CN109194638B - Message processing method, device, switching equipment and computer readable storage medium - Google Patents
Message processing method, device, switching equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN109194638B CN109194638B CN201810969557.4A CN201810969557A CN109194638B CN 109194638 B CN109194638 B CN 109194638B CN 201810969557 A CN201810969557 A CN 201810969557A CN 109194638 B CN109194638 B CN 109194638B
- Authority
- CN
- China
- Prior art keywords
- message
- multicast
- terminal device
- sending
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/20—Support for services
- H04L49/201—Multicast operation; Broadcast operation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention provides a message processing method, a message processing device, switching equipment and a computer readable storage medium, and relates to the technical field of communication. The switching equipment receives a multicast message sent by any terminal equipment according to an mDNS protocol, judges whether the terminal equipment sending the multicast message is a credible terminal equipment, sends a service request message to the terminal equipment sending the multicast message when the terminal equipment sending the multicast message is a non-credible equipment and the multicast message is an announcement message, and processes all multicast messages sent by the terminal equipment as attack messages when a response message sent by the terminal equipment according to the service request message is not received, so that the flow attack in an mDNS networking system is effectively avoided, the terminal equipment is prevented from sending fake service information to mislead users, and the switching equipment only processes all multicast messages sent by the terminal equipment as discarded messages, so that the normal use of the mDNS function of other terminal equipment is ensured.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method and an apparatus for processing a packet, a switching device, and a computer-readable storage medium.
Background
The mDNS (Multicast Domain Name System) is a Multicast-based Domain Name service, and is a network standard for developing zero configuration applied to a home network. Unlike the standard DNS, the mDNS does not need to have a DNS server and a mapping of a formal domain name address, realizes mutual discovery and communication of terminal devices in the local area network without a conventional DNS server, and is suitable for lightweight service applications in the home network, such as print services in the home network, playing music of smart phones and computers on audio equipment, playing photos or videos on televisions, and the like.
In the networking system based on the mDNS, a query message sent by a client for querying a server capable of providing a required service and a response message fed back by the server capable of providing the required service to the client for the query message are multicast messages, and a request for a common service may cause responses of all service providers in a network, thereby increasing multicast traffic in the network. Therefore, when an attack source in the network sends a large number of mDNS requests, the mDNS traffic in the network is multiplied, causing flooding and even paralysis of the traffic of the network, the current solution mainly sets a protocol on a switch in the local area network to limit the traffic speed or discard the multicast packet, when one of the terminal devices in the local area network is attacked, the multicast packet sent by other terminal devices in the network is also limited in traffic speed or discarded, which affects the normal application of the mDNS function in the network.
Disclosure of Invention
Embodiments of the present invention provide a message processing method, an apparatus, a switching device, and a computer-readable storage medium, so as to avoid a traffic attack in an mDNS networking system.
In order to achieve the above purpose, the embodiment of the present invention adopts the following technical solutions:
in a first aspect, an embodiment of the present invention provides a packet processing method, which is applied to a switching device in an mDNS networking system, where the switching device is in communication connection with a plurality of terminal devices in the mDNS networking system, and the method includes: receiving a multicast message sent by any terminal device according to an mDNS protocol; judging whether the terminal equipment sending the multicast message is a credible terminal equipment or not; when the terminal equipment sending the multicast message is non-trusted equipment and the multicast message is an announcement message, sending a service request message to the terminal equipment sending the multicast message, wherein the announcement message comprises service information provided by the terminal equipment sending the announcement message; and when the response message sent by the terminal equipment according to the service request message is not received, processing all multicast messages sent by the terminal equipment as attack messages.
In a second aspect, an embodiment of the present invention further provides a packet processing apparatus, which is applied to a switch device in an mDNS networking system, where the switch device is in communication connection with a plurality of terminal devices in the mDNS networking system, and the apparatus includes: the message receiving module is used for receiving a multicast message sent by any terminal device according to the mDNS protocol; the judging module is used for judging whether the terminal equipment which sends the multicast message is the credible terminal equipment or not; a request message sending module, configured to send a service request message to a terminal device that sends the multicast message when the terminal device that sends the multicast message is an untrusted device and the multicast message is an announcement message, where the announcement message includes service information provided by the terminal device that sends the announcement message; and the message processing module is used for processing all multicast messages sent by the terminal equipment as attack messages when the response messages sent by the terminal equipment according to the service request messages are not received.
In a third aspect, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is read by a processor and when executed, implements the method according to the first aspect.
In a fourth aspect, an embodiment of the present invention further provides a switching device, which includes a computer-readable storage medium storing a computer program and a processor, where the computer program is read by the processor and executed to implement the method according to the first aspect.
In the message processing method, the message processing apparatus, the switch device, and the computer-readable storage medium provided in the embodiments of the present invention, when receiving a multicast message sent by any terminal device according to an mDNS protocol, the switch device determines whether the terminal device that sends the multicast message is a trusted terminal device, and when determining that the terminal device that sends the multicast message is an untrusted device and the multicast message is an announcement message, sends a service request message to the terminal device that sends the multicast message, where the announcement message includes service information provided by the terminal device that sends the announcement message, and when the switch device does not receive a response message sent by the terminal device according to the service request message, processes all multicast messages sent by the terminal device as attack messages. The switching device provided in this embodiment processes all multicast packets sent by the terminal device as discard packets when the terminal device does not send a response packet according to the service request packet, thereby effectively avoiding traffic attack in the mDNS networking system, preventing the terminal device from sending fake service information to mislead a user, and because the switching device only processes all multicast packets sent by the terminal device as discard packets, the normal use of the mDNS function of other terminal devices in the mDNS networking system is not affected.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the embodiments of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 shows a schematic diagram of an mDNS networking system according to an embodiment of the present invention.
Fig. 2 shows a block diagram of a switching device according to an embodiment of the present invention.
Fig. 3 is a flowchart illustrating a message processing method according to an embodiment of the present invention.
Fig. 4 is a schematic diagram illustrating a terminal device management table according to an embodiment of the present invention.
Fig. 5 shows another schematic diagram of the terminal device management table provided in the embodiment of the present invention.
Fig. 6 shows another schematic diagram of the terminal device management table provided in the embodiment of the present invention.
Fig. 7 is a schematic diagram illustrating functional modules of a message processing apparatus according to an embodiment of the present invention.
Icon: a 10-mDNS networking system; 100-a switching device; 200-a terminal device; 300-a message processing apparatus; 110-a memory; 120-a processor; 130-a communication interface; 310-message receiving module; 320-a judgment module; 330-message analysis module; 340-request message sending module; 350-a message processing module; 360-a statistics module; 370-rate limiting module.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments of the present invention without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
Fig. 1 is a schematic diagram of an mDNS networking system 10 according to an embodiment of the present invention. The mDNS networking system 10 includes an exchange device 100 and a plurality of terminal devices 200, the exchange device 100 is in communication connection with the plurality of terminal devices 200 in the mDNS networking system 10, the exchange device 100 and the plurality of terminal devices 200 form a local area network, and the exchange device 100 and the terminal devices 200 are both provided with mDNS functions. The plurality of terminal devices 200 include a client device and a server device that provides a client device with a desired service, which may include a print service, a video service, and the like. After entering the mDNS networking system 10, the server device with the mDNS function is enabled to send a multicast packet to other terminal devices 200 in the mDNS networking system 10 through the switching device 100, so as to inform the other terminal devices 200 of which service they provide; after entering the mDNS networking system 10, if a certain service needs to be provided, the client device with the mDNS function may send a multicast packet to other terminal devices 200 in the mDNS networking system 10 through the switching device 100 to inform other terminal devices 200 which service they need, and a server device capable of providing the client device with the service needs responds in a multicast manner after receiving the multicast packet.
In this embodiment, the switching device 100 may be a switch, a router, or the like, the client device may be a smart phone, a tablet computer, a Personal Computer (PC), a Mobile Internet Device (MID), a Personal Digital Assistant (PDA), or the like, and the server device may be a printer, an Apple TV, or the like. It should be noted that the terminal device 200 in the mDNS networking system 10 may be a client device or a server device, and may be determined according to an actual application scenario, which is not limited in this application.
Fig. 2 is a block diagram of a switching device 100 according to an embodiment of the present invention. Switching device 100 may include a memory 110, a processor 120, and a communication interface 130, the memory 110, the processor 120, and the communication interface 130 being electrically connected to each other, directly or indirectly, to enable the transfer or interaction of data. For example, the components may be electrically connected to each other via one or more communication buses or signal lines. The memory 110 may be used to store software programs and modules, such as program instructions/modules corresponding to the message processing method and apparatus provided in the embodiments of the present invention, and the processor 120 executes the software programs and modules stored in the memory 110, so as to execute various functional applications and data processing. The communication interface 130 may be used for communicating signaling or data with other node devices.
The Memory 110 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like.
The processor 120 may be an integrated circuit chip having signal processing capabilities. The Processor 120 may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but may also be a Digital Signal Processor (DSP)), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components.
It will be appreciated that the configuration shown in fig. 2 is merely illustrative and that switching device 100 may include more or fewer components than shown in fig. 2 or may have a different configuration than shown in fig. 2. The components shown in fig. 2 may be implemented in hardware, software, or a combination thereof.
The embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by the processor 120, the message processing method disclosed in the embodiment of the present invention is implemented.
Fig. 3 is a schematic flow chart of a message processing method according to an embodiment of the present invention. It should be noted that, the message processing method according to the embodiment of the present invention is not limited by the specific sequence shown in fig. 3 and described below, and it should be understood that, in other embodiments, the sequence of some steps in the message processing method according to the embodiment of the present invention may be interchanged according to actual needs, or some steps in the message processing method may be omitted or deleted. The message processing method can be applied to the switching device 100, and the specific flow shown in fig. 3 will be described in detail below.
Step S101, receiving a multicast packet sent by any terminal device 200 according to the mDNS protocol.
In this embodiment, any of the terminal devices 200 may be a client device or a server device. When a client device sends a multicast message to the switching device 100 in the mDNS networking system 10 according to the mDNS protocol, the multicast message is an inquiry message for inquiring a server device capable of providing a service required by the client device; when the server device sends a multicast packet to the switching device 100 in the mDNS networking system 10 according to the mDNS protocol, the multicast packet is an announcement packet for announcing services that can be provided by other terminal devices 200 in the mDNS networking system 10.
Step S102, determining whether the terminal device 200 sending the multicast packet is a trusted terminal device.
In this embodiment, the switching device 100 maintains a terminal device management table in the mDNS networking system 10, where the management table records record information of the discovered terminal device 200, and the record information includes status information of whether the discovered terminal device 200 is trusted and an IP address of the terminal device 200, as shown in fig. 4. The state information may include a to-be-confirmed state, a confirmed state, and an attack state, and when the state information corresponding to the IP address of the terminal device 200 is the to-be-confirmed state, it indicates that the terminal device 200 is an untrusted device; when the state information corresponding to the IP address of the terminal device 200 is in the confirmed state, it indicates that the terminal device 200 is a trusted terminal device; when the state information corresponding to the IP address of the terminal device 200 is in the attack state, it indicates that the terminal device 200 is an attacked terminal device.
In practical applications, when receiving a multicast packet, the switching device 100 may look up corresponding record information in the management table according to a source address (i.e., an IP address of the terminal device 200 that sends the multicast packet) carried in the multicast packet, and determine whether the terminal device 200 that sends the multicast packet is trusted according to state information in the record information. For example, when the record information is found in the management table and the state information in the record information is a confirmed state, it indicates that the terminal device 200 that sends the multicast packet is a trusted terminal device, and when the record information is found in the management table and the state information in the record information is an attack state, it indicates that the terminal device 200 that sends the multicast packet is an attacked terminal device; when the corresponding record information cannot be found in the management table, the source address in the multicast message needs to be used as the IP address of the terminal device 200, the state information corresponding to the IP address of the terminal device 200 is determined as the state to be confirmed, and the state information are added to the management table together as record information, where the terminal device 200 that sends the multicast message is an untrusted device. That is, when the record information cannot be found in the management table according to the source address of the multicast packet sent by the terminal device 200 or the status information found in the management table is the to-be-confirmed status, the terminal device 200 is determined as the untrusted device in this embodiment.
Step S103, judging whether the multicast message is an announcement message.
In this embodiment, the switching device 100 may analyze the received multicast packet, determine whether the format of the multicast packet is correct, and distinguish whether the multicast packet is an inquiry packet or an announcement packet. The notification message and the query message may be distinguished by setting different identifiers in an identifier field of the multicast message, for example, when the identifier field in the received multicast message is "a", the multicast message is determined to be the notification message; and when the identifier field in the received multicast message is 'B', determining that the multicast message is an inquiry message.
In this embodiment, when the multicast packet is an announcement packet, step S104 is executed; when the multicast packet is not an announcement packet but an inquiry packet, step S106 is executed.
Step S104, when the terminal device 200 that sends the multicast packet is an untrusted device and the multicast packet is an announcement packet, sending a service request packet to the terminal device 200 that sends the multicast packet, where the announcement packet includes service information provided by the terminal device 200 that sends the announcement packet.
In this embodiment, when determining that the terminal device 200 that sends the multicast packet is an untrusted device and the multicast packet is an announce packet, the switching device 100 sends a service request packet to the terminal device 200 that sends the multicast packet, and when the response packet is not received within a first preset time, sends the service request packet again until a preset number of times of sending the service request packet is reached.
In this embodiment, the service request message sent by the switching device 100 to the terminal device 200 carries the unicast flag bit "QU", so that the terminal device 200 also responds to the switching device 100 in a unicast manner when sending the response message according to the service request message, thereby preventing the response message from being multicast to other terminal devices 200 and causing the traffic of the network to flood.
Step S105, when the response packet sent by the terminal device 200 according to the service request packet is not received, processing all multicast packets sent by the terminal device 200 as attack packets.
In this embodiment, the step S105 includes: and when the response message sent by the terminal device 200 according to the service request message is not received, determining to discard all multicast messages sent by the terminal device 200. Specifically, when the switch device 100 does not receive the response packet within the first preset time after the preset number of times of sending the service request packet is reached, it determines that the terminal device 200 sending the multicast packet is an attacked terminal device, and thus discards all multicast packets sent by the terminal device 200.
For example, the preset number of times of sending the service request message is "3 times", the first preset time is "1 second", after the switching device 100 sends the service request message to the terminal device 200 sending the multicast message for the first time, if the response message of the terminal device 200 based on the service request message is not received after "1 second", the service request message is sent to the terminal device 200 sending the multicast message for the second time, if the response message of the terminal device 200 based on the service request message is not received after "1 second", the service request message is sent to the terminal device 200 sending the multicast message for the third time, if the response message of the terminal device 200 based on the service request message is still not received after "1 second", it is determined that the terminal device 200 cannot send the response message according to the service request message due to the attack, namely, the terminal device 200 is determined to be an attacked terminal device; meanwhile, the switching device 100 issues a message discarding instruction to an internal switching chip, so that the switching chip discards all multicast messages of the attacked terminal device.
In this embodiment, the number of times the switching device 100 sends the service request packet and the waiting time after sending the service request packet each time may be recorded by a terminal device management table maintained by the switching device 100. At this time, the record information of the terminal device 200 in the management table further includes a role corresponding to the IP address of the terminal device 200, the number of times of sending the service request message, and the waiting time after sending the service request message each time, where the role may include an inquirer and a server. As shown in fig. 5, when the source address of the multicast message received by the switching device 100 is "2.2.2.2" (the IP address of the terminal device 200 that sent the multicast message), no record information is found in the management table according to the source address, and the multicast message is an announcement message, then a record information of the terminal device 200 may be added to the management table, in the record information, the role corresponding to the IP address of the terminal device 200 is a server, the state corresponding to the IP address of the terminal device 200 is a to-be-confirmed state, each time the switching device 100 sends a service request message to the terminal device 200, the number of times the service request message corresponding to the IP address of the terminal device 200 is sent is increased once in the management table, and the waiting time after each time of sending the service request message is recorded in the management table, when the waiting time is greater than or equal to "1 second", the service request message is sent to the terminal device 200 again, when the number of times of sending the service request message recorded in the management table reaches "3 times" and the recorded waiting time is greater than or equal to "1 second", modifying the state corresponding to the IP address of the terminal device 200 from the state to be confirmed to an attack state in the management table, indicating that the terminal device 200 is an attacked terminal device; if the response message is received within the first preset time of "1 second" after the preset number of times "3 times" of sending the service request message, the state corresponding to the IP address of the terminal device 200 is modified from the state to be confirmed to the confirmed state in the management table shown in fig. 5, which indicates that the terminal device 200 is a trusted terminal device. It can be seen that, in the present application, when it is determined that the multicast packet sent by the terminal device 200 is an announcement packet and the terminal device 200 is an untrusted device, the switching device 100 sends a service request packet to the terminal device 200 that sends the multicast packet, and when the response packet is not received within the first preset time after the preset number of times of sending the service request packet is reached, it determines that the terminal device 200 is an attacked terminal device, and fully considers the situation that the response packet is not received due to packet loss, delay, and the like in a network, thereby effectively avoiding misjudging that the terminal device 200 is attacked. The switching device 100 discards all multicast messages sent by the attacked terminal device, thereby effectively avoiding the traffic attack in the mDNS networking system 10 and preventing the attacked terminal device from providing fake service information to mislead the user; meanwhile, since the switching device 100 only discards the multicast packet sent by the attacked terminal device, and the use of the mDNS function of the non-attacked terminal device 200 is not affected, the mDNS function of the non-attacked terminal device 200 in the system can be normally used.
It should be noted that, in this embodiment, the switching device 100 may not only discard the multicast packet (i.e., the attack packet) sent by the attacked terminal device, but also may adopt other processing strategies in practical application, so as to achieve the purpose that the attack packet does not exist in the mDNS networking system 10. Further, the message processing method further includes:
step S106, when the terminal device 200 that sends the multicast packet is an untrusted device and the multicast packet is an inquiry packet, counting the number of times that the terminal device 200 that sends the multicast packet sends the inquiry packet to the switching device 100 within a second preset time, where the inquiry packet includes service information required by the terminal device 200 that sends the inquiry packet.
Step S107, when the number of times of the query packet sent by the terminal device 200 to the switching device 100 exceeds a preset value, reducing the forwarding rate of all multicast packets sent by the terminal device 200 to a preset rate.
For example, the second preset time is "2 seconds", the preset value is "10 times", when the switching device 100 determines that the terminal device 200 sending the multicast packet is an untrusted device and the multicast packet is an inquiry packet, the number of times of the inquiry packet sent to the switching device 100 by the terminal device 200 is counted within "2 seconds", and when the counted number of times exceeds the preset value of "10 times", the terminal device 200 sending the inquiry packet is determined to be an attacked terminal device, and the switching device 100 issues a rate limiting instruction to an internal switching chip, so that the forwarding rate of all multicast packets sent by the attacked terminal device by the switching chip is reduced to a preset rate, thereby reducing the traffic in the network.
In this embodiment, the record information in the terminal device management table maintained by the switching device 100 may further include the number of times of receiving the query message from the terminal device 200 by the switching device 100, and the switching device 100 counts the number of times of receiving the query message through the management table. For example, when the source address of the multicast message received by the switching device 100 is "3.3.3.3" (the IP address of the terminal device 200 that sends the multicast message), no record information is found in the management table shown in fig. 5 according to the source address, and the multicast message is an inquiry message, then a record information of the terminal device 200 may be added to the management table, as shown in fig. 6, in the record information, the role corresponding to the IP address of the terminal device 200 is an inquirer, the state corresponding to the IP address of the terminal device 200 is a to-be-confirmed state, and each time the switching device 100 receives an inquiry message sent by the terminal device 200, the number of times of receiving the inquiry message corresponding to the IP address of the terminal device 200 is increased once in the management table, and when the second preset time "2 seconds" is reached, it is determined whether the number of times of receiving the inquiry message corresponding to the IP address of the terminal device 200 in the management table exceeds the preset value "10 times", if the number of the terminal equipment 200 exceeds the preset number, modifying the state corresponding to the IP address of the terminal equipment 200 from the state to be confirmed to an attack state in the management table, and indicating that the terminal equipment 200 is attacked; if not, the state corresponding to the IP address of the terminal device 200 is modified from the state to be confirmed to the confirmed state in the management table, which indicates that the terminal device 200 is a trusted terminal device.
It is easy to understand that, in this embodiment, when the switching device 100 receives a multicast packet sent by any terminal device 200, if the corresponding state information is found in the management table according to the source address of the multicast packet (the IP address of the terminal device 200 sending the multicast packet) to be a confirmed state, that is, it is determined that the terminal device 200 sending the multicast packet is a trusted terminal device, the switching device 100 may directly forward the multicast packet; if the corresponding state information is found to be an attack state in the management table according to the source address of the multicast packet (the IP address of the terminal device 200 sending the multicast packet), the switching device 100 finds the corresponding role in the management table according to the source address of the multicast packet to discard the multicast packet or reduce the forwarding rate of the multicast packet to a preset rate.
Fig. 7 is a schematic functional module diagram of a message processing apparatus 300 according to an embodiment of the present invention. It should be noted that the basic principle and the generated technical effect of the message processing apparatus 300 provided in this embodiment are the same as those of the foregoing method embodiments, and for a brief description, reference may be made to corresponding contents in the foregoing method embodiments for a part not mentioned in this embodiment. The message processing apparatus 300 is applied to the switching device 100, and includes at least one software functional module which can be stored in the memory 110 in the form of software or firmware (firmware) or is solidified in an Operating System (OS) of the switching device 100. The message processing apparatus 300 includes a message receiving module 310, a determining module 320, a message parsing module 330, a request message sending module 340, a message processing module 350, a counting module 360, and a rate limiting module 370.
The message receiving module 310 is configured to receive a multicast message sent by any terminal device 200 according to an mDNS protocol.
It is understood that the message receiving module 310 may execute the step S101.
The judging module 320 is configured to judge whether the terminal device 200 that sends the multicast packet is a trusted terminal device.
In this embodiment, the switching device 100 maintains a terminal device management table in the mDNS networking system 10, where the management table records record information of the discovered terminal device 200, where the record information includes status information of whether the discovered terminal device 200 is trusted, and the determining module 320 is specifically configured to search the management table for record information of the terminal device 200 that sends the multicast packet, and determine whether the terminal device 200 is trusted according to the status information in the record information.
It is understood that the determining module 320 may perform the step S102.
The message parsing module 330 is configured to determine whether the multicast message is an announcement message.
It is understood that the message parsing module 330 may execute the step S103.
The request message sending module 340 is configured to send a service request message to the terminal device 200 that sends the multicast message when the terminal device 200 that sends the multicast message is an untrusted device and the multicast message is an announcement message, where the announcement message includes service information provided by the terminal device 200 that sends the announcement message.
In this embodiment, the request packet sending module 340 is configured to send a service request packet to the terminal device 200 that sends the multicast packet, and send the service request packet again when the response packet is not received within a first preset time.
It is understood that the request message sending module 340 is configured to execute the step S104.
The message processing module 350 is configured to, when a response message sent by the terminal device 200 according to the service request message is not received, process all multicast messages sent by the terminal device 200 as attack messages.
In this embodiment, the message processing module 350 is specifically configured to determine to discard all multicast messages sent by the terminal device 200 when a response message sent by the terminal device 200 according to the service request message is not received.
In this embodiment, the message processing module 350 is specifically configured to determine to discard all multicast messages sent by the terminal device 200, that is, to discard all multicast messages sent by an attacked terminal device, when the response message is not received within the first preset time after the preset number of times of sending the service request message is reached.
It is understood that the message processing module 350 can execute the step S105.
The counting module 360 is configured to count, when the terminal device 200 that sends the multicast packet is an untrusted device and the multicast packet is an inquiry packet, the number of times of sending, to the switching device 100, the inquiry packet by the terminal device 200 that sends the multicast packet within a second preset time, where the inquiry packet includes service information required by the terminal device 200 that sends the inquiry packet.
It is understood that the statistics module 360 may perform the step S106.
The rate limiting module 370 is configured to reduce the forwarding rate of all multicast packets sent by the terminal device 200 to a preset rate when the number of times of the query packets sent by the terminal device 200 to the switching device 100 exceeds a preset value.
It is understood that the rate limiting module 370 may perform step S107 described above.
In summary, according to the message processing method, the message processing apparatus, the switching device and the computer-readable storage medium provided in the embodiments of the present invention, when receiving a multicast message sent by any terminal device according to an mDNS protocol, the switching device determines whether the terminal device sending the multicast message is a trusted terminal device, and when determining that the terminal device sending the multicast message is an untrusted device and the multicast message is an announcement message, sends a service request message to the terminal device sending the multicast message, where the announcement message includes service information provided by the terminal device sending the announcement message, and when the switching device does not receive a response message sent by the terminal device according to the service request message, processes all multicast messages sent by the terminal device as attack messages. The switching device provided in this embodiment sends a service request message to a terminal device that sends a multicast message when it is determined that a multicast message sent by the terminal device is an announcement message and the terminal device is an untrusted device, and indicates that the terminal device is likely to be attacked when the terminal device does not send a response message according to the service request message, and the service information provided by the terminal device is also likely to be fake information, so that the switching device processes all multicast messages sent by the terminal device as attack messages, for example, discards all the multicast messages to prevent fake service information from misleading a user, thereby effectively avoiding traffic attack in an mDNS networking system; meanwhile, the switching equipment only discards the multicast message sent by the attacked terminal equipment, so that the use of the mDNS function of other non-attacked terminal equipment in the system is not influenced, namely the normal use of the mDNS function of the non-attacked terminal equipment in the network is ensured; when the terminal device sending the multicast message is an untrusted device and the multicast message is an inquiry message, the switching device counts the times of the inquiry messages sent to the switching device by the terminal device sending the multicast message within a second preset time, and when the times of the inquiry messages sent to the switching device by the terminal device exceed a preset value, the terminal device sending the inquiry messages is an attacked terminal device, so that the forwarding rate of all multicast messages sent by the terminal device is reduced to a preset rate, and the flow in the network is reduced.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, device or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus, devices and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus and method embodiments described above are illustrative only, as the flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, the functional modules in the embodiments of the present invention may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes. It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The above description is only an alternative embodiment of the present invention and is not intended to limit the present invention, and various modifications and variations of the present invention may occur to those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
Claims (10)
1. A message processing method is applied to a switching device in an mDNS networking system, wherein the switching device is in communication connection with a plurality of terminal devices in the mDNS networking system, and the method is characterized by comprising the following steps:
receiving a multicast message sent by any terminal device according to an mDNS protocol;
judging whether the terminal equipment sending the multicast message is a credible terminal equipment or not;
when the terminal equipment sending the multicast message is non-trusted equipment and the multicast message is an announcement message, sending a service request message to the terminal equipment sending the multicast message, wherein the announcement message comprises service information provided by the terminal equipment sending the announcement message;
when the response message sent by the terminal equipment according to the service request message is not received, all multicast messages sent by the terminal equipment are used as attack messages to be processed;
when the terminal device sending the multicast message is an untrusted device and the multicast message is an inquiry message, counting the times of the inquiry message sent to the switching device by the terminal device sending the multicast message within a second preset time, wherein the inquiry message comprises service information required by the terminal device sending the inquiry message;
and when the times of the query messages sent to the switching equipment by the terminal equipment exceed a preset value, reducing the forwarding rate of all multicast messages sent by the terminal equipment to a preset rate.
2. The message processing method according to claim 1, wherein the step of processing all multicast messages sent by the terminal device as attack messages when a response message sent by the terminal device according to the service request message is not received comprises:
and when the response message sent by the terminal equipment according to the service request message is not received, determining to discard all multicast messages sent by the terminal equipment.
3. The message processing method according to claim 2, wherein the step of sending a service request message to the terminal device sending the multicast message comprises:
sending a service request message to the terminal equipment which sends the multicast message, and sending the service request message again when the response message is not received within a first preset time;
the step of determining to discard all multicast packets sent by the terminal device when a response packet sent by the terminal device according to the service request packet is not received includes:
and when the response message is not received within the first preset time after the preset service request message sending times are reached, determining to discard all multicast messages sent by the terminal equipment.
4. The message processing method according to claim 1, wherein the switching device maintains a management table of terminal devices in the mDNS networking system, the management table records record information of the discovered terminal devices, the record information includes state information of whether the discovered terminal devices are trusted, and the step of determining whether the terminal device that sends the multicast message is a trusted terminal device includes:
and searching the record information of the terminal equipment which sends the multicast message in the management table, and judging whether the terminal equipment is credible or not according to the state information in the record information.
5. A message processing device is applied to a switching device in an mDNS networking system, wherein the switching device is in communication connection with a plurality of terminal devices in the mDNS networking system, and the message processing device is characterized by comprising:
the message receiving module is used for receiving a multicast message sent by any terminal device according to the mDNS protocol;
the judging module is used for judging whether the terminal equipment which sends the multicast message is the credible terminal equipment or not;
a request message sending module, configured to send a service request message to a terminal device that sends the multicast message when the terminal device that sends the multicast message is an untrusted device and the multicast message is an announcement message, where the announcement message includes service information provided by the terminal device that sends the announcement message;
a message processing module, configured to, when a response message sent by the terminal device according to the service request message is not received, process all multicast messages sent by the terminal device as attack messages;
a counting module, configured to count, when a terminal device that sends the multicast packet is an untrusted device and the multicast packet is an inquiry packet, the number of times of sending, to the switching device, the inquiry packet by the terminal device that sends the multicast packet within a second preset time, where the inquiry packet includes service information required by the terminal device that sends the inquiry packet;
and the rate limiting module is used for reducing the forwarding rate of all multicast messages sent by the terminal equipment to a preset rate when the number of times of the query messages sent to the switching equipment by the terminal equipment exceeds a preset value.
6. The message processing apparatus according to claim 5, wherein the message processing module is configured to determine to discard all multicast messages sent by the terminal device when a response message sent by the terminal device according to the service request message is not received.
7. The message processing apparatus according to claim 6, wherein the request message sending module is configured to send a service request message to a terminal device that sends the multicast message, and send the service request message again when the response message is not received within a first preset time;
and the message processing module is used for determining to discard all multicast messages sent by the terminal equipment when the response message is not received within the first preset time after the preset service request message sending times are reached.
8. The message processing apparatus according to claim 5, wherein the switching device maintains a management table of terminal devices in the mDNS networking system, the management table records record information of the discovered terminal devices, the record information includes state information of whether the discovered terminal devices are trusted, the determining module is configured to search the management table for record information of the terminal device that sends the multicast message, and determine whether the terminal device is trusted according to the state information in the record information.
9. A computer-readable storage medium, on which a computer program is stored which, when read and executed by a processor, implements the method of any one of claims 1-4.
10. A switching device, comprising a computer-readable storage medium storing a computer program and a processor, the computer program, when read and executed by the processor, implementing the method according to any one of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810969557.4A CN109194638B (en) | 2018-08-23 | 2018-08-23 | Message processing method, device, switching equipment and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810969557.4A CN109194638B (en) | 2018-08-23 | 2018-08-23 | Message processing method, device, switching equipment and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109194638A CN109194638A (en) | 2019-01-11 |
| CN109194638B true CN109194638B (en) | 2021-04-06 |
Family
ID=64919355
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810969557.4A Active CN109194638B (en) | 2018-08-23 | 2018-08-23 | Message processing method, device, switching equipment and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109194638B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109922144B (en) * | 2019-02-28 | 2022-09-16 | 北京百度网讯科技有限公司 | Method and apparatus for processing data |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106789861A (en) * | 2016-03-11 | 2017-05-31 | 新华三技术有限公司 | A kind of message processing method and device |
| US9762611B2 (en) * | 2016-02-16 | 2017-09-12 | Cylance Inc. | Endpoint-based man in the middle attack detection using machine learning models |
| CN107707477A (en) * | 2017-09-28 | 2018-02-16 | 杭州迪普科技股份有限公司 | The processing method and processing device of message, computer-readable recording medium |
| CN107800745A (en) * | 2016-09-06 | 2018-03-13 | 北京京东尚科信息技术有限公司 | The method that service declaration and service discovery are carried out based on mDNS |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10250636B2 (en) * | 2016-07-07 | 2019-04-02 | Attivo Networks Inc | Detecting man-in-the-middle attacks |
-
2018
- 2018-08-23 CN CN201810969557.4A patent/CN109194638B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9762611B2 (en) * | 2016-02-16 | 2017-09-12 | Cylance Inc. | Endpoint-based man in the middle attack detection using machine learning models |
| CN106789861A (en) * | 2016-03-11 | 2017-05-31 | 新华三技术有限公司 | A kind of message processing method and device |
| CN107800745A (en) * | 2016-09-06 | 2018-03-13 | 北京京东尚科信息技术有限公司 | The method that service declaration and service discovery are carried out based on mDNS |
| CN107707477A (en) * | 2017-09-28 | 2018-02-16 | 杭州迪普科技股份有限公司 | The processing method and processing device of message, computer-readable recording medium |
Non-Patent Citations (1)
| Title |
|---|
| "mDNS查询报文解析与代答报文模块的分析与设计";林一冲;《中国优秀硕士学位论文全文数据库-信息科技辑》;20160315;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109194638A (en) | 2019-01-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2633710B1 (en) | Emergency notification system and method utilizing preemption of active media sessions | |
| US9384471B2 (en) | Spam reporting and management in a communication network | |
| WO2020255033A1 (en) | Method and apparatus for adding notifications related with user equipment multicast group and leave | |
| KR20230079462A (en) | Message processing method and apparatus, and relevant devices | |
| EP3923532A1 (en) | Bgp route identification method, apparatus and device | |
| CN109379244B (en) | Network acceleration communication method and device and electronic equipment | |
| RU2473184C2 (en) | Method and device for subscriber data base | |
| US9935861B2 (en) | Method, system and apparatus for detecting instant message spam | |
| WO2021073377A1 (en) | Multicast stream detection method, device and system | |
| WO2013113195A1 (en) | Method and system for sending short message | |
| Cain et al. | RFC3376: internet group management protocol, version 3 | |
| WO2016062067A1 (en) | User message forwarding control method and processing node | |
| CN101227287B (en) | Data message processing method and data message processing equipment | |
| WO2011157132A2 (en) | Service information transmission method, device and system | |
| JP2005295457A (en) | P2p traffic dealing router and p2p traffic information sharing system using same | |
| WO2009024063A1 (en) | A method, device and system for identifying service | |
| US20170373927A1 (en) | Managing multicast scaling | |
| EP4154497A1 (en) | Improving classification accuracy in user plane function re-selection scenarios | |
| CN114051013B (en) | Communication data transmission method and device | |
| CN109194638B (en) | Message processing method, device, switching equipment and computer readable storage medium | |
| US10063648B2 (en) | Relaying mobile communications | |
| WO2011134370A1 (en) | Machine type communication event reporting method and system thereof | |
| US20220329986A1 (en) | Multicast service implementation method and apparatus, and communications device | |
| Vida et al. | Rfc 3810: Multicast listener discovery version 2 (mldv2) for ipv6 | |
| US9788299B2 (en) | Base station paging based on traffic content type |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |