CN114598675A - Control method, device, equipment and medium for realizing host blocking based on ARP - Google Patents
Control method, device, equipment and medium for realizing host blocking based on ARP Download PDFInfo
- Publication number
- CN114598675A CN114598675A CN202210068671.6A CN202210068671A CN114598675A CN 114598675 A CN114598675 A CN 114598675A CN 202210068671 A CN202210068671 A CN 202210068671A CN 114598675 A CN114598675 A CN 114598675A
- Authority
- CN
- China
- Prior art keywords
- address
- host
- arp
- blocked
- pseudo
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000000903 blocking effect Effects 0.000 title claims abstract description 104
- 238000000034 method Methods 0.000 title claims abstract description 100
- 230000004044 response Effects 0.000 claims abstract description 59
- 230000008569 process Effects 0.000 claims abstract description 34
- 238000004590 computer program Methods 0.000 claims description 10
- 230000005540 biological transmission Effects 0.000 claims description 5
- 238000004806 packaging method and process Methods 0.000 claims description 5
- 238000004891 communication Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 4
- 238000006243 chemical reaction Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 125000004122 cyclic group Chemical group 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
- H04L61/103—Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/13—Flow control; Congestion control in a LAN segment, e.g. ring or bus
- H04L47/135—Flow control; Congestion control in a LAN segment, e.g. ring or bus by jamming the transmission media
Abstract
The invention provides a control method, a device, equipment and a medium for realizing host blocking based on ARP, wherein the method comprises the following steps: acquiring a flow, namely acquiring an IP address of a host to be blocked in a local area network; a request process, namely generating a first pseudo ARP request data packet based on the IP address of the host to be blocked, and broadcasting and sending the first pseudo ARP request data packet in the local area network; and a response flow, namely generating a first pseudo ARP response data packet based on the IP address of the host to be blocked, and broadcasting and sending the first pseudo ARP response data packet in the local area network. The control method, the device, the equipment and the medium for realizing the host blocking based on the ARP improve the blocking efficiency and the blocking accuracy of the host to be blocked.
Description
Technical Field
The invention relates to the field of information security, in particular to a control method, a device, equipment and a medium for realizing host blocking based on ARP.
Background
In the existing blocking technology, a directional ARP response message is sent to a blocked computer by other computers (the network segments 1-255) impersonating a local area network on a blocking computer, and the blocked computer updates a local ARP cache after receiving a request, so that the aim that the blocked computer cannot communicate with other computers is fulfilled.
When a large number of computers exist in a local area network, if the blocking process of the target computer is still implemented by adopting the method, a series of problems can be faced. For example: if there are 200 hosts in the lan, the blocking computer sends 200 packets to implement the blocking process for the target computer, and this is a cyclic process, which consumes too much performance of the blocking computer, and has poor blocking effect and low blocking efficiency.
Disclosure of Invention
The invention provides a control method, a device, equipment and a medium for realizing host blocking based on ARP, which are used for solving the technical problems in the prior art.
The invention provides a control method for realizing host blocking based on ARP, which comprises the following steps:
acquiring a flow, namely acquiring an IP address of a host to be blocked in a local area network;
a request process, namely generating a first pseudo ARP request data packet based on the IP address of the host to be blocked, and broadcasting and sending the first pseudo ARP request data packet in the local area network;
and a response flow, namely generating a first pseudo ARP response data packet based on the IP address of the host to be blocked, and broadcasting and sending the first pseudo ARP response data packet in the local area network.
According to the control method for realizing host blocking based on ARP provided by the invention, after the response process, the method further comprises the following steps:
and a sending process, namely generating a second pseudo ARP request data packet based on the IP address of the host to be blocked, and sending the second pseudo ARP request data packet to a gateway.
According to the control method for realizing host blocking based on ARP provided by the invention, the method further comprises the following steps: and acquiring the blocking duration of a host to be blocked in the local area network, and sequentially and repeatedly executing the request flow and the response flow within the blocking duration.
According to the control method for realizing host blocking based on ARP provided by the invention, the generation of the first pseudo ARP request data packet based on the IP address of the host to be blocked specifically comprises the following steps:
setting a source IP address and a destination IP address in an ARP head as IP addresses of a host to be blocked; setting a source MAC address in an Ethernet header as a pseudo MAC address, and setting a target MAC address as a broadcast MAC address;
and encapsulating the ARP head and the Ethernet head to obtain a first pseudo ARP request data packet.
According to the control method for realizing host blocking based on ARP provided by the invention, the generation of the first pseudo ARP response data packet based on the IP address of the host to be blocked specifically comprises the following steps:
setting a source IP address in an ARP head as an IP address of a host to be blocked, and setting a target IP address as a broadcast IP address; setting a source MAC address in an Ethernet header as a pseudo MAC address, and setting a target MAC address as a broadcast MAC address;
and packaging the ARP head and the Ethernet head to obtain a first pseudo ARP response data packet.
According to the control method for realizing host blocking based on ARP provided by the invention, the broadcast IP address is 255.255.255.255.
According to the control method for realizing host blocking based on ARP provided by the invention, the generation of the second pseudo ARP request data packet based on the IP address of the host to be blocked specifically comprises the following steps:
setting a source IP address in an ARP head as an IP address of a host to be blocked, and setting a target IP address as a gateway IP address; setting a source MAC address in an Ethernet header as a pseudo MAC address, and setting a target MAC address as a broadcast MAC address;
and encapsulating the ARP head and the Ethernet head to obtain a second pseudo ARP request data packet.
The invention also provides a control device for realizing host blocking based on ARP, comprising:
the acquisition module is used for acquiring the IP address of the host to be blocked in the local area network;
the request module is used for generating a first pseudo ARP request data packet based on the IP address of the host to be blocked and carrying out broadcast transmission in the local area network;
and the response module is used for generating a first pseudo ARP response data packet based on the IP address of the host to be blocked and carrying out broadcast transmission in the local area network.
The invention also provides an electronic device, which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor executes the program and realizes the steps of the method for realizing the control of the host blocking based on the ARP.
The present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when being executed by a processor, implements the steps of the ARP-based host blocking control method as described in any one of the above.
The present invention also provides a computer program product comprising a computer program which, when executed by a processor, implements the steps of the method for controlling host blocking based on ARP as described in any one of the above.
The invention provides a control method, a device, equipment and a medium for realizing host blocking based on ARP, which generate a first pseudo ARP request data packet and a first pseudo ARP response data packet based on an IP address of a host to be blocked, firstly broadcast and send the first pseudo ARP request data packet in a local area network, and then broadcast and send the first pseudo ARP response data packet, and based on the above process, other hosts in the local area network obtain wrong MAC addresses of the host to be blocked, so that the aim that the host to be blocked and other hosts in the local area network can not establish communication connection is realized.
Drawings
In order to more clearly illustrate the technical solutions of the present invention or the prior art, the drawings needed for the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a schematic flow chart of a control method for implementing host blocking based on ARP according to the present invention;
FIG. 2 is a second schematic flowchart of a control method for implementing host blocking based on ARP according to the present invention;
FIG. 3 is a schematic structural diagram of a control device for implementing host blocking based on ARP according to the present invention;
fig. 4 is a schematic structural diagram of an electronic device provided in the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic flowchart of a control method for implementing host blocking based on ARP according to the present invention, and as shown in fig. 1, the method includes:
s110, acquiring a flow, and acquiring an IP address of a host to be blocked in the local area network;
s120, a request process, namely generating a first pseudo ARP request data packet based on the IP address of the host to be blocked, and broadcasting and sending the first pseudo ARP request data packet in the local area network;
s130, a response process, namely generating a first pseudo ARP response data packet based on the IP address of the host to be blocked, and broadcasting and sending the first pseudo ARP response data packet in the local area network.
It should be noted that, in the local area network, the network data is sent and received through the MAC address, and under normal conditions, the operating system itself will send the ARP request packet to request the MAC address corresponding to the destination IP address, and after the ARP request packet is sent, will receive the ARP reply packet sent from the destination IP address, based on the above request and reply process, the destination IP address and the corresponding MAC address can be stored in an ARP cache table in a corresponding manner, and then when there is network data to be sent to the destination IP address in the local area network, the MAC address corresponding to the destination IP address will be obtained from the ARP cache table, and the obtained MAC address will be used as the sending address of the network data to transmit the network data.
After an IP address of a host to be blocked in a local area network is obtained, a first pseudo ARP request data packet and a first pseudo ARP response data packet are generated based on the IP address, a nonexistent MAC address in the local area network is constructed, the fictitious MAC address is respectively packaged in the first pseudo ARP request data packet and the first pseudo ARP response data packet, then the first pseudo ARP request data packet and the first pseudo ARP response data packet are sent in a broadcasting mode in the local area network in sequence, based on the process, other hosts in the local area network obtain the incidence relation between the IP address of the host to be blocked and the fictitious MAC address, and the incidence relation between the IP address of the host to be blocked and the fictitious MAC address is stored in respective ARP cache tables.
The invention provides a control method for realizing host blocking based on ARP, which generates a first pseudo ARP request data packet and a first pseudo ARP response data packet based on an IP address of a host to be blocked, firstly broadcasts and sends the first pseudo ARP request data packet in a local area network, and then broadcasts and sends the first pseudo ARP response data packet, so that other hosts in the local area network obtain wrong MAC addresses of the host to be blocked based on the processes, thereby realizing the purpose that the host to be blocked and other hosts in the local area network cannot establish communication connection.
According to the method for realizing host blocking based on ARP provided by the invention, in the invention, after the response process, the method further comprises the following steps: and a sending process, namely generating a second pseudo ARP request data packet based on the IP address of the host to be blocked, and sending the second pseudo ARP request data packet to a gateway.
It should be noted that, the communication blocking between the host to be blocked and other hosts in the local area network is realized by repeatedly broadcasting and sending the first pseudo ARP request packet and the first pseudo ARP reply packet in sequence in the local area network, and in order to further block the host to be blocked, the internet access line of the host to be blocked needs to be cut off, and the specific method is as follows: and generating a second pseudo ARP request data packet based on the IP address of the host to be blocked, and sending the data packet to the gateway.
According to the control method for realizing the host blocking based on the ARP, the second pseudo ARP request data packet is generated based on the IP address of the host to be blocked, and the second pseudo ARP request data packet is sent to the gateway, so that the shielding of the internet access line of the host to be blocked is realized, the further blocking of the host to be blocked is ensured, and the blocking result is consolidated.
According to the method for realizing host blocking based on ARP provided by the invention, in the invention, the method further comprises the following steps: and acquiring the blocking duration of a host to be blocked in the local area network, and sequentially and repeatedly executing the request flow and the response flow within the blocking duration.
It should be noted that, in order to achieve the persistent blocking target of the host to be blocked, the request process and the response process need to be repeatedly executed in sequence, and when the blocking target is completed, that is, the blocking duration is reached, the blocking program is stopped to run; the blocking program can be run on any one or more hosts except the host to be blocked in the local area network, and the running reliability of the blocking program is ensured based on the blocking program.
The control method for realizing host blocking based on ARP provided by the invention realizes flexible control of the host to be blocked in the local area network on the blocking time by acquiring the blocking time of the host to be blocked in the local area network.
According to the method for realizing host blocking based on ARP provided by the invention, in the invention, the generating of the first pseudo ARP request data packet based on the IP address of the host to be blocked specifically comprises the following steps: setting a source IP address and a destination IP address in an ARP head as IP addresses of a host to be blocked; setting a source MAC address in an Ethernet header as a pseudo MAC address, and setting a target MAC address as a broadcast MAC address; and encapsulating the ARP head and the Ethernet head to obtain a first pseudo ARP request data packet.
It should be noted that, the structure content corresponding to the ARP header is constructed, the type field therein is set as the ARP request, the source IP address is the IP address of the host to be blocked, the destination IP address is also the IP address of the host to be blocked, the source MAC address of the ethernet structure is set as a false MAC address, where the false MAC address means that the MAC address does not exist in the local area network where the host to be blocked is located, the destination MAC address is set as a broadcast MAC address, and the rest fields of the data packet are set according to the existing specification; and packaging the set ARP head and the Ethernet head to obtain a first pseudo ARP request data packet.
The control method for realizing the host blocking based on the ARP realizes the association between the IP address of the host to be blocked and the fictitious MAC address through the source MAC address in the fictitious first fake ARP request data packet, and effectively ensures the smooth proceeding of the subsequent host to be blocked.
According to the method for realizing host blocking based on ARP provided by the invention, in the invention, the generating of the first pseudo ARP response data packet based on the IP address of the host to be blocked specifically comprises the following steps: setting a source IP address in an ARP head as an IP address of a host to be blocked, and setting a target IP address as a broadcast IP address; setting a source MAC address in an Ethernet header as a pseudo MAC address, and setting a target MAC address as a broadcast MAC address; and packaging the ARP head and the Ethernet head to obtain a first pseudo ARP response data packet.
It should be noted that, when generating the first pseudo ARP reply packet, the type field in the first pseudo ARP reply packet is set as an ARP reply by constructing the structure content corresponding to the ARP protocol, the source IP address is the IP address of the host to be blocked, the destination IP address is a broadcast IP address, the source MAC address in the ethernet header structure is set as a pseudo MAC address, and the destination MAC address is set as a broadcast MAC address.
The control method for realizing the host blocking based on the ARP realizes the response process to the ARP request through the source MAC address in the fictitious first fake ARP response data packet, and simultaneously can ensure that other hosts except the blocked host in the local area network can obtain the incidence relation between the IP address of the blocked host and the fictitious MAC address in time by setting the target MAC address as the broadcast MAC address, thereby realizing the blocking process of the blocked host and other hosts in the local area network.
According to the control method for realizing host blocking based on ARP provided by the invention, in the invention, the broadcast IP address is 255.255.255.255.
It should be noted that each IP address is composed of a network bit and a host bit, when the host bits are all 1, the IP address is a broadcast IP address, when each host receives an ARP reply packet, it is determined whether the IP address is addressed to itself, when the broadcast address of a certain network segment is used as a destination address, the packet is addressed to the host belonging to the network segment, the host considers that the packet is addressed to itself, theoretically, each different network segment has a broadcast address, and the reason why 255.255.255.255 is used as the broadcast IP address here is that 255.255.255.255.255 is a unique limited broadcast address, which means that the packet is only addressed to the network segment where the host belongs.
Correspondingly, the broadcast MAC address at this time is ff-ff-ff-ff-ff, and the broadcast MAC address is unique, when the switch device in the local area network receives the data frame of which the destination MAC address is the broadcast MAC address, the data frame is broadcasted and sent out from other interfaces, then other hosts in the local area network receive the transmitted data frame, each host can judge whether the destination MAC address in the Ethernet header is transmitted to the host, when the broadcast MAC address is found, the broadcast MAC address can be directly considered to be sent to the broadcast MAC address, the received data is analyzed, the ARP request data packet is further analyzed to find that the target IP address is the broadcast MAC address, the ARP request data packet is also really sent to the broadcast MAC address, the source MAC address and source IP address in this ARP request packet are then learned, because the source MAC address is fictitious, the wrong MAC to IP binding is learned.
According to the control method for realizing host blocking based on ARP, the broadcast IP address is set to be 255.255.255.255, correspondingly, the broadcast MAC address is set to be ff-ff-ff-ff-ff-ff, so that accurate sending of a data packet is ensured, other hosts in a local area network learn the binding relationship between the MAC address and the IP address of the host to be blocked, and the blocking process of the host to be blocked is ensured.
According to the method for realizing host blocking based on ARP provided by the invention, in the invention, the generating of the second pseudo ARP request data packet based on the IP address of the host to be blocked specifically comprises the following steps: setting a source IP address in an ARP head as an IP address of a host to be blocked, and setting a target IP address as a gateway IP address; setting a source MAC address in an Ethernet header as a pseudo MAC address, and setting a target MAC address as a broadcast MAC address; and encapsulating the ARP head and the Ethernet head to obtain a second pseudo ARP request data packet.
It should be noted that, in order to prevent the host to be blocked from accessing the internet alone, a forged ARP request packet needs to be sent to the gateway alone, which is defined as a second pseudo ARP request packet, in the second pseudo ARP request packet, the source IP address is set as the IP address of the host to be blocked, the destination IP address is set as the gateway IP address, the source MAC address in the ethernet header is set as the pseudo MAC address, and the destination MAC address is set as the broadcast MAC address.
According to the control method for realizing host blocking based on ARP, the binding relation between the IP address of the blocked host and the false MAC address is sent to the gateway, so that normal communication connection cannot be established between the gateway and the blocked host, namely the blocked host cannot access the Internet, further blocking of the blocked host is realized based on the method, and blocking results are consolidated.
Fig. 2 is a second flowchart of the method for controlling host blocking based on ARP according to the present invention, as shown in fig. 2, the method includes:
step1, obtaining parameters, wherein the parameters comprise the IP address of the host to be blocked and the time length required to be blocked;
step2, broadcasting and sending a forged ARP request in the local area network;
step3, broadcasting and sending a forged ARP response in the local area network;
step4, unicast sending a forged ARP request to the gateway;
step5, judging whether the running time of the blocking program reaches the blocking duration, if so, stopping the blocking program; if not, Step2, Step3 and Step4 are repeatedly executed in sequence.
The broadcast sending of the forged ARP request and the forged ARP reply in the lan is realized by sending a corresponding data packet in the lan, and the data packet sending tool may select a winpcap library or send the data packet using a socket api of windows, and the following describes the sending process of the data packet by taking the winpcap library as an example:
after the IP address of the host to be blocked and the time length needing blocking are obtained, loading and initializing the wincap library, and ensuring that dll needed by the wincap library exists in the program running environment; calling a pcap _ lookup function of the wincap to enumerate all network cards, then calling a pcap _ open _ live function to open the network card device, wherein the pcap _ lookup () function is used for obtaining a network number and a mask of a specified network device, the pcap _ open _ live () function is used for opening the network device, and returning a data packet capture description word for capturing a network data packet, and the operation of the network device is based on the network device description word.
A Buffer of a Buffer is needed to be allocated in the blocking program to construct a message, an ethernet header of the Buffer is constructed first, and an ethernet header structure required by packet sending is as follows:
where desteth is the destination MAC address, sournether is the source MAC address, and is set to broadcast MAC address 0 xfffffffff, and if the source MAC address is needed to be falsified to cause an erroneous MAC address, the member variable value may be set to 0 xdeadeadeadded, ServType member is set to 0x0806, and 0x0806 represents that this is a data packet of an ARP protocol, which represents that an ARP header structure will follow later, and the above setting process needs to use a byte order conversion function, such as htons, htontl, and the like.
5) After the Ethernet header of the Buffer is set, a pointer is used for skipping the length (14 bytes) of the Ethernet header, and then the ARP header of the Buffer is constructed, wherein the ARP header structure required by the packet sending is in the following form:
wherein, the Type member is fixedly set to 1, the Proto member is fixedly set to 0x0800, the hardaddr len member is fixedly set to 6, the addr len member is fixedly set to 4, the Oper member is set to 1 to represent an ARP request, 0 represents an ARP reply, the sourreher member is set to a forged source MAC address, such as 0 xdeadeadeadded, the soureip member is set to an IP address of a blocked host, the destetherer member is set to a broadcast address, such as 0 xfffffffffff, the DestIP member is set to 0 xfffffffff (if a forged ARP request is sent to a gateway, the DestIP is set to an IP address of the gateway), and a byte-order conversion function, such as htons, htont and the like, is needed when setting the Type Proto Oper member of the structure.
Calling a pcap _ sendpack interface in a wincap library to send a data packet, and before sending the data packet, needing to specify a network card device opened by using a pcap _ open _ live () function, a Buffer with constructed data and a data packet length, if the data packet is a sent ARP request message, the data packet length is the Ethernet header length + the ARP header length +22 bytes, and if the data packet is a sent ARP response message, the data packet length is the Ethernet header length + the ARP header length +18 bytes.
The invention provides a control method for realizing host blocking based on ARP, which generates a first pseudo ARP request data packet and a first pseudo ARP response data packet based on an IP address of a host to be blocked, firstly broadcasts and sends the first pseudo ARP request data packet in a local area network, and then broadcasts and sends the first pseudo ARP response data packet, so that other hosts in the local area network obtain wrong MAC addresses of the host to be blocked based on the processes, thereby realizing the purpose that the host to be blocked and other hosts in the local area network cannot establish communication connection.
Fig. 3 is a schematic structural diagram of a control device for implementing host blocking based on ARP according to the present invention, and as shown in fig. 3, the device includes:
an obtaining module 310, configured to obtain an IP address of a host to be blocked in a local area network;
a request module 320, configured to generate a first pseudo ARP request packet based on the IP address of the host to be blocked, and broadcast and send the first pseudo ARP request packet in the local area network;
the response module 330 is configured to generate a first pseudo ARP response packet based on the IP address of the host to be blocked, and perform broadcast transmission in the local area network.
The control device for realizing host blocking based on ARP provided by the invention generates a first pseudo ARP request data packet and a first pseudo ARP response data packet based on the IP address of the host to be blocked, firstly broadcasts and sends the first pseudo ARP request data packet in a local area network, and then broadcasts and sends the first pseudo ARP response data packet, so that other hosts in the local area network can obtain the wrong MAC address of the host to be blocked based on the processes, thereby realizing the purpose that the host to be blocked and other hosts in the local area network can not establish communication connection.
According to the control device for realizing host blocking based on ARP provided by the invention, in the invention, the device further comprises: and the sending module is used for executing a sending process, wherein the sending process comprises the steps of generating a second pseudo ARP request data packet based on the IP address of the host to be blocked and sending the second pseudo ARP request data packet to a gateway.
According to the control device for realizing host blocking based on ARP, the second pseudo ARP request data packet is generated based on the IP address of the host to be blocked, and the second pseudo ARP request data packet is sent to the gateway, so that the shielding of the internet access line of the host to be blocked is realized, the further blocking of the host to be blocked is ensured, and the blocking result is consolidated.
According to the device for realizing host blocking based on ARP provided by the present invention, in the present invention, the obtaining module 310 is further configured to obtain a blocking duration of a host to be blocked in a local area network, within the blocking duration, the requesting module 320 executes the request flow, the responding module 330 executes the responding flow, and the requesting flow and the responding flow are repeatedly executed in sequence.
The control device for realizing host blocking based on ARP provided by the invention realizes flexible control of the host to be blocked in the local area network on the blocking time by acquiring the blocking time of the host to be blocked in the local area network.
According to the control device for implementing host blocking based on ARP provided by the present invention, in the present invention, when the request module 320 is configured to generate the first pseudo ARP request packet based on the IP address of the host to be blocked, it is specifically configured to: setting a source IP address and a destination IP address in an ARP head as IP addresses of a host to be blocked; setting a source MAC address in an Ethernet header as a pseudo MAC address, and setting a target MAC address as a broadcast MAC address; and encapsulating the ARP head and the Ethernet head to obtain a first pseudo ARP request data packet.
The control device for realizing the host blocking based on the ARP realizes the association between the IP address of the host to be blocked and the fictitious MAC address through the source MAC address in the fictitious first fake ARP request data packet, and effectively ensures the smooth proceeding of the subsequent host to be blocked.
According to the control device for realizing host blocking based on ARP provided by the present invention, in the present invention, when the response module 330 is configured to generate a first pseudo ARP response packet based on the IP address of the host to be blocked, it is specifically configured to: setting a source IP address in an ARP head as an IP address of a host to be blocked, and setting a target IP address as a broadcast IP address; setting a source MAC address in an Ethernet header as a pseudo MAC address, and setting a target MAC address as a broadcast MAC address; and packaging the ARP head and the Ethernet head to obtain a first pseudo ARP response data packet.
The control device for realizing host blocking based on ARP provided by the invention realizes the response process to the ARP request through the source MAC address in the fictitious first fake ARP response data packet, and simultaneously can ensure that other hosts except the blocked host in the local area network can obtain the incidence relation between the IP address of the blocked host and the fictitious MAC address in time by setting the target MAC address as the broadcast MAC address, thereby realizing the blocking process of the blocked host and other hosts in the local area network.
According to the control device for realizing host blocking based on ARP, the broadcast IP address is 255.255.255.255.
According to the control device for realizing host blocking based on ARP, the broadcast IP address is set to be 255.255.255.255, correspondingly, the broadcast MAC address is set to be ff-ff-ff-ff-ff-ff, so that accurate sending of a data packet is ensured, other hosts in a local area network learn the binding relationship between the MAC address and the IP address of the host to be blocked, and the blocking process of the host to be blocked is ensured.
Fig. 4 illustrates a physical structure diagram of an electronic device, which may include, as shown in fig. 4: a processor (processor)410, a communication Interface 420, a memory (memory)430 and a communication bus 440, wherein the processor 410, the communication Interface 420 and the memory 430 are communicated with each other via the communication bus 440. The processor 410 may invoke logic instructions in the memory 430 to perform a method of controlling host blocking based on ARP, the method comprising: acquiring a flow, namely acquiring an IP address of a host to be blocked in a local area network; a request process, namely generating a first pseudo ARP request data packet based on the IP address of the host to be blocked, and broadcasting and sending the first pseudo ARP request data packet in the local area network; and a response flow, namely generating a first pseudo ARP response data packet based on the IP address of the host to be blocked, and broadcasting and sending the first pseudo ARP response data packet in the local area network.
In addition, the logic instructions in the memory 430 may be implemented in the form of software functional units and stored in a computer readable storage medium when the software functional units are sold or used as independent products. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product comprising a computer program stored on a non-transitory computer-readable storage medium, the computer program comprising program instructions, which when executed by a computer, enable the computer to execute the ARP-based host blocking control method provided by the above methods, the method comprising: acquiring a flow, namely acquiring an IP address of a host to be blocked in a local area network; a request process, namely generating a first pseudo ARP request data packet based on the IP address of the host to be blocked, and broadcasting and sending the first pseudo ARP request data packet in the local area network; and a response flow, namely generating a first pseudo ARP response data packet based on the IP address of the host to be blocked, and broadcasting and sending the first pseudo ARP response data packet in the local area network.
In yet another aspect, the present invention also provides a non-transitory computer-readable storage medium having stored thereon a computer program, which when executed by a processor is implemented to execute the ARP-based host blocking control method provided in each of the above aspects, the method including: acquiring a flow, namely acquiring an IP address of a host to be blocked in a local area network; a request process, namely generating a first pseudo ARP request data packet based on the IP address of the host to be blocked, and broadcasting and sending the first pseudo ARP request data packet in the local area network; and a response flow, namely generating a first pseudo ARP response data packet based on the IP address of the host to be blocked, and broadcasting and sending the first pseudo ARP response data packet in the local area network.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A control method for realizing host blocking based on ARP is characterized by comprising the following steps:
acquiring a flow, namely acquiring an IP address of a host to be blocked in a local area network;
a request process, namely generating a first pseudo ARP request data packet based on the IP address of the host to be blocked, and broadcasting and sending the first pseudo ARP request data packet in the local area network;
and a response flow, namely generating a first pseudo ARP response data packet based on the IP address of the host to be blocked, and broadcasting and sending the first pseudo ARP response data packet in the local area network.
2. The ARP-based host blocking control method of claim 1, wherein after the reply procedure, the method further comprises:
and a sending process, namely generating a second pseudo ARP request data packet based on the IP address of the host to be blocked, and sending the second pseudo ARP request data packet to a gateway.
3. The ARP-based host blocking control method of claim 1, wherein the method further comprises: and acquiring the blocking duration of a host to be blocked in the local area network, and sequentially and repeatedly executing the request flow and the response flow within the blocking duration.
4. The method according to claim 1, wherein the generating a first pseudo ARP request packet based on the IP address of the host to be blocked specifically includes:
setting a source IP address and a destination IP address in an ARP head as IP addresses of a host to be blocked; setting a source MAC address in an Ethernet header as a pseudo MAC address, and setting a target MAC address as a broadcast MAC address;
and encapsulating the ARP head and the Ethernet head to obtain a first pseudo ARP request data packet.
5. The method according to claim 1, wherein the generating a first pseudo ARP reply packet based on the IP address of the host to be blocked specifically includes:
setting a source IP address in an ARP head as an IP address of a host to be blocked, and setting a target IP address as a broadcast IP address; setting a source MAC address in an Ethernet header as a pseudo MAC address, and setting a target MAC address as a broadcast MAC address;
and packaging the ARP head and the Ethernet head to obtain a first pseudo ARP response data packet.
6. The ARP-based host blocking control method of claim 5, wherein the broadcast IP address is 255.255.255.255.
7. The method according to claim 2, wherein the generating a second pseudo ARP request packet based on the IP address of the host to be blocked specifically includes:
setting a source IP address in an ARP head as an IP address of a host to be blocked, and setting a target IP address as a gateway IP address; setting a source MAC address in an Ethernet header as a pseudo MAC address, and setting a target MAC address as a broadcast MAC address;
and encapsulating the ARP head and the Ethernet head to obtain a second pseudo ARP request data packet.
8. A control device for realizing host blocking based on ARP is characterized in that the control device comprises:
the acquisition module is used for acquiring the IP address of the host to be blocked in the local area network;
the request module is used for generating a first pseudo ARP request data packet based on the IP address of the host to be blocked and carrying out broadcast transmission in the local area network;
and the response module is used for generating a first pseudo ARP response data packet based on the IP address of the host to be blocked and carrying out broadcast transmission in the local area network.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor when executing the program performs the steps of the method for controlling host blocking based on ARP according to any of claims 1-7.
10. A non-transitory computer readable storage medium having stored thereon a computer program, which when executed by a processor implements the steps of the ARP-based host blocking based control method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210068671.6A CN114598675A (en) | 2022-01-20 | 2022-01-20 | Control method, device, equipment and medium for realizing host blocking based on ARP |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210068671.6A CN114598675A (en) | 2022-01-20 | 2022-01-20 | Control method, device, equipment and medium for realizing host blocking based on ARP |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114598675A true CN114598675A (en) | 2022-06-07 |
Family
ID=81805103
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210068671.6A Pending CN114598675A (en) | 2022-01-20 | 2022-01-20 | Control method, device, equipment and medium for realizing host blocking based on ARP |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114598675A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115086271A (en) * | 2022-06-17 | 2022-09-20 | 杭州云合智网技术有限公司 | Method for searching equipment in local area network |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1874223A (en) * | 2006-06-27 | 2006-12-06 | 天津移动通信有限责任公司 | Access control system and method for implementing binding MAC/IP of network device |
| US20100242084A1 (en) * | 2007-09-07 | 2010-09-23 | Cyber Solutions Inc. | Network security monitor apparatus and network security monitor system |
| US20110179486A1 (en) * | 2008-10-10 | 2011-07-21 | Plustech Inc. | Method for neutralizing the arp spoofing attack by using counterfeit mac addresses |
| CN102904902A (en) * | 2012-10-31 | 2013-01-30 | 北京锐安科技有限公司 | Dynamic host configuration protocol (DHCP)-based bypass blocking method |
-
2022
- 2022-01-20 CN CN202210068671.6A patent/CN114598675A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1874223A (en) * | 2006-06-27 | 2006-12-06 | 天津移动通信有限责任公司 | Access control system and method for implementing binding MAC/IP of network device |
| US20100242084A1 (en) * | 2007-09-07 | 2010-09-23 | Cyber Solutions Inc. | Network security monitor apparatus and network security monitor system |
| US20110179486A1 (en) * | 2008-10-10 | 2011-07-21 | Plustech Inc. | Method for neutralizing the arp spoofing attack by using counterfeit mac addresses |
| CN102904902A (en) * | 2012-10-31 | 2013-01-30 | 北京锐安科技有限公司 | Dynamic host configuration protocol (DHCP)-based bypass blocking method |
Non-Patent Citations (3)
| Title |
|---|
| 贾大智;: "内网安全产品中的旁路阻断技术分析", 计算机安全, no. 11, 15 November 2009 (2009-11-15), pages 2 * |
| 陈小文;胡文飞;和应民;: "基于WinPcap的旁路IP阻断方法研究与实现", 中国新技术新产品, no. 01, pages 3 * |
| 马跃龙;: "基于ARP协议的网络访问控制方法浅议", 科技创新导报, no. 22, pages 1 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115086271A (en) * | 2022-06-17 | 2022-09-20 | 杭州云合智网技术有限公司 | Method for searching equipment in local area network |
| CN115086271B (en) * | 2022-06-17 | 2023-09-26 | 杭州云合智网技术有限公司 | Method for searching equipment in local area network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI677222B (en) | Connection establishment method and device applied to server load balancing | |
| US9712559B2 (en) | Identifying frames | |
| KR101253390B1 (en) | Router detection | |
| US20040123142A1 (en) | Detecting a network attack | |
| WO2020143119A1 (en) | Method, device and system for defending internet of things against ddos attack, and storage medium | |
| CN105516080A (en) | Processing method, apparatus, and system for TCP connection | |
| US20170237769A1 (en) | Packet transfer method and packet transfer apparatus | |
| CN110932890B (en) | Data transmission method, server and computer readable storage medium | |
| CN109196842B (en) | Session keeping method, device and storage medium | |
| CN111431871B (en) | Processing method and device of TCP (Transmission control protocol) semi-transparent proxy | |
| EP4057576A1 (en) | Packet encapsulating method and apparatus, and packet decapsulating method and apparatus | |
| CN109756475B (en) | Data transmission method and device in unidirectional network | |
| CN103763374A (en) | Method and device for data transmission based on UDT | |
| CN114598675A (en) | Control method, device, equipment and medium for realizing host blocking based on ARP | |
| US11252184B2 (en) | Anti-attack data transmission method and device | |
| CN111131548B (en) | Information processing method, apparatus and computer readable storage medium | |
| WO2006060908A1 (en) | Method for running an x.25-based application on a second protocol-based network | |
| US20100238930A1 (en) | Router and method of forwarding ipv6 packets | |
| CN113872949B (en) | Address resolution protocol response method and related device | |
| US20200274847A1 (en) | Access device for analysis of physical links and method thereof | |
| CN112612670A (en) | Session information statistical method, device, exchange equipment and storage medium | |
| CN113067911B (en) | NAT traversal method and device, electronic equipment and storage medium | |
| EP4184820A1 (en) | Ipv6 message transmission method, device and system | |
| CN115801340A (en) | Method, system, medium and device for detecting abnormity of HTTP2 protocol | |
| Ekman | Automobile Control Systems: Transition from Controller Area Networks to Ethernets |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |