CN108574672A - The method and device of ARP attack perception applied to mobile terminal - Google Patents
The method and device of ARP attack perception applied to mobile terminal Download PDFInfo
- Publication number
- CN108574672A CN108574672A CN201710142637.8A CN201710142637A CN108574672A CN 108574672 A CN108574672 A CN 108574672A CN 201710142637 A CN201710142637 A CN 201710142637A CN 108574672 A CN108574672 A CN 108574672A
- Authority
- CN
- China
- Prior art keywords
- arp
- address
- mac
- attacker
- mobile terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/622—Layer-2 addresses, e.g. medium access control [MAC] addresses
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a kind of ARP messages cognitive method and device applied to mobile terminal, the data packet received is captured after mobile terminal access net;If the data packet is ARP data packets, extracts the transmission source IP address of ARP data packets and send source MAC;If transmission source IP address is gateway ip address, the transmission source MAC is preserved as doubtful attacker's MAC Address;When doubtful attacker's MAC Address there are it is different when, then judge there are ARP message aggressions.Due to mobile terminal device only received data packet, without forwarding data packet, packet capturing flow is carried out in the bypass of received data packet, ARP attack perception can be carried out in the case where not influencing mobile terminal normal operation in this way, can quick sensing to ARP message aggressions, higher accuracy rate is obtained with smaller cost.
Description
Technical field
It is perceived the present invention relates to field of information security technology more particularly to a kind of ARP attacks applied to mobile terminal
Method and device.
Background technology
ARP protocol (Address Resolution Protocol, address resolution protocol) is one in IPv4 protocol suites
In network layer protocol, basic function is that the MAC Address of target device is inquired by the IP address of target device.For going through
History reason, ARP protocol consider and not perfect at the beginning of formulation, lack necessary authentication mechanism, cause ARP protocol to become so-called
" gentleman's agreement ", there is a large amount of means attacked using ARP protocol weakness and tool on network, caused to network environment
Great threat.
ARP message aggressions are common one of attack means, and attacker utilizes the design loophole of ARP protocol, forges ARP
Message aggression target terminal (table 1 shows ARP message structures).In conjunction with shown in Fig. 1, if machine A wants to carry out outbound communication, need
The data packet of transmission is first passed into gateway B, the destination address of outer net is forwarded to by it.And data packet is passed in link layer
It needs to be sent according to the addresses gateway Mac recorded in oneself arp cache table using the addresses Mac of gateway B, machine A when defeated
The data packet.Since the processing mode of arp reply lacks authentication mechanism, terminal is answered receiving any ARP for meeting protocol specification
The addresses the IP-Mac correspondence in oneself arp cache table can be all updated when answering packet.If at this point, there are attacker C in network,
Attacker C can pretend oneself be gateway B, using certain frequency to machine A transmission sources IP as gateway B, the source addresses Mac be attacker C
Malice arp reply packet, the true addresses Mac of gateway in covering machine A.At this point, machine A is with being mistakenly considered the Mac of attacker C
Location is the addresses Mac of intended gateway B, can all reach attacker C from the data packet of this machine A outgoings, cause the misleading of flow.If
Attacker C coordinates man-in-the-middle attack means that communicating pair is pretended to be then further may to steal its wealth using the privacy information of user again
Object causes serious consequence.
Table 1
Although ARP message aggressions can cause serious consequence, in the WiFi environment that masses often touch mostly not
It disposes ARP and attacks perception mechanism.In addition, even if in the network equipments such as interchanger, router or gateway ARP in existing design
There is also shortcomings for attack perception.For example, since the main task of gateway device is forwarding data packet, it is normal not influencing it
The detection efficient of ARP attack perception logics will certainly be reduced in the case of forwarding task, perception velocities are slow.Even if in addition, gateway
It is found that in its LAN that there are ARP attacks can not also feed back to the attack by complete at attack terminal with lower cost
At the flow for entirely reporting and disposing.
Invention content
The purpose of the present invention is to provide a kind of ARP applied to mobile terminal to attack cognitive method and device, can be fast
Speed perceives ARP message aggressions, and higher accuracy rate is obtained with smaller cost, protects the privacy and property safety of user.
The invention discloses a kind of ARP applied to mobile terminal to attack cognitive method, includes the following steps:
The data packet received is captured after mobile terminal access net and judges whether it is ARP data packets;
If the data packet is ARP data packets, extracts the transmission source IP address of ARP data packets and send source MAC;If
Transmission source IP address is gateway ip address, then preserves the transmission source MAC as doubtful attacker's MAC Address;When preservation
Doubtful attacker's MAC Address there are it is different when, then judge there are ARP message aggressions.
Further, when doubtful attacker's MAC Address of preservation has difference and at least one MAC Address is corresponding
When the frequency of ARP data packets is more than threshold value, then judge that there are ARP message aggressions.
Further, when judgement is there are after ARP message aggressions, mobile terminal miscellaneous equipment into network sends broadcast message
To obtain the IP address and MAC Address of each equipment, if there is any doubtful attacker that the MAC Address of equipment is preserved with mobile terminal
MAC Address is consistent, and the IP address of the equipment is not gateway IP, then judges the equipment for attacker.
Further, after judging attacker, mobile terminal is by the essential information of the current gateway equipment of collection and attacks
The IP address for the person of hitting and the addresses Mac upload to the remote server for collecting evidence, analyzing together.
The invention also discloses a kind of ARP applied to mobile terminal to attack sensing device, including trapping module, analysis mould
Block, wherein:
The trapping module is used to capture the data packet received after mobile terminal accesses net and judges whether it is ARP numbers
According to packet;
The analysis module is used to receive the ARP data packets of trapping module transmission, extracts the transmission source of ARP data packets
IP address and transmission source MAC;If transmission source IP address is gateway ip address, the transmission source MAC is preserved as doubtful
Like attacker's MAC Address;When doubtful attacker's MAC Address of preservation there are it is different when, then judge there are ARP message aggressions.
Further, the analysis module is used to work as doubtful attacker's MAC Address with there is different and at least one MAC
When the frequency of the corresponding ARP data packets in location is more than threshold value, then judge that there are ARP message aggressions.
Further, ARP attack sensing device further includes module of tracing to the source, and the module of tracing to the source is for when judging presence
After ARP message aggressions, into network, miscellaneous equipment sends broadcast message to obtain the IP address and MAC Address of each equipment, if having
The MAC Address of equipment is consistent with any doubtful attacker's MAC Address that mobile terminal preserves, and the IP address of the equipment is not net
IP is closed, then judges the equipment for attacker.
Further, the ARP attacks sensing device further includes feedback module, and the feedback module, which is used to work as, to be judged to attack
After the person of hitting, the essential information of current gateway equipment of collection and the IP address of attacker and the addresses Mac are uploaded to be used for together
The remote server of evidence obtaining, analysis.
The advantageous effect of the present invention compared with prior art:The present invention is in mobile terminal deployment ARP attack perception, and movement is eventually
Termination captures the data packet received after networking;If the data packet is ARP data packets, with extracting the transmission source IP of ARP data packets
Location and transmission source MAC;If transmission source IP address is gateway ip address, preserves the transmission source MAC and attacked as doubtful
The person's of hitting MAC Address;When doubtful attacker's MAC Address there are it is different when, then judge there are ARP message aggressions.Due to mobile terminal
Equipment only received data packet in this way can be in not shadow without forwarding data packet, packet capturing flow to be carried out in the bypass of received data packet
ARP attack perception is carried out in the case of ringing mobile terminal normal operation, can quick sensing to ARP message aggressions, with smaller
Cost obtains higher accuracy rate.In addition, deployment ARP attacks perception logic can attack thing finding ARP in the terminal
Relevant disposal process is carried out after part immediately, preferably to protect the privacy and property safety of user.
Description of the drawings
Fig. 1 is ARP message aggression principle schematics.
Fig. 2 is the flow diagram that a kind of ARP applied to mobile terminal of the present invention attacks cognitive method.
Fig. 3 is the structural schematic diagram that a kind of ARP applied to mobile terminal of the present invention attacks sensing device.
Specific implementation mode
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention make into
One step it is described in detail.
In some embodiments, in conjunction with shown in Fig. 2, the ARP disclosed by the invention applied to mobile terminal attacks perception side
Method includes the following steps:
S100, mobile terminal access captures the data packet received after netting, and judges whether it is ARP data packets.
It should be understood that mobile terminal can access WiFi WLANs, bluetooth equity WLAN or infrared ray
Reciprocity WLAN etc. is described by taking WiFi WLANs as an example in the present embodiment.
After mobile terminal connects upper WiFi, capture what mobile terminal received by packet catchers such as Pcap or Tcpdump
Network packet.If the type of the data packet is ARP, step S20 is carried out, otherwise captures data packet again.
S200 includes the following steps:
S201, if the data packet is ARP data packets, with extracting transmission source IP address and the transmission source MAC of ARP data packets
Location.
S202 preserves the transmission source MAC as doubtful attacker if transmission source IP address is gateway ip address
MAC Address.
Judge whether the transmission source IP address of the data packet is the true gateway ip address preserved, if so, preserving
Transmission source MAC corresponding with the IP address, using as doubtful attacker's MAC Address.Otherwise, next ARP data are captured
Packet.
S203, when doubtful attacker's MAC Address of preservation there are it is different when, then judge there are ARP message aggressions.
For example, it is assumed that the true IP address of gateway is 192.168.1.1, MAC Address AA:BB:CC:DD:EE:FF is moved
Dynamic terminal has received two and sends the data packet that source IP address is gateway real IP address, when doubtful attacker's MAC Address exists
When different, then illustrate that at least one is attacker, thus may determine that there are ARP message aggressions in network.As shown in table 2,
2 transmission source IP address having the same of data packet 1 and data packet, and the IP address of gateway and its MAC Address are one in a network
One is corresponding, therefore may determine that there are one data packet be attacker's camouflage.
Table 2
Data packet | Send source IP address | Send source MAC |
1 | 192.168.1.1 | AA:BB:CC:DD:EE:FF |
2 | 192.168.1.1 | GG:HH:KK:LL:MM:NN |
Due to mobile terminal device only received data packet, without forwarding data packet, packet capturing flow is on the side of received data packet
Road carry out, can be carried out in this way in the case where not influencing mobile terminal normal operation ARP attack perceive, can quick sensing arrive
ARP message aggressions obtain higher accuracy rate with smaller cost.
Certainly, in order to improve the accuracy of ARP attack perception, it can be combined with remaining strategy and carry out ARP attack perception.Example
Such as, if mobile terminal receives same IP address and the frequency of the ARP data packets of the addresses Mac is excessively high, there are ARP message aggressions
Possibility it is larger.Therefore, if the doubtful attacker's MAC Address preserved there is difference and at least one MAC Address is corresponding
When the frequency of ARP data packets is more than threshold value, just judge that there are ARP message aggressions.
In order to protect user security, it is also desirable to attacker can be found, therefore when judging there are after ARP message aggressions, it is mobile
Terminal can also send broadcast message to obtain the IP address and MAC Address of each equipment, if there is equipment by miscellaneous equipment into network
MAC Address it is consistent with any doubtful attacker's MAC Address that mobile terminal preserves, and the IP address of the equipment is not gateway
IP then judges the equipment for attacker.
In further embodiments, after judging attacker, mobile terminal can also be by the current gateway equipment of collection
Essential information, as the title of WiFi, the IP address of the addresses Mac and attacker and the addresses Mac are uploaded to together for collecting evidence, analyzing
Remote server data are provided and are supported for network crime tracking and evidence obtaining in case subsequent evidence obtaining or big data analysis.Thus
As it can be seen that deployment ARP attacks perception in the terminal, can carry out relevant disposition stream immediately after finding ARP attacks
Journey, preferably to protect the privacy and property safety of user.
The invention also discloses the ARP applied to mobile terminal to attack sensing device 10, as shown in figure 3, the sensing device
10 include trapping module 11, analysis module 12, wherein:
Trapping module 11 is used to capture the data packet received after mobile terminal accesses net and judges whether it is ARP data
Packet.
It should be understood that mobile terminal can access WiFi WLANs, bluetooth equity WLAN or infrared ray
Reciprocity WLAN etc. is described by taking WiFi WLANs as an example in the present embodiment.
After mobile terminal connects upper WiFi, capture what mobile terminal received by packet catchers such as Pcap or Tcpdump
Network packet.If the type of the data packet is ARP, analysis module 12 is sent the packet to, is otherwise captured again
Data packet.
Analysis module 12 receives the ARP data packets that trapping module 11 is sent, with extracting the transmission source IP of ARP data packets
Location and transmission source MAC;If transmission source IP address is gateway ip address, preserves the transmission source MAC and attacked as doubtful
The person's of hitting MAC Address;When doubtful attacker's MAC Address of preservation there are it is different when, then judge there are ARP message aggressions.
Judge whether the transmission source IP address of the data packet is the true gateway ip address preserved, if so, preserving
Transmission source MAC corresponding with the IP address, using as doubtful attacker's MAC Address.Otherwise, next ARP data are captured
Packet.
When doubtful attacker's MAC Address of preservation there are it is different when, then judge there are ARP message aggressions.
For example, it is assumed that the true IP address of gateway is 192.168.1.1, MAC Address AA:BB:CC:DD:EE:FF is moved
Dynamic terminal has received two and sends the data packet that source IP address is gateway real IP address, when doubtful attacker's MAC Address exists
When different, then illustrate that at least one is attacker, thus may determine that there are ARP message aggressions in network.As shown in table 2,
2 transmission source IP address having the same of data packet 1 and data packet, and the IP address of gateway and its MAC Address are one in a network
One is corresponding, therefore may determine that there are one data packet be attacker's camouflage.
Certainly, in order to improve the accuracy of ARP attack perception, it can be combined with remaining strategy and carry out ARP attack perception.Example
Such as, if mobile terminal receives same IP address and the frequency of the ARP data packets of the addresses Mac is excessively high, there are ARP message aggressions
Possibility it is larger.Therefore, if the doubtful attacker's MAC Address preserved there is difference and at least one MAC Address is corresponding
When the frequency of ARP data packets is more than threshold value, analysis module 12 just judges that there are ARP message aggressions.
It is also uncommon in order to protect user security when finding in network there are after ARP message aggressions in other are example
Prestige can find attacker, therefore ARP attack sensing devices 10 further include module 13 of tracing to the source, and module of tracing to the source 13 is used to exist when judgement
After ARP message aggressions, into network, miscellaneous equipment sends broadcast message to obtain the IP address and MAC Address of each equipment, if having
The MAC Address of equipment is consistent with any doubtful attacker's MAC Address that mobile terminal preserves, and the IP address of the equipment is not net
IP is closed, then judges the equipment for attacker.
According to actual needs, in some embodiments, it further includes feedback module 14 that ARP, which attacks sensing device 10, works as judgement
After going out attacker, feedback module 14 such as the title of WiFi, the addresses Mac and attacks the essential information of the current gateway equipment of collection
The IP address for the person of hitting and the addresses Mac upload to the remote server for collecting evidence, analyzing together, in case subsequent evidence obtaining or big number
According to analysis, data are provided and are supported for network crime tracking and evidence obtaining.
The present invention captures the data packet received after mobile terminal deployment ARP attack perception, mobile terminal access net;If should
Data packet is ARP data packets, then extracts the transmission source IP address of ARP data packets and send source MAC;If sending source IP address
For gateway ip address, then the transmission source MAC is preserved as doubtful attacker's MAC Address;When doubtful attacker's MAC Address is deposited
When different, then judge that there are ARP message aggressions.Since mobile terminal device only received data packet is grabbed without forwarding data packet
Packet stream journey is carried out in the bypass of received data packet, can carry out ARP in the case where not influencing mobile terminal normal operation in this way
Attack perception, can quick sensing to ARP message aggressions, higher accuracy rate is obtained with smaller cost.In addition, mobile whole
ARP attack perception logics are disposed in end to carry out relevant disposal process immediately after finding ARP attacks, with preferably
Protect the privacy and property safety of user.
Although the step in the present invention is arranged with label, it is not used to limit the precedence of step, unless
Based on the execution of the order or certain step that specify step needs other steps, otherwise the relative rank of step is
It is adjustable.
Several embodiments of the present invention have shown and described in above description, but as previously described, it should be understood that the present invention is not
It is confined to form disclosed herein, is not to be taken as excluding other embodiments, and can be used for various other combinations, modification
And environment, and can be carried out by the above teachings or related fields of technology or knowledge in the scope of the invention is set forth herein
Change.And changes and modifications made by those skilled in the art do not depart from the spirit and scope of the present invention, then it all should be in institute of the present invention
In attached scope of the claims.
Claims (8)
1. a kind of ARP applied to mobile terminal attacks cognitive method, which is characterized in that include the following steps:
The data packet received is captured after mobile terminal access net and judges whether it is ARP data packets;
If the data packet is ARP data packets, extracts the transmission source IP address of ARP data packets and send source MAC;If sending
Source IP address is gateway ip address, then preserves the transmission source MAC as doubtful attacker's MAC Address;It is doubtful when preservation
Attacker's MAC Address there are it is different when, then judge there are ARP message aggressions.
2. ARP as described in claim 1 attacks cognitive method, which is characterized in that when judging, there are after ARP message aggressions, to move
Dynamic terminal miscellaneous equipment into network sends broadcast message to obtain the IP address and MAC Address of each equipment, if there is the MAC of equipment
Address is consistent with any doubtful attacker's MAC Address that mobile terminal preserves, and IP address is not gateway ip address, then judging should
Equipment is attacker.
3. ARP as claimed in claim 2 attacks cognitive method, which is characterized in that after judging attacker, mobile terminal will
The essential information of current gateway equipment and the IP address of attacker of collection and the addresses Mac are uploaded to together for collecting evidence, analyzing
Remote server.
4. ARP as described in claim 1 attacks cognitive method, which is characterized in that when doubtful attacker's MAC Address of preservation is deposited
When different and the corresponding ARP data packets of at least one MAC Address frequencies are more than threshold value, then judge that there are ARP messages to attack
It hits.
5. a kind of ARP applied to mobile terminal attacks sensing device, which is characterized in that including trapping module, analysis module,
In:
The trapping module is used to capture the data packet received after mobile terminal accesses net and judges whether it is ARP data
Packet;
The analysis module is used to receive the ARP data packets of trapping module transmission, with extracting the transmission source IP of ARP data packets
Location and transmission source MAC;If transmission source IP address is gateway ip address, preserves the transmission source MAC and attacked as doubtful
The person's of hitting MAC Address;When doubtful attacker's MAC Address of preservation there are it is different when, then judge there are ARP message aggressions.
6. ARP as claimed in claim 5 attacks sensing device, which is characterized in that the ARP attacks sensing device further includes tracing back
Source module, the module of tracing to the source for when judging there are after ARP message aggressions, into network miscellaneous equipment transmission broadcast message with
The IP address and MAC Address of each equipment are obtained, if there is any doubtful attacker that the MAC Address of equipment is preserved with mobile terminal
MAC Address is consistent, and IP address is not gateway IP, then judges the equipment for attacker.
7. ARP as claimed in claim 6 attacks sensing device, which is characterized in that the ARP attacks sensing device further includes anti-
Module is presented, the feedback module is used for after judging attacker, by the essential information of the current gateway equipment of collection and attack
The IP address of person and the addresses Mac upload to the remote server for collecting evidence, analyzing together.
8. ARP as claimed in claim 5 attacks sensing device, which is characterized in that the analysis module is used to work as doubtful attack
When person's MAC Address has different and the corresponding ARP data packets of at least one MAC Address frequency more than threshold value, judge exist
ARP message aggressions.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710142637.8A CN108574672A (en) | 2017-03-10 | 2017-03-10 | The method and device of ARP attack perception applied to mobile terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710142637.8A CN108574672A (en) | 2017-03-10 | 2017-03-10 | The method and device of ARP attack perception applied to mobile terminal |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108574672A true CN108574672A (en) | 2018-09-25 |
Family
ID=63578130
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710142637.8A Pending CN108574672A (en) | 2017-03-10 | 2017-03-10 | The method and device of ARP attack perception applied to mobile terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108574672A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112333146A (en) * | 2020-09-21 | 2021-02-05 | 南方电网海南数字电网研究院有限公司 | ARP security defense method for intelligent power transformation gateway and intelligent power transformation gateway |
CN112583817A (en) * | 2020-12-07 | 2021-03-30 | 北京威努特技术有限公司 | Network oscillation monitoring and early warning method, device and medium |
CN113938460A (en) * | 2021-11-25 | 2022-01-14 | 湖北天融信网络安全技术有限公司 | Network detection method and device, electronic equipment and storage medium |
CN114980113A (en) * | 2022-06-17 | 2022-08-30 | 西安紫光展锐科技有限公司 | Method for preventing ARP attack on terminal side |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1609291A1 (en) * | 2002-09-16 | 2005-12-28 | Cisco Technology, Inc. | Method and apparatus for preventing spoofing of network addresses |
KR20070106893A (en) * | 2006-05-01 | 2007-11-06 | 이형우 | Method for prevention an arp poison attack |
CN101247217A (en) * | 2008-03-17 | 2008-08-20 | 北京星网锐捷网络技术有限公司 | Method, unit and system for preventing address resolution protocol flux attack |
CN101415012A (en) * | 2008-11-06 | 2009-04-22 | 杭州华三通信技术有限公司 | Method and system for defending address analysis protocol message aggression |
CN104219339A (en) * | 2014-09-17 | 2014-12-17 | 北京金山安全软件有限公司 | Method and device for detecting address resolution protocol attack in local area network |
CN104917729A (en) * | 2014-03-12 | 2015-09-16 | 国基电子(上海)有限公司 | Network device and method for preventing address resolution protocol message from being attacked |
CN106376003A (en) * | 2015-07-23 | 2017-02-01 | 中移(杭州)信息技术有限公司 | Method and device for detecting wireless local area network connection and wireless local area network data transmission |
-
2017
- 2017-03-10 CN CN201710142637.8A patent/CN108574672A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1609291A1 (en) * | 2002-09-16 | 2005-12-28 | Cisco Technology, Inc. | Method and apparatus for preventing spoofing of network addresses |
KR20070106893A (en) * | 2006-05-01 | 2007-11-06 | 이형우 | Method for prevention an arp poison attack |
CN101247217A (en) * | 2008-03-17 | 2008-08-20 | 北京星网锐捷网络技术有限公司 | Method, unit and system for preventing address resolution protocol flux attack |
CN101415012A (en) * | 2008-11-06 | 2009-04-22 | 杭州华三通信技术有限公司 | Method and system for defending address analysis protocol message aggression |
CN104917729A (en) * | 2014-03-12 | 2015-09-16 | 国基电子(上海)有限公司 | Network device and method for preventing address resolution protocol message from being attacked |
CN104219339A (en) * | 2014-09-17 | 2014-12-17 | 北京金山安全软件有限公司 | Method and device for detecting address resolution protocol attack in local area network |
CN106376003A (en) * | 2015-07-23 | 2017-02-01 | 中移(杭州)信息技术有限公司 | Method and device for detecting wireless local area network connection and wireless local area network data transmission |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112333146A (en) * | 2020-09-21 | 2021-02-05 | 南方电网海南数字电网研究院有限公司 | ARP security defense method for intelligent power transformation gateway and intelligent power transformation gateway |
CN112583817A (en) * | 2020-12-07 | 2021-03-30 | 北京威努特技术有限公司 | Network oscillation monitoring and early warning method, device and medium |
CN112583817B (en) * | 2020-12-07 | 2023-04-28 | 北京威努特技术有限公司 | Network oscillation monitoring and early warning method, device and medium |
CN113938460A (en) * | 2021-11-25 | 2022-01-14 | 湖北天融信网络安全技术有限公司 | Network detection method and device, electronic equipment and storage medium |
CN113938460B (en) * | 2021-11-25 | 2024-08-27 | 湖北天融信网络安全技术有限公司 | Network detection method and device, electronic equipment and storage medium |
CN114980113A (en) * | 2022-06-17 | 2022-08-30 | 西安紫光展锐科技有限公司 | Method for preventing ARP attack on terminal side |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11516239B2 (en) | System, device, and method of adaptive network protection for managed internet-of-things services | |
CN105681353B (en) | Defend the method and device of port scan invasion | |
US9781137B2 (en) | Fake base station detection with core network support | |
KR101231975B1 (en) | Method of defending a spoofing attack using a blocking server | |
CN101087196B (en) | Multi-layer honey network data transmission method and system | |
CN108574672A (en) | The method and device of ARP attack perception applied to mobile terminal | |
CN101848197B (en) | Detection method and device and network with detection function | |
US10374913B2 (en) | Data retention probes and related methods | |
CN105491060B (en) | Method, apparatus, client and the equipment of defending distributed denial of service attack | |
KR101409563B1 (en) | Method and apparatus for identifying application protocol | |
US20140189861A1 (en) | System and method for correlating network information with subscriber information in a mobile network environment | |
CN112219381A (en) | Method for data analysis-based message filtering in edge nodes | |
US20170134957A1 (en) | System and method for correlating network information with subscriber information in a mobile network environment | |
US9338657B2 (en) | System and method for correlating security events with subscriber information in a mobile network environment | |
JP2010171527A (en) | Overlay traffic detection system, and traffic monitoring-control system | |
CN106899978B (en) | Wireless network attack positioning method | |
CN106534068A (en) | Method and device for cleaning forged source IP in DDOS (Distributed Denial of Service) defense system | |
CN108574673A (en) | ARP message aggression detection method and device applied to gateway | |
CN108512816B (en) | Traffic hijacking detection method and device | |
KR20150082903A (en) | Method and apparatus for application detection | |
CN107864110A (en) | Botnet main control end detection method and device | |
Guo et al. | Forensic analysis of DoS attack traffic in MANET | |
Mantoo et al. | A machine learning model for detection of man in the middle attack over unsecured devices | |
Park et al. | Threats and countermeasures on a 4G mobile network | |
Khan et al. | Real-time cross-layer design for a large-scale flood detection and attack trace-back mechanism in IEEE 802.11 wireless mesh networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180925 |