CN114465745A - Network topology confusion virtual device and virtual method based on virtual network - Google Patents
Network topology confusion virtual device and virtual method based on virtual network Download PDFInfo
- Publication number
- CN114465745A CN114465745A CN202111141314.XA CN202111141314A CN114465745A CN 114465745 A CN114465745 A CN 114465745A CN 202111141314 A CN202111141314 A CN 202111141314A CN 114465745 A CN114465745 A CN 114465745A
- Authority
- CN
- China
- Prior art keywords
- address
- virtual
- network
- real
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application relates to the technical field of network communication, and discloses a network topology confusion virtual device and a virtual method based on a virtual network, which comprises the following steps: intercepting a Dynamic Host Configuration Protocol (DHCP) packet of first network equipment; modifying the real IP address in the DHCP packet into a virtual IP address, wherein the virtual IP address is any private IP address except the real IP address; and sending the modified DHCP packet to a second network device, wherein the method has the effect of reducing the attack risk to the real IP address of the target PC so as to improve the network security.
Description
Technical Field
The present invention relates to the field of network communication technologies, and in particular, to a virtual network based network topology confusion virtualization apparatus and a virtual network topology confusion virtualization method.
Background
A Network Topology (Network Topology) architecture refers to the physical layout of interconnecting various devices using a transmission medium. Refers to a particular physical, i.e., real, or logical, i.e., virtual, arrangement of members that make up a network. If the connection structure of two networks is the same we say that their network topologies are the same.
The network topology structure has a plurality of nodes, some nodes are real nodes, some nodes are virtual nodes, the real IP of some real nodes is easy to be attacked, and the virtual nodes have the risk of not being identified as the real IP; when a single PC transmits files, only the IP address of the single PC is identified as a real IP address, and the single PC is easy to suffer from malicious network attacks.
For the above related technologies, the inventor thinks that in the face of malicious network attacks, because some virtual nodes are not identified as real IPs, the attack risk of the real IPs in some use processes is large, and the security of the network is low.
Disclosure of Invention
In order to reduce the attack risk to the real IP address of the target PC and improve the network security, the application provides a network topology confusion virtual device and a virtual method based on a virtual network.
In a first aspect, the application provides a network topology confusion virtual device based on a virtual network, which adopts the following technical scheme:
a network topology confusion virtual device based on a virtual network comprises an interception module, an IP address modification module and a sending module; the interception module is used for intercepting a Dynamic Host Configuration Protocol (DHCP) packet of the first network equipment;
the IP address modification module is used for modifying a real IP address in the DHCP packet into a virtual IP address, and the virtual IP address is any private IP address except the real IP address;
and the sending module is used for sending the modified DHCP packet to second network equipment.
By adopting the technical scheme, in order to reduce the attack risk to the real IP, unused PCs are required to be utilized, and the PCs are not put into normal use, so that the IP address of each PC is not easy to be identified as the target IP address by an attacker, therefore, when the intercepted module intercepts the Dynamic Host Configuration Protocol (DHCP) packet of the first network equipment, the real IP address of the DHCP packet itself needs to be modified into a virtual IP address which can be identified as the target IP address by the attacker, then the DHCP packet with the modified IP address is sent, and the attack is induced by the virtual IP address, so that the attack risk to the real IP of the target PC can be reduced, and the network security is improved.
Optionally, the network topology confusion virtual device based on the virtual network further includes a virtual IP address obtaining module; the virtual IP address acquisition module is used for obtaining a real IP address from the IP head analysis of the DHCP packet when the interception module intercepts the DHCP packet;
the virtual IP address obtaining module is further configured to obtain a plurality of virtual IP addresses, and all the virtual IP addresses are any private IP addresses except the real IP address.
By adopting the technical scheme, when the real IP address of the DHCP packet is modified, the DHCP packet needs to be obtained firstly, and then the real IP address of the DHCP packet is analyzed, because the DHCP data packet comprises a plurality of data frames, the data frames comprise three parts: a frame header, a data portion, and a frame trailer. The frame head and the frame tail contain necessary control information, such as synchronization information, address information, error control information, and the like; the data part comprises data transmitted by the network layer, and the like; therefore, the IP head of the DHCP packet needs to be firstly analyzed to obtain the real address of the DHCP packet based on the IP head, and then the real address is modified; the virtual IP address is any private IP address except the real IP address, and can exceed the address range allocated by the router, so that the selectable number of addresses is larger and wider.
Optionally, the first network device is a router, and the second network device is a switch; or, the first network device is a switch, and the second network device is a router;
the virtual IP address acquisition module comprises an IP address field distribution unit and an IP address selection unit;
the IP address field allocation unit is used for taking the address field allocated by the router as a virtual IP address selection field;
or the like, or, alternatively,
the IP address field allocation unit is used for taking any private IP address field except the address field allocated by the router as a virtual IP address selection field;
the IP address selection unit is used for selecting at least one virtual IP address from the virtual IP address selection section.
By adopting the technical scheme, the first network equipment is the switch, the second network equipment is the router, and the IP addresses are required to be modified in the uplink channel and the downlink channel of the DHCP packet, so that the protection range of the real IP of the target PC can be enlarged, and the network security is improved: the range of IP address field distribution can be extended to the address field of the whole network besides the address field which can be distributed by the router, so that the range of the address field which can be distributed is wider.
Optionally, the device further comprises an attack alarm module;
and the attack alarm module is used for generating attack alarm information when the target virtual IP address is attacked.
By adopting the technical scheme, when the virtual IP address induces the attack, an attacker can easily think the target IP address, and after the attack, the virtual IP address can be invalidated and needs to be cleared, so that alarm information needs to be generated to play a role in reminding when the attack is suffered, and the abandoned IP address can be cleared in time.
Optionally, the apparatus further includes a virtual IP address deletion module;
the virtual IP address deleting module is used for marking the attacked target virtual IP address as the attacked virtual IP address according to the attack alarm information;
the virtual IP address deleting module is further configured to delete the attacked virtual IP address from the virtual IP address selection segment.
By adopting the technical scheme, the virtual IP address which is attacked is removed in time by utilizing the virtual IP address deleting module, so that the redundancy of the virtual IP address can be reduced.
In a second aspect, the application provides a network topology confusion virtualization method based on a virtual network, which adopts the following technical scheme:
a network topology confusion virtualization method based on a virtual network comprises the following steps:
intercepting a Dynamic Host Configuration Protocol (DHCP) packet of first network equipment;
modifying the real IP address in the DHCP packet into a virtual IP address, wherein the virtual IP address is any private IP address except the real IP address;
and sending the modified DHCP packet to second network equipment.
By adopting the technical scheme, in order to reduce the attack risk to the real IP, unused PCs are required to be utilized, and the PCs are not put into normal use, so that the IP address of each PC is not easy to be identified as the target IP address by an attacker, therefore, when the intercepted module intercepts the Dynamic Host Configuration Protocol (DHCP) packet of the first network equipment, the real IP address of the DHCP packet itself needs to be modified into a virtual IP address which can be identified as the target IP address by the attacker, then the DHCP packet with the modified IP address is sent, and the attack is induced by the virtual IP address, so that the attack risk to the real IP of the target PC can be reduced, and the network security is improved.
Optionally, before modifying the real IP address in the DHCP packet to the virtual IP address, the method further includes:
when the DHCP packet is intercepted, analyzing the IP header of the DHCP packet to obtain a real IP address;
and acquiring a plurality of virtual IP addresses, wherein all the virtual IP addresses are any private IP addresses except the real IP address.
By adopting the technical scheme, when the real IP address of the DHCP packet is modified, the DHCP packet needs to be obtained firstly, and then the real IP address of the DHCP packet is analyzed, because the DHCP data packet comprises a plurality of data frames, the data frames comprise three parts: a header, a data portion, and a trailer. The frame head and the frame tail contain necessary control information, such as synchronization information, address information, error control information, and the like; the data part comprises data transmitted by the network layer, and the like; therefore, the IP head of the DHCP packet needs to be firstly analyzed to obtain the real address of the DHCP packet based on the IP head, and then the real address is modified; the virtual IP address is any private IP address except the real IP address, and can exceed the address allocated by the router, so that the selectable number of addresses is larger and wider.
Optionally, the acquiring a plurality of virtual IP addresses includes:
taking the address field allocated by the router as a virtual IP address selection field;
or the like, or, alternatively,
any private IP address field except the address field distributed by the router is used as a virtual IP address selection field;
at least one virtual IP address is selected from the virtual IP address selection section.
By adopting the technical scheme, the first network equipment is a switch, the second network equipment is a router, IP addresses are required to be modified in both the uplink channel and the downlink channel of the DHCP packet, the protection range of the real IP of the target PC can be enlarged, and the network security is improved; the range of IP address field distribution can be extended to the address field of the whole network besides the address field which can be distributed by the router, so that the range of the address field which can be distributed is wider.
Optionally, after sending the modified DHCP packet to the second network device, the method further includes:
and when the target virtual IP address is attacked, generating attack alarm information.
By adopting the technical scheme, when the virtual IP address induces the attack, an attacker can easily think the target IP address, and after the attack, the virtual IP address can be invalidated and needs to be cleared, so that alarm information needs to be generated to play a role in reminding when the attack is suffered, and the abandoned IP address can be cleared in time.
Optionally, after the attack alarm information is generated, the method further includes:
according to the attack alarm information, marking the attacked target virtual IP address as an attacked virtual IP address;
and deleting the attacked virtual IP address from the virtual IP address selection segment.
By adopting the technical scheme, the virtual IP address which is attacked is removed in time by utilizing the virtual IP address deleting module, so that the redundancy of the virtual IP address can be reduced.
In summary, the present application includes at least one of the following beneficial technical effects:
1. the real IP address of the DHCP packet is modified into a virtual IP address which can be identified as a target IP address by an attacker, then the DHCP packet with the modified IP address is sent, and the attack risk to the real IP of the target PC can be reduced by inducing the attack through the virtual IP address, so that the network security is improved;
2. the virtual IP address is any private IP address except the real IP address, and can exceed the address allocated by the router, so that the selectable addresses are more in number and wider in range;
3. and the virtual IP address which is attacked is cleared in time, so that the redundancy of the virtual IP address can be reduced.
Drawings
Fig. 1 is a schematic hardware architecture of a virtual network-based network topology confusion virtualization device according to an embodiment of the present application.
Fig. 2 is a flowchart of a virtual network-based network topology obfuscation virtualization method according to an embodiment of the present disclosure.
Fig. 3 is an expanded flowchart of step S200 in fig. 2.
Fig. 4 is an expanded flowchart of step S220 in fig. 3.
Description of the reference numerals:
1. a switch; 2. a router; 3. an interception module; 4. a virtual IP address acquisition module; 5. an IP address field allocation unit; 6. an IP address selection unit; 7. an IP address modification module; 8. a sending module; 9. an attack alarm module; 10. and the virtual IP address deleting module.
Detailed Description
The present application is described in further detail below with reference to figures 1-4.
The embodiment of the application discloses a network topology confusion virtual device based on a virtual network. Referring to fig. 1, the network topology confusion virtualization device based on a virtual network is disposed between a first network device and a second network device, and specifically includes an interception module 3, an IP address modification module 7, a sending module 8, a virtual IP address obtaining module 4, an attack alarm module 9, and a virtual IP address deleting module 10.
The first network device and the second network device may each include a router 2 and a switch 1; if the first network device is the router 2, the second network device is the switch 1, and if the first network device is the switch 1, the second network device is the router 2, which represents that the data packet is transmitted between the uplink channel or the downlink channel. The switch 1 is connected with a plurality of PCs in a communication way, only a plurality of PCs are in use, the IP address of the PC in use is easy to become an attacked object, and the PC which is not in use does not transmit data, and the IP address of the PC is not identified as a target attacked object by an attacker, so that the real IP address of the PC which is not in use needs to be modified into a virtual IP address which can be identified as the target attacked object by the attacker, and the PC which is not in use induces attack, thereby protecting the PC in use.
And the IP address modification module 7 is used for modifying the real IP address of the DHCP packet into a virtual IP address which can be identified as the target IP address by an attacker after the interception module 3 intercepts the DHCP packet, so that the PC at the virtual node is more real and attacks are induced.
And the sending module 8 is used for sending the DHCP packet again through the sending module 8 after the IP address of the DHCP is modified by the IP address modifying module 7.
The virtual IP address obtaining module 4 includes an IP address field allocating unit 5 and an IP address selecting unit 6.
When modifying the real IP address of the PC of the virtual node that is not in use, the IP address field assigning unit 5 reassigns the IP address, and the range of the IP address field assigned by the general router 2 is 192.168.0.0-192.168.255.255, if directly assigned by the router 2, only 255 IP addresses can be assigned, and if any private IP address field except the address field assigned by the router 2 is used as the virtual IP address selection field, the selectable IP address range is wider.
After the IP address segment allocating unit 5 selects the appropriate IP address segment, the IP address selecting unit 6 is configured to select the virtual IP address to be modified from the selected IP address segment, and then replace the original real IP address with the virtual IP address to be modified.
After the IP address of the DHCP packet is modified, the modified virtual IP addresses are attacked in a guiding manner, and an attacker attacks the virtual IP addresses, for example, when the virtual IP addresses attacked by the attacker are: 192.168.255.254, the attacked IP address will be affected in the subsequent use process, and the attack alarm module 9 generates attack alarm information to remind the staff to pay attention so as to find the attacked virtual IP address in time.
After generating the attack alarm information, the virtual IP address deleting module 10 deletes the attacked virtual IP address, which is invalid but occupies space and needs to be deleted.
The implementation principle of the network topology confusion virtual device based on the virtual network in the embodiment of the application is as follows: in order to reduce the influence on the PC in the normal use state, intercepting all DHCP packets between the switch 1 and the router 2, and modifying the real IP address of the DHCP packets into a virtual IP address which can be identified as a target IP address by an attacker, so that the attack complexity can be increased, and the virtual IP address induces the attack, so that the attacker is not easy to attack the PC in the normal use state; according to the condition that the virtual IP address is attacked, alarm information is generated when the virtual IP address is attacked, and then the attacked virtual IP address is deleted.
Referring to fig. 2, based on the above hardware architecture, the embodiment of the present application further discloses a network topology confusion virtualization method based on a virtual network, which includes steps S100 to S500,
step S100: a dynamic host configuration protocol, DHCP, packet of the first network device is intercepted.
The TCP/IP protocol needs to be set differently for different networks, each node generally needs an 'IP address', a 'subnet mask' and a 'default gateway', and an IP address is automatically allocated to a client through a Dynamic Host Configuration Protocol (DHCP); in order to increase the IP addresses that can be recognized by an attacker, all DHCP packets between router 2 and switch 1 need to be intercepted.
Referring to fig. 2, step S200: and modifying the real IP address in the DHCP packet into a virtual IP address, wherein the virtual IP address is any private IP address except the real IP address.
When the DHCP packet is replaced with the IP address of the DHCP packet, the selection range of the virtual IP address is expanded to any private IP address except the real IP address, so that the real IP address can be protected.
Referring to fig. 3, before modifying the real IP address in the DHCP packet to the virtual IP address, steps S210 to S230 are further included,
step S210: and when the DHCP packet is intercepted, analyzing the IP header of the DHCP packet to obtain a real IP address.
A DHCP (Dynamic Host Configuration Protocol) is generally applied to a large-scale local area network environment, and mainly functions to centrally manage and allocate IP addresses, so that a Host in the network environment dynamically obtains information such as IP addresses, Gateway addresses, DNS server addresses, and the like, and can improve the utilization rate of the addresses. When a DHCP packet is transmitted between the router 2 and the switch 1, the DHCP packet contains a lot of data, including an IP address, and each frame of DHCP data includes a frame header, data and a frame trailer, where the frame header includes an IP header, and a real IP address can be obtained by parsing the IP header.
Step S220: and acquiring a plurality of virtual IP addresses, wherein all the virtual IP addresses are any private IP addresses except the real IP address.
The acquiring of the plurality of virtual IP addresses in the step S220 includes steps S22A to S22B,
referring to fig. 4, step S22A: the address field allocated by the router 2 is used as a virtual IP address selection field; or, any private IP address field except the address field allocated by the router 2 is used as the virtual IP address selection field.
IP address fields fall into the following categories:
a: 0.0.0.0-127.255.255, where segments 0 and 127 are not available, available address range 1.0.0.0. -127.255.255.255;
b: 128.0.0.0-191.255.255.255, wherein the available address range 128.0.0.0-191.255.255.255;
c: 192.0.0.0-223.255.255.255 wherein the available address range is 192.0.0.0-223.255.255.255;
d: 224.0.0.0-239.255.255.255 wherein the available address range 224.0.0.0-239.255.255.255 is used as a broadcast address;
e: 240.0.0.0-255.255.255.255, where segment 255 is unavailable for reserved use.
Where some IP addresses, in addition to segment 0 and segment 127, may not be available as normal IP for other purposes. And a portion is used as a private IP address.
The address field allocated by the router 2 generally belongs to the class C address field, and when the IP address selection field is allocated, the selection range of the IP address field not only includes the address field allocated by the router 2, but also can be selected from the address fields other than the address field allocated by the router 2, so that the selection range of the address field can be enlarged.
Step S22B: at least one virtual IP address is selected from the virtual IP address selection section.
Referring to fig. 2, step S300: and sending the modified DHCP packet to second network equipment.
The DHCP packet with the modified IP address is sent to the second network device through the sending module 8, the second network device may be the router 2 or the switch 1, represents data transmission of uplink and downlink channels, and can both modify the IP address in both directions, so that the protection range can be enlarged.
Referring to fig. 2, step S400: and when the target virtual IP address is attacked, generating attack alarm information.
In order to remind workers in time when the target virtual IP address is attacked, attack alarm information is generated, and the attack alarm information can be in a sound-light alarm mode, a telephone alarm mode, an email alarm mode, a short message alarm mode and the like.
Referring to fig. 2, step S500: and marking the attacked target virtual IP address as the attacked virtual IP address according to the attack alarm information.
When the target virtual IP address is attacked, the target virtual IP address is marked, so that the attacked virtual IP address can be conveniently found at a later stage, and the address number of the attacked IP address can be recorded through a background.
Referring to fig. 2, step S600: and deleting the attacked virtual IP address from the virtual IP address selection segment.
Through the attacked target virtual IP address marked by the background, the virtual IP address deleting module 10 deletes the attacked virtual IP address, so that the redundancy is reduced, the space is saved, and meanwhile, the subsequent supplement of a new virtual IP address is facilitated.
The above embodiments are preferred embodiments of the present application, and the protection scope of the present application is not limited by the above embodiments, so: all equivalent changes made according to the structure, shape and principle of the present application shall be covered by the protection scope of the present application.
Claims (10)
1. A virtual network based network topology obfuscation virtual device, characterized in that: comprises an interception module (3), an IP address modification module (7) and a sending module (8);
the interception module (3) is used for intercepting a Dynamic Host Configuration Protocol (DHCP) packet of the first network equipment;
the IP address modification module (7) is used for modifying a real IP address in the DHCP packet into a virtual IP address, and the virtual IP address is any private IP address except the real IP address;
the sending module (8) is configured to send the modified DHCP packet to a second network device.
2. A virtual network based network topology obfuscation virtual device according to claim 1, wherein: the network topology confusion virtual device based on the virtual network also comprises a virtual IP address acquisition module (4);
the virtual IP address acquisition module (4) is used for analyzing an IP head of the DHCP packet to obtain a real IP address when the interception module (3) intercepts the DHCP packet;
the virtual IP address obtaining module (4) is further configured to obtain a plurality of virtual IP addresses, and all the virtual IP addresses are any private IP addresses except the real IP address.
3. A virtual network based network topology obfuscation virtual device according to claim 2, wherein: the first network equipment is a router (2), and the second network equipment is a switch (1); or, the first network equipment is a switch (1), and the second network equipment is a router (2);
the virtual IP address acquisition module (4) comprises an IP address section allocation unit (5) and an IP address selection unit (6);
the IP address field distribution unit (5) is used for taking the address field distributed by the router (2) as a virtual IP address selection field;
or the like, or, alternatively,
the IP address field distribution unit (5) is used for taking any private IP address field except the address field distributed by the router (2) as a virtual IP address selection field;
the IP address selection unit (6) is used for selecting at least one virtual IP address from the virtual IP address selection section.
4. A virtual network based network topology obfuscation virtual device according to any one of claims 1-3, wherein:
the device also comprises an attack alarm module (9);
and the attack alarm module (9) is used for generating attack alarm information when the target virtual IP address is attacked.
5. A virtual network based network topology obfuscation virtual device according to claim 4, wherein: the device also comprises a virtual IP address deleting module (10);
the virtual IP address deleting module (10) is used for marking the attacked target virtual IP address as the attacked virtual IP address according to the attack alarm information;
the virtual IP address deleting module (10) is further used for deleting the attacked virtual IP address from the virtual IP address selection segment.
6. A network topology confusion virtualization method based on a virtual network is characterized in that: the method comprises the following steps:
intercepting a Dynamic Host Configuration Protocol (DHCP) packet of first network equipment;
modifying the real IP address in the DHCP packet into a virtual IP address, wherein the virtual IP address is any private IP address except the real IP address;
and sending the modified DHCP packet to second network equipment.
7. The virtual network based network topology obfuscation virtualization method of claim 6, wherein: before modifying the real IP address in the DHCP packet to a virtual IP address, the method further includes:
when the DHCP packet is intercepted, analyzing the IP header of the DHCP packet to obtain a real IP address;
and acquiring a plurality of virtual IP addresses, wherein all the virtual IP addresses are any private IP addresses except the real IP address.
8. The virtual network based network topology obfuscation virtualization method of claim 7, wherein: the acquiring a plurality of virtual IP addresses includes:
using the address field allocated by the router (2) as a virtual IP address selection field;
or the like, or a combination thereof,
any private IP address field except the address field distributed by the router (2) is used as a virtual IP address selection field;
at least one virtual IP address is selected from the virtual IP address selection section.
9. A virtual network based network topology obfuscation virtualization method according to claims 6-8, wherein: after sending the modified DHCP packet to the second network device, the method further includes:
and when the target virtual IP address is attacked, generating attack alarm information.
10. The virtual network based network topology obfuscation virtualization method of claim 9, wherein: after the attack alarm information is generated, the method further comprises the following steps:
according to the attack alarm information, marking the attacked target virtual IP address as an attacked virtual IP address;
and deleting the attacked virtual IP address from the virtual IP address selection segment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111141314.XA CN114465745B (en) | 2021-09-28 | 2021-09-28 | Network topology confusion virtual device and virtual method based on virtual network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111141314.XA CN114465745B (en) | 2021-09-28 | 2021-09-28 | Network topology confusion virtual device and virtual method based on virtual network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114465745A true CN114465745A (en) | 2022-05-10 |
| CN114465745B CN114465745B (en) | 2022-11-18 |
Family
ID=81405174
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111141314.XA Active CN114465745B (en) | 2021-09-28 | 2021-09-28 | Network topology confusion virtual device and virtual method based on virtual network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114465745B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117714212A (en) * | 2024-02-05 | 2024-03-15 | 中国科学技术大学 | Network topology confusion method and system for defending link flooding attack |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2002061599A1 (en) * | 2001-01-25 | 2002-08-08 | Crescent Networks, Inc. | Extension of address resolution protocol (arp) for internet protocol (ip) virtual networks |
| US20140126418A1 (en) * | 2012-02-02 | 2014-05-08 | Cisco Technology, Inc. | Fully Distributed Routing over a User-Configured On-Demand Virtual Network for Infrastructure-as-a-Service (IaaS) on Hybrid Cloud Networks |
| CN105429957A (en) * | 2015-11-02 | 2016-03-23 | 芦斌 | IP address jump safety communication method based on SDN framework |
| CN111600913A (en) * | 2020-07-22 | 2020-08-28 | 南京赛宁信息技术有限公司 | Self-adaptive access method and system for real equipment in attack and defense scene of network shooting range |
| CN112688900A (en) * | 2019-10-18 | 2021-04-20 | 张长河 | Local area network safety protection system and method for preventing ARP spoofing and network scanning |
| CN113098894A (en) * | 2021-04-22 | 2021-07-09 | 福建奇点时空数字科技有限公司 | SDN IP address hopping method based on randomization algorithm |
-
2021
- 2021-09-28 CN CN202111141314.XA patent/CN114465745B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2002061599A1 (en) * | 2001-01-25 | 2002-08-08 | Crescent Networks, Inc. | Extension of address resolution protocol (arp) for internet protocol (ip) virtual networks |
| US20140126418A1 (en) * | 2012-02-02 | 2014-05-08 | Cisco Technology, Inc. | Fully Distributed Routing over a User-Configured On-Demand Virtual Network for Infrastructure-as-a-Service (IaaS) on Hybrid Cloud Networks |
| CN105429957A (en) * | 2015-11-02 | 2016-03-23 | 芦斌 | IP address jump safety communication method based on SDN framework |
| CN112688900A (en) * | 2019-10-18 | 2021-04-20 | 张长河 | Local area network safety protection system and method for preventing ARP spoofing and network scanning |
| CN111600913A (en) * | 2020-07-22 | 2020-08-28 | 南京赛宁信息技术有限公司 | Self-adaptive access method and system for real equipment in attack and defense scene of network shooting range |
| CN113098894A (en) * | 2021-04-22 | 2021-07-09 | 福建奇点时空数字科技有限公司 | SDN IP address hopping method based on randomization algorithm |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117714212A (en) * | 2024-02-05 | 2024-03-15 | 中国科学技术大学 | Network topology confusion method and system for defending link flooding attack |
| CN117714212B (en) * | 2024-02-05 | 2024-05-17 | 中国科学技术大学 | Network topology confusion method and system for defending link flooding attack |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114465745B (en) | 2022-11-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3923551A1 (en) | Method and system for entrapping network threat, and forwarding device | |
| US7836203B2 (en) | Automatic route setup via snooping dynamic addresses | |
| TWI727059B (en) | Method and device for processing network traffic | |
| CN109768993A (en) | A kind of high covering Intranet honey pot system | |
| CN111885046B (en) | Linux-based transparent intranet access method and device | |
| CN111756712B (en) | Method for forging IP address and preventing attack based on virtual network equipment | |
| US20200153861A1 (en) | Decoy apparatus and method for expanding fake attack surface using deception network | |
| CN105245629B (en) | Host communication method based on DHCP and device | |
| IL150608A (en) | System and method for using an ip address as a wireless unit identifier | |
| CN110611671A (en) | Local area network communication method and device based on moving target defense | |
| CN112688900B (en) | Local area network safety protection system and method for preventing ARP spoofing and network scanning | |
| KR101786620B1 (en) | Method, apparatus and computer program for subnetting of software defined network | |
| KR101710385B1 (en) | Method, apparatus and computer program for managing arp packet | |
| WO2023193513A1 (en) | Honeypot network operation method and apparatus, device, and storage medium | |
| CN114465745B (en) | Network topology confusion virtual device and virtual method based on virtual network | |
| Robertson et al. | CINDAM: Customized information networks for deception and attack mitigation | |
| Chen et al. | Design and implementation of a novel enterprise network defense system bymaneuveringmulti-dimensional network properties | |
| CN113098894A (en) | SDN IP address hopping method based on randomization algorithm | |
| CN113676390B (en) | VXLAN-based trigger type dynamic security channel method, user side and central console | |
| CN114268491A (en) | Network security system based on honeypot technology | |
| CN106878481A (en) | A kind of Internet protocol IP address acquisition methods, device and system | |
| CN107948273B (en) | SDN-based load sharing and secure access method and system | |
| KR101993875B1 (en) | Method, system and computer program for host secretion in software defined networking environment | |
| Verma et al. | Effective VTP Model for Enterprise VLAN Security | |
| CN114465749B (en) | Virtual gateway device based on network topology confusion and construction method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |