en) Method and system for discovering cloud access controller by access point
CN106533973B (en) Method, equipment and system for distributing service message
US20140095733A1 (en) Method and device for controlling address configuration mode
CN110798546A (en) DUID-based DHCP client access authentication method
CN102710452B (en) Method and device for managing visit of multiple clients
CN110535947B (en) Storage device cluster configuration node switching method, device and equipment
CN102624937A (en) Method, equipment and system for IP address configuration
CN101909007B (en) Production method, device and network equipment of binding table
JP2003078541A (en) Network connecting device, system, and method
CN102523316B (en) A kind of address distribution method and equipment
RU2693903C1 (en) Method, apparatus and processing system for expanded port
CN111669309B (en) VxLAN establishing method, wireless controller and switch
CN109120738B (en) DHCP server and method for managing network internal equipment
CN105517188A (en) Method and device for establishing communication connection

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20181213

Address after: Room 105-53811, No. 6 Baohua Road, Hengqin New District, Zhuhai City, Guangdong Province

Applicant after: Zhuhai Leopard Technology Co.,Ltd.

Address before: 519070, six level 601F, 10 main building, science and technology road, Tangjia Bay Town, Zhuhai, Guangdong.

Applicant before: Zhuhai Juntian Electronic Technology Co.,Ltd.

Applicant before: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd.

TA01 Transfer of patent application right
RJ01 Rejection of invention patent application after publication

Application publication date: 20160420

RJ01 Rejection of invention patent application after publication