CN116032594A - Method, device, equipment and medium for judging IPv6 network real source address verification - Google Patents
Method, device, equipment and medium for judging IPv6 network real source address verification Download PDFInfo
- Publication number
- CN116032594A CN116032594A CN202211668020.7A CN202211668020A CN116032594A CN 116032594 A CN116032594 A CN 116032594A CN 202211668020 A CN202211668020 A CN 202211668020A CN 116032594 A CN116032594 A CN 116032594A
- Authority
- CN
- China
- Prior art keywords
- source address
- data packet
- verification
- destination host
- route
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present disclosure provides a method for determining verification of an IPv6 network real source address, which is applied to the field of computer technology, and includes: transmitting a data packet to a destination host by using the forged source address; judging whether the IPv6 network supports the verification of a real source address according to the condition that a destination host receives a data packet; if the destination host receives the data packet, the IPv6 network is not supported by the verification of the real source address; if the destination host does not receive the data packet, further detecting the real reason that the destination host does not receive the data packet. The disclosure also provides a device, a device and a medium for judging the verification of the IPv6 network real source address, which can effectively improve the accuracy of the verification and judgment of the IPv6 network real source address and avoid the occurrence of the condition of judging errors caused by routing problems.
Description
Technical Field
The disclosure relates to the field of computer technologies, and in particular, to a method, a device, equipment and a medium for judging verification of an IPv6 network real source address.
Background
IP spoofing vulnerabilities are the most fundamental vulnerabilities in TCP/IP architecture, in part because TCP/IP architecture design choices leave security responsibilities for end hosts. Thus, the TCP/IP Internet architecture has no explicit notion of authenticity. Despite attempts to prevent exploitation of such vulnerabilities, new fraud-based attacks still often occur. The current anti-spoofing mechanism mainly adopts a filtering mechanism, but the mechanism does not prevent the spoofing source address data packet received by the network from being reduced, and the mechanism has the problems of difficult deployment and complexity of management.
To maximize protection against IP spoofing attacks, network providers need to ensure that their networks can filter packets with IP address spoofing, known as Source Address Verification (SAV), and preferably deploy true source address verification near the network edge of the traffic source. Therefore, a determination method is needed to determine whether the current IPv6 network supports real source address verification. Currently, whether the current IPv6 network supports the verification of the real source address is judged mainly by whether the destination host receives the data packet with the IP address spoofing or not, however, the situation that the judgment is wrong due to the routing problem can occur, and the judgment is inaccurate.
Disclosure of Invention
In view of the above, the present disclosure provides a method, apparatus, device and medium for determining verification of an IPv6 network real source address.
According to a first aspect of the present disclosure, there is provided a method for determining verification of an IPv6 network real source address, including: transmitting a data packet to a destination host by using the forged source address; judging whether the IPv6 network supports the verification of a real source address according to the condition that a destination host receives a data packet; if the destination host receives the data packet, the IPv6 network is not supported by the verification of the real source address; if the destination host does not receive the data packet, the real reason that the destination host does not receive the data packet is further detected.
According to an embodiment of the present disclosure, a method of forging a source address includes: acquiring a network where a target host is located; a virtual IPv6 address is forged by taking a network where a destination host is located as a source address.
According to an embodiment of the present disclosure, further detecting a real reason that the destination host does not receive the data packet includes: detecting whether a route problem exists in the boundary route of the target host computer, and if the route problem does not exist, indicating that the boundary route supports verification of a real source address; if a routing problem exists, the boundary routing is not supported by the verification of the real source address.
According to an embodiment of the present disclosure, verifying whether a boundary route has a routing problem includes: sending ICMPv6 echo request data packets to a destination address, and judging whether the boundary route enables the verification of a real source address according to the state of the ICMP echo message received by the destination host; the source address of the ICMPv6 echo request packet is the address of the destination host, and the destination address is the address in the address segment of the end network where the announced but non-routed boundary route is located.
According to the embodiment of the disclosure, if the border routing enables the verification of the real source address, the data packet is discarded, and the destination host cannot receive the echo message; if the border route does not enable the verification of the real source address, the border route does not open the route of the destination address, the ICMPv6 echo request data packet is transmitted to the last router, then the last router continues to transmit the ICMPv6 echo request data packet to the border route, and a message transmission loop is formed between the border route and the last router, at the moment, the destination host receives the ICMP echo message with the loop, and the fact that the border route does not enable the verification of the real source address is indicated.
According to embodiments of the present disclosure, the previous router is the default exit for the border route, with and without only one default exit.
According to an embodiment of the present disclosure, the previous router is a direct route of the border route, which are interconnected by an IPv6 (/ 127) address.
A second aspect of the present disclosure provides a determining apparatus for supporting verification of a real source address in an IPv6 network, including: the sending module is used for sending the data packet to the destination host by using the forged source address; and the verification module is used for judging whether the IPv6 network supports the verification of the real source address according to the condition that the destination host receives the data packet.
A third aspect of the present disclosure provides an electronic device, comprising: one or more processors; and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the above-described method for determining that the IPv6 network supports real source address verification.
A fourth aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the above-described method of determining that an IPv6 network supports true source address verification.
According to the embodiment of the disclosure, the judging method, the device, the equipment and the medium for the IPv6 network real source address verification can effectively verify whether the current IPv6 network supports the real source address, further explore the specific reason that the destination host does not receive the data packet of IP address spoofing, avoid the situation of judging errors caused by routing problems, effectively improve the judging accuracy, and can judge whether the current IPv6 network supports the real source address verification more accurately.
Drawings
Fig. 1 schematically illustrates a network simple topology diagram for which a judging method for supporting real source address verification by an IPv6 network according to an embodiment of the present disclosure is directed;
fig. 2 schematically illustrates a flowchart of a method for determining that an IPv6 network supports verification of a real source address according to an embodiment of the present disclosure;
fig. 3 schematically illustrates transmission of IP packets under different conditions according to an embodiment of the present disclosure;
FIG. 4 schematically illustrates a block diagram of a determination device for supporting real source address verification in an IPv6 network according to an embodiment of the present disclosure;
fig. 5 schematically illustrates a block diagram of an electronic device adapted to implement a method of determining that an IPv6 network supports true source address verification, according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
Where expressions like at least one of "A, B and C, etc. are used, the expressions should generally be interpreted in accordance with the meaning as commonly understood by those skilled in the art (e.g.," a system having at least one of A, B and C "shall include, but not be limited to, a system having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
The embodiment of the disclosure provides a judging method for supporting real source address verification by an IPv6 network, which can effectively judge whether the IPv6 network supports real source address verification. Judging whether the IPv6 network supports real source address verification according to the condition that the destination host receives the data packet, and further judging the reason that the destination host does not receive the data packet when the destination host does not receive the data packet, so that judgment errors caused by the fact that the IPv6 network supports real source address verification due to routing problems are avoided.
Fig. 1 schematically illustrates a network simple topology diagram for which a judging method for supporting real source address verification by an IPv6 network according to an embodiment of the present disclosure is directed.
As shown in fig. 1, the network topology includes a host H1, a host H2, and a router R1 and a router R2, where the host H1 is a host sending a forged source address IP packet, the H2 is a destination host receiving the IP packet, R1 is a router of an upstream network of the end network, R2 is a border router of the end network (i.e., a router that is finally connected to an internal network segment of the end network), an address of a network segment that is next to the border router R2 is an organization unit, and the router R2 is not a router of a network provider, i.e., the router R2 is no longer next to a network of other organizations. The router R1 is a direct connection route of the router R2, the router R2 and the router are directly connected through IPv6 (/ 127) address interconnection, a default route is configured on the router R2 to the router R1, and an address segment which is not enabled by a route but announced by a Border Gateway Protocol (BGP) exists in a network which is connected with the router R2. The target determined by the embodiment of the disclosure is the boundary router R2, and whether the boundary router R2 supports the verification of the real source address is determined. It should be noted that fig. 1 is only a schematic topology diagram of a network in an embodiment of the disclosure, and does not represent that the network only has two routers R1 and R2, and the network may include multiple routers.
Fig. 2 schematically illustrates a flowchart of a method for determining that an IPv6 network supports verification of a real source address according to an embodiment of the present disclosure.
As shown in fig. 2, an embodiment of the present disclosure provides a method for determining that an IPv6 network supports verification of a real source address, including operations S110 to S120.
In operation S110, a packet is transmitted to the destination host using the fake source address.
Operation S120, judging whether the IPv6 network supports the verification of the real source address according to the condition that the destination host receives the data packet; if the destination host receives the data packet, the IPv6 network is not supported by the verification of the real source address; if the destination host does not receive the data packet, the real reason that the destination host does not receive the data packet is further detected.
In one embodiment of the present disclosure, sending a data packet to a destination host using a fake source address includes:
acquiring a network where a target host H2 is located;
the host H1 falsifies a non-existent IPv6 address according to the network of the destination host H2; the address is used as a source address to send an IP data packet to the destination host H2, and the destination IPv6 address is the real address of the destination host H2.
Because the IP data packet contains a special forged source address, when the border router R2 supports the verification and filtration of the real source address, the source address of the IP data packet is found to be forged, and meanwhile, the IP data packet is filtered and is not forwarded to the target host H2; when the border router R2 does not support the real source address verification filtering, the IP packet is directly forwarded to the destination host H2, and the problem of the IP packet cannot be found. Therefore, a preliminary determination can be made as to whether the IPv6 network supports the verification of the real source address through the reception situation of the destination host H2. However, it should be noted that, when the destination host H2 does not receive the IP packet, it does not mean that the IPv6 network supports the true source address verification filtering, except that the border router R2 supports the true source address verification filtering, which may cause the destination host H2 to not receive the IP packet, and when the router has a configuration error or a routing problem caused by the routing update, the border router R2 may not forward the IP packet normally, and at this time, the destination host H2 also cannot receive the IP packet. Therefore, in order to ensure the accuracy of whether the IPv6 network supports the verification and judgment of the real source address, when the destination host H2 does not receive the IP data packet, the embodiment of the present disclosure further needs to judge the reason why the destination host H2 does not receive the IP data packet, so as to avoid the judgment error caused by the fact that the IPv6 network supports the verification of the real source address due to the routing problem.
In an embodiment of the present disclosure, further detecting a real reason that the destination host does not receive the data packet includes: detecting whether a route problem exists in the boundary route of the target host computer, and if the route problem does not exist, indicating that the boundary route supports verification of a real source address; if a routing problem exists, the boundary routing is not supported by the verification of the real source address.
In one embodiment of the present disclosure, verifying whether the border router R2 has a routing problem includes:
sending ICMPv6 echo request data packets to a destination address;
judging whether the boundary router R2 starts the verification of the real source address according to the ICMP echo message state received by the destination host H2;
the source address of the ICMPv6 echo request packet is the address of the destination host, and the destination address is the address in the address segment of the end network where the border router R2 that has been announced but not routed is located.
If the border router R2 supports the verification of the real source address, it will find that the source address of the ICMPv6 echo request packet is its own network address, but the ICMPv6 echo request packet comes from the external routing interface, which indicates that the source address of the packet is forged, and at this time, the border router R2 supporting the verification of the real source address will discard the packet directly, and the destination host H2 cannot receive the echo message.
If the border router R2 does not support the verification of the real source address, the data packet is directly sent to the destination address, but since the destination address is an address in the address field of the end network where the border router R2 is announced but not routed, i.e. the destination address does not open a route, the border router will send the data packet to the default route, i.e. the router R1 of the upstream network of the end network. After the previous router R1 receives the data packet sent by the border router R2, since the next hop of the route found by the destination address in the routing table of the router R1 points to the border router R2, the router R1 will continue to send the data packet to the border router R2, that is, form a data packet transfer loop in the router R1 and the border router R2, and the data packet repeats the process of being transferred from the border router R2 to the router R1 and from the router R1 to the border router R2. At this time, the destination host H2 receives the ICMP echo message with the loop, and it can be determined that the real reason that the destination host H2 did not receive the IP packet before is not that the border router R2 supports the real source address verification, but that the routing problem caused by the configuration error of the border router R2 causes the IP packet to be unable to be successfully transmitted.
Fig. 3 schematically illustrates transmission of IP packets under different conditions according to an embodiment of the present disclosure.
Verifying the border router R2, and exploring the real reason that the destination host H2 does not receive the IP packet further includes:
the Internet control message protocol ICMPv6 message is sent to the destination, the TTL field value (TTL refers to the maximum number of segments allowed to pass before the ICMP packet is discarded by the router) is increased in an incremental manner, and the path taken to reach the destination is determined. Each router along the path needs to subtract 1 from the TTL in the packet before forwarding, and when the TTL on the packet reaches 0, the router expects to return an "ICMP time exceeded" message to the source computer. First, a first echo request message with TTL of 1 is sent, in the subsequent transmission process, TTL will increment by 1 in each subsequent transmission until the target responds or the maximum number of hops is reached to determine the path.
Based on the above method for judging that the IPv6 network supports the verification of the real source address, the present disclosure also provides a device for judging that the IPv6 network supports the verification of the real source address. The device will be described in detail below in connection with fig. 5.
Fig. 4 schematically shows a block diagram of a determination apparatus for supporting real source address verification in an IPv6 network according to an embodiment of the present disclosure.
As shown in fig. 4, the determining apparatus 400 for supporting verification of a real source address in an IPv6 network according to this embodiment includes a sending module 410 and a verification module 420.
A transmitting module 410, configured to transmit a data packet to a destination host using a forged source address;
the verification module 420 is configured to determine whether the IPv6 network supports real source address verification according to the condition that the destination host receives the data packet.
Any of the sending module 410, the verifying module 420 may be combined in one module to be implemented, or any of the modules may be split into a plurality of modules, according to embodiments of the present disclosure. Alternatively, at least some of the functionality of one or more of the modules may be combined with at least some of the functionality of other modules and implemented in one module.
According to embodiments of the present disclosure, at least one of the sending module 410, the verification module 420 may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or in hardware or firmware, such as any other reasonable way of integrating or packaging the circuit, or in any one of or a suitable combination of three of software, hardware, and firmware. Alternatively, at least one of the sending module 410, the verifying module 420 may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
Fig. 5 schematically illustrates a block diagram of an electronic device adapted to implement a method of determining that an IPv6 network supports true source address verification, according to an embodiment of the present disclosure.
As shown in fig. 5, an electronic device 500 according to an embodiment of the present disclosure includes a processor 501 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 502 or a program loaded from a storage section 508 into a Random Access Memory (RAM) 503. The processor 501 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. The processor 501 may also include on-board memory for caching purposes. The processor 501 may comprise a single processing unit or a plurality of processing units for performing different actions of the method flows according to embodiments of the disclosure. In the RAM503, various programs and data required for the operation of the electronic apparatus 500 are stored. The processor 501, ROM 502, and RAM503 are connected to each other by a bus 504. The processor 501 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM 502 and/or the RAM 503. Note that the program may be stored in one or more memories other than the ROM 502 and the RAM 503. The processor 501 may also perform various operations of the method flow according to embodiments of the present disclosure by executing programs stored in the one or more memories.
According to an embodiment of the present disclosure, the electronic device 500 may also include an input/output (I/O) interface 505, the input/output (I/O) interface 505 also being connected to the bus 504. The electronic device 500 may also include one or more of the following components connected to the I/O interface 505: an input section 506 including a keyboard, a mouse, and the like; an output portion 507 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker, and the like; a storage portion 508 including a hard disk and the like; and a communication section 509 including a network interface card such as a LAN card, a modem, or the like. The communication section 509 performs communication processing via a network such as the internet. The drive 510 is also connected to the I/O interface 505 as needed. A removable medium 511 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 510 as needed so that a computer program read therefrom is mounted into the storage section 508 as needed.
The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, the computer-readable storage medium may include ROM 502 and/or RAM503 and/or one or more memories other than ROM 502 and RAM503 described above.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be provided in a variety of combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.
The embodiments of the present disclosure are described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the disclosure, and such alternatives and modifications are intended to fall within the scope of the disclosure.
Claims (10)
1. The judging method for the IPv6 network real source address verification is characterized by comprising the following steps:
transmitting a data packet to a destination host by using the forged source address;
judging whether the IPv6 network supports the verification of a real source address according to the condition that a destination host receives a data packet; if the destination host receives the data packet, the IPv6 network is not supported by the verification of the real source address; if the destination host does not receive the data packet, further detecting the real reason that the destination host does not receive the data packet.
2. The method of claim 1, wherein the method of forging a source address comprises:
acquiring a network where a target host is located;
and forging a virtual IPv6 address by taking the network where the target host is located as a source address.
3. The method of claim 1, wherein said further detecting the actual cause of the destination host not receiving the data packet comprises:
detecting whether a route problem exists in the boundary route of the destination host, and if the route problem does not exist, indicating that the boundary route supports verification of a real source address;
if a routing problem exists, the boundary routing is not supported by the verification of the real source address.
4. A method according to claim 3, wherein verifying whether the border route has a routing problem comprises:
sending an ICMPv6 echo request data packet to a destination address, and judging whether the boundary route enables the verification of a real source address according to the ICMP echo message state received by a destination host; and sending the source address of the ICMPv6 echo request data packet to serve as the address of a destination host, wherein the destination address is the address in the address segment of the terminal network where the announced but non-routed boundary route is located.
5. The method of claim 4, wherein the step of determining the position of the first electrode is performed,
if the boundary route enables the verification of the real source address, the data packet is discarded, and the destination host cannot receive the feedback message;
if the border route does not enable the real source address verification, the ICMPv6 echo request data packet is transmitted to a previous router because the border route does not open the route of the destination address, and then the previous router continues to transmit the ICMPv6 echo request data packet to the border route, a message transmission loop is formed between the border route and the previous router, and at the moment, a destination host receives the ICMP echo message with the loop, which indicates that the border route does not enable the real source address verification.
6. The method of claim 5, wherein the previous router is a default exit of the border route, the border route having and only having one default exit.
7. The method of claim 6, wherein the previous router is a direct route of the border route, the two interconnected by an IPv6 (/ 127) address.
8. A judgment device for verifying an IPv6 network real source address, comprising:
the sending module is used for sending the data packet to the destination host by using the forged source address;
the verification module is used for judging whether the IPv6 network supports the verification of the real source address according to the condition that the destination host receives the data packet; if the destination host receives the data packet, the IPv6 network is not supported by the verification of the real source address; if the destination host does not receive the data packet, further detecting the real reason that the destination host does not receive the data packet.
9. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-7.
10. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method according to any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211668020.7A CN116032594A (en) | 2022-12-23 | 2022-12-23 | Method, device, equipment and medium for judging IPv6 network real source address verification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211668020.7A CN116032594A (en) | 2022-12-23 | 2022-12-23 | Method, device, equipment and medium for judging IPv6 network real source address verification |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116032594A true CN116032594A (en) | 2023-04-28 |
Family
ID=86079344
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211668020.7A Pending CN116032594A (en) | 2022-12-23 | 2022-12-23 | Method, device, equipment and medium for judging IPv6 network real source address verification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116032594A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116599780A (en) * | 2023-07-19 | 2023-08-15 | 国家计算机网络与信息安全管理中心江西分中心 | Analysis and test method for IPv6 network data flow monitoring technology |
-
2022
- 2022-12-23 CN CN202211668020.7A patent/CN116032594A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116599780A (en) * | 2023-07-19 | 2023-08-15 | 国家计算机网络与信息安全管理中心江西分中心 | Analysis and test method for IPv6 network data flow monitoring technology |
| CN116599780B (en) * | 2023-07-19 | 2023-10-27 | 国家计算机网络与信息安全管理中心江西分中心 | Analysis and test method for IPv6 network data flow monitoring technology |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3920480A1 (en) | Message forwarding path determination method, network node, and system | |
| US11902139B2 (en) | Diagnosing and resolving issues in a network using probe packets | |
| US11570207B2 (en) | Dynamic security actions for network tunnels against spoofing | |
| WO2015096513A1 (en) | Packet processing method, node and system | |
| JP7434504B2 (en) | Route handling methods and network devices | |
| CN108881328B (en) | Data packet filtering method and device, gateway equipment and storage medium | |
| CN109474495B (en) | Tunnel detection method and device | |
| US9942138B2 (en) | Method and device for policy based routing | |
| EP4290820A1 (en) | Enhanced two-way active measurement protocol | |
| CN112398741B (en) | Method for learning routing, method for forwarding message, equipment and storage medium | |
| JP7124206B2 (en) | Packet processing methods and gateway devices | |
| CN116032594A (en) | Method, device, equipment and medium for judging IPv6 network real source address verification | |
| CN111181985B (en) | Data transmission method, data transmission system, firewall device and storage medium | |
| CN114143283A (en) | Tunnel self-adaptive configuration method and device, center-end equipment and communication system | |
| CN116260618A (en) | Method and device for blocking IP address, electronic equipment and storage medium | |
| US20210203695A1 (en) | Anti-spoofing attack check method, device, and system | |
| EP4030720A1 (en) | Information reporting method, and data processing method and device | |
| CN111131548B (en) | Information processing method, apparatus and computer readable storage medium | |
| CN104869118B (en) | A kind of method and system for realizing DDoS defence based on dynamic tunneling technique | |
| CN113037691A (en) | Message processing method, device and system | |
| EP4380128A1 (en) | Establishing forward and reverse segment routing (sr) tunnels for bidirectional forwarding detection (bfd) continuity checks | |
| CN116866055B (en) | Method, device, equipment and medium for defending data flooding attack | |
| CN117081990B (en) | MPLS flow agent method, system, equipment and storage medium | |
| EP4293961A1 (en) | Routing verification method, apparatus and device, data sending method, apparatus and device, and storage medium | |
| WO2021027941A1 (en) | Method for learning routing, method for forwarding report, device, and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |