CN114172672B - Method for blocking network connection by double-mode switching - Google Patents
Method for blocking network connection by double-mode switching Download PDFInfo
- Publication number
- CN114172672B CN114172672B CN202010841976.7A CN202010841976A CN114172672B CN 114172672 B CN114172672 B CN 114172672B CN 202010841976 A CN202010841976 A CN 202010841976A CN 114172672 B CN114172672 B CN 114172672B
- Authority
- CN
- China
- Prior art keywords
- network
- illegal
- blocking
- information device
- point
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000000903 blocking effect Effects 0.000 title claims abstract description 130
- 238000000034 method Methods 0.000 title claims abstract description 42
- 230000003068 static effect Effects 0.000 claims description 31
- 230000009977 dual effect Effects 0.000 claims description 23
- 238000012790 confirmation Methods 0.000 description 14
- 230000005540 biological transmission Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 230000007423 decrease Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Abstract
The invention relates to a method for blocking network connection by dual-mode switching, which comprises the following steps: a data packet collecting step, a data packet analyzing step, a list comparing step, an illegal network point type judging step and a network connection blocking step. The data packet collecting step collects the data packets of all the network points in the network segment. The data packet analyzing step analyzes the data packets of all the nodes to obtain the identification data. The step of comparing the bill is to confirm the illegal network point by comparing the identification data on the information device list. The illegal network point type judging step confirms the information device type of the illegal network point. The network connection blocking step switches the first network connection blocking mode and the second network connection blocking mode according to the information device type of the illegal network point so as to block the illegal network point.
Description
Technical Field
The invention relates to the field of blocking network connection, in particular to a method for blocking network connection by dual-mode switching.
Background
Under the premise of considering information security, the enterprise prevents external information devices from accessing data to the internal network of the enterprise to the greatest extent so as to avoid loss caused by a luxury software (Ransomware) attack. Thus, information security guards of enterprises look at the direction of work on how to completely block "data access of external information devices to the enterprise's internal network".
However, the single mode of blocking the internal network of the external information device on-line enterprise cannot perform the elastic adjustment of blocking the connection operation according to the type of the information device, so that the internal network of all external information devices on-line enterprises cannot be completely blocked. In addition, a single mode of blocking the external information device from connecting to the internal network of the enterprise may cause the defect of too large number of data packets in the internal network of the enterprise due to poor blocking efficiency caused by the multiple types of external information devices.
Disclosure of Invention
Therefore, an object of the present invention is to provide a method for blocking network connection in dual mode handover, which can effectively block an external information device from performing network access to an internal network of an enterprise.
The invention provides a method for blocking network connection by dual-mode switching, which solves the problems in the prior art and comprises the following steps: a data packet collecting step, namely collecting data packets sent by all network points in a network segment, wherein all the network points comprise an information device and a gateway which are connected with the network in the network segment; a data packet analyzing step of analyzing the data packets of all the network points in the network segment to obtain the identification data of all the network points, wherein the identification data comprises MAC addresses, OUI data, ARP firewall data and static ARP data; a bill comparison step of comparing identification data of all the net points with identification data of information devices or gateways registered in an information device list to confirm that the net points are illegal net points when the net points which do not correspond to the identification data of the information device list are present in the net section; an illegal network point type judging step of confirming whether the illegal network point is an information device produced by a manufacturer in a preset manufacturer list or not through the MAC address and the OUI data acquired in the data packet analyzing step, or whether the illegal network point is an information device with an ARP firewall or not through the ARP firewall data acquired in the data packet analyzing step, or whether the illegal network point is an information device with a static ARP or not through the static ARP data acquired in the data packet analyzing step; and a network connection blocking step of blocking network connection of the illegal network point in the network segment by adopting a first blocking network connection mode when the illegal network point is an information device produced by a manufacturer in the preset manufacturer list or an information device with an ARP firewall or an information device with a static ARP, and automatically switching to adopt a second blocking network connection mode when the illegal network point is not an information device produced by a manufacturer in the preset manufacturer list and is not an information device with an ARP firewall and is not an information device with a static ARP, wherein in the first blocking network connection mode, when the illegal network point broadcasts and inquires a MAC address of an object network point in the network segment, a connection blocking module unicasts a data packet of the MAC address of the object network point as the MAC address of the connection blocking module to the illegal network point, and the connection blocking module unicasts a data packet of the MAC address of the illegal network point as the MAC address of the connection blocking module in the network segment to the network point in the network segment, when the MAC address of the illegal network point is the MAC address of the MAC point in the network point is the MAC address of the network point blocking module, and the data packet of the network point in the network point is the network point blocking module is prevented from being the network point of the illegal network point in the network point, and the network point blocking module is continuously in the network point blocking module is a network point blocking network address of the illegal network point in the network point of the network point, and the network point blocking module is continuously in the network point blocking module, and the online blocking module broadcasts a data packet of which the MAC address of the illegal network point is the MAC address of the online blocking module to all the network points in the network segment so as to block the illegal network point.
In an embodiment of the present invention, a method for blocking network connection in a dual mode handover is provided, wherein in the first blocking network connection mode, the connection blocking module unicasts a data packet to the illegal network point that the MAC addresses of all the information devices in the network segment are the MAC addresses of the connection blocking module, so as to block the illegal network point.
In an embodiment of the present invention, a method for blocking network connection for dual mode handover is provided, wherein the identification data of the mesh point further includes an IP address.
In an embodiment of the present invention, in the step of determining the type of the illegal network point, if the illegal network point is not an information device produced by a manufacturer in the preset manufacturer list, it is determined whether the illegal network point is an information device with an ARP firewall.
In an embodiment of the present invention, a method for blocking network connection in dual mode handover is provided, wherein in the step of determining the type of the illegal node, when the illegal node is not an information device with ARP firewall, it is determined whether the illegal node is an information device with static ARP.
In an embodiment of the present invention, a method for blocking network connection in dual mode handover is provided, wherein the data packet analyzing step is to collect a data packet sent by a network node in the network segment through a network card of the network node and directly analyze the data packet to obtain identification data about the network node.
In an embodiment of the present invention, a method for blocking network connection in dual mode handover is provided, wherein in the illegal network point type determining step, the information device with static ARP is that an IP address and a MAC address of the information device are in a one-to-one correspondence.
In an embodiment of the present invention, a method for blocking network connection in a dual mode handover is provided, wherein in the second blocking network connection mode, the predetermined period is 4 seconds.
The technical means adopted by the method for blocking network connection by the dual-mode switching of the invention can obtain the technical effects. The blocking efficiency of network connection is improved so as to prevent external information devices from executing network access to the internal network of the enterprise. In addition, due to different types of external information devices, the method for blocking the network connection in two modes can still be switched automatically, so that the work efficiency of blocking the network connection is improved.
Drawings
Fig. 1 is a flow chart of a method for blocking network connection for dual mode handover according to the present invention.
Fig. 2 is a schematic internal flow chart of a method for blocking network connection in a dual mode handover according to the present invention in an illegal network point type determining step.
Fig. 3 is a schematic diagram illustrating a method for blocking network connection in a dual mode handover according to the present invention to execute a first blocking network connection mode.
Fig. 4 is a schematic diagram illustrating a method for blocking network connection in a dual mode handover according to the present invention to execute a second blocking network connection mode.
Fig. 5 is a schematic diagram of an online blocking relationship of a method for blocking network online for dual mode handover according to the present invention.
Fig. 6 is a graph of unicast frequency versus blocking performance for a method of blocking network connection for dual mode handover according to the present invention.
Reference numerals
100. Method for blocking network connection by double-mode switching
D network segment
G gateway
L illegal net point
L1 website query
P information device
S online blocking module
S1 data packet collection step
S2 data packet parsing step
S3, comparison step of the bill of lading
S30 legal net point confirmation step
S4 illegal network point type judging step
S41 manufacturer confirmation step
S42 ARP firewall validation step
S43 static ARP confirm step
S5 network online blocking step
S51 first network connection blocking mode
S510 replying to a query
S511 mask information transfer
S512 guard information delivery
S52 second network connection blocking mode
S520 reply to the query
S521 isolation information transfer
S522 guard information transfer
Detailed Description
The following describes an embodiment of the present invention with reference to fig. 1 to 5. The description is not intended to limit the embodiments of the invention, but is one example of the invention.
As shown in fig. 1, a method 100 for blocking network connection for dual mode handover according to an embodiment of the present invention includes the following steps: a data packet collecting step S1, a data packet analyzing step S2, a list comparing step S3, an illegal network point type judging step S4, and a network connection blocking step S5. Therefore, the method 100 for blocking network connection in dual mode switching of the present invention can enhance the blocking efficiency of network connection to prevent the external information device from performing network access to the internal network of the enterprise. In addition, the invention can automatically switch the method of blocking network connection of two modes due to different types of external information devices, so as to increase the work efficiency of blocking network connection.
As shown in fig. 1 and 5, the data packet collecting step S1 collects data packets sent by all the nodes in the network segment D, wherein all the nodes include the information device P and the gateway G for performing network connection in the network segment D. For example, the network segment D is a Broadcast domain (Broadcast domain) of the enterprise intranet environment.
As shown in fig. 1 and 5, the data packet analyzing step S2 analyzes the data packets of all the nodes in the network segment D to obtain the identification data of all the nodes. The identification data includes MAC address (Media Access Control Address ), OUI (Organizationally unique identifier, organization unique identifier) data, ARP (Address Resolution Protocol ) firewall data, and static ARP data. Of course, the definition of the identification data is not limited to the above description, and the identification data of the network point may further include an IP address (Internet Protocol Address).
Specifically, according to the method 100 for blocking network connection in dual mode handover of the present invention, the data packet analyzing step S2 is to collect the data packet sent by the mesh point via the network card of the mesh point in the segment D and directly analyze the data packet to obtain the identification data about the mesh point. In detail, the static ARP data in the identification data is further obtained through Agent data collection software, wherein the Agent data collection software is developed by the applicant to be applied to the terminal device (Computer Terminal), the identification data about the website is obtained when the website is online, and the Agent data reporting software is different from WMI (Windows Management Instrumentation) data collection software, so that the information of the website is provided in a manner that the website is not limited to be a Windows operating system.
As shown in fig. 1 and 5, the bill comparing step S3 compares the identification data of all the nodes with the identification data of the information device or gateway registered in the information device list to confirm that the node is an illegal node L when the node has the identification data not corresponding to the information device list in the network segment D. The information device list is a list (i.e., white list) established in advance, and records identification data of the information device P and the gateway G of the internal network environment of the enterprise, for example: IP address or MAC address.
Specifically, as shown in fig. 1, 2 and 5, the legal network point confirmation step S30 confirms whether the identification data of the network point in the network segment D corresponds to the identification data of the information device list. If the identification data of the mesh point in the network segment D corresponds to the identification data of the information device list, the mesh point in the network segment D is identified as a legal mesh point, and the process of judging the type of the illegal mesh point is ended. In contrast, if the legal network point confirmation step S30 confirms that the identification data of the network point in the network segment D is not corresponding to the identification data of the information device list but is the illegal network point L, the illegal network point type judgment step S4 is performed.
As shown in fig. 1 and 5, specifically, the illegal node type determining step S4 is to determine the type of the information device used by the illegal node L through the collection and analysis of the identification data (i.e. IP address, MAC address, OUI data, ARP firewall data, and static ARP data) of the illegal node L. Therefore, the present invention is advantageous to switch between two methods of blocking network connection to block the illegal network point L (i.e. the external information device) from performing network access to the internal network of the enterprise.
In detail, as shown in fig. 1, 2 and 5, the manufacturer checking step S41 of the illegal node type determining step S4 checks whether the illegal node L is an information device produced by a manufacturer in a predetermined manufacturer list due to the MAC address and the OUI data about the illegal node L acquired in the data packet analyzing step S2. If the illegal network point L is an information device produced by a manufacturer in a predetermined manufacturer list, the first network connection blocking mode S51 of the network connection blocking step S5 is performed. In contrast, if the manufacturer confirming step S41 confirms that the illegal network point L is not an information device produced by a manufacturer in the predetermined manufacturer list, the ARP firewall confirming step S42 of the illegal network point type determining step S4 is performed.
Further, the MAC address is 6 bytes in total, and the first 3 bytes are obtained by the manufacturer of the network card applying for IEEE (Institute of Electrical and Electronic Engineers, institute of electrical and electronics engineers), and the first 3 bytes are the OUI data. That is, after knowing the identification data of the illegal network point L to obtain the MAC address, the OUI data can be obtained. And, the OUI data can be used to learn the manufacturer of the network card, and thus the information device type of the illegal network point L can be learned back. For example: the "D0-51-62" of the "D0-51-62-DD-EE-FF" of the MAC address can be used for knowing that the manufacturer of the network card is "Sony corporation", and the illegal network point L can be deduced as an information device manufactured by the "Sony corporation"; the "F4-F1-5A" of the "F4-F1-5A-DD-EE-FF" of the MAC address can be known that the manufacturer of the network card is "Apple company", and the illegal network point L can be known as an information device manufactured by "Apple company".
As shown in fig. 2, the ARP firewall confirmation step S42 of the illegal network point type determination step S4 confirms whether the illegal network point L is an information device with an ARP firewall according to the ARP firewall data obtained in the data packet analysis step S2. If the illegal node L is an information device with ARP firewall, the first blocking network connection mode S51 is performed. In contrast, if the ARP firewall confirmation step S42 confirms that the illegal point L is not an information device with an ARP firewall, a static ARP confirmation step S43 of the illegal point type determination step S4 is performed.
Further, for ARP spoofing (ARP spoofing), some of the anti-virus software currently has a function of executing the ARP firewall to protect the information devices from ARP spoofing, wherein ARP spoofing is an attack technique for ARP, and an attacker can obtain a data packet in a network segment, tamper with information of the data packet, and affect normal connection between the information devices in the network segment. Moreover, the operating systems of different information devices have different processing manners for ARP spoofing to avoid ARP spoofing, for example: change IP address, accelerate query Gateway (Gateway). Therefore, the ARP firewall confirmation step S42 is to confirm whether the antivirus software of the information device of the illegal network point L has the function of executing the ARP firewall, and whether the operating system of the information device of the illegal network point L will process ARP spoofing.
As shown in fig. 2, the static ARP confirmation step S43 of the illegal node type determination step S4 confirms whether the illegal node L is an information device with static ARP through the static ARP data (e.g., the static ARP data is acquired through the Agent data acquisition software) acquired in the data packet analysis step S2. If the illegal node L is an information device with static ARP, the first blocking network connection mode S51 is performed. In contrast, if the static ARP confirmation step S43 confirms that the illegal node L is not an information device with static ARP, the second blocking network connection mode S52 is automatically switched to block network connection of the illegal node L in the network segment D.
Specifically, the information device having static ARP is such that the IP address and the MAC address of the information device are in one-to-one correspondence. That is, the static ARP confirmation step S43 confirms whether the IP address and the MAC address of the information device of the illegal network point L are in a binding relationship.
In other words, as shown in fig. 1 and 2, in the network connection blocking step S5, when the illegal node L is an information device produced by a manufacturer in the predetermined manufacturer list, or an information device with an ARP firewall, or an information device with a static ARP, the first network connection blocking mode S51 is adopted to block network connection of the illegal node L in the network segment D. Conversely, when the illegal node L is not an information device produced by a manufacturer in the predetermined manufacturer list, is not an information device with an ARP firewall, and is not an information device with a static ARP, the second blocking network connection mode S52 is automatically switched to block network connection of the illegal node L in the network segment D.
In detail, as shown in fig. 3 and 5, in the first blocking network online mode S51, when the illegal node L performs a node query L1 to broadcast and query the MAC address of the object node in the network segment D, the online blocking module S (which may be a device of software or hardware) executes a reply query S510 to unicast a data packet "the MAC address of the object node is the MAC address of the online blocking module" to the illegal node L. And, the connection blocking module S performs a protection information transmission S512 to unicast a data packet "the MAC address of the illegal node L is the MAC address of the connection blocking module S" to the gateway G in the network segment D. Therefore, the present invention can block the illegal network point L under the condition of avoiding triggering the ARP firewall of the illegal network point L.
In detail, as shown in fig. 3 and 5, in the first blocking network connection mode S51, the connection blocking module S also performs a mask information transmission S511 to unicast the data packet "the MAC addresses of all the information devices P in the network segment D are the MAC addresses of the connection blocking module S" to the illegal network point L so as to block the network connection of the illegal network point L in the network segment D.
Further, as shown in fig. 4 and 5, in the second blocking network online mode S52, when the illegal node L broadcasts a node query L1 to query the MAC address of the target node in the network segment, the online blocking module S executes a reply query S520 to unicast a data packet "the MAC address of the target node is the MAC address of the online blocking module" to the illegal node L, and executes an isolation information transmission S521 to continuously unicast a data packet "the MAC address of the gateway G in the network segment D is the MAC address of the online blocking module S" to the illegal node L for a predetermined period. And, the connection blocking module S performs a protection information transmission S522 to broadcast a data packet "the MAC address of the illegal node L is the MAC address of the connection blocking module S" to all the nodes (including the information device P and the gateway G) in the network segment D. Therefore, the present invention blocks the network connection of the illegal network point L in the network segment D in another mode.
In the method 100 for blocking network connection for dual mode switching according to the embodiment of the present invention, in the second blocking network connection mode S52, the predetermined period is 4 seconds. Of course, the present invention is not limited to the "predetermined period of 4 seconds", and the predetermined period may be 2 seconds, 1 second or 0.1 second. Specifically, as the time of the predetermined period decreases, the frequency of unicast of the online blocking module S to the illegal network point L increases relatively. In addition, as shown in fig. 6, the increased unicast Frequency (F, frequency) further improves the blocking efficiency (E, efficiency) of the network connection in the second blocking network connection mode S52.
As described above, the method 100 for blocking network connection in dual mode handover according to the embodiment of the present invention increases the blocking efficiency of network connection through the handover between the first blocking network connection mode S51 and the second blocking network connection mode S52 in the network connection blocking step S5 to prevent any external information device (i.e. the illegal node L) from performing network access to the internal network (the network segment D) of the enterprise, wherein the handover between the first blocking network connection mode S51 and the second blocking network connection mode S52 is performed according to the results of the manufacturer confirmation step S41, the ARP firewall confirmation step S42 or the static ARP confirmation step S43 in the illegal node type determination step S4.
The method 100 for blocking network connection by dual mode switching automatically switches between two modes of network connection blocking methods (the first network connection blocking mode S51 and the second network connection blocking mode S52) and the illegal network point type determining step S4. Therefore, the present invention can increase the efficiency of the "blocking network connection" operation because the different types of the illegal network points L block the network connection of the illegal network points L.
The foregoing description and description are only illustrative of the preferred embodiment of the invention, and other modifications will occur to those skilled in the art upon consideration of the specification and the preceding claims, but are intended to be within the spirit and scope of the invention.
Claims (8)
1. A method for blocking network connection for dual mode handover, said method comprising the steps of:
a data packet collecting step, namely collecting data packets sent by all network points in the network segment, wherein all the network points comprise an information device and a gateway which are connected with the network in the network segment;
a data packet analyzing step of analyzing data packets of all the network points in the network segment to obtain identification data of all the network points, wherein the identification data comprises MAC address, OUI data, ARP firewall data and static ARP data;
a bill comparison step of comparing all the identification data of the net points with the identification data of the information devices or gateways registered in the information device list to confirm that the net points are illegal net points when the net points which do not correspond to the identification data of the information device list are present in the net section;
an illegal network point type judging step of confirming whether the illegal network point is an information device produced by a manufacturer in a preset manufacturer list, or an information device with an ARP firewall by the ARP firewall data obtained in the data packet analyzing step, or an information device with a static ARP by the static ARP data obtained in the data packet analyzing step, by the MAC address and the OUI data obtained in the data packet analyzing step; and
a network connection blocking step of automatically switching to a second network connection blocking mode to block network connection of the illegal network point in the network segment when the illegal network point is an information device produced by a manufacturer in the preset manufacturer list, or an information device with an ARP firewall, or an information device with a static ARP, and the illegal network point is not an information device produced by a manufacturer in the preset manufacturer list, and is not an information device with an ARP firewall, and is not an information device with a static ARP,
wherein, in the first blocking network online mode, when the illegal network point broadcasts and inquires the MAC address of the object network point in the network segment, the online blocking module unicasts the data packet of which the MAC address of the object network point is the MAC address of the online blocking module to the illegal network point, and the online blocking module unicasts the data packet of which the MAC address of the illegal network point is the MAC address of the online blocking module to the gateway in the network segment so as to block the illegal network point under the condition of avoiding triggering the ARP firewall of the illegal network point,
in the second blocking network online mode, when the illegal network point broadcasts and inquires the MAC address of the object network point in the network segment, the online blocking module unicasts the data packet of which the MAC address of the object network point is the MAC address of the online blocking module to the illegal network point and continuously unicasts the data packet of which the MAC address of the gateway in the network segment is the MAC address of the online blocking module to the illegal network point in a preset period, and the online blocking module broadcasts the data packet of which the MAC address of the illegal network point is the MAC address of the online blocking module to all network points in the network segment so as to block the illegal network point.
2. The method of claim 1, wherein in the first blocking network connection mode, the connection blocking module unicasts a data packet to the illegal network point that the MAC addresses of all the information devices in the network segment are the MAC addresses of the connection blocking module to block the illegal network point.
3. The method for blocking network connection for dual mode handover as recited in claim 1, wherein the identification data of the mesh point further comprises an IP address.
4. The method according to claim 1, wherein in the step of determining the type of the illegal node, if the illegal node is not an information device produced by a manufacturer in the predetermined manufacturer list, it is determined whether the illegal node is an information device having an ARP firewall.
5. The method according to claim 4, wherein in the step of determining the type of the illegal node, if the illegal node is not an information device with ARP firewall, it is determined whether the illegal node is an information device with static ARP.
6. The method of claim 1, wherein the data packet analyzing step is to collect data packets sent by the network points via network cards of the network points in the network segment and directly analyze the data packets to obtain the identification data about the network points.
7. The method of blocking network connection for dual mode handover as claimed in claim 1, wherein in the illegal node type determination step, the information device having static ARP is that the IP address and the MAC address of the information device have a one-to-one correspondence.
8. The method of blocking network connection for a dual mode switch as recited in claim 1 wherein said predetermined period is 4 seconds in said second blocking network connection mode.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010841976.7A CN114172672B (en) | 2020-08-20 | 2020-08-20 | Method for blocking network connection by double-mode switching |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010841976.7A CN114172672B (en) | 2020-08-20 | 2020-08-20 | Method for blocking network connection by double-mode switching |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114172672A CN114172672A (en) | 2022-03-11 |
CN114172672B true CN114172672B (en) | 2024-02-27 |
Family
ID=80475296
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010841976.7A Active CN114172672B (en) | 2020-08-20 | 2020-08-20 | Method for blocking network connection by double-mode switching |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114172672B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1713601A (en) * | 2004-06-21 | 2005-12-28 | 合勤科技股份有限公司 | On-line method for IP configuration of set-free network |
CN101242311A (en) * | 2007-02-05 | 2008-08-13 | 智邦科技股份有限公司 | Method and system for automatic network connection mode detection |
CN102045243A (en) * | 2009-10-10 | 2011-05-04 | 中兴通讯股份有限公司 | Method and system for of adaptively recognizing duplex mode of network port of opposite terminal among network devices |
TW201421936A (en) * | 2012-11-26 | 2014-06-01 | Sofnet Corp | Method for distinguishing and blocking off network node |
TWI728901B (en) * | 2020-08-20 | 2021-05-21 | 台眾電腦股份有限公司 | Network connection blocking method with dual-mode switching |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9191209B2 (en) * | 2013-06-25 | 2015-11-17 | Google Inc. | Efficient communication for devices of a home network |
-
2020
- 2020-08-20 CN CN202010841976.7A patent/CN114172672B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1713601A (en) * | 2004-06-21 | 2005-12-28 | 合勤科技股份有限公司 | On-line method for IP configuration of set-free network |
CN101242311A (en) * | 2007-02-05 | 2008-08-13 | 智邦科技股份有限公司 | Method and system for automatic network connection mode detection |
CN102045243A (en) * | 2009-10-10 | 2011-05-04 | 中兴通讯股份有限公司 | Method and system for of adaptively recognizing duplex mode of network port of opposite terminal among network devices |
TW201421936A (en) * | 2012-11-26 | 2014-06-01 | Sofnet Corp | Method for distinguishing and blocking off network node |
TWI728901B (en) * | 2020-08-20 | 2021-05-21 | 台眾電腦股份有限公司 | Network connection blocking method with dual-mode switching |
Non-Patent Citations (1)
Title |
---|
浅谈局域网ARP攻击及其对策;耿飞;;科技资讯(20);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN114172672A (en) | 2022-03-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10873594B2 (en) | Test system and method for identifying security vulnerabilities of a device under test | |
Schnackengerg et al. | Cooperative intrusion traceback and response architecture (CITRA) | |
US7237267B2 (en) | Policy-based network security management | |
CN110493195B (en) | Network access control method and system | |
US20030084321A1 (en) | Node and mobile device for a mobile telecommunications network providing intrusion detection | |
US20080028073A1 (en) | Method, a Device, and a System for Protecting a Server Against Denial of DNS Service Attacks | |
CN111010409B (en) | Encryption attack network flow detection method | |
KR20010095337A (en) | Firewall system combined with embeded hardware and general-purpose computer | |
CN101577645B (en) | Method and device for detecting counterfeit network equipment | |
CN111541670A (en) | Novel dynamic honeypot system | |
WO2002013486A2 (en) | System and method for processing network accounting information | |
Ubaid et al. | Mitigating address spoofing attacks in hybrid SDN | |
CN114172672B (en) | Method for blocking network connection by double-mode switching | |
US11558351B2 (en) | Dual-modes switching method for blocking network connection | |
KR101977612B1 (en) | Apparatus and method for network management | |
CN114301796B (en) | Verification method, device and system for prediction situation awareness | |
KR101003094B1 (en) | Cyber attack traceback system by using spy-bot agent, and method thereof | |
CN109274638A (en) | A kind of method and router of attack source access automatic identification processing | |
KR20150026187A (en) | System and Method for dropper distinction | |
CN103973678A (en) | Access control method for terminal computer | |
KR100459846B1 (en) | Method of and system for managing network resources and security control for network | |
KR101997181B1 (en) | Apparatus for managing domain name servide and method thereof | |
CN107124390B (en) | Security defense and implementation method, device and system of computing equipment | |
KR100656478B1 (en) | Apparatus and method for network security | |
KR100439174B1 (en) | Method for managing alert database and policy propagation in ladon-security gateway system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |