CN106487742B - 用于验证源地址有效性的方法及装置 - Google Patents
用于验证源地址有效性的方法及装置 Download PDFInfo
- Publication number
- CN106487742B CN106487742B CN201510524597.4A CN201510524597A CN106487742B CN 106487742 B CN106487742 B CN 106487742B CN 201510524597 A CN201510524597 A CN 201510524597A CN 106487742 B CN106487742 B CN 106487742B
- Authority
- CN
- China
- Prior art keywords
- terminal
- source address
- dynamic host
- host configuration
- confirmation response
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 230000004044 response Effects 0.000 claims abstract description 57
- 238000012790 confirmation Methods 0.000 claims abstract description 24
- 238000012795 verification Methods 0.000 claims abstract description 22
- 238000004088 simulation Methods 0.000 claims description 25
- 230000006872 improvement Effects 0.000 claims description 4
- 230000006855 networking Effects 0.000 abstract description 8
- 230000008569 process Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 5
- 238000004590 computer program Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 2
- 230000009977 dual effect Effects 0.000 description 2
- 230000015654 memory Effects 0.000 description 2
- 230000008447 perception Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000005291 magnetic effect Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 229920001690 polydopamine Polymers 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 230000003936 working memory Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/5014—Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/622—Layer-2 addresses, e.g. medium access control [MAC] addresses
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
Description
Claims (12)
Priority Applications (10)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510524597.4A CN106487742B (zh) | 2015-08-24 | 2015-08-24 | 用于验证源地址有效性的方法及装置 |
TW105107430A TWI706648B (zh) | 2015-08-24 | 2016-03-10 | 用於驗證源位址有效性的方法及裝置 |
US15/243,507 US10135784B2 (en) | 2015-08-24 | 2016-08-22 | Verifying source addresses associated with a terminal |
CA2993282A CA2993282C (en) | 2015-08-24 | 2016-08-23 | Verifying source addresses associated with a terminal |
BR112018001516-4A BR112018001516A2 (pt) | 2015-08-24 | 2016-08-23 | método, produto de programa de computador e sistema de verificação de endereços fonte associados a um terminal |
EP16839993.9A EP3342128B1 (en) | 2015-08-24 | 2016-08-23 | Verifying source addresses associated with a terminal |
JP2018503630A JP6553805B2 (ja) | 2015-08-24 | 2016-08-23 | 端末に関連付けられているソースアドレスの検証 |
AU2016313650A AU2016313650B2 (en) | 2015-08-24 | 2016-08-23 | Verifying source addresses associated with a terminal |
KR1020187002299A KR102018490B1 (ko) | 2015-08-24 | 2016-08-23 | 단말기와 연관된 소스 어드레스들을 검증 |
PCT/US2016/048213 WO2017035151A1 (en) | 2015-08-24 | 2016-08-23 | Verifying source addresses associated with a terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510524597.4A CN106487742B (zh) | 2015-08-24 | 2015-08-24 | 用于验证源地址有效性的方法及装置 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106487742A CN106487742A (zh) | 2017-03-08 |
CN106487742B true CN106487742B (zh) | 2020-01-03 |
Family
ID=58096232
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510524597.4A Active CN106487742B (zh) | 2015-08-24 | 2015-08-24 | 用于验证源地址有效性的方法及装置 |
Country Status (10)
Country | Link |
---|---|
US (1) | US10135784B2 (zh) |
EP (1) | EP3342128B1 (zh) |
JP (1) | JP6553805B2 (zh) |
KR (1) | KR102018490B1 (zh) |
CN (1) | CN106487742B (zh) |
AU (1) | AU2016313650B2 (zh) |
BR (1) | BR112018001516A2 (zh) |
CA (1) | CA2993282C (zh) |
TW (1) | TWI706648B (zh) |
WO (1) | WO2017035151A1 (zh) |
Families Citing this family (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105635067B (zh) * | 2014-11-04 | 2019-11-15 | 华为技术有限公司 | 报文发送方法及装置 |
JP2017143497A (ja) * | 2016-02-12 | 2017-08-17 | 富士通株式会社 | パケット転送装置及びパケット転送方法 |
CN107222856B (zh) * | 2017-06-16 | 2020-01-21 | 北京星网锐捷网络技术有限公司 | 一种在无线控制器ac间漫游的实现方法和装置 |
US10547587B2 (en) | 2018-03-19 | 2020-01-28 | Didi Research America, Llc | Method and system for near real-time IP user mapping |
CN108965241A (zh) * | 2018-05-28 | 2018-12-07 | 清华大学 | 基于无线局域网的源地址验证方法 |
CN109089263B (zh) * | 2018-07-25 | 2021-07-30 | 新华三技术有限公司 | 一种报文处理方法及装置 |
CN109150895A (zh) * | 2018-09-13 | 2019-01-04 | 清华大学 | 一种软件定义网络的域内源地址的验证方法 |
US11016793B2 (en) * | 2018-11-26 | 2021-05-25 | Red Hat, Inc. | Filtering based containerized virtual machine networking |
CN111200611B (zh) * | 2020-01-06 | 2021-02-23 | 清华大学 | 基于边界接口等价类的域内源地址验证方法及装置 |
CN111740961B (zh) * | 2020-05-26 | 2022-02-22 | 北京华三通信技术有限公司 | 通信方法及装置 |
CN112688958B (zh) * | 2020-12-30 | 2023-03-21 | 联想未来通信科技(重庆)有限公司 | 一种信息处理方法及电子设备 |
CN112929279B (zh) * | 2021-03-09 | 2021-11-30 | 清华大学 | 互联网域内源地址验证表的分布式生成方法和装置 |
CN113132364A (zh) * | 2021-04-07 | 2021-07-16 | 中国联合网络通信集团有限公司 | Arp拟制表项的生成方法、电子设备 |
CN115002071A (zh) * | 2022-05-25 | 2022-09-02 | 深信服科技股份有限公司 | 一种信息更新方法、装置、设备及可读存储介质 |
CN117201050A (zh) * | 2022-06-01 | 2023-12-08 | 华为技术有限公司 | 一种源地址验证的方法、网络设备及通信系统 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101150582A (zh) * | 2007-10-22 | 2008-03-26 | 华为技术有限公司 | 分配配置信息的方法和设备 |
CN101605070A (zh) * | 2009-07-10 | 2009-12-16 | 清华大学 | 基于控制报文监听的源地址验证方法及装置 |
CN101917444A (zh) * | 2010-08-25 | 2010-12-15 | 福建星网锐捷网络有限公司 | 一种ip源地址绑定表项的创建方法、装置及交换机 |
CN102413044A (zh) * | 2011-11-16 | 2012-04-11 | 华为技术有限公司 | 一种DHCP Snooping绑定表生成的方法、装置、设备及系统 |
Family Cites Families (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5802320A (en) * | 1995-05-18 | 1998-09-01 | Sun Microsystems, Inc. | System for packet filtering of data packets at a computer network interface |
US5790548A (en) | 1996-04-18 | 1998-08-04 | Bell Atlantic Network Services, Inc. | Universal access multimedia data network |
US20030208616A1 (en) | 2002-05-01 | 2003-11-06 | Blade Software, Inc. | System and method for testing computer network access and traffic control systems |
US20040153665A1 (en) * | 2003-02-03 | 2004-08-05 | Logan Browne | Wireless network control and protection system |
US7523485B1 (en) | 2003-05-21 | 2009-04-21 | Foundry Networks, Inc. | System and method for source IP anti-spoofing security |
US7516487B1 (en) * | 2003-05-21 | 2009-04-07 | Foundry Networks, Inc. | System and method for source IP anti-spoofing security |
US7769994B2 (en) | 2003-08-13 | 2010-08-03 | Radware Ltd. | Content inspection in secure networks |
JP4320603B2 (ja) * | 2004-02-26 | 2009-08-26 | 日本電気株式会社 | 加入者回線収容装置およびパケットフィルタリング方法 |
JP2006020085A (ja) * | 2004-07-01 | 2006-01-19 | Fujitsu Ltd | ネットワークシステム、ネットワークブリッジ装置、ネットワーク管理装置およびネットワークアドレス解決方法 |
JP2006197094A (ja) * | 2005-01-12 | 2006-07-27 | Matsushita Electric Ind Co Ltd | 通信システム |
GB2423448B (en) | 2005-02-18 | 2007-01-10 | Ericsson Telefon Ab L M | Host identity protocol method and apparatus |
US7929452B2 (en) * | 2005-06-30 | 2011-04-19 | Intel Corporation | Internet protocol (IP) address sharing and platform dynamic host configuration protocol (DHCP) mediator |
CN1992736A (zh) * | 2005-12-30 | 2007-07-04 | 西门子(中国)有限公司 | Ip地址分配方法及其应用 |
US7653063B2 (en) * | 2007-01-05 | 2010-01-26 | Cisco Technology, Inc. | Source address binding check |
US8756337B1 (en) * | 2007-08-03 | 2014-06-17 | Hewlett-Packard Development Company, L.P. | Network packet inspection flow management |
JP5174747B2 (ja) * | 2009-06-18 | 2013-04-03 | 株式会社日立製作所 | 計算機システムおよび管理装置 |
JP5364671B2 (ja) * | 2010-10-04 | 2013-12-11 | アラクサラネットワークス株式会社 | ネットワーク認証における端末接続状態管理 |
US9112710B2 (en) * | 2010-10-05 | 2015-08-18 | Cisco Technology, Inc. | System and method for providing smart grid communications and management |
WO2013105991A2 (en) * | 2011-02-17 | 2013-07-18 | Sable Networks, Inc. | Methods and systems for detecting and mitigating a high-rate distributed denial of service (ddos) attack |
US8938528B2 (en) * | 2011-11-08 | 2015-01-20 | Hitachi, Ltd. | Computer system, and method for managing resource pool information |
US9015852B2 (en) | 2012-04-30 | 2015-04-21 | Cisco Technology, Inc. | Protecting address resolution protocol neighbor discovery cache against denial of service attacks |
JP2017017631A (ja) * | 2015-07-03 | 2017-01-19 | 富士通株式会社 | パケット伝送装置、通信ネットワークシステム、及び、アドレス割当確認方法 |
-
2015
- 2015-08-24 CN CN201510524597.4A patent/CN106487742B/zh active Active
-
2016
- 2016-03-10 TW TW105107430A patent/TWI706648B/zh not_active IP Right Cessation
- 2016-08-22 US US15/243,507 patent/US10135784B2/en active Active
- 2016-08-23 WO PCT/US2016/048213 patent/WO2017035151A1/en unknown
- 2016-08-23 EP EP16839993.9A patent/EP3342128B1/en active Active
- 2016-08-23 BR BR112018001516-4A patent/BR112018001516A2/pt not_active Application Discontinuation
- 2016-08-23 KR KR1020187002299A patent/KR102018490B1/ko active IP Right Grant
- 2016-08-23 AU AU2016313650A patent/AU2016313650B2/en not_active Ceased
- 2016-08-23 CA CA2993282A patent/CA2993282C/en not_active Expired - Fee Related
- 2016-08-23 JP JP2018503630A patent/JP6553805B2/ja active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101150582A (zh) * | 2007-10-22 | 2008-03-26 | 华为技术有限公司 | 分配配置信息的方法和设备 |
CN101605070A (zh) * | 2009-07-10 | 2009-12-16 | 清华大学 | 基于控制报文监听的源地址验证方法及装置 |
CN101917444A (zh) * | 2010-08-25 | 2010-12-15 | 福建星网锐捷网络有限公司 | 一种ip源地址绑定表项的创建方法、装置及交换机 |
CN102413044A (zh) * | 2011-11-16 | 2012-04-11 | 华为技术有限公司 | 一种DHCP Snooping绑定表生成的方法、装置、设备及系统 |
Also Published As
Publication number | Publication date |
---|---|
KR102018490B1 (ko) | 2019-09-06 |
AU2016313650A1 (en) | 2018-02-08 |
US10135784B2 (en) | 2018-11-20 |
JP2018525907A (ja) | 2018-09-06 |
KR20180021837A (ko) | 2018-03-05 |
TWI706648B (zh) | 2020-10-01 |
EP3342128A4 (en) | 2019-04-17 |
AU2016313650B2 (en) | 2019-03-21 |
BR112018001516A2 (pt) | 2020-12-01 |
JP6553805B2 (ja) | 2019-07-31 |
US20170063680A1 (en) | 2017-03-02 |
EP3342128A1 (en) | 2018-07-04 |
CA2993282C (en) | 2020-04-28 |
EP3342128B1 (en) | 2021-02-24 |
WO2017035151A1 (en) | 2017-03-02 |
CA2993282A1 (en) | 2017-03-02 |
TW201709698A (zh) | 2017-03-01 |
CN106487742A (zh) | 2017-03-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106487742B (zh) | 用于验证源地址有效性的方法及装置 | |
CN104137511B (zh) | 用于安全协议的动态选择的方法、设备和客户端设备 | |
WO2017107732A1 (zh) | 登录状态同步方法和系统 | |
US20180019961A1 (en) | Message processing method, processing server, terminal, and storage medium | |
CN105704091B (zh) | 一种基于ssh协议的会话解析方法及系统 | |
US9774642B2 (en) | Method and device for pushing multimedia resource and display terminal | |
CN109756896B (zh) | 一种信息处理方法、网络设备及计算机可读存储介质 | |
JP2019508796A (ja) | データ同期方法、装置及びシステム | |
KR101341256B1 (ko) | 네트워크의 접속 보안 강화 장치 및 방법 | |
CN106535219B (zh) | 一种用户信息回填方法及装置 | |
US8924478B2 (en) | Virtual desktop infrastructure (VDI) login acceleration | |
CN104168140B (zh) | Vtep异常情况处理方法及装置 | |
CN112654100B9 (zh) | 一种信息处理方法和相关网络设备 | |
JP6647410B2 (ja) | データ記憶方法、不揮発性コンピュータ記憶媒体、電子機器、能力開放エンティティ及び基地局 | |
US10404774B2 (en) | Mobile device and method for controlling transmission to web server in mobile device | |
US20210051352A1 (en) | Method for video optimization, terminal and network apparatus | |
US20130024917A1 (en) | Memo synchronization system, mobile system, and method for synchronizing memo data | |
CN106535156B (zh) | 虚拟用户识别模块卡的迁移方法、终端、服务器、系统 | |
CN106488534A (zh) | 获取网络接入点的方法及系统 | |
CN108768961B (zh) | 存储处理方法及家庭网关 | |
CN108055299A (zh) | Portal页面推送方法、网络接入服务器及Portal认证系统 | |
CN105991791A (zh) | 报文转发方法及装置 | |
CN103313245A (zh) | 基于手机终端的网络业务访问方法、设备和系统 | |
CN103685333A (zh) | 数据同步方法、终端设备、注册服务器和网页服务器 | |
KR102127028B1 (ko) | 인터넷 프로토콜 멀티미디어 서브시스템 단말의 네트워크 액세스 방법 및 장치 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20211103 Address after: Room 516, floor 5, building 3, No. 969, Wenyi West Road, Wuchang Street, Yuhang District, Hangzhou City, Zhejiang Province Patentee after: Alibaba Dharma Institute (Hangzhou) Technology Co.,Ltd. Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands Patentee before: ALIBABA GROUP HOLDING Ltd. |
|
EE01 | Entry into force of recordation of patent licensing contract | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20170308 Assignee: Hangzhou Jinyong Technology Co.,Ltd. Assignor: Alibaba Dharma Institute (Hangzhou) Technology Co.,Ltd. Contract record no.: X2024980001317 Denomination of invention: Method and device for verifying the validity of source addresses Granted publication date: 20200103 License type: Common License Record date: 20240123 Application publication date: 20170308 Assignee: Golden Wheat Brand Management (Hangzhou) Co.,Ltd. Assignor: Alibaba Dharma Institute (Hangzhou) Technology Co.,Ltd. Contract record no.: X2024980001316 Denomination of invention: Method and device for verifying the validity of source addresses Granted publication date: 20200103 License type: Common License Record date: 20240123 Application publication date: 20170308 Assignee: Hangzhou Xinlong Huazhi Trademark Agency Co.,Ltd. Assignor: Alibaba Dharma Institute (Hangzhou) Technology Co.,Ltd. Contract record no.: X2024980001315 Denomination of invention: Method and device for verifying the validity of source addresses Granted publication date: 20200103 License type: Common License Record date: 20240123 |