CN108111429A - It is a kind of to detect and solve the method and system of local network attack - Google Patents
It is a kind of to detect and solve the method and system of local network attack Download PDFInfo
- Publication number
- CN108111429A CN108111429A CN201711392584.1A CN201711392584A CN108111429A CN 108111429 A CN108111429 A CN 108111429A CN 201711392584 A CN201711392584 A CN 201711392584A CN 108111429 A CN108111429 A CN 108111429A
- Authority
- CN
- China
- Prior art keywords
- message
- interchanger
- mac
- client
- mac address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/12—Avoiding congestion; Recovering from congestion
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/06—Management of faults, events, alarms or notifications
- H04L41/0677—Localisation of faults
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0876—Network utilisation, e.g. volume of load or congestion level
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/13—Flow control; Congestion control in a LAN segment, e.g. ring or bus
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Environmental & Geological Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of detection and the method and system of local network attack are solved, the method comprising the steps of:Server interception manufactures the MAC Address of the client of a large amount of messages, writes notice message and sends;After the notified message of client, alert box is popped up if MAC successful match, client user is prompted to stop sending rubbish message, and assembles back message and returns to server;After interchanger receives the notice message of server transmission, composition backtracking message after the information of this interchanger is added, and postbacked in receiving port;Notice message is forwarded, and a timer is generated in forwarding port, in the timer expiry, if not receiving the backtracking message that the interchanger being connected with forwarding port returns, closes this forwarding port.The system includes server module, client modules and switch module.The present invention can remove rubbish network congestion caused by message.
Description
Technical field
The present invention relates to network congestion process field more particularly to a kind of detect and solve the method for local network attack and be
System.
Background technology
With the fast development of China's network communication, Ethernet exchanging machine equipment is also in the application of each medium-sized and small enterprises
More and more extensive, interchanger becomes entire company's hub device, carries all computers or other Ethernets in LAN and sets
Standby network communication task.The use of Ethernet switch is essential for medium-sized and small enterprises.Although it is present with
The function of too network switch is more and more also stronger and stronger, but high cost also allows many medium-sized and small enterprises to be hoped and timid
Step, then the Ethernet exchanging of some low and middle-ends is used, cost-effective and maintenance time is come with this.Cost-effective and maintenance time
Sometimes it is often not directly proportional.Entire LAN is impacted when certain computer in company is sending substantial amounts of message, and
User does not but know what has occurred in itself, the Internet resources of company is caused largely to be occupied, network blockage causes
Other computers cannot get Internet resources and suspension.Network administrator can not also go to determine bottom at this time by effective means
Failure has occurred in that computer, can only both have been lost time or waste of manpower by investigation one by one.
The sFlow network monitor technologies used at present, are by data flow stochastical sampling, can analyze two layers to four layers
Network traffic information, allow user analyze in real time the performance of network transmission stream, trend and there are the problem of.But sFlow networks
Although detection technique can cannot navigate to specific client in LAN, to network by sampling analysis network traffics
Control is also without advantage.
The content of the invention
Present invention aims at providing a kind of detection and solving the method and system of local network attack, to solve existing network
Monitoring technology cannot navigate to the technical issues of specific client in LAN.
To achieve the above object, the present invention provides a kind of method for detecting and solving local network attack, including following step
Suddenly:
Server is truncated to the MAC Address for the client for manufacturing a large amount of messages by packet catcher, by the MAC of client
The MAC Address of book server MAC and is write notice message as source MAC and is sent to LAN by location as a purpose;Client
End is parsed after receiving the notice message of server transmission, if the purpose MAC in message with the machine MAC successful match,
Alert box is popped up, client user is prompted to stop sending rubbish message, and assembles back message and returns to server;Interchanger
After the notice message for receiving server transmission, composition backtracking message after the information of this interchanger is added, and returned in receiving port
Hair;Notice message by mac address table is forwarded, and a timer is generated in forwarding port, in timer expiry,
If not receiving the backtracking message that the interchanger being connected with forwarding port returns, this forwarding port is closed.
Further improvements in methods as the present invention:
It is further comprising the steps of:After interchanger receives the back message of client, if do not found in back message
Exchanger information recombinates back message after then the information of this interchanger is added, further according to mac address table forwarding after restructuring
Back message.
Interchanger forwards notice message by mac address table, comprises the following steps:Interchanger identifies notice message
Source MAC and purpose MAC, and searched according to mac address table and record the corresponding receiving ports of source MAC and purpose of notice message
Corresponding forwarding ports of MAC, and after subtracting 1 by the ttl value of notice message, according to mac address table by notice message from forwarding port
It forwards.
Method is further comprising the steps of:If interchanger before timer expiry, is received to be connected with forwarding port and exchanged
The backtracking message that machine returns then closes the timer of forwarding port.
Notice message, back message and backtracking message, including following information:Represent the purpose of the MAC Address of client
MAC, the source MAC of MAC Address for representing server, protocol type, length, data, TTL and FCS, TTL time for survival,
FCS is verification, and data include notice message, the back message of client and the backtracking message of interchanger for Differentiated Services device
Mark.
The data of notice message further include:Server info and MAC address of server, recalling the data of message includes corresponding to
Notice message data, and increase the port information that exchanger information and interchanger receive notice message.
The data of back message further include:Client-side information and client mac address;The number of back message after restructuring
According to further including:Exchanger information and interchanger receive back message port information.
The technical concept total as one, the present invention also provides a kind of system for detecting and solving local network attack, bags
It includes:
Server module, for passing through the MAC Address that packet catcher is truncated to the client for manufacturing a large amount of messages, by client
The MAC Address of book server MAC and is write notice message as source MAC and is sent to office by the MAC Address at end as a purpose
Domain net;
Client modules, for being parsed after the notice message of server transmission is received, if the purpose in message
MAC then pops up alert box, client user is prompted to stop sending rubbish message, and assembles response with the machine MAC successful match
Message returns to server;
Switch module, for after the notice message of server transmission is received, group after the information of this interchanger is added
Into backtracking message, and postbacked in receiving port;It is additionally operable to forward notice message by mac address table, and at forwarding end
Mouth generates a timer, in timer expiry, if not receiving the backtracking that the interchanger being connected with forwarding port returns
Message then closes this forwarding port.
As being further improved for system of the invention:
Switch module is additionally operable to, after the back message of client is received, if without finding to hand in back message
Change planes information, then will this interchanger information add after recombinate back message, further according to mac address table forwarding returning after restructuring
Answer message.
Switch module is additionally operable to, and after notice message is received, identifies the source MAC of notice message and purpose MAC, and root
It is searched according to mac address table and records the corresponding receiving ports of source MAC of notice message and the corresponding forwarding ports of purpose MAC, and
After subtracting 1 by the ttl value of notice message, notice message is forwarded from forwarding port according to mac address table;Switch module is also
For when interchanger receives the backtracking message for the interchanger return that is connected with forwarding port before timer expiry, closing and turning
The timer of originator mouth.
The invention has the advantages that:
1st, detection of the invention and the method for solving local network attack, are controlled based on ethernet network, can quickly be determined
Generate the hosts of a large amount of rubbish messages in the network of position, when network congestion is found, by server transmission notice message to
Client, and the forwarding port is closed to control network using Ethernet exchanging, network congestion caused by the message that removes rubbish.Make
Can quickly position rubbish message producer with the present invention, and be eliminated from network, the quick network that recovers is unobstructed, avoid because
Network congestion causes loss of data or other economic losses.The procotol of customization reduces the occupancy of Internet resources, simultaneously
Unnecessary communication cost in LAN is decreased, simplifies attended operation, flexibility ratio is high.
2nd, detection of the invention and the system for solving local network attack carry out net using interchanger and computer software
Network detects and controls, and reduces R&D costs, need not individually research and develop the management program of other monitoring devices or complexity.
In addition to objects, features and advantages described above, the present invention also has other objects, features and advantages.
Below with reference to accompanying drawings, the present invention is described in further detail.
Description of the drawings
The attached drawing for forming the part of the application is used for providing a further understanding of the present invention, schematic reality of the invention
Example and its explanation are applied for explaining the present invention, is not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 be the preferred embodiment of the present invention agreement in three kinds of message transmitting path schematic diagrames;
Fig. 2 is the form schematic diagram of the two layer message of the preferred embodiment of the present invention;
Fig. 3 is the notice message encapsulation format schematic diagram that the server of the preferred embodiment of the present invention is sent;
Fig. 4 is the server module work flow diagram of the preferred embodiment of the present invention;
Fig. 5 is the back message encapsulation format schematic diagram that the client of the preferred embodiment of the present invention is sent;
Fig. 6 is the client modules work flow diagram of the preferred embodiment of the present invention;
Fig. 7 is the flow chart of the switch processes notice message of the preferred embodiment of the present invention;
Fig. 8 is the back message encapsulation format schematic diagram after interchanger recombinates of the preferred embodiment of the present invention;
Fig. 9 is the flow chart of the switch processes back message of the preferred embodiment of the present invention;
Figure 10 is the backtracking message encapsulation format schematic diagram through interchanger of the preferred embodiment of the present invention;
Figure 11 is the flow chart of the switch processes backtracking message of the preferred embodiment of the present invention.
Specific embodiment
The embodiment of the present invention is described in detail below in conjunction with attached drawing, but the present invention can be defined by the claims
Implement with the multitude of different ways of covering.
Referring to Fig. 1, there are three types of message formats in the entire network for the protocol massages of the preferred embodiment of the present invention:Notice report
Text, back message and backtracking message.Wherein, notice message is responsible for that client is notified to stop sending message.Back message is to receive
The message of server is returned to after to notice message, is responsible for details of the notice server on client, back message exists
By that can add the details of interchanger during first interchanger in itself by interchanger, remaining interchanger is detecting
There are can directly be forwarded after the information of interchanger.It is that higher level's interchanger is returned to after notified message to recall message
Whether message determines interchanger direct connection client with this.
The detection of the present invention and the method for solving local network attack, based on Ethernet switch retransmission technique, basic step
It is as follows:
Server is truncated to a large amount of messages of manufacture by packet catcher and (can set a threshold value according to actual conditions, surpass
It is a large amount of to cross the threshold value, and threshold value is suitably adjusted according to the number of users and network capacity of network) client MAC Address,
By the MAC Address of client as a purpose MAC and using the MAC Address of book server as source MAC write-in notice message it is concurrent
It send to LAN.
Client is parsed after receiving the notice message of server transmission, if the purpose MAC in message is with the machine MAC
Successful match then pops up alert box, and client user is prompted to stop sending rubbish message, and assembles back message and returns to clothes
Business device;After interchanger receives the back message of client, if this handed over without finding exchanger information in back message
Back message is recombinated after the information addition changed planes, the back message after restructuring is forwarded further according to mac address table.
After interchanger receives the notice message of server transmission, composition backtracking message after the information of this interchanger is added,
And it is postbacked in receiving port;Interchanger identifies the source MAC of notice message and purpose MAC, and searches and record according to mac address table
The corresponding forwarding port of the corresponding receiving ports of source MAC and purpose MAC of notice message, and the ttl value of notice message is subtracted 1
Afterwards, notice message from forwarding port is forwarded according to mac address table, and a timer is generated in forwarding port, fixed
When device time-out when, if not receiving the backtracking message returned with the interchanger that is connected of forwarding port, close this forwarding port.
If interchanger before timer expiry, receives the backtracking message for the interchanger return that is connected with forwarding port, then forwarding is closed
The timer of port.
The detection of the present embodiment and the system for solving local network attack, including server module, client modules and exchange
Machine module.Wherein:
Server module is used to be truncated to the MAC Address for the client for manufacturing a large amount of messages by packet catcher, by client
The MAC Address of book server MAC and is write notice message as source MAC and is sent to office by the MAC Address at end as a purpose
Domain net.
Client modules are used to after the notice message of server transmission is received be parsed, if the purpose in message
MAC then pops up alert box, client user is prompted to stop sending rubbish message, and assembles response with the machine MAC successful match
Message returns to server;
Switch module, for after the notice message of server transmission is received, group after the information of this interchanger is added
Into backtracking message, and postbacked in receiving port;It is additionally operable to forward notice message by mac address table, and at forwarding end
Mouth generates a timer, in timer expiry, if not receiving the backtracking that the interchanger being connected with forwarding port returns
Message then closes this forwarding port.Switch module is additionally operable to after the back message of client is received, if in back message
In without find exchanger information, then will this interchanger information add after recombinate back message, further according to mac address table forward
Back message after restructuring.Switch module is additionally operable to, after notice message is received, identify notice message source MAC and
Purpose MAC, and searched according to mac address table and record notice message the corresponding receiving ports of source MAC and purpose MAC it is corresponding
Port is forwarded, and after subtracting 1 by the ttl value of notice message, the notice message encapsulation format calculated after ttl value is unchanged, according to MAC
Address table forwards notice message from forwarding port;Switch module is additionally operable to, when interchanger is before timer expiry
When receiving the backtracking message for the interchanger return that is connected with forwarding port, the timer of forwarding port is closed.
Below by way of the detection for illustrating the present invention and the system function of local network attack is solved, synthesis illustrates to service respectively
Device, client and interchanger are specifically in the mode and the form of each message for performing above-mentioned steps:
1st, server module
The software of server module on a certain computer is in a local network installed, realizes the reception of specific two layer message
And transmission.The form of two layer message is as shown in Fig. 2, shown in notice message encapsulation format Fig. 3 that server is sent.Wherein:
Purpose MAC:6 bytes, the MAC Address of client;
Source MAC:6 bytes, the MAC Address of server;
Protocol type:2 bytes, are defaulted as 0xAAEE;
Mark:2 bytes, marker bit can represent three kinds of message formats, as follows:
1:Server notice message;
2:Client back message;
3:Interchanger recalls message;
TLV data (data of TLV protocol formats, type-length-value):
Mark 1:2 bytes, server info;
Length:2 bytes;
Server info:According to length computation;
Mark 2:2 bytes, MAC address of server;
Length:2 bytes;
MAC address of server:According to length computation;
TTL:4 bytes, life span (time to live), default value 20 can configure, often by an exchange data
Subtract 1, if the TTL that interchanger receives is 0, abandon the message;
FCS:4 bytes, CRC-32 verifications;
Server module workflow is as shown in figure 4, step is as follows:
(1) MAC Address for the client for manufacturing a large amount of messages is truncated to by packet catcher;
(2) MAC Address of client is filled in, and notice message is sent to Ethernet;
(3) the backtracking message of interchanger return, display exchanger information, switch port information are received;
(4) back message of client return, display client-side information, switch port information are received;
(5) Network Management and Maintenance interchanger.
2nd, client modules
The software of client modules on each computer or other embedded devices is in a local network installed, is realized
Specific two layer message sends and receivees.The form of two layer message is as shown in Figure 2.The back message encapsulation format that client is sent
As shown in figure 5, wherein:
Purpose MAC:6 bytes, the MAC Address of server;
Source MAC:6 bytes, the MAC Address of client;
Protocol type:2 bytes, are defaulted as 0xAAEE;
Mark:2 bytes, marker bit can represent three kinds of message formats, as follows:
1:Server notice message;
2:Client back message;
3:Interchanger recalls message;
TLV data:
Mark 1:2 bytes, client-side information;
Length:2 bytes;
Client-side information:According to length computation;
Mark 2:2 bytes, client mac address;
Length:2 bytes;
Client mac address:According to length computation;
TTL:4 bytes, the value of notice message TTL are filled into back message and return to server;
FCS:4 bytes, CRC-32 verifications.
Client modules workflow is as shown in fig. 6, step is as follows:
(1) notified message, judge whether be the machine MAC Address, be not to abandon;
(2) client is prompted to stop rubbish message to send;
(3) back message is sent, notifies server.
3rd, switch module
Realize that notice message and back message all upload to CPU, utilize on each switch device in a local network
CPU handles message, includes the realization of message forwarding, Packet reassembling and related algorithm.
The flow of switch processes notice message is as shown in fig. 7, step is as follows:
(1) notice message is received;
(2) backtracking message is sent to the receiving port for receiving notice message;
(3) the forwarding port of notice message is searched according to mac address table;
(4) ttl value of notice message is calculated;
(5) notice message is forwarded;
(6) forwarding port timer is started.
For the back message of client, if response can be recombinated without finding exchanger information in back message
Message, as shown in Figure 2, the back message encapsulation format after restructuring is as shown in figure 8, wherein for the form of two layer message:
Purpose MAC:6 bytes, the MAC Address of server;
Source MAC:6 bytes, the MAC Address of client;
Protocol type:2 bytes, are defaulted as 0xAAEE;
Mark:2 bytes, marker bit can represent three kinds of message formats, as follows:
1:Server notice message;
2:Client back message;
3:Interchanger recalls message;
TLV data:
Mark 1:2 bytes, client-side information;
Length:2 bytes;
Client-side information:According to length computation;
Mark 2:2 bytes, client mac address;
Length:2 bytes;
Client mac address:According to length computation;
Mark 3:2 bytes, exchanger information;
Length:2 bytes;
Exchanger information:According to length computation;
Mark 4:2 bytes, interchanger receive the port information of back message;
Length:2 bytes;
Interchanger receives back message port information:According to length computation;
TTL:4 bytes, the TTL of back message, interchanger are not made an amendment;
FCS:4 bytes, CRC-32 verifications;
Switch processes back message flow is as shown in figure 9, step is as follows:
(1) back message is received;
(2) other exchanger informations, no then reconstructed file addition exchanger information are determined whether;
(3) back message is forwarded according to mac address table.
The purpose of the backtracking message of interchanger be determine whether next stage interchanger exist, if illustrate without if turn
Sending out public notice under the port of message, connect is client, the forwarding port is closed at this time, to avoid more rubbish are received
Message after the silent a period of time of port opens this forwarding port, recovers normal network communication again.The form of backtracking message is shown in
Shown in Fig. 2, backtracking message encapsulation format is as shown in Figure 10, wherein:
Purpose MAC:6 bytes, server-side MAC Address;
Source MAC:6 bytes, the MAC Address of interchanger;
Protocol type:2 bytes, are defaulted as 0xAAEE;
Mark:2 bytes, marker bit can represent three kinds of message formats, as follows:
1:Server notice message;
2:Client back message;
3:Interchanger recalls message;
TLV data:
Mark 1:2 bytes, MAC address of server;
Length:2 bytes;
MAC address of server:According to length computation;
Mark 2:2 bytes, switch mac address;
Length:2 bytes;
Switch mac address:According to length computation;
Mark 3:2 bytes, exchanger information;
Length:2 bytes;
Exchanger information:According to length computation;
Mark 4:2 bytes, interchanger receive notice message port information;
Length:2 bytes;
Switch port:According to length computation;
TTL:4 bytes, the ttl value of notice message are filled into backtracking message after subtracting 1;
FCS:4 bytes, CRC-32 verifications.
The backtracking message that interchanger is sent after notified message is mentioned in the flow of processing notification message, under
Introduce processing of the interchanger to other interchangers backtracking message in face.Switch processes backtracking message flow is as shown in figure 11, step
It is as follows:
(1) timer is judged whether;
(2) there are timer, backtracking message, forwarding backtracking message are received;
(3) there is no timer, judge whether timer is overtime;
(4) the backtracking message of forwarding port is received before timer expiry, then cancels timer;
(5) the backtracking message of forwarding port is not received before timer expiry, then close port;
(6) silent port;
(7) open port and recover network communication.
The present invention is based on the realization of Ethernet switch retransmission technique, the notice report for being sent out server by Ethernet
Text forwards, and by software analytic message after the notified message of client, alert box is popped up if successful match, prompts client
User is held to stop sending rubbish message, and assembles back message and returns to server.
After Ethernet switch receives the notice message of server transmission, backtracking message is sent in receiving port.And it is sending out
Sending end mouth generates a timer, in timer expiry, if not receiving returning for the interchanger return that is connected with forwarding port
Trace back message, then closes this forwarding port.
In summary, detection of the invention and the method for solving local network attack, are controlled, energy based on ethernet network
The host of a large amount of rubbish messages is generated in quick positioning network, when network congestion is found, is sent and notified by server
Message closes the forwarding port to control network to client, and using Ethernet exchanging, network caused by the message that removes rubbish
Obstruction.Rubbish message producer can be quickly positioned using the present invention, and is eliminated from network, the quick network that recovers leads to
Freely, loss of data or other economic losses caused by network congestion are avoided.The procotol of customization reduces Internet resources
It occupies, while decreases unnecessary communication cost in LAN, simplify attended operation, flexibility ratio is high.The inspection of the present invention
The system surveyed and solve local network attack carries out network with computer software using interchanger and detects and controls, and reduction is ground
Cost is sent out, need not individually research and develop the management program of other monitoring devices or complexity.
The foregoing is only a preferred embodiment of the present invention, is not intended to limit the invention, for the skill of this field
For art personnel, the invention may be variously modified and varied.Within the spirit and principles of the invention, that is made any repaiies
Change, equivalent substitution, improvement etc., should all be included in the protection scope of the present invention.
Claims (10)
- A kind of 1. method for detecting and solving local network attack, which is characterized in that comprise the following steps:Server is truncated to the MAC Address for the client for manufacturing a large amount of messages by packet catcher, and the MAC Address of client is made For purpose MAC and the MAC Address of book server is write into notice message as source MAC and is sent to LAN;Client is parsed after receiving the notice message of server transmission, if the purpose MAC in message is matched with the machine MAC Alert box is then popped up in success, and client user is prompted to stop sending rubbish message, and assembles back message and returns to service Device;After interchanger receives the notice message of server transmission, composition backtracking message after the information of this interchanger is added, and Receiving port postbacks;Notice message by mac address table is forwarded, and a timer is generated in forwarding port, in institute When stating timer expiry, if not receiving the backtracking message that the interchanger being connected with forwarding port returns, this forwarding is closed Port.
- 2. the method according to claim 1 for detecting and solving local network attack, which is characterized in that the method further includes Following steps:After interchanger receives the back message of client, if without finding exchanger information in back message, it will Back message is recombinated after the information addition of this interchanger, the back message after restructuring is forwarded further according to mac address table.
- 3. the method according to claim 1 for detecting and solving local network attack, which is characterized in that interchanger will notify to report Text is forwarded by mac address table, is comprised the following steps:Interchanger identifies the source MAC of notice message and purpose MAC, and root It is searched according to mac address table and records the corresponding receiving ports of source MAC of notice message and the corresponding forwarding ports of purpose MAC, and After subtracting 1 by the ttl value of notice message, notice message is forwarded from forwarding port according to mac address table.
- 4. the method according to claim 3 for detecting and solving local network attack, which is characterized in that the method further includes Following steps:If the interchanger before the timer expiry, receives returning for the interchanger return that is connected with forwarding port Trace back message, then closes the timer of forwarding port.
- 5. the method according to any one of claim 1 to 4 for detecting and solving local network attack, which is characterized in that institute Notice message, back message and backtracking message are stated, including following information:Represent purpose MAC, the table of the MAC Address of client Show source MAC, protocol type, length, data, TTL and the FCS of the MAC Address of server, it is TTL times for survival, described FCS is verification, and the data include the backtracking of notice message, the back message and interchanger of client for Differentiated Services device The mark of message.
- 6. the method according to claim 5 for detecting and solving local network attack, which is characterized in that the notice message Data further include:Server info and MAC address of server, the data of the backtracking message include the number of corresponding notice message According to, and increase exchanger information and the port information of interchanger reception notice message.
- 7. the method according to claim 5 for detecting and solving local network attack, which is characterized in that the back message Data further include:Client-side information and client mac address;The data of the back message after restructuring further include:It exchanges Machine information and interchanger receive back message port information.
- 8. a kind of system for detecting and solving local network attack, which is characterized in that including:Server module, for passing through the MAC Address that packet catcher is truncated to the client for manufacturing a large amount of messages, by client The MAC Address of book server MAC and is write notice message as source MAC and is sent to local by MAC Address as a purpose Net;Client modules, for receive server transmission notice message after parsed, if the purpose MAC in message with The machine MAC successful match then pops up alert box, and client user is prompted to stop sending rubbish message, and assembles back message Return to server;Switch module, for after the notice message of server transmission is received, being formed back after the information of this interchanger is added Trace back message, and is postbacked in receiving port;It is additionally operable to forward notice message by mac address table, and in the production of forwarding port A raw timer, in the timer expiry, if not receiving the backtracking that the interchanger being connected with forwarding port returns Message then closes this forwarding port.
- 9. the system according to claim 8 for detecting and solving local network attack, which is characterized in that the switch module It is additionally operable to, after the back message of client is received, if exchanged this without finding exchanger information in back message Back message is recombinated after the information addition of machine, the back message after restructuring is forwarded further according to mac address table.
- 10. detection according to claim 8 or claim 9 and the system for solving local network attack, which is characterized in that the interchanger Module is additionally operable to, and after notice message is received, is identified the source MAC of notice message and purpose MAC, and is looked into according to mac address table It looks for and records the corresponding receiving ports of source MAC of notice message and the corresponding forwarding ports of purpose MAC, and by notice message After ttl value subtracts 1, notice message is forwarded from forwarding port according to mac address table;The switch module is additionally operable to, when When the interchanger receives the backtracking message for the interchanger return that is connected with forwarding port before the timer expiry, close and turn The timer of originator mouth.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711392584.1A CN108111429A (en) | 2017-12-21 | 2017-12-21 | It is a kind of to detect and solve the method and system of local network attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711392584.1A CN108111429A (en) | 2017-12-21 | 2017-12-21 | It is a kind of to detect and solve the method and system of local network attack |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108111429A true CN108111429A (en) | 2018-06-01 |
Family
ID=62210724
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711392584.1A Pending CN108111429A (en) | 2017-12-21 | 2017-12-21 | It is a kind of to detect and solve the method and system of local network attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108111429A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114745419A (en) * | 2022-05-07 | 2022-07-12 | 深信服科技股份有限公司 | Method, device, equipment and storage medium for acquiring MAC address of terminal |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101123510A (en) * | 2007-07-11 | 2008-02-13 | 中兴通讯股份有限公司 | Method, switch and switching chip for port separation of switch |
| CN101202664A (en) * | 2007-11-30 | 2008-06-18 | 华为技术有限公司 | Method for reporting equipment information, system and method for obtaining equipment information |
| CN103428032A (en) * | 2013-08-19 | 2013-12-04 | 杭州华三通信技术有限公司 | Attack positioning and assistant positioning device and method |
| US8707432B1 (en) * | 2004-02-06 | 2014-04-22 | Extreme Networks, Inc. | Method and system for detecting and preventing access intrusion in a network |
| CN107222462A (en) * | 2017-05-08 | 2017-09-29 | 汕头大学 | A kind of LAN internals attack being automatically positioned of source, partition method |
-
2017
- 2017-12-21 CN CN201711392584.1A patent/CN108111429A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8707432B1 (en) * | 2004-02-06 | 2014-04-22 | Extreme Networks, Inc. | Method and system for detecting and preventing access intrusion in a network |
| CN101123510A (en) * | 2007-07-11 | 2008-02-13 | 中兴通讯股份有限公司 | Method, switch and switching chip for port separation of switch |
| CN101202664A (en) * | 2007-11-30 | 2008-06-18 | 华为技术有限公司 | Method for reporting equipment information, system and method for obtaining equipment information |
| CN103428032A (en) * | 2013-08-19 | 2013-12-04 | 杭州华三通信技术有限公司 | Attack positioning and assistant positioning device and method |
| CN107222462A (en) * | 2017-05-08 | 2017-09-29 | 汕头大学 | A kind of LAN internals attack being automatically positioned of source, partition method |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114745419A (en) * | 2022-05-07 | 2022-07-12 | 深信服科技股份有限公司 | Method, device, equipment and storage medium for acquiring MAC address of terminal |
| CN114745419B (en) * | 2022-05-07 | 2024-02-23 | 深信服科技股份有限公司 | Method, device, equipment and storage medium for acquiring terminal MAC address |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100382517C (en) | Network QoS test method and system | |
| US7940676B2 (en) | Methods and systems for providing end-to-end testing of an IP-enabled network | |
| EP1039694B1 (en) | System wide flow aggregate process | |
| US6405251B1 (en) | Enhancement of network accounting records | |
| CN100463418C (en) | Network performance test method, system and network device | |
| US7711751B2 (en) | Real-time network performance monitoring system and related methods | |
| US6625657B1 (en) | System for requesting missing network accounting records if there is a break in sequence numbers while the records are transmitting from a source device | |
| US7167860B1 (en) | Fault tolerance for network accounting architecture | |
| US7243143B1 (en) | Flow probe connectivity determination | |
| US6446200B1 (en) | Service management | |
| CN102204164B (en) | Method and apparatus for reporting network packet-losing message | |
| EP1039686A2 (en) | Capturing quality of service | |
| CN104486153B (en) | A kind of transformer station process layer network transmission performance monitoring method based on FPGA | |
| Shi et al. | NDNLP: A link protocol for NDN | |
| CN103840976B (en) | Communication means, light device and the network equipment | |
| CN107645398A (en) | A kind of method and apparatus of diagnostic network performance and failure | |
| CN102821009A (en) | Method for monitoring ring network on basis of link layer discovery protocol and device | |
| CN107666486A (en) | A kind of network data flow restoration methods and system based on message protocol feature | |
| US20090196301A1 (en) | Methods, systems and apparatus for monitoring and/or generating communications in a communications network | |
| CN106533832A (en) | Distributed-deployment-based network flow detection system | |
| CN107342809A (en) | A kind of service feature monitoring and Fault Locating Method and device | |
| US20100161769A1 (en) | Method and System for Virtual LAN Media Access Control Trouble Diagnostics | |
| AU2008258126B2 (en) | Method, systems and apparatus for monitoring and/or generating communications in a communications network | |
| CN101141323A (en) | Method, system and equipment for controlling connectivity detection | |
| CN108111429A (en) | It is a kind of to detect and solve the method and system of local network attack |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180601 |
|
| RJ01 | Rejection of invention patent application after publication |