CN115941256A - Anti-attack method, system and module for preventing IP cheating - Google Patents

Anti-attack method, system and module for preventing IP cheating Download PDF

Info

Publication number
CN115941256A
CN115941256A CN202211303619.0A CN202211303619A CN115941256A CN 115941256 A CN115941256 A CN 115941256A CN 202211303619 A CN202211303619 A CN 202211303619A CN 115941256 A CN115941256 A CN 115941256A
Authority
CN
China
Prior art keywords
source
list
address
message
ttl
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211303619.0A
Other languages
Chinese (zh)
Inventor
李科
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CLP Cloud Digital Intelligence Technology Co Ltd
Original Assignee
CLP Cloud Digital Intelligence Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CLP Cloud Digital Intelligence Technology Co Ltd filed Critical CLP Cloud Digital Intelligence Technology Co Ltd
Priority to CN202211303619.0A priority Critical patent/CN115941256A/en
Publication of CN115941256A publication Critical patent/CN115941256A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses an anti-attack method, system and module for preventing IP spoofing. The anti-attack method for preventing IP spoofing comprises the following steps: acquiring a TCPACK message and a legal DUP message received by protected equipment, and recording a source IP address and a corresponding TTL value of the message in a first list; acquiring an illegal TCP request message and an illegal DUP message received by protected equipment, and recording a source IP address of the message in a second list; the illegal TCP request message is a TCP request message which is continuously received after the first TCP request message; intercepting information from a source IP address recorded in the second list, and extracting a TTL value carried in the information; and judging whether the TTL value carried in the information is consistent with the TTL value corresponding to the source IP address recorded in the first list, and controlling the firewall to prohibit all messages from the source IP address and with the TTL values being the TTL values carried in the information under the condition that the judgment result is inconsistent. By adopting the invention, the machine can be effectively protected from attack with IP spoofing.

Description

Anti-attack method, system and module for preventing IP cheating
Technical Field
The invention relates to the technical field of attack protection, in particular to an anti-attack method, system and module for preventing IP cheating.
Background
The blacklist mechanism is a common mechanism widely used in a service program of a distributed storage server node for protecting a self service process from being attacked by DDOS, and a common way of the blacklist mechanism is to add an attacker IP to a blacklist list and reject a service request from an address in the blacklist list. The disadvantage of this approach is that an attacker can masquerade his own IP address, even as the IP of a storage service node in a distributed storage server. As such, attacks cannot be effectively identified, resulting in service outages between storage server nodes.
Disclosure of Invention
The embodiment of the invention provides an anti-attack method, system and module for preventing IP deception, which are used for solving the problem that an attacker pretends to be a storage service node in the prior art to implement IP attack.
The anti-attack method for preventing the IP deception comprises the following steps:
acquiring a TCPACK message and a legal DUP message received by protected equipment, and recording a source IP address and a corresponding TTL value of the message in a first list;
obtaining an illegal TCP request message and an illegal DUP message received by the protected equipment, and recording a source IP address of the message in a second list; the illegal TCP request message is a TCP request message which is continuously received after the first TCP request message;
intercepting information of a source IP address recorded in the second list, and extracting a TTL value carried in the information;
and judging whether the TTL value carried in the information is consistent with the TTL value corresponding to the source IP address recorded in the first list or not, and controlling the firewall to prohibit all messages from the source IP address and with TTL values being the TTL values carried in the information under the condition that the judgment result is inconsistent.
According to some embodiments of the present invention, the step of prohibiting, by the control firewall, all packets from the source IP address and having TTL values that are TTL values carried in the information includes:
and adding a discarding rule in the firewall program so that the firewall prohibits all messages from the source IP address and the TTL values of the messages are TTL values carried in the information.
According to some embodiments of the invention, the method further comprises:
and after a discarding rule is added in the firewall program, deleting the source IP address corresponding to the discarding rule from the second list.
According to some embodiments of the invention, the method further comprises:
and judging whether the recording time length of the TTL values recorded in the first list is greater than a preset time length or not, and updating the TTL values in the first list under the condition that the judgment result is yes.
The anti-attack system for preventing IP cheating according to the embodiment of the invention comprises:
the first monitoring unit is used for acquiring a TCPACK message and a legal DUP message received by protected equipment and recording a source IP address of the message and a corresponding TTL value in a first list;
a second monitoring unit, configured to obtain an illegal TCP request packet and an illegal DUP packet that are received by the protected device, and record a source IP address of the packet in a second list; the illegal TCP request message is a TCP request message continuously received after the first TCP request message;
the third monitoring unit is in communication connection with the second monitoring unit and is used for intercepting information from the source IP address recorded in the second list and extracting a TTL value carried in the information;
and the processing unit is in communication connection with the first monitoring unit and the third monitoring unit, and is used for judging whether the TTL value carried in the information is consistent with the TTL value corresponding to the source IP address recorded in the first list or not, and controlling a firewall to prohibit all messages from the source IP address and with the TTL values being the TTL values carried in the information under the condition that the judgment result is inconsistent.
According to some embodiments of the invention, the processing unit is to:
and adding a discarding rule in the firewall program so that the firewall prohibits all messages from the source IP address and the TTL values of the messages are TTL values carried in the information.
According to some embodiments of the invention, the processing unit is further configured to:
and after a discarding rule is added in the firewall program, deleting the source IP address corresponding to the discarding rule from the second list.
According to some embodiments of the invention, the first monitoring unit is further configured to:
and judging whether the recording time length of the TTL values recorded in the first list is greater than a preset time length or not, and updating the TTL values in the first list under the condition that the judgment result is yes.
The anti-attack module for preventing the IP deception according to the embodiment of the invention comprises the following components: a memory, a processor and a computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the anti-attack method of preventing IP spoofing as described above.
According to the computer readable storage medium of the embodiment of the present invention, the computer readable storage medium stores thereon an implementation program of information transfer, which when executed by a processor implements the steps of the anti-attack method of preventing IP spoofing as described above.
By adopting the embodiment of the invention, the firewall rules are learned by combining the TTL characteristics of the messages, so that a more intelligent blacklist mechanism is achieved, the defect of source IP camouflage in the traditional blacklist mechanism is avoided, a machine can be protected from being attacked by IP spoofing, the efficiency of a service program can be improved, and sockets waiting for SYN _ ACK in TCP handshake can be obviously reduced.
The above description is only an overview of the technical solutions of the present invention, and the present invention can be implemented in accordance with the content of the description so as to make the technical means of the present invention more clearly understood, and the above and other objects, features, and advantages of the present invention will be more clearly understood.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. In the drawings:
FIG. 1 is a flow chart of an attack prevention method for preventing IP spoofing in the embodiment of the invention;
fig. 2 is a diagram of an attack prevention system architecture that prevents IP spoofing in an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the invention are shown in the drawings, it should be understood that the invention can be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. Additionally, in some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
The embodiment of the invention provides an anti-attack method for preventing IP spoofing, which can be applied to protected equipment, such as a distributed storage server node.
The anti-attack method for preventing the IP deception of the embodiment of the invention comprises the following steps:
the method comprises the steps of obtaining a TCPACK message and a legal DUP message received by protected equipment, and recording source IP addresses and corresponding TTL values of the messages (namely the TCPACK message and the legal DUP message) in a first list.
It will be appreciated that when a tcp ack message or a legitimate DUP message is received by the protected device, the source IP address and TTL value in the tcp ack message or legitimate DUP message are extracted and stored as a record in the first list.
For the TCP protocol, three times of handshake are completed, and the attacked machine can only receive SYN message but not TCP ack message. Therefore, if the tcp ack message is received, the sender is a legitimate sender, but not disguised by an attacker.
For the UDP protocol, the payload of UDP is difficult for an attacker to emulate. The validity may be determined by means of agreed characteristics (e.g. the length of the message, or the value of an octet).
Obtaining an illegal TCP request message and an illegal DUP message received by the protected equipment, and recording a source IP address of the message in a second list; the illegal TCP request message is a TCP request message which is continuously received after the first TCP request message.
It can be understood that if the sender is legal, the TCP request message is sent once, and then the TCP ack message is sent; if the sender is illegal, the sender cannot send the TCP ACK message and can continuously send the TCP request message. Therefore, it is suspicious attackers that TCP request messages are continuously sent, and that sending illegal DUP messages is possible that their source IP address is disguised. Therefore, their source IP addresses are recorded in the second list to further determine it.
Intercepting information of a source IP address recorded in the second list, and extracting a TTL value carried in the information;
it is understood that a determination is made with respect to the information sent by the source IP address recorded in the second list, for which there is a possibility of masquerading, to delete the attacker who masquerades the source IP address.
And judging whether the TTL value carried in the information is consistent with the TTL value corresponding to the source IP address recorded in the first list, and controlling a firewall to prohibit all messages from the source IP address and with the TTL values being the TTL values carried in the information under the condition that the judgment result is inconsistent.
TTL (time to live) is a field of the IP header. To be precise, in the header of IPv4 of 20 bytes is the 9 th byte, the second ten bytes in the IPv6 header of 40 bytes. The sender sets the initial value of TTL in the IP protocol layer, and the fixed value is reduced when the message passes through one routing node in the routing process of sending the message to the destination end. Although the attacking machine can imitate the source IP, the routing path to the destination machine cannot be modified. Routing paths typically do not change over a period of days to weeks. In the IP message received by the target machine, the TTL values of the attack machine and the normal machine are different.
Therefore, whether the source IP address of the sender is masquerading can be determined by the TTL value.
By adopting the embodiment of the invention, the firewall rule is learned by combining the TTL characteristics of the message, so that a more intelligent blacklist mechanism is achieved, the defect of source IP camouflage in the traditional blacklist mechanism is avoided, a machine can be protected from attack with IP deception, the efficiency of a service program can be improved, and sockets waiting for SYN _ ACK in TCP handshake can be obviously reduced.
On the basis of the above-described embodiment, modified embodiments are further proposed, and it is to be noted here that, in order to make the description brief, only the differences from the above-described embodiment are described in each modified embodiment.
According to some embodiments of the present invention, the step of prohibiting, by the control firewall, all packets from the source IP address and having TTL values that are TTL values carried in the information includes:
and adding a discarding rule in the firewall program so that the firewall prohibits all messages from the source IP address and the TTL values of the messages are TTL values carried in the information.
Therefore, by adding the drop rule in the firewall program, the firewall can automatically finish the protection of an attacker.
According to some embodiments of the invention, the method further comprises:
and after a discarding rule is added in the firewall program, deleting the source IP address corresponding to the discarding rule from the second list.
In some embodiments according to the invention, the method further comprises:
and judging whether the recording time length of the TTL values recorded in the first list is greater than a preset time length or not, and updating the TTL values in the first list under the condition that the judgment result is yes.
This makes it possible to adapt to the actual situation of the route path change.
The attack-prevention method for preventing IP spoofing according to an embodiment of the present invention is described in detail in a specific embodiment with reference to fig. 1 to 2. It is to be understood that the following description is illustrative only and is not intended as a specific limitation of the invention. All similar structures and similar variations thereof adopted by the invention are intended to fall within the scope of the invention.
TTL (time to live) is a field of the IP header. To be precise, in the header of IPv4 of 20 bytes is the 9 th byte, the second ten bytes in the IPv6 header of 40 bytes. The sender sets the initial value of TTL in the IP protocol layer, and the value is reduced when the message passes through one routing node in the routing process of the message to the destination end. Although the attacking machine can imitate the source IP, the routing path to the destination machine cannot be modified. Routing paths typically do not change over a period of days to weeks. Because of this, the TTL values of the attacking machine and the normal machine are different in the IP packet received by the destination machine.
Because the source IP is impersonated by the attacking machine, three-way handshake is completed for the TCP protocol, and the attacked machine can only receive the SYN message but cannot receive the ACK message; for the UDP protocol, the payload of UDP is difficult for an attacker to simulate and is illegal for the attacked machine.
Based on this, an embodiment of the present invention provides an anti-attack method for preventing IP spoofing, and as shown in fig. 1, a monitor is introduced to a protected device to capture a tcp ack packet, and record its source IP and TTL in a first list (called a TTLAC); for a DUP message, a monitoring program can capture the message, judge the validity of the DUP message by means of an agreed characteristic (such as the message length or the value of a certain octetct), and record the source IP and TTL of the DUP message into a TTLAC table if the DUP message is legal. When the protected device receives no TCP ACK message or a large number of illegal UDP messages for a plurality of times, the IP in the non-TCP ACK message and the illegal UDP message are written into a second list (called TTLBL). The monitor is informed of the IPs in the TTLBL, and the monitor initiates monitoring and interception of all packets from the IPs, compares the TTL of the intercepted packets with the TTL of the packets in the TTLAC table, and if different, adds a discard rule to the firewall to prohibit all packets from the IPs having such TTL, and removes the IP from the TTLBL table.
FIG. 2 shows all components deployed on a protected machine. The service program is responsible for adding IP records to the TTLBL table. The Monitor program monitors the TTLBL table and then operates according to the contents of the learned TTLAC table. The hash table in memory is used by the monitor program to map the TTLAC into memory for efficiency.
The embodiment of the invention can be applied to the interior of each node of a distributed storage server. For the nodes, the nodes are linked with each other through the switch, so that the communication between the nodes and even the TTL value cannot be reduced. For such a scenario, even static rules may be used to directly set the rules containing the TTL values into the firewall.
By adopting the embodiment of the invention, the learning of the firewall rule is carried out by combining the TTL characteristics of the IP message, thereby achieving a more intelligent blacklist mechanism, avoiding the defect of source end IP camouflage in the traditional blacklist mechanism, protecting equipment from DDOS attack with IP deception, and improving the efficiency of a service program because sockets waiting for SYN _ ACK in TCP handshake can be obviously reduced.
It should be noted that the above-mentioned embodiments are only preferred embodiments of the present invention, and are not intended to limit the present invention, and those skilled in the art can make various modifications and changes. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
The anti-attack system for preventing IP cheating according to the embodiment of the invention comprises:
the first monitoring unit is used for acquiring a TCPACK message and a legal DUP message received by protected equipment and recording a source IP address of the message and a corresponding TTL value in a first list;
a second monitoring unit, configured to obtain an illegal TCP request packet and an illegal DUP packet that are received by the protected device, and record a source IP address of the packet in a second list; the illegal TCP request message is a TCP request message which is continuously received after the first TCP request message;
the third monitoring unit is in communication connection with the second monitoring unit and is used for intercepting information of a source IP address recorded in the second list and extracting a TTL value carried in the information;
and the processing unit is in communication connection with the first monitoring unit and the third monitoring unit, and is used for judging whether the TTL value carried in the information is consistent with the TTL value corresponding to the source IP address recorded in the first list or not, and controlling a firewall to prohibit all messages from the source IP address and with the TTL values being the TTL values carried in the information under the condition that the judgment result is inconsistent.
According to some embodiments of the invention, the processing unit is to:
and adding a discarding rule in a firewall program to enable the firewall to prohibit all messages from the source IP address, wherein the TTL values of the messages are TTL values carried in the information.
According to some embodiments of the invention, the processing unit is further configured to:
and after adding a discarding rule in a firewall program, deleting the source IP address corresponding to the discarding rule from the second list.
According to some embodiments of the invention, the first monitoring unit is further configured to:
and judging whether the recording time length of the TTL values recorded in the first list is greater than a preset time length or not, and updating the TTL values in the first list under the condition that the judgment result is yes.
The anti-attack module for preventing the IP cheating according to the embodiment of the invention comprises the following components: memory, a processor and a computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the anti-attack method of preventing IP spoofing as described above.
The processor in this embodiment may be a mobile phone, a computer, a server, an air conditioner, or a network device.
According to the computer readable storage medium of the embodiment of the present invention, the computer readable storage medium stores thereon an implementation program of information transfer, which when executed by a processor implements the steps of the anti-attack method of preventing IP spoofing as described above.
The computer-readable storage medium of this embodiment includes, but is not limited to: ROM, RAM, magnetic or optical disks, and the like.
It is noted that although some of the embodiments described herein include some features included in other embodiments instead of others, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. The particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. For example, in the claims, any of the claimed embodiments may be used in any combination.
The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a component of' 8230; \8230;" does not exclude the presence of another like element in a process, method, article, or apparatus that comprises the element.
Any reference signs placed between parentheses shall not be construed as limiting the claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The use of the words first, second, third, etc. are used to distinguish between similar objects and not necessarily to indicate any order. These words may be interpreted as names.
"and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.

Claims (10)

1. An anti-attack method for preventing IP spoofing, comprising:
acquiring a TCPACK message and a legal DUP message received by protected equipment, and recording a source IP address and a corresponding TTL value of the message in a first list;
obtaining an illegal TCP request message and an illegal DUP message received by the protected equipment, and recording a source IP address of the message in a second list; the illegal TCP request message is a TCP request message continuously received after the first TCP request message;
intercepting information of a source IP address recorded in the second list, and extracting a TTL value carried in the information;
and judging whether the TTL value carried in the information is consistent with the TTL value corresponding to the source IP address recorded in the first list or not, and controlling the firewall to prohibit all messages from the source IP address and with TTL values being the TTL values carried in the information under the condition that the judgment result is inconsistent.
2. The method of claim 1, wherein said controlling firewall prohibits all packets from the source IP address having TTL values that are the TTL values carried in said message, including:
and adding a discarding rule in the firewall program so that the firewall prohibits all messages from the source IP address and the TTL values of the messages are TTL values carried in the information.
3. The method of claim 2, wherein the method further comprises:
and after adding a discarding rule in a firewall program, deleting the source IP address corresponding to the discarding rule from the second list.
4. The method of claim 1, wherein the method further comprises:
and judging whether the recording time length of the TTL values recorded in the first list is greater than a preset time length or not, and updating the TTL values in the first list under the condition that the judgment result is yes.
5. An anti-attack system for deterring IP spoofing, comprising:
the first monitoring unit is used for acquiring a TCPACK message and a legal DUP message received by protected equipment and recording a source IP address of the message and a corresponding TTL value in a first list;
a second monitoring unit, configured to obtain an illegal TCP request packet and an illegal DUP packet received by the protected device, and record a source IP address of the packet in a second list; the illegal TCP request message is a TCP request message which is continuously received after the first TCP request message;
the third monitoring unit is in communication connection with the second monitoring unit and is used for intercepting information from the source IP address recorded in the second list and extracting a TTL value carried in the information;
and the processing unit is in communication connection with the first monitoring unit and the third monitoring unit, and is used for judging whether the TTL value carried in the information is consistent with the TTL value corresponding to the source IP address recorded in the first list or not, and controlling the firewall to prohibit all messages from the source IP address and with TTL values being the TTL values carried in the information under the condition that the judgment result is inconsistent.
6. The system of claim 5, wherein the processing unit is to:
and adding a discarding rule in a firewall program to enable the firewall to prohibit all messages from the source IP address, wherein the TTL values of the messages are TTL values carried in the information.
7. The system of claim 6, wherein the processing unit is further to:
and after a discarding rule is added in the firewall program, deleting the source IP address corresponding to the discarding rule from the second list.
8. The system of claim 5, wherein the first monitoring unit is further configured to:
and judging whether the recording time length of the TTL values recorded in the first list is greater than a preset time length or not, and updating the TTL values in the first list under the condition that the judgment result is yes.
9. An attack prevention module for deterring IP spoofing, comprising: memory, processor and computer program stored on the memory and executable on the processor, which computer program, when executed by the processor, carries out the steps of the anti-attack method of blocking IP spoofing as claimed in any one of claims 1 to 4.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon an implementation program of information transfer, which when executed by a processor implements the steps of the anti-attack method of blocking IP spoofing as claimed in any one of claims 1 to 4.
CN202211303619.0A 2022-10-24 2022-10-24 Anti-attack method, system and module for preventing IP cheating Pending CN115941256A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211303619.0A CN115941256A (en) 2022-10-24 2022-10-24 Anti-attack method, system and module for preventing IP cheating

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211303619.0A CN115941256A (en) 2022-10-24 2022-10-24 Anti-attack method, system and module for preventing IP cheating

Publications (1)

Publication Number Publication Date
CN115941256A true CN115941256A (en) 2023-04-07

Family

ID=86653314

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211303619.0A Pending CN115941256A (en) 2022-10-24 2022-10-24 Anti-attack method, system and module for preventing IP cheating

Country Status (1)

Country Link
CN (1) CN115941256A (en)

Similar Documents

Publication Publication Date Title
US11570212B2 (en) Method and apparatus for defending against network attack
JP2005229614A (en) Method and apparatus for defendable from denial-of-service attack camouflaging ip transmission source address
US20040078485A1 (en) Method and apparatus for providing automatic ingress filtering
Ullrich et al. {IPv6} Security: Attacks and Countermeasures in a Nutshell
CN109587167B (en) Message processing method and device
CN112769771A (en) Network protection method, system and system architecture based on false topology generation
EP2469787A1 (en) Method and device for preventing network attacks
CN111683106B (en) Active protection system and method
US20110026529A1 (en) Method And Apparatus For Option-based Marking Of A DHCP Packet
CN106487790B (en) Cleaning method and system for ACK FLOOD attacks
Mohammed et al. Honeypots and Routers: Collecting internet attacks
CN114244801B (en) ARP spoofing prevention method and system based on government enterprise gateway
CN113114666B (en) Moving target defense method for scanning attack in SDN network
KR101593897B1 (en) Network scan method for circumventing firewall, IDS or IPS
JP5153779B2 (en) Method and apparatus for overriding unwanted traffic accusations in one or more packet networks
CN115941256A (en) Anti-attack method, system and module for preventing IP cheating
Lewandowski et al. Analyzing network-aware active wardens in IPv6
CN113810398B (en) Attack protection method, device, equipment and storage medium
US20220103582A1 (en) System and method for cybersecurity
Li et al. Bijack: Breaking Bitcoin Network with TCP Vulnerabilities
CN114024731A (en) Message processing method and device
JP2006501527A (en) Method, data carrier, computer system, and computer program for identifying and defending attacks against server systems of network service providers and operators
KR101088868B1 (en) Method of processing arp packet in network switch
Chai et al. A study of security threat for Internet of Things in smart factory
CN113014530A (en) ARP spoofing attack prevention method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination