CN114244801B - ARP spoofing prevention method and system based on government enterprise gateway - Google Patents
ARP spoofing prevention method and system based on government enterprise gateway Download PDFInfo
- Publication number
- CN114244801B CN114244801B CN202111653505.4A CN202111653505A CN114244801B CN 114244801 B CN114244801 B CN 114244801B CN 202111653505 A CN202111653505 A CN 202111653505A CN 114244801 B CN114244801 B CN 114244801B
- Authority
- CN
- China
- Prior art keywords
- equipment
- arp
- arp spoofing
- gateway
- attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention discloses an ARP spoofing prevention method and system based on an enterprise gateway, comprising the following steps: when user equipment dynamically or statically accesses the gateway, the gateway discovers equipment through a DHCP protocol or an ARP protocol, and records equipment information into an equipment management record table of the gateway; when the equipment information is changed, the gateway updates the equipment management record table; when the online equipment is the same as the MAC address of one online equipment in the equipment management record table, but the IP is different, and the IP is the same as the IP of the other online equipment in the equipment record table, the new online equipment is considered as ARP spoofing attack equipment; and stores ARP spoofing attack device information. The invention has convenient use and high safety; compared with the prior art, the method for detecting the ARP attack packet is dynamic and efficient, and can play a role in preventing ARP spoofing attack no matter how equipment in a government enterprise network changes.
Description
Technical Field
The invention relates to the technical field of network communication security, in particular to an ARP spoofing prevention method and system based on an enterprise gateway.
Background
ARP spoofing refers to a means for monitoring or intercepting communication data of a target host by sending false ARP messages to the target host and impersonating the target host by utilizing the vulnerability of ARP protocol and intercepting the messages which are sent to the target host. If ARP spoofing is used to impersonate both parties of communication at the same time, then a "man-in-the-middle attack" can be achieved. ARP spoofing can cause network congestion or even large-area network paralysis in severe cases, and provides serious tests for network management and safety hazard.
And the government and enterprise gateway is an interface unit of the government and enterprise network and an external network, and manages all devices of the LAN access to the government and enterprise network. In an enterprise network, access devices are numerous, if users spoof ARP by forging an IP address and an MAC address, a large amount of ARP traffic is generated in the network to block the network, and an attacker can change the IP-MAC entry in the ARP cache of a target host only by continuously sending forged ARP response packets, so that network interruption or man-in-the-middle attack is caused. Therefore, it is important to realize the function of preventing ARP spoofing attack on the gateway.
The invention discloses a router and a method for preventing ARP attack, which is an authorized invention patent with the application number of CN201510617397.3, and specifically receives ARP message; analyzing the received MAC address and IP address of the sender in the ARP message; comparing the MAC address and the IP address obtained by analysis with a list table stored in advance, and judging whether the MAC address and the IP address obtained by analysis are attack addresses or not; if the address is an attack address, discarding the ARP message; if the address is not the attack address, the ARP message is released; so as to judge whether the ARP message is a deception message or not. However, the scheme aims at how to prevent ARP attack through a router, is not suitable for government and enterprise gateways, and has a plurality of access devices for the government and enterprise gateways, high requirements on network speed stability, and less occupied network resources are required to be ensured while ARP attack is prevented; meanwhile, the scheme is compared by pre-storing the list, the prior applicability is not as good as the prior applicability, the pre-stored list of the scheme is longer and longer along with the use time of the equipment, particularly the white list in the scheme, so that the time spent in comparison is prolonged, and meanwhile, the source of the white list linked list or the black list linked list is not clear firstly because a pair of MAC addresses and IP addresses are compared with the data in the pre-stored list; meanwhile, the MAC address and the IP address are required to be consistent with the data of a pre-stored list, which is inaccurate in judging whether ARP attacks or not, because in an enterprise gateway, the IP of the equipment is distributed by the gateway, and the IP distributed to the same equipment can be changed, namely the IP addresses of the first online and the second online of the same equipment are different; but cannot be said to be an attacking device.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provides an ARP spoofing prevention method and system based on a government enterprise gateway.
The aim of the invention is realized by the following technical scheme:
an ARP spoofing prevention method based on a government enterprise gateway comprises the following steps:
step 1: when user equipment dynamically or statically accesses to the gateway, the gateway discovers the equipment through a DHCP protocol or an ARP protocol, and records the IP address and the MAC address of the accessed user equipment into an equipment management record table;
step 2: searching whether the MAC addresses of the online equipment and the access user equipment are the same in the equipment management record table; if yes, comparing whether the IP address of the equipment is consistent with the IP address of the access user equipment, and jumping to the step 3; if not, jumping to the step 5;
step 3: if the two types are consistent, jumping to the step 5; if not, searching whether the IP addresses of other online devices are the same as the IP address of the access device in the device management record table, if not, jumping to the step 5, and if so, jumping to the step 4;
step 4: judging that the access user equipment is ARP spoofing attack equipment, and creating ARP spoofing database to store attack equipment information;
step 5: the IP address and MAC address of the access user equipment are recorded in the device management record table.
Further, before the step 1, the method further includes setting an ARP spoofing prevention switch on a gateway page, for starting an ARP spoofing prevention function.
Further, after the step 4, the method further includes packet processing of the ARP spoofing attack device, and interception of the ARP spoofing attack packet is achieved by discarding the ARP spoofing attack device packet, so that the gateway does not answer the ARP spoofing request any more.
Further, the packet discarding of the ARP spoofing attack apparatus is implemented by setting an arp_break rule chain, and when the packet processing is performed, the ARP spoofing database is read first, and then whether the ARP spoofing prevention switch is turned on is checked; if the ARP spoofing attack device is started, the ARP spoofing attack device is added into an ARP_CHEAT rule chain.
Further, after the ARP spoofing prevention switch is turned off, the arp_clean rule chain is cleared.
An ARP spoofing prevention system based on a government enterprise gateway comprises an ARP spoofing attack identification module, a packet processing module and a switch control module;
the ARP spoofing attack recognition module is used for recognizing ARP spoofing attacks, when user equipment is dynamically or statically accessed to a gateway, the gateway discovers equipment through a DHCP protocol or an ARP protocol, and equipment information is recorded in an equipment management record table of the gateway; when the equipment information is changed, the gateway updates the equipment management record table; when the online equipment is the same as the MAC address of one online equipment in the equipment management record table, but the IP is different, and the IP is the same as the IP of the other online equipment in the equipment record table, the new online equipment is considered as ARP spoofing attack equipment; and storing ARP spoofing attack equipment information;
the packet processing module is used for intercepting the packet of the ARP spoofing attack, and the gateway does not answer the ARP spoofing request any more;
the switch control module sets a gateway page, sets a switch opening mark after a switch is opened, reads an ARP spoofing database, and adds equipment information into an ARP_CHEAT rule chain if equipment information exists in the database and the equipment is not set by the ARP_CHEAT rule chain; if the database has no equipment information, after the identification module discovers new attack equipment, adding the equipment information into an ARP_CHEAT rule chain; after the switch is closed, the arp_clean rule chain is cleared.
The invention has the beneficial effects that: the invention can open or close the gateway page to prevent ARP deception attack, thereby being more convenient for users to use; meanwhile, an ARP spoofing prevention function is added in the government enterprise gateway, so that the security of enterprise users accessing the network is more comprehensively ensured; compared with the prior art, the method for detecting the ARP attack packet is dynamic and efficient, and can play a role in preventing ARP spoofing attack no matter how equipment in a government enterprise network changes.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to the structures shown in these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flow chart of the method of the present invention.
Fig. 2 is a functional block diagram of the system of the present invention.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Embodiment 1, as shown in fig. 1, is an ARP spoofing prevention method based on an enterprise gateway, comprising the following steps:
step 1: when the user equipment A dynamically or statically accesses the gateway, the gateway discovers the equipment through a DHCP protocol or an ARP protocol, and records the IP address and the MAC address of the user equipment A into an equipment management record table;
step 2: searching whether an online device B with the same MAC address as the user device A exists in the device management record table; if yes, comparing whether the IP address of the equipment B is consistent with the IP address of the user equipment A, and jumping to the step 3; if not, jumping to the step 5;
step 3: if the two types are consistent, jumping to the step 5; if not, searching whether the IP address of the online equipment C is the same as the IP address of the access equipment A in the equipment management record table, if not, jumping to the step 5, and if so, jumping to the step 4;
step 4: judging the access user equipment A as ARP deception attack equipment, and creating ARP deception database storage attack equipment information;
step 5: the IP address and MAC address of the access user equipment a are recorded in the device management record table.
Before step 1, an ARP spoofing prevention switch is further configured on the gateway page, and is used for starting an ARP spoofing prevention function.
And 4, processing the packet of the ARP spoofing attack equipment, and intercepting the packet of the ARP spoofing attack by discarding the packet of the ARP spoofing attack equipment so that the gateway does not answer the ARP spoofing request any more.
Further, the packet discarding of the ARP spoofing attack apparatus is implemented by setting an arp_break rule chain, and when the packet processing is performed, the ARP spoofing database is read first, and then whether the ARP spoofing prevention switch is turned on is checked; if the ARP spoofing attack device is started, the ARP spoofing attack device is added into an ARP_CHEAT rule chain.
Further, after the ARP spoofing prevention switch is turned off, the arp_clean rule chain is cleared.
Embodiment 2, as shown in fig. 2, an ARP spoofing prevention system based on an enterprise gateway includes an ARP spoofing attack identification module, a packet processing module, and a switch control module;
the user equipment accesses the government and enterprise gateway in a wired or wireless mode, and accesses the network through the government and enterprise gateway. All user equipment are in the same local area network, and assuming user equipment A as an attacker and user equipment B as an attacker, the attacker A can know the IP_B and the MAC_B of the gateway and the attacker B through ARP flooding. The attacker A falsifies into the IP_B of the attacked person B, sends an ARP request to the gateway by using the IP_ B, MAC _A, updates an ARP table after the gateway receives the ARP reply, changes the MAC of the attacked person B from the MAC_B to the MAC_A of the attacker, and when the attacked person B sends a data packet to the gateway, the gateway receives the request that the IP_B and the destination MAC are the MAC_A and forwards the data packet to the attacker A. After receiving the data packet, the attacker A can store the data packet and then send the data packet to the attacker B, so as to achieve the eavesdropping effect. The attacker A can tamper with the data and then send the data packet to the attacked B, so that the damage is caused.
The ARP spoofing attack recognition module is used for recognizing ARP spoofing attacks, when the user equipment is dynamically or statically accessed to the gateway, the gateway discovers equipment through a DHCP protocol or an ARP protocol, and equipment information is recorded in an equipment management record table of the gateway; when the equipment information is changed, the gateway updates the equipment management record table; when the online equipment is the same as the MAC address of one online equipment in the equipment management record table, but the IP is different, and the IP is the same as the IP of the other online equipment in the equipment record table, the new online equipment is considered as ARP spoofing attack equipment; and storing ARP spoofing attack equipment information; the identification process is shown in fig. 1.
The switch control module sets a gateway page, sets a switch opening mark after a switch is opened, reads an ARP spoofing database, and adds equipment information into an ARP_CHEAT rule chain if equipment information exists in the database and the equipment is not set by the ARP_CHEAT rule chain; if the database has no equipment information, after the identification module discovers new attack equipment, adding the equipment information into an ARP_CHEAT rule chain; after the switch is closed, the arp_clean rule chain is cleared.
The switch control module sets a gateway page, sets a switch opening mark after a switch is opened, reads an ARP spoofing database, and adds equipment information into an ARP_CHEAT rule chain if equipment information exists in the database and the equipment is not set by the ARP_CHEAT rule chain; if the database has no equipment information, after the identification module discovers new attack equipment, adding the equipment information into an ARP_CHEAT rule chain; after the switch is closed, the arp_clean rule chain is cleared.
In the government and enterprise network, PC1 and PC2 can normally access the network, if PC1 initiates ARP spoofing to the gateway, the imitation IP is PC2, but because the MAC is the ARP message of non-PC 2 MAC, a message is sent every 2ms to attack. At this point PC2 may not be able to access the network. After the invention is applied, the switch for preventing ARP spoofing attack can be configured on the gateway, and after the switch is opened, the PC2 can normally surfing the Internet without being influenced by the attack.
The invention can open or close the gateway page to prevent ARP deception attack, thereby being more convenient for users to use; meanwhile, an ARP spoofing prevention function is added in the government enterprise gateway, so that the security of enterprise users accessing the network is more comprehensively ensured; compared with the prior art, the method for detecting the ARP attack packet is dynamic and efficient, and can play a role in preventing ARP spoofing attack no matter how equipment in a government enterprise network changes.
It should be noted that, for simplicity of description, the foregoing method embodiments are all expressed as a series of action combinations, but it should be understood by those skilled in the art that the present application is not limited by the described order of action, as some steps may take other order or be performed simultaneously according to the present application. Further, those skilled in the art will also appreciate that the embodiments described in the specification are all preferred embodiments and that the acts and elements referred to are not necessarily required in the present application.
In the foregoing embodiments, the descriptions of the embodiments are focused on, and for those portions of one embodiment that are not described in detail, reference may be made to the related descriptions of other embodiments.
Those skilled in the art will appreciate that implementing all or part of the above-described methods in the embodiments may be accomplished by computer programs stored in a computer-readable storage medium, which when executed, may include the steps of the embodiments of the methods described above. Wherein the storage medium may be a magnetic disk, an optical disk, a ROM, a RAM, etc.
The foregoing disclosure is illustrative of the present invention and is not to be construed as limiting the scope of the invention, which is defined by the appended claims.
Claims (6)
1. An ARP spoofing prevention method based on a government enterprise gateway is characterized by comprising the following steps:
step 1: when user equipment dynamically or statically accesses to the gateway, the gateway discovers the equipment through a DHCP protocol or an ARP protocol, and records the IP address and the MAC address of the accessed user equipment into an equipment management record table;
step 2: searching whether the MAC addresses of the online equipment and the access user equipment are the same in the equipment management record table; if yes, comparing whether the IP address of the equipment is consistent with the IP address of the access user equipment, and jumping to the step 3; if not, jumping to the step 5;
step 3: if the two types are consistent, jumping to the step 5; if not, searching whether the IP addresses of other online devices are the same as the IP address of the access device in the device management record table, if not, jumping to the step 5, and if so, jumping to the step 4;
step 4: judging that the access user equipment is ARP spoofing attack equipment, and creating ARP spoofing database to store attack equipment information;
step 5: the IP address and MAC address of the access user equipment are recorded in the device management record table.
2. The method for preventing ARP spoofing based on an enterprise gateway according to claim 1, further comprising setting an ARP spoofing switch on a gateway page before the step 1, for starting an ARP spoofing function.
3. The method for preventing ARP spoofing based on an enterprise gateway according to claim 1, wherein after step 4, further comprising processing packets of the ARP spoofing attack device, and intercepting the packets of the ARP spoofing attack by discarding the packets of the ARP spoofing attack device, so that the gateway no longer responds to the ARP spoofing request.
4. The method for preventing ARP spoofing based on an enterprise gateway according to claim 3, wherein the discarding of the packet of the ARP spoofing attack apparatus is performed by setting an arp_break rule chain, and when the packet is processed, the ARP spoofing database is read first, and then whether the ARP spoofing prevention switch is turned on is checked; if the ARP spoofing attack device is started, the ARP spoofing attack device is added into an ARP_CHEAT rule chain.
5. The method for ARP spoofing based on an enterprise gateway of claim 4, wherein the arp_seal rule chain is cleared after the ARP spoofing switch is turned off.
6. The ARP spoofing prevention system according to any of claims 1-5, characterized by comprising an ARP spoofing attack identification module, a packet processing module, and a switch control module;
the ARP spoofing attack recognition module is used for recognizing ARP spoofing attacks, when user equipment is dynamically or statically accessed to a gateway, the gateway discovers equipment through a DHCP protocol or an ARP protocol, and equipment information is recorded in an equipment management record table of the gateway; when the equipment information is changed, the gateway updates the equipment management record table; when the online equipment is the same as the MAC address of one online equipment in the equipment management record table, but the IP is different, and the IP is the same as the IP of the other online equipment in the equipment record table, the new online equipment is considered as ARP spoofing attack equipment; and storing ARP spoofing attack equipment information;
the packet processing module is used for intercepting the packet of the ARP spoofing attack, and the gateway does not answer the ARP spoofing request any more;
the switch control module sets a gateway page, sets a switch opening mark after a switch is opened, reads an ARP spoofing database, and adds equipment information into an ARP_CHEAT rule chain if equipment information exists in the database and the equipment is not set by the ARP_CHEAT rule chain; if the database has no equipment information, after the identification module discovers new attack equipment, adding the equipment information into an ARP_CHEAT rule chain; after the switch is closed, the arp_clean rule chain is cleared.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111653505.4A CN114244801B (en) | 2021-12-31 | 2021-12-31 | ARP spoofing prevention method and system based on government enterprise gateway |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111653505.4A CN114244801B (en) | 2021-12-31 | 2021-12-31 | ARP spoofing prevention method and system based on government enterprise gateway |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114244801A CN114244801A (en) | 2022-03-25 |
| CN114244801B true CN114244801B (en) | 2023-05-05 |
Family
ID=80744669
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111653505.4A Active CN114244801B (en) | 2021-12-31 | 2021-12-31 | ARP spoofing prevention method and system based on government enterprise gateway |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114244801B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115001745B (en) * | 2022-04-24 | 2024-01-30 | 四川天邑康和通信股份有限公司 | Intranet user local authentication system and method based on government enterprise gateway |
| CN115002071A (en) * | 2022-05-25 | 2022-09-02 | 深信服科技股份有限公司 | Information updating method, device, equipment and readable storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101370019A (en) * | 2008-09-26 | 2009-02-18 | 北京星网锐捷网络技术有限公司 | Method and switchboard for preventing packet cheating attack of address analysis protocol |
| US7562390B1 (en) * | 2003-05-21 | 2009-07-14 | Foundry Networks, Inc. | System and method for ARP anti-spoofing security |
| CN101488951A (en) * | 2008-12-31 | 2009-07-22 | 成都市华为赛门铁克科技有限公司 | Method, equipment and communication network for preventing from address resolution protocol attack |
| CN107786499A (en) * | 2016-08-25 | 2018-03-09 | 大连楼兰科技股份有限公司 | For the method for early warning and device of ARP Attack by Gateway Spoofing |
| CN110022303A (en) * | 2019-03-07 | 2019-07-16 | 北京华安普特网络科技有限公司 | The two-way system of defense of ARP and method |
| CN113132385A (en) * | 2021-04-20 | 2021-07-16 | 广州锦行网络科技有限公司 | Method and device for preventing gateway ARP spoofing |
| WO2021197292A1 (en) * | 2020-03-30 | 2021-10-07 | 上海连尚网络科技有限公司 | Method for detecting dhcp hijacking, and device |
-
2021
- 2021-12-31 CN CN202111653505.4A patent/CN114244801B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7562390B1 (en) * | 2003-05-21 | 2009-07-14 | Foundry Networks, Inc. | System and method for ARP anti-spoofing security |
| CN101370019A (en) * | 2008-09-26 | 2009-02-18 | 北京星网锐捷网络技术有限公司 | Method and switchboard for preventing packet cheating attack of address analysis protocol |
| CN101488951A (en) * | 2008-12-31 | 2009-07-22 | 成都市华为赛门铁克科技有限公司 | Method, equipment and communication network for preventing from address resolution protocol attack |
| CN107786499A (en) * | 2016-08-25 | 2018-03-09 | 大连楼兰科技股份有限公司 | For the method for early warning and device of ARP Attack by Gateway Spoofing |
| CN110022303A (en) * | 2019-03-07 | 2019-07-16 | 北京华安普特网络科技有限公司 | The two-way system of defense of ARP and method |
| WO2021197292A1 (en) * | 2020-03-30 | 2021-10-07 | 上海连尚网络科技有限公司 | Method for detecting dhcp hijacking, and device |
| CN113132385A (en) * | 2021-04-20 | 2021-07-16 | 广州锦行网络科技有限公司 | Method and device for preventing gateway ARP spoofing |
Non-Patent Citations (2)
| Title |
|---|
| Thomas Girdler, Vassilios G. Vassilakis."Implementing an intrusion detection and prevention system using Software-Defined Networking: Defending against ARP spoofing attacks and Blacklisted MAC ".《Computers & Electrical Engineering》.2021,全文. * |
| 吴延东."水文信息网络中ARP 攻击及防御".《农业与技术》.2016,全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114244801A (en) | 2022-03-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Deshmukh et al. | Understanding DDoS attack & its effect in cloud environment | |
| US8918875B2 (en) | System and method for ARP anti-spoofing security | |
| US8972571B2 (en) | System and method for correlating network identities and addresses | |
| CN114244801B (en) | ARP spoofing prevention method and system based on government enterprise gateway | |
| US8661522B2 (en) | Method and apparatus for probabilistic matching to authenticate hosts during distributed denial of service attack | |
| CN100563149C (en) | A kind of DHCP monitor method and device thereof | |
| US20060256729A1 (en) | Method and apparatus for identifying and disabling worms in communication networks | |
| KR20080063209A (en) | Network security elements using endpoint resources | |
| RU2690749C1 (en) | Method of protecting computer networks | |
| TW201535141A (en) | Network device and method for avoiding ARP attacks | |
| CN113347155A (en) | Method, system and device for defending ARP spoofing | |
| JP2018073397A (en) | Communication device | |
| KR101593897B1 (en) | Network scan method for circumventing firewall, IDS or IPS | |
| Fayyaz et al. | Using JPCAP to prevent man-in-the-middle attacks in a local area network environment | |
| KR20070106893A (en) | Method for prevention an arp poison attack | |
| Barbour et al. | Evasion of port scan detection in zeek and snort and its mitigation | |
| RU2686023C1 (en) | Method of protecting computer networks | |
| RU2680038C1 (en) | Method of computer networks protection | |
| US20050147037A1 (en) | Scan detection | |
| KR101188308B1 (en) | Pseudo packet monitoring system for address resolution protocol spoofing monitoring of malicious code and pseudo packet monitoring method therefor | |
| CN114285589A (en) | Method, terminal and system for actively guiding attack flow and disguising response | |
| Roolvink | Detecting attacks involving DNS servers: a netflow data based approach | |
| Kamal et al. | Analysis of network communication attacks | |
| CN115208596B (en) | Network intrusion prevention method, device and storage medium | |
| Quitiqut et al. | Utilizing Switch Port Link State to Detect Rogue Switches |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |