CN112714126A - Method and system for improving honeypot trapping attack capability in IPv6 address space - Google Patents
Method and system for improving honeypot trapping attack capability in IPv6 address space Download PDFInfo
- Publication number
- CN112714126A CN112714126A CN202011596315.9A CN202011596315A CN112714126A CN 112714126 A CN112714126 A CN 112714126A CN 202011596315 A CN202011596315 A CN 202011596315A CN 112714126 A CN112714126 A CN 112714126A
- Authority
- CN
- China
- Prior art keywords
- ipv6 address
- honeypot
- ipv6
- address
- destination
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/256—NAT traversal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/622—Layer-2 addresses, e.g. medium access control [MAC] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/659—Internet protocol version 6 [IPv6] addresses
Abstract
The invention provides a method, a system, electronic equipment and a medium for improving honeypot trapping attack capability in an IPv6 address space, wherein the method comprises the following steps: s1, the DAD monitors and establishes the IPv6 address list of the network segment; s2, generating NA response message for responding NS request of destination IPv6 address out of IPv6 address list; s3, the NAT6 converts the destination IPv6 address set into the honeypot server IPv6 address, and honeypot service is provided. The invention eliminates the IPv6 address in use in the network segment through DAD monitoring, and dynamically converts the target IPv6 address based on NAT6, thereby realizing that the IPv6 honeypot can simulate the service supporting multiple addresses, and effectively improving the capability of trapping attacks in IPv6 mass address space by the IPv6 honeypot.
Description
Technical Field
The disclosure relates to the technical field of network security, in particular to a method, a system, electronic equipment and a medium for improving honeypot trapping attack capability in an IPv6 address space.
Background
IPv6, the abbreviation of Internet Protocol Version 6, namely the next generation Internet, IPv6 has the most obvious advantage that the address is 128 bits, and the problem that the IPv4 address is gradually exhausted is solved by a massive address space.
MAC address, hardware address of the network port, 48 bits, for uniquely identifying a network port.
NDP, Neighbor Discovery Protocol, IPv6 Neighbor Discovery Protocol, used for router Discovery, local link node Discovery and address conflict detection.
Each IPv6 unicast Address in the DAD, dual Address Detection, IPv6 network needs to be detected by the DAD before it can be used. The DAD uses NS and NA messages to realize address conflict detection based on the NDP protocol.
NAT6, Network Address Translation IPv6 and IPv6 Network Address Translation.
Honeypots, honeypot technology is essentially a technology for cheating attackers, and by arranging hosts, network services or information serving as baits, the attackers are induced to attack the hosts, the network services or the information, so that attack behaviors can be captured and analyzed, and tools and methods used by the attackers are known.
In the field of network security, honeypots are relatively excellent and accurate attack behavior analysis tools, the honeypots in the IPv4 network work well, but in the IPv6 network, due to the mass address space of IPv6, a conventional honeypot deployment method is difficult to scan by an attacker, and the use of honeypot technology is limited.
Disclosure of Invention
Technical problem to be solved
In view of the above problems, the present disclosure provides a method, a system, an electronic device, and a medium for improving honeypot trapping attack capability in an IPv6 address space, which are used to at least partially solve the technical problems that the conventional honeypot deployment method is difficult to be scanned by an attacker.
(II) technical scheme
One aspect of the present disclosure provides a method for improving honeypot trapping attack capability in an IPv6 address space, including: s1, the DAD monitors and establishes the IPv6 address list of the network segment; s2, generating NA response message for responding NS request of destination IPv6 address out of IPv6 address list; s3, the NAT6 converts the destination IPv6 address set into the honeypot server IPv6 address, and honeypot service is provided.
Further, in S1, the network segment establishes the NS packet in the link snooping DAD using the IPv6 address list, extracts the IPv6 address in the NS packet, and adds the IPv6 address list.
Further, the generating of the NA response message in S2 specifically includes generating the NA response message if it is determined that the destination IPv6 address is not in the IPv6 address table, and informing the gateway that the MAC address corresponding to the destination IPv6 address is the MAC address of the honeypot server.
In another aspect, the present disclosure provides a system for improving honeypot trapping attack capability in IPv6 address space, including: the DAD sniffer is used for monitoring an IPv6 address list for establishing the network segment; the NA response message generating module is used for generating an NA response message and responding to the NS request of a target IPv6 address outside the IPv6 address list; and the NAT6 module is used for converting the destination IPv6 address set into the honeypot server IPv6 address and providing the honeypot service.
Yet another aspect of the present invention provides an electronic device, including: a processor; a memory storing a computer executable program which, when executed by the processor, causes the processor to perform the aforementioned method of enhancing honeypot trap attack capability in an IPv6 address space.
A further aspect of the present invention provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements the aforementioned method of enhancing honeypot trap attack capability in IPv6 address space.
(III) advantageous effects
The invention provides a method, a system, electronic equipment and a medium for improving honeypot trapping attack capability in an IPv6 address space, which exclude the IPv6 address in the network segment through DAD monitoring, and dynamically respond to the request of a potential attacker based on NAT6, thereby realizing that the IPv6 honeypot can simulate the service supporting multiple addresses and effectively improving the trapping attack capability of the IPv6 honeypot in the IPv6 mass address space.
Drawings
FIG. 1 schematically illustrates a flow diagram of a method for enhancing honeypot trap attack capability in IPv6 address space according to an embodiment of the invention;
FIG. 2 schematically illustrates an NDP operational schematic according to an embodiment of the invention;
FIG. 3 schematically illustrates a system architecture diagram for enhancing honeypot trap attack capability in IPv6 address space, according to an embodiment of the invention;
FIG. 4 schematically illustrates a workflow diagram for enhancing honeypot trap attack capability in an IPv6 address space according to an embodiment of the present invention;
fig. 5 schematically shows a block diagram of an electronic device according to another embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to specific embodiments and the accompanying drawings.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Some block diagrams and/or flow diagrams are shown in the figures. It will be understood that some blocks of the block diagrams and/or flowchart illustrations, or combinations thereof, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the instructions, which execute via the processor, create means for implementing the functions/acts specified in the block diagrams and/or flowchart block or blocks.
Accordingly, the techniques of this disclosure may be implemented in hardware and/or software (including firmware, microcode, etc.). In addition, the techniques of this disclosure may take the form of a computer program product on a computer-readable medium having instructions stored thereon for use by or in connection with an instruction execution system. In the context of this disclosure, a computer-readable medium may be any medium that can contain, store, communicate, propagate, or transport the instructions. For example, the computer readable medium can include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. Specific examples of the computer readable medium include: magnetic storage devices, such as magnetic tape or Hard Disk Drives (HDDs); optical storage devices, such as compact disks (CD-ROMs); a memory, such as a Random Access Memory (RAM) or a flash memory; and/or wired/wireless communication links.
An embodiment of the present disclosure provides a method for improving honeypot trapping attack capability in IPv6 address space, please refer to fig. 1, including: s1, the DAD monitors and establishes the IPv6 address list of the network segment; s2, generating NA response message for responding NS request of destination IPv6 address out of IPv6 address list; s3, the NAT6 converts the destination IPv6 address set into the honeypot server IPv6 address, and honeypot service is provided.
Before specifically introducing the embodiment of the present invention, an NDP working schematic diagram is specifically introduced, for example, as shown in fig. 2, when an IPv6 gateway receives a data packet of an external network segment, the data packet can be correctly forwarded to the node based on an MAC address of a terminal node, but in an initial situation, for a new IPv6 address, the IPv6 gateway does not have a mapping record between IPv6 and MAC, at this time, the IPv6 gateway sends an NS request to the home network segment, queries a corresponding MAC address, and when a terminal node configured with the IPv6 address finds that an IPv6 address queried by the NS request is the same as its own address, an NA message is used to respond to the IPv6 gateway, and the NA message carries an internet access MAC address of the terminal node. Therefore, the IPv6 gateway acquires the mapping relationship between the new IPv6 address and the MAC address. The IPv6 gateway can correctly forward the packet. The NDP flow is illustrated here for convenience in describing the principles of the invention later.
Fig. 3 is a system architecture diagram of the present invention, as shown in the figure, a DAD sniffs a DAD collision detection message for monitoring all IPv6 of a home network segment, for an IPv6 address passing collision detection, the address is recorded in a U-in-use IPv6 address list, an NA response generates an NS address query request response for sending to an IPv6 gateway, an NA response generation determines that an address in NS is not in a U-in-use IPv6 address list, which indicates that the IPv6 address does not belong to any node of the home network segment, but is a completely new address, and an NA response generation generates an NA message response to the IPv6 gateway, so as to tell the gateway that data of the IPv6 address can be forwarded to a honeypot. The IPv6 addresses generating responses through the NA responses are forwarded to the honey pot server, the honey pot server converts the IPv6 addresses into IPv6 addresses of the honey pot server based on NAT6, and the scanned data packets from the outside are forwarded to the honey pot server until the honey pot successfully completes the trapping function.
On the basis of the above embodiment, the S1 establishes that the network segment uses the NS packet included in the IPv6 address list and the link snoops the DAD, extracts the IPv6 address in the NS packet, and adds the IPv6 address to the IPv6 address list.
The DAD monitors and establishes an IPv6 address list in the network segment, and each IPv6 unicast address can be used for an interface after address conflict detection, so that NA and NS messages in the DAD can be monitored in the link, IPv6 addresses in the NS messages are extracted and added into an IPv6 address list, all used IPv6 addresses of the IPv6 network segment are recorded in the list, and IPv6 addresses outside the list can be used for honeypot service.
Based on the foregoing embodiment, the generating the NA response message in S2 specifically includes generating the NA response message if it is determined that the destination IPv6 address is not in the IPv6 address table, and informing the gateway that the MAC address corresponding to the destination IPv6 address is the MAC address of the honeypot server.
And generating an NA response message, wherein the NA response message is used for responding to an IPv6 address NS request out of an IPv6 address list, when an attacker conducts trial scanning, an IPv6 address set is automatically generated on the basis of a certain algorithm aiming at a certain IPv6 address segment, then each IPv6 address in the set is scanned and detected, when a scanning detection packet reaches an IPv6 gateway of the segment, the gateway can obtain the MAC address of the IPv6 address by sending the NS request, and when the honeypot system receives the NS request, the honeypot system judges whether the IPv6 address in the NS is not in the IPv6 address table, generates an NA message to respond to the IPv6 gateway and tells the gateway that the MAC address corresponding to the IPv6 address is the MAC address of the network card of the honeypot server.
Another embodiment of the present disclosure provides a system for improving honeypot trap attack capability in IPv6 address space, including: the DAD sniffer is used for monitoring an IPv6 address list for establishing the network segment; the NA response message generating module is used for generating an NA response message and responding to the NS request of a target IPv6 address outside the IPv6 address list; and the NAT6 is used for converting the destination IPv6 address set into the honeypot server IPv6 address and providing the honeypot service.
The DAD sniffer monitors and establishes an IPv6 address list of the network segment, NA response messages are generated and used for responding to an IPv6 address NS request outside the IPv6 address list, the NAT6 converts a target IPv6 address set into an IPv6 address of the honeypot server to provide honeypot service, and when the honeypot receives a detection packet of an attacker, the target IPv6 address is replaced by the IPv6 address of the honeypot server through a firewall NAT6 function, so that the honeypot can provide services with multiple IPv6 addresses to the outside, and the trapping and attacking capacity is improved.
The present invention is described in detail below with reference to a specific embodiment. Fig. 4 is a flow chart of the present invention. For the purpose of illustrating the working principle of the invention, it is assumed that:
a honeypot server: IPv6 has address 2001: da8:266: 100, and MAC address A.
The list of addresses in IPv6 contains: 2001: da8:266: 200, 2001: da8:266: 300, 2001: da8:266: 400, namely the current net section has three terminal nodes besides the honey pot server.
Set of destination IPv6 addresses probed by the attacker: 2001: da8:266: 80, 2001: da8:266: 53, 2001: da8:266:1dfe: ac3:289: abd7:13 ef.
The specific process is described as follows:
step S1: the DAD sniffs, assuming that there are four terminal nodes in the IPv6 local network segment, and the corresponding IPv6 address is: 2001: da8:266: 100, 2001: da8:266: 200, 2001: da8:266: 300, 2001: da8:266: 400. The four addresses need to be subjected to DAD conflict detection before use, and after receiving a DAD detection message, the DAD sniffing program stores the three addresses (except the IPv6 address of the honeypot server) which pass the conflict detection into a used IPv6 address list.
Step S2: and NA response message generation, when the IPv6 gateway receives external data messages, assuming that the destination IPv6 addresses of the messages are as follows: 2001: da8:266: 80, 2001: da8:266: 53, 2001: da8:266:1dfe: ac3:289: abd7:13 ef. The IPv6 gateway searches the gateway local NDP cache and finds that the MAC addresses corresponding to the three new IPv6 addresses are not recorded, so that the IPv6 gateway sends three NS request query messages to query the MAC addresses corresponding to the addresses 2001: da8:266: 80, 2001: da8:266: 53, 2001: da8:266:1dfe: ac3:289: abd7:13ef respectively. When receiving the three NS query request messages, the NA response message generation program generates three NA messages to respectively respond, and the NA messages respectively record the mapping relations of 2001: da8:266: 80-A, 2001: da8:266: 53-A, 2001: da8:266:1dfe: ac3:289: abd7:13 e-A.
Step S3: the IPv6 gateway forwards the packet to the honeypot server according to the mapping relationship between the IPv6 address and the MAC address established in step S2. The firewall of the honeypot server starts the NAT6 function, and establishes a mapping relation: 2001: da8:266: 80-2001: da8:266: 100, 2001: da8:266: 53-2001: da8:266: 10, 2001: da8:266:1dfe: ac3:289: abd7:13ef-2001: da8:266: 100. The NAT6 replaces the destination address with the IPv6 address of the honey server.
And finally, the request packets received by the honeypot service are all IPv6 addresses with the destination addresses of the honeypot server, so that the honeypot successfully provides service to the outside and successfully traps attackers.
Fig. 5 schematically shows a block diagram of an electronic device according to another embodiment of the present disclosure.
As shown in fig. 5, the electronic device 500 includes a processor 510, a computer-readable storage medium 520. The electronic device 500 may perform a method according to an embodiment of the present disclosure.
In particular, processor 510 may include, for example, a general purpose microprocessor, an instruction set processor and/or related chip set and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), and/or the like. The processor 510 may also include on-board memory for caching purposes. Processor 510 may be a single processing unit or a plurality of processing units for performing different actions of a method flow according to embodiments of the disclosure.
Computer-readable storage medium 520 may be, for example, any medium that can contain, store, communicate, propagate, or transport the instructions. For example, a readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. Specific examples of the readable storage medium include: magnetic storage devices, such as magnetic tape or Hard Disk Drives (HDDs); optical storage devices, such as compact disks (CD-ROMs); a memory, such as a Random Access Memory (RAM) or a flash memory; and/or wired/wireless communication links.
The computer-readable storage medium 520 may include a computer program 521, which computer program 521 may include code/computer-executable instructions that, when executed by the processor 510, cause the processor 510 to perform the method flows according to embodiments of the present disclosure and any variations thereof.
The computer program 521 may be configured with, for example, computer program code comprising computer program modules. For example, in an example embodiment, code in computer program 521 may include one or more program modules, including for example 521A, modules 521B, … …. It should be noted that the division and number of the modules are not fixed, and those skilled in the art may use suitable program modules or program module combinations according to actual situations, so that the processor 510 may execute the method flows according to the embodiments of the present disclosure and any variation thereof when the program modules are executed by the processor 510.
The present disclosure also provides a computer-readable storage medium, which may be included in the device/system described in the above embodiments, or may exist separately without being assembled into the device/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
While the disclosure has been shown and described with reference to certain exemplary embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the disclosure as defined by the appended claims and their equivalents. Accordingly, the scope of the present disclosure should not be limited to the above-described embodiments, but should be defined not only by the appended claims, but also by equivalents thereof.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the present invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (6)
1. A method for improving honeypot trapping attack capability in an IPv6 address space comprises the following steps:
s1, the DAD monitors and establishes the IPv6 address list of the network segment;
s2, generating an NA response message for responding to the NS request of the destination IPv6 address outside the in-use IPv6 address list;
s3, the NAT6 converts the destination IPv6 address set into the honeypot server IPv6 address, and honeypot service is provided.
2. The method for improving honeypot trapping attack ability in the IPv6 address space according to claim 1, wherein the step of establishing the NS packet in the local segment in-use IPv6 address list included in the local link snooping DAD in S1 extracts an IPv6 address in the NS packet and adds the extracted address to the in-use IPv6 address list.
3. The method for improving honeypot trapping attack ability in the IPv6 address space according to claim 1, wherein the generating an NA response message in S2 specifically includes generating the NA response message if it is determined that the destination IPv6 address is not in the in-use IPv6 address table, and informing a gateway that a MAC address corresponding to the destination IPv6 address is a MAC address of the honeypot server.
4. A system for enhancing honeypot trap attack capability in IPv6 address space, comprising:
the DAD sniffer is used for monitoring an IPv6 address list for establishing the network segment;
an NA response message generating module, configured to generate an NA response message, configured to respond to an NS request of a destination IPv6 address outside the in-use IPv6 address list;
and the IPv6 network address translation module is used for converting the destination IPv6 address set into the honeypot server IPv6 address and providing honeypot service.
5. An electronic device, comprising:
a processor;
a memory storing a computer executable program which, when executed by the processor, causes the processor to perform a method of enhancing honeypot trap attack capability in IPv6 address space as claimed in claims 1-3.
6. A computer-readable medium, on which a computer program is stored, which program, when being executed by a processor, is adapted to carry out the method of promoting a honeypot trap attack in IPv6 address space as claimed in claims 1-3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011596315.9A CN112714126B (en) | 2020-12-29 | 2020-12-29 | Method and system for improving honeypot trapping attack capability in IPv6 address space |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011596315.9A CN112714126B (en) | 2020-12-29 | 2020-12-29 | Method and system for improving honeypot trapping attack capability in IPv6 address space |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112714126A true CN112714126A (en) | 2021-04-27 |
| CN112714126B CN112714126B (en) | 2023-03-17 |
Family
ID=75546426
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011596315.9A Active CN112714126B (en) | 2020-12-29 | 2020-12-29 | Method and system for improving honeypot trapping attack capability in IPv6 address space |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112714126B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080098476A1 (en) * | 2005-04-04 | 2008-04-24 | Bae Systems Information And Electronic Systems Integration Inc. | Method and Apparatus for Defending Against Zero-Day Worm-Based Attacks |
| US20080155694A1 (en) * | 2005-07-08 | 2008-06-26 | Kt Corporation | Malignant bot confrontation method and its system |
| CN104753793A (en) * | 2013-12-26 | 2015-07-01 | 联芯科技有限公司 | Method for statefull management of access terminal under stateless internet protocol version 6 (IPv6) configuration |
| US20170223052A1 (en) * | 2016-01-29 | 2017-08-03 | Sophos Limited | Honeypot network services |
| CN109768993A (en) * | 2019-03-05 | 2019-05-17 | 中国人民解放军32082部队 | A kind of high covering Intranet honey pot system |
| CN111030976A (en) * | 2019-04-26 | 2020-04-17 | 哈尔滨安天科技集团股份有限公司 | Distributed access control method and device based on secret key and storage equipment |
| CN112134891A (en) * | 2020-09-24 | 2020-12-25 | 上海观安信息技术股份有限公司 | Configuration method, system and monitoring method for generating multiple honey pot nodes by single host based on linux system |
-
2020
- 2020-12-29 CN CN202011596315.9A patent/CN112714126B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080098476A1 (en) * | 2005-04-04 | 2008-04-24 | Bae Systems Information And Electronic Systems Integration Inc. | Method and Apparatus for Defending Against Zero-Day Worm-Based Attacks |
| US20080155694A1 (en) * | 2005-07-08 | 2008-06-26 | Kt Corporation | Malignant bot confrontation method and its system |
| CN104753793A (en) * | 2013-12-26 | 2015-07-01 | 联芯科技有限公司 | Method for statefull management of access terminal under stateless internet protocol version 6 (IPv6) configuration |
| US20170223052A1 (en) * | 2016-01-29 | 2017-08-03 | Sophos Limited | Honeypot network services |
| CN109768993A (en) * | 2019-03-05 | 2019-05-17 | 中国人民解放军32082部队 | A kind of high covering Intranet honey pot system |
| CN111030976A (en) * | 2019-04-26 | 2020-04-17 | 哈尔滨安天科技集团股份有限公司 | Distributed access control method and device based on secret key and storage equipment |
| CN112134891A (en) * | 2020-09-24 | 2020-12-25 | 上海观安信息技术股份有限公司 | Configuration method, system and monitoring method for generating multiple honey pot nodes by single host based on linux system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112714126B (en) | 2023-03-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Berk et al. | Designing a framework for active worm detection on global networks | |
| CN111756712B (en) | Method for forging IP address and preventing attack based on virtual network equipment | |
| Ullrich et al. | {IPv6} Security: Attacks and Countermeasures in a Nutshell | |
| CN107682470B (en) | Method and device for detecting public network IP availability in NAT address pool | |
| CN110266650B (en) | Identification method of Conpot industrial control honeypot | |
| WO2011020254A1 (en) | Method and device for preventing network attacks | |
| CN113315814B (en) | IPv6network boundary equipment rapid discovery method and system | |
| RU2690749C1 (en) | Method of protecting computer networks | |
| US9992159B2 (en) | Communication information detecting device and communication information detecting method | |
| CN108965263A (en) | Network attack defence method and device | |
| US10097418B2 (en) | Discovering network nodes | |
| CN107690004B (en) | Method and device for processing address resolution protocol message | |
| US8112803B1 (en) | IPv6 malicious code blocking system and method | |
| CN111953810B (en) | Method, device and storage medium for identifying proxy internet protocol address | |
| CN112087532B (en) | Information acquisition method, device, equipment and storage medium | |
| US20050271063A1 (en) | Data communication apparatus, data communication method, program, and storage medium | |
| Najjar et al. | Reliable behavioral dataset for IPv6 neighbor discovery protocol investigation | |
| CN112714126B (en) | Method and system for improving honeypot trapping attack capability in IPv6 address space | |
| Kishimoto et al. | An adaptive honeypot system to capture ipv6 address scans | |
| US20160308893A1 (en) | Interrogating malware | |
| RU2686023C1 (en) | Method of protecting computer networks | |
| RU2680038C1 (en) | Method of computer networks protection | |
| KR101188308B1 (en) | Pseudo packet monitoring system for address resolution protocol spoofing monitoring of malicious code and pseudo packet monitoring method therefor | |
| CN111787110A (en) | Socks proxy discovery method and system | |
| Ibrahim et al. | A New Concept of Duplicate Address Detection Processes in IPv6 Link-Local Network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |