CN112714126B - Method and system for improving honeypot trapping attack capability in IPv6 address space - Google Patents
Method and system for improving honeypot trapping attack capability in IPv6 address space Download PDFInfo
- Publication number
- CN112714126B CN112714126B CN202011596315.9A CN202011596315A CN112714126B CN 112714126 B CN112714126 B CN 112714126B CN 202011596315 A CN202011596315 A CN 202011596315A CN 112714126 B CN112714126 B CN 112714126B
- Authority
- CN
- China
- Prior art keywords
- ipv6 address
- honeypot
- ipv6
- address
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/256—NAT traversal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/622—Layer-2 addresses, e.g. medium access control [MAC] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2101/00—Indexing scheme associated with group H04L61/00
- H04L2101/60—Types of network addresses
- H04L2101/618—Details of network addresses
- H04L2101/659—Internet protocol version 6 [IPv6] addresses
Abstract
The invention provides a method, a system, electronic equipment and a medium for improving honeypot trapping attack capability in an IPv6 address space, wherein the method comprises the following steps: s1, DAD monitors and establishes an IPv6 address list in the network segment; s2, generating an NA response message for responding to an NS request of a target IPv6 address out of the IPv6 address list; and S3, the NAT6 converts the target IPv6 address set into the IPv6 address of the honeypot server to provide honeypot service. The invention eliminates the IPv6 address used in the network segment through DAD monitoring and dynamically converts the target IPv6 address based on NAT6, thereby realizing that the IPv6 honeypot can simulate the service supporting multiple addresses and effectively improving the capability of trapping attacks in the IPv6 honeypot in the IPv6 mass address space.
Description
Technical Field
The present disclosure relates to the field of network security technologies, and in particular, to a method, a system, an electronic device, and a medium for improving honeypot trapping attack capability in an IPv6 address space.
Background
IPv6, the abbreviation of Internet Protocol Version 6, namely the next generation Internet, IPv6 has the most obvious advantage that the address is 128 bits, and the problem that the IPv4 address is gradually exhausted is solved by a massive address space.
MAC address, hardware address of the network port, 48 bits, for uniquely identifying a network port.
NDP, neighbor Discovery Protocol, IPv6 Neighbor Discovery Protocol, and is used for router Discovery, local link node Discovery, address conflict detection, and other functions.
DAD, duplicate Address Detection, and each IPv6 unicast Address in the IPv6 network needs to be detected by DAD before it can be used. The DAD uses NS and NA messages to realize address conflict detection based on the NDP protocol.
NAT6, network Address Translation IPv6, IPv6 Network Address Translation.
Honeypots, honeypot technology is essentially a technology for cheating attackers, and the attackers are induced to attack the host, network service or information by arranging the host, network service or information as bait, so that the attack behavior can be captured and analyzed, and the tools and methods used by the attackers can be known.
In the field of network security, honeypots are relatively excellent and accurate attack behavior analysis tools, honeypots in IPv4 networks work well, but in IPv6 networks, due to the fact that IPv6 massive address spaces exist, a conventional honeypot deployment method is difficult to scan by attackers, and the use of honeypot technology is limited.
Disclosure of Invention
Technical problem to be solved
In view of the above problems, the present disclosure provides a method, a system, an electronic device, and a medium for improving honeypot trapping attack capability in an IPv6 address space, which are used to at least partially solve the technical problems that the conventional honeypot deployment method is difficult to be scanned by an attacker.
(II) technical scheme
One aspect of the present disclosure provides a method for improving honeypot trapping attack capability in an IPv6 address space, including: s1, DAD monitors and establishes an IPv6 address list of the network segment in use; s2, generating an NA response message for responding to an NS request of a target IPv6 address except the IPv6 address list; and S3, the NAT6 converts the target IPv6 address set into the IPv6 address of the honeypot server to provide honeypot service.
Further, in S1, an IPv6 address list of the network segment in use is established and the NS message in the DAD is monitored in the link, and the IPv6 address in the NS message is extracted and added into the IPv6 address list.
Further, the generating of the NA response message in S2 specifically includes generating the NA response message if it is determined that the destination IPv6 address is not in the IPv6 address table, and informing the gateway that the MAC address corresponding to the destination IPv6 address is the MAC address of the honeypot server.
In another aspect, the present disclosure provides a system for improving honeypot trapping attack capability in an IPv6 address space, including: the DAD sniffer is used for monitoring and establishing an IPv6 address list in the network segment; the NA response message generating module is used for generating an NA response message and responding to the NS request of a target IPv6 address outside the IPv6 address list; and the NAT6 module is used for converting the target IPv6 address set into the IPv6 address of the honeypot server and providing honeypot service.
Yet another aspect of the present invention provides an electronic device, comprising: a processor; a memory storing a computer executable program which, when executed by the processor, causes the processor to perform the aforementioned method of enhancing honeypot trap attack capability in IPv6 address space.
Still another aspect of the present invention provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements the aforementioned method for enhancing honeypot trap attack capability in IPv6 address space.
(III) advantageous effects
The invention provides a method, a system, electronic equipment and a medium for improving honeypot trapping attack capability in an IPv6 address space, which exclude the IPv6 address in use in the network segment through DAD monitoring, and dynamically respond to the request of a potential attacker based on NAT6, thereby realizing that the IPv6 honeypot can simulate the service supporting multiple addresses and effectively improving the trapping attack capability of the IPv6 honeypot in the IPv6 mass address space.
Drawings
Fig. 1 schematically shows a flow chart of a method for enhancing honeypot trapping attack capability in an IPv6 address space according to an embodiment of the present invention;
FIG. 2 schematically illustrates an NDP operational schematic according to an embodiment of the invention;
FIG. 3 schematically illustrates a system architecture diagram for enhancing honeypot trap attack capability in an IPv6 address space in accordance with an embodiment of the present invention;
FIG. 4 schematically illustrates a workflow diagram for enhancing honeypot trap attack capability in an IPv6 address space according to an embodiment of the present invention;
fig. 5 schematically shows a block diagram of an electronic device according to another embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments and the accompanying drawings.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Some block diagrams and/or flow diagrams are shown in the figures. It will be understood that some blocks of the block diagrams and/or flowchart illustrations, or combinations thereof, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the instructions, which execute via the processor, create means for implementing the functions/acts specified in the block diagrams and/or flowchart block or blocks.
Accordingly, the techniques of this disclosure may be implemented in hardware and/or software (including firmware, microcode, etc.). In addition, the techniques of this disclosure may take the form of a computer program product on a computer-readable medium having instructions stored thereon for use by or in connection with an instruction execution system. In the context of this disclosure, a computer-readable medium may be any medium that can contain, store, communicate, propagate, or transport the instructions. For example, the computer readable medium can include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. Specific examples of the computer readable medium include: magnetic storage devices such as magnetic tape or Hard Disk Drives (HDDs); optical storage devices, such as compact disks (CD-ROMs); a memory, such as a Random Access Memory (RAM) or a flash memory; and/or wired/wireless communication links.
An embodiment of the present disclosure provides a method for improving honeypot trapping attack capability in an IPv6 address space, please refer to fig. 1, including: s1, DAD monitors and establishes an IPv6 address list in the network segment; s2, generating an NA response message for responding to an NS request of a target IPv6 address out of the IPv6 address list; and S3, the NAT6 converts the target IPv6 address set into the IPv6 address of the honeypot server to provide honeypot service.
Before specifically introducing the embodiment of the present invention, an NDP working schematic diagram is specifically introduced, as shown in fig. 2, when an IPv6 gateway receives a data packet of an external network segment, the data packet can be correctly forwarded to a terminal node based on an MAC address of the terminal node, but in an initial situation, for a new IPv6 address, the IPv6 gateway does not have a mapping record between IPv6 and MAC, at this time, the IPv6 gateway sends an NS request to the local network segment, queries a corresponding MAC address, and the terminal node configured with the IPv6 address finds that the IPv6 address queried by the NS request is the same as its own address, and then responds to the IPv6 gateway with an NA packet, which carries an internet access MAC address of the terminal node. Therefore, the IPv6 gateway acquires the mapping relationship between the new IPv6 address and the MAC address. The IPv6 gateway can correctly forward the packet. The NDP flow is illustrated here for convenience in describing the principles of the invention later.
Fig. 3 is a system architecture diagram of the present invention, as shown in the figure, the DAD sniffs DAD collision detection messages for monitoring all IPv6 in the home network segment, for an IPv6 address passing collision detection, the DAD sniffs DAD collision detection messages are recorded in the U-in-use IPv6 address list, the NA response generates an NS address query request response for sending out to the IPv6 gateway, the NA response generates and determines that, if the address in the NS is not in the U-in-use IPv6 address list, it indicates that the IPv6 address does not belong to any node in the home network segment, but is a completely new address, and the NA response generation generates an NA message to respond to the IPv6 gateway, so as to tell the gateway that data of the IPv6 address can be forwarded to the honeypot. The IPv6 addresses generating responses through the NA responses are forwarded to the honeypot server, the honeypot server converts the IPv6 addresses into the IPv6 addresses of the honeypot server based on the NAT6, and the scanning data packet from the outside is forwarded to the honeypot service so that the honeypot successfully completes the trapping function.
On the basis of the above embodiment, the NS message in the network segment that is included in the link monitoring DAD is established in the IPv6 address list in S1, and the IPv6 address in the NS message is extracted and added to the IPv6 address list.
The DAD monitors and establishes an IPv6 address list of the network segment, and each IPv6 unicast address can be used for an interface after address conflict detection, so that NA and NS messages in the DAD can be monitored in the link, the IPv6 address in the NS message is extracted and added into the IPv6 address list, all the IPv6 addresses in the IPv6 network segment are recorded in the list, and the IPv6 addresses outside the lists can be used for honeypot service.
On the basis of the foregoing embodiment, the generating the NA response message in S2 specifically includes generating the NA response message if it is determined that the destination IPv6 address is not in the IPv6 address table, and informing the gateway that the MAC address corresponding to the destination IPv6 address is the MAC address of the honeypot server.
And generating an NA response message, wherein the NA response message is used for responding to an IPv6 address NS request outside an IPv6 address list, when an attacker conducts trial scanning, an IPv6 address set is automatically generated on the basis of a certain algorithm aiming at a certain IPv6 address segment, then each IPv6 address in the set is scanned and detected, when a scanning detection packet reaches an IPv6 gateway of the segment, the gateway can obtain the MAC address of the IPv6 address by sending the NS request, and when the honeypot system receives the NS request, the honeypot system judges whether the IPv6 address in the NS is not in the IPv6 address list, generates an NA message to respond to the IPv6 gateway and tells the gateway that the MAC address corresponding to the IPv6 address is the network card MAC address of the honeypot server.
Another embodiment of the present disclosure provides a system for improving honeypot trapping attack capability in an IPv6 address space, including: the DAD sniffer is used for monitoring and establishing an IPv6 address list in the network segment; the NA response message generating module is used for generating an NA response message and responding to the NS request of a target IPv6 address outside the IPv6 address list; and the NAT6 is used for converting the destination IPv6 address set into the honeypot server IPv6 address to provide honeypot service.
The DAD sniffer monitors and establishes an IPv6 address list of the network segment, NA response message generation is carried out, the NA response message generation is used for responding to an IPv6 address NS request outside the IPv6 address list, the NAT6 converts a target IPv6 address set into an IPv6 address of the honeypot server to provide honeypot service, and when the honeypot receives a detection packet of an attacker, the target IPv6 address is replaced by the IPv6 address of the honeypot server by using the firewall NAT6 function, so that the honeypot can provide services of multiple IPv6 addresses to the outside, and the trapping and attacking capacity is improved.
The invention is described in detail below with reference to a specific embodiment. Fig. 4 is a flow chart of the present invention. For the purpose of illustrating the working principle of the invention, it is assumed that:
a honeypot server: the IPv6 address is 2001.
The list of active IPv6 addresses contains: 2001.
Target IPv6 address set detected by attacker: 2001.
The specific process is described as follows:
step S1: the DAD sniffs, and if four terminal nodes exist in the IPv6 local network segment, the corresponding IPv6 addresses are as follows: 2001. The four addresses are required to be subjected to DAD conflict detection before use, and after receiving a DAD detection message, the DAD sniffing program stores the three addresses (except the IPv6 address of the honeypot server) which pass the conflict detection into an in-use IPv6 address list.
Step S2: and NA response message generation, when the IPv6 gateway receives external data messages, assuming that the target IPv6 addresses of the messages are as follows: 2001. The IPv6 gateway searches for the gateway local NDP cache, and finds that the MAC addresses corresponding to the three new IPv6 addresses are not recorded, so that the IPv6 gateway sends three NS request query messages to query the MAC addresses corresponding to the addresses 2001. The NA response message generation program generates three NA messages to respectively respond when receiving the three NS query request messages, and the NA messages respectively record the mapping relationships of 2001.
And step S3: and the IPv6 gateway forwards the data packet to the honeypot server according to the mapping relation between the IPv6 address and the MAC address established in the step S2. The fire wall of the honeypot server starts the NAT6 function, and a mapping relation is established: 2001 da8. The NAT6 replaces the destination address with the IPv6 address of the honeypot server.
And finally, all the request packets received by the honeypot service are IPv6 addresses with the destination addresses of the honeypot server, so that the honeypot successfully provides service to the outside and successfully traps attackers.
Fig. 5 schematically shows a block diagram of an electronic device according to another embodiment of the present disclosure.
As shown in fig. 5, the electronic device 500 includes a processor 510, a computer-readable storage medium 520. The electronic device 500 may perform a method according to an embodiment of the present disclosure.
In particular, processor 510 may include, for example, a general purpose microprocessor, an instruction set processor and/or related chip sets and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 510 may also include on-board memory for caching purposes. Processor 510 may be a single processing unit or a plurality of processing units for performing different actions of a method flow according to an embodiment of the present disclosure.
Computer-readable storage medium 520 may be, for example, any medium that can contain, store, communicate, propagate, or transport the instructions. For example, a readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. Specific examples of the readable storage medium include: magnetic storage devices, such as magnetic tape or Hard Disk Drives (HDDs); optical storage devices, such as compact disks (CD-ROMs); a memory, such as a Random Access Memory (RAM) or a flash memory; and/or wired/wireless communication links.
The computer-readable storage medium 520 may include a computer program 521, which computer program 521 may include code/computer-executable instructions that, when executed by the processor 510, cause the processor 510 to perform the method flows according to embodiments of the present disclosure and any variations thereof.
The computer program 521 may be configured with, for example, computer program code comprising computer program modules. For example, in an example embodiment, code in computer program 521 may include one or more program modules, including 521A, modules 521B, \8230;, for example. It should be noted that the division and number of the modules are not fixed, and those skilled in the art may use suitable program modules or program module combinations according to actual situations, and when these program modules are executed by the processor 510, the processor 510 may execute the method flows according to the embodiments of the present disclosure and any variations thereof.
The present disclosure also provides a computer-readable storage medium, which may be included in the device/system described in the above embodiments, or may exist separately without being assembled into the device/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
While the disclosure has been shown and described with reference to certain exemplary embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the disclosure as defined by the appended claims and their equivalents. Accordingly, the scope of the present disclosure should not be limited to the above-described embodiments, but should be defined not only by the appended claims, but also by equivalents thereof.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the present invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (4)
1. A method for improving honeypot trapping attack capability in an IPv6 address space comprises the following steps:
s1, address conflict detection DAD monitors and establishes an IPv6 address list in the network segment; establishing a network segment in-use IPv6 address list and a neighbor solicitation NS message in a link monitoring address conflict detection DAD, extracting an IPv6 address in the neighbor solicitation NS message and adding the IPv6 address into the in-use IPv6 address list;
s2, generating a neighbor advertisement NA response message for responding to a neighbor request NS request of a target IPv6 address outside the in-use IPv6 address list; if the target IPv6 address is judged not to be in the in-use IPv6 address list, the neighbor advertisement NA response message is generated, and the gateway is informed that the MAC address corresponding to the target IPv6 address is the MAC address of the honeypot server;
and S3, the NAT6 converts the target IPv6 address set into the IPv6 address of the honeypot server to provide honeypot service.
2. A system for improving honeypot trapping attack capability in an IPv6 address space is characterized by comprising the following steps:
the DAD sniffer is used for monitoring and establishing an IPv6 address list of the network segment; establishing a Neighbor Solicitation (NS) message of a network segment in-use IPv6 address list, including in a link monitoring address conflict detection (DAD), extracting an IPv6 address in the Neighbor Solicitation (NS) message and adding the IPv6 address into the in-use IPv6 address list;
a neighbor advertisement NA response message generation module, configured to generate a neighbor advertisement NA response message, configured to respond to a neighbor solicitation NS request of a destination IPv6 address outside the in-use IPv6 address list; if the target IPv6 address is judged not to be in the in-use IPv6 address list, the neighbor advertisement NA response message is generated, and the gateway is informed that the MAC address corresponding to the target IPv6 address is the MAC address of the honeypot server;
and the IPv6 network address conversion module is used for converting the target IPv6 address set into the IPv6 address of the honeypot server and providing honeypot service.
3. An electronic device, comprising:
a processor;
a memory storing a computer executable program which, when executed by the processor, causes the processor to perform a method of enhancing a honeypot trap attack capability in an IPv6 address space as claimed in claim 1.
4. A computer-readable medium, on which a computer program is stored, which program, when being executed by a processor, is adapted to carry out the method of enhancing a honeypot trap attack capability in an IPv6 address space as claimed in claim 1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011596315.9A CN112714126B (en) | 2020-12-29 | 2020-12-29 | Method and system for improving honeypot trapping attack capability in IPv6 address space |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011596315.9A CN112714126B (en) | 2020-12-29 | 2020-12-29 | Method and system for improving honeypot trapping attack capability in IPv6 address space |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112714126A CN112714126A (en) | 2021-04-27 |
| CN112714126B true CN112714126B (en) | 2023-03-17 |
Family
ID=75546426
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011596315.9A Active CN112714126B (en) | 2020-12-29 | 2020-12-29 | Method and system for improving honeypot trapping attack capability in IPv6 address space |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112714126B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104753793A (en) * | 2013-12-26 | 2015-07-01 | 联芯科技有限公司 | Method for statefull management of access terminal under stateless internet protocol version 6 (IPv6) configuration |
| CN109768993A (en) * | 2019-03-05 | 2019-05-17 | 中国人民解放军32082部队 | A kind of high covering Intranet honey pot system |
| CN111030976A (en) * | 2019-04-26 | 2020-04-17 | 哈尔滨安天科技集团股份有限公司 | Distributed access control method and device based on secret key and storage equipment |
| CN112134891A (en) * | 2020-09-24 | 2020-12-25 | 上海观安信息技术股份有限公司 | Configuration method, system and monitoring method for generating multiple honey pot nodes by single host based on linux system |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006107712A2 (en) * | 2005-04-04 | 2006-10-12 | Bae Systems Information And Electronic Systems Integration Inc. | Method and apparatus for defending against zero-day worm-based attacks |
| KR100663546B1 (en) * | 2005-07-08 | 2007-01-02 | 주식회사 케이티 | A malignant bot confrontation method and its system |
| US10284598B2 (en) * | 2016-01-29 | 2019-05-07 | Sophos Limited | Honeypot network services |
-
2020
- 2020-12-29 CN CN202011596315.9A patent/CN112714126B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104753793A (en) * | 2013-12-26 | 2015-07-01 | 联芯科技有限公司 | Method for statefull management of access terminal under stateless internet protocol version 6 (IPv6) configuration |
| CN109768993A (en) * | 2019-03-05 | 2019-05-17 | 中国人民解放军32082部队 | A kind of high covering Intranet honey pot system |
| CN111030976A (en) * | 2019-04-26 | 2020-04-17 | 哈尔滨安天科技集团股份有限公司 | Distributed access control method and device based on secret key and storage equipment |
| CN112134891A (en) * | 2020-09-24 | 2020-12-25 | 上海观安信息技术股份有限公司 | Configuration method, system and monitoring method for generating multiple honey pot nodes by single host based on linux system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112714126A (en) | 2021-04-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2469787A1 (en) | Method and device for preventing network attacks | |
| CN111756712B (en) | Method for forging IP address and preventing attack based on virtual network equipment | |
| Ullrich et al. | {IPv6} Security: Attacks and Countermeasures in a Nutshell | |
| CN107682470B (en) | Method and device for detecting public network IP availability in NAT address pool | |
| CN110266650B (en) | Identification method of Conpot industrial control honeypot | |
| CN113315814B (en) | IPv6network boundary equipment rapid discovery method and system | |
| RU2690749C1 (en) | Method of protecting computer networks | |
| US9992159B2 (en) | Communication information detecting device and communication information detecting method | |
| CN104427004A (en) | ARP message management method based on network equipment | |
| US10097418B2 (en) | Discovering network nodes | |
| CN107690004B (en) | Method and device for processing address resolution protocol message | |
| US8112803B1 (en) | IPv6 malicious code blocking system and method | |
| CN111953810B (en) | Method, device and storage medium for identifying proxy internet protocol address | |
| Rehman et al. | Denial of service attack in IPv6 duplicate address detection process | |
| CN112714126B (en) | Method and system for improving honeypot trapping attack capability in IPv6 address space | |
| US10015179B2 (en) | Interrogating malware | |
| Guo et al. | IoTSTEED: Bot-side Defense to IoT-based DDoS Attacks (Extended) | |
| Kishimoto et al. | An adaptive honeypot system to capture ipv6 address scans | |
| Ahmed et al. | Securing the neighbour discovery protocol in IPv6 state-ful address auto-configuration | |
| RU2686023C1 (en) | Method of protecting computer networks | |
| RU2680038C1 (en) | Method of computer networks protection | |
| US9912557B2 (en) | Node information detection apparatus, node information detection method, and program | |
| KR101188308B1 (en) | Pseudo packet monitoring system for address resolution protocol spoofing monitoring of malicious code and pseudo packet monitoring method therefor | |
| CN102413194A (en) | Node device, network access device as well as address conflict processing method and system | |
| CN111787110A (en) | Socks proxy discovery method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |