CN1612537A - Method for preventing main computer from being counterfeited in IP ethernet - Google Patents
Method for preventing main computer from being counterfeited in IP ethernet Download PDFInfo
- Publication number
- CN1612537A CN1612537A CN 200310103357 CN200310103357A CN1612537A CN 1612537 A CN1612537 A CN 1612537A CN 200310103357 CN200310103357 CN 200310103357 CN 200310103357 A CN200310103357 A CN 200310103357A CN 1612537 A CN1612537 A CN 1612537A
- Authority
- CN
- China
- Prior art keywords
- address
- main frame
- ethernet
- gateway
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The method includes steps: setting up mode for dynamic allocating IP address in gateway of IP Ethernet in advance, and setting up mode for obtaining IP address of host computer as dynamic obtaining IP address; when need of obtaining information of self IP address, host sends message of address request including information of host hardware address to gateway; after receiving the said request, the gateway allocates a Ip address to the host, and sends the information of the IP address to the host, and creates and keeps the coincidence relation table between hardware address of the host and IP address; after receiving message of address resolution protocol (ARP) from the host, gateway determines whether ARP message of the host is legal based on the said coincidence relation stored; if yes, the ARP message is processed normally; otherwise, the ARP message is discarded.
Description
Technical field
The present invention relates to network safety filed, relate in particular to the method for personation main frame in a kind of strick precaution Internet protocol (IP) Ethernet.
Background technology
Current, many new meanss of destruction have appearred in internet worm destructive more and more diversified.Attack for network reliability is exactly a kind of of these new meanss of destruction.This attack is not a purpose with the information of stealing, but at the leak in the network, the network equipment is attacked, and destroys the normal communication of network, thereby causes network paralysis, brings bigger loss to the user.Attack to Ethernet is a kind of common mode of this attack.
In the former network, Ethernet has more among the present Intranet, and traditional network management is thought, Intranet is very safe, and therefore an outlet for Intranet is provided with network security and takes precautions against strategy, and in Intranet inside the precautionary measures is not set.Simultaneously, because client's difference in the Intranet, cause network management department can't realize the network use of each user in the Intranet is monitored, like this, along with new means of destruction constantly appears in computer virus, and the low and middle-end networking products of much being attacked have easily obtained more application, thereby the attack to Ethernet is more prone to.In addition, along with popularizing of the rise in broadband and novel business, Ethernet is applied in the outer net with respect to network management department more and more, and the broadband cell that Ethernet inserts is exactly an example wherein, and in this case, Ethernet is more vulnerable to attack.
Realize the user of communication for adopting Ethernet, in case Ethernet is under attack, cause network paralysis, even without losing any valued data, also can cause the very large loss that is directly proportional with the network paralysis time, and for utilizing Ethernet to carry out the company of Working service, this loss is often even more serious than losing data.
Below, introduce attack method at the IP Ethernet.
In the IP Ethernet, come node in the marked network by the IP address, realize transfer of data according to the hardware address of node in the network, therefore, in data transmission procedure, certainly exist the process that according to IP address resolution obtains hardware address.Each node in the Ethernet adopts Ethernet media interviews control (MAC) address of Institute of Electrical and Electric Engineers (IEEE) 802 agreements location as hardware address more, when a main frame and another host communication, communication two party at first needs to obtain the other side's IP address, utilize ARP(Address Resolution Protocol) to carry out address resolution then, obtain and the corresponding hardware address MAC in this IP address, communication two party is according to the transmission of the MAC Address that obtains at the enterprising line data message of Ethernet.In above-mentioned ARP agreement, exist two kinds of messages to realize the communication of this agreement, be respectively ARP request message and arp reply message, the following describes the operation principle that the ARP agreement uses these two kinds of messages that the MAC of IP address is resolved.
Main frame in Ethernet need be when another main frame sends message, use the ARP request message, this ARP request message adopts broadcast mode to send in Ethernet, the All hosts that comprises gateway in the Ethernet can both be received this ARP request message, in this ARP request message, comprise following information: sender's IP address, sender's MAC Address, the IP address of request and the MAC Address of request, because the current the unknown of MAC Address of being asked, so this is empty; The main frame that receives this ARP request can be kept at the corresponding relation of the IP address of the sender in the request message and sender's MAC Address in the ARP table of this main frame as a list item.
After main frame in Ethernet is received the ARP request message, can take out the IP address of the request in this request message and the IP address of oneself compares, if it is identical, then use the arp reply message that the MAC Address of oneself is sent to the main frame that sends this ARP request message, specifically comprise: " MAC Address of request " item of ARP request message put into the MAC Address of oneself by this main frame, then current ARP request message is sent to the main frame that sends the ARP request message as the arp reply message, the main frame that receives this arp reply message is kept at " the IP address of request " in this arp reply message and " MAC Address of request " list item in its ARP table, thereby obtains and the corresponding MAC Address in IP address of being asked.
After finishing MAC parsing in the above described manner to the IP address, main frame in the Ethernet can be preserved corresponding IP address and MAC Address in the ARP table of himself, like this, main frame in Ethernet is when an IP address transmission data, can from the ARP table of himself, obtain and this corresponding MAC Address in IP address, and this MAC Address is filled up in the heading of data, these data just can be implemented in transmission on the Ethernet according to this MAC Address; Owing to the IP address of main frame in the Ethernet may thereby change owing to the former of the reason of human configuration or Random assignment, therefore, the corresponding relation of the IP address of main frame and MAC Address in view of the above will be different in the IP Ethernet, according to this situation, content in the ARP of the main frame in the Ethernet table is set to and can upgrades, to satisfy the needs that IP address that the IP address change caused and MAC Address corresponding relation change.
Malicious user in the Ethernet is attacked Ethernet according to the process that the above-mentioned ARP of utilization agreement is obtained the MAC of IP address correspondence usually, below in conjunction with object lesson its attack pattern is illustrated.
Referring to Fig. 1, be example with an IP Ethernet that inserts Internet, personal computer (PC) utilizes the normal access process of this Ethernet as follows:
With PC1 is example, when PC1 need visit external network, at first needs to know the IP address ip 1 of gateway 1, and the common static configuration in this IP address obtains, and also can obtain by other agreement.Then, PC1 utilizes the ARP agreement to comprise that in this Ethernet the All hosts of gateway 1 carries out ARP broadcasting, by ARP request message of this broadcast transmission, receiving each main frame of this ARP request can be with the IP address in this request message and during the corresponding hardware address ARP that is kept at self shows with it, according to above-mentioned MAC Address resolving, gateway in the IP Ethernet can receive the ARP request message that each main frame sent in the Ethernet, therefore, to preserve the IP address of each main frame and corresponding hardware address MAC with it in the ARP of this gateway table, gateway is according to these IP addresses and corresponding hardware address MAC and each main frame carry out communication with it.
Referring to Fig. 2, suppose the malicious user PC2 that in this Ethernet, has an attacking network, PC2 can utilize the main frame in the following method personation Ethernet, realizes the attack to the IP Ethernet:
PC2 forges and sends the ARP message of the corresponding IP1 of a hardware address MAC2, this message may be the ARP request message, it also can be the arp reply message, if the ARP request message, then " sender's the IP address " in this message and " sender's MAC Address " two contents are forged into " IP1 " and " MAC2 " respectively; If with the arp reply message as attack means, then " IP address of request " in this arp reply message and " MAC Address of request " two are forged into " IP1 " and " MAC2 " respectively; According to above-mentioned ARP agreement operation principle, after gateway is received this ARP message, with the content in the ARP list item on the new gateway more, with the pairing hardware address covering becoming of former IP1 MAC2, after carrying out aforesaid operations, the purpose hardware address of the data of the original designated PC1 of sending to just is modified to the hardware address MAC2 for malicious user on the gateway, thereby the data that cause sending to PC1 can be sent to PC2 mistakenly, the network data that causes PC1 normally not to be received from gateway being sent, thereby PC2 steals the data of PC1, and causes the communicating interrupt of PC1 and gateway.Equally, malicious user can adopt identical method that other main frame in the IP Ethernet is carried out the attack of above-mentioned personation main frame, and this attack also can cause the paralysis of Ethernet.
As mentioned above, attack method at personation main frame in the above-mentioned IP Ethernet, current also do not have an effective prevention method, and universal day by day along with network, and taking precautions against this kind will become the important problems that network safety filed faces at the attack of network self.
Summary of the invention
In view of this, main purpose of the present invention is to provide the method for personation main frame in a kind of IP of strick precaution Ethernet, and this method can prevent the attack that malicious user is carried out the IP Ethernet by the personation main frame, thereby guarantees the fail safe and the reliability of network.
To achieve these goals, the method according to personation main frame in a kind of IP of strick precaution Ethernet of the present invention comprises the steps:
A., the mode of dynamic assignment IP address is set in the gateway of IP Ethernet in advance, and the IP address obtaining mode of main frame is set to dynamically obtain the IP address simultaneously;
When b. main frame need obtain information of self IP address, send the address request that includes this host hardware address information to gateway;
C. after gateway receives the request of obtaining the IP address information from main frame, to IP address of host assignment and this IP address information is sent to main frame, set up and preserve the hardware address of this main frame and the mapping table of IP address simultaneously;
D. behind the ARP(Address Resolution Protocol) message that receives from main frame, gateway judges according to the mapping table of preserving whether the ARP message of main frame is legal, if legal, this ARP message of normal process, otherwise abandon this ARP message.
In said method, the mode that dynamic assignment IP address is set in the gateway of IP Ethernet among the step a can be to start DHCP (DHCP) server capability in gateway.In this case, the corresponding relation of the hardware address of main frame and IP address is kept in the dhcp message table of gateway among the step c.
In said method, the host hardware address can be a MAC Address.
In said method, when main frame need obtain information of self IP address among the step b main frame when start, perhaps main frame discharges the IP address of using at present and when applying for a new IP address.
In said method, gateway is determined according to the mapping table of preserving that the ARP message of main frame is whether legal and is in the steps d: gateway extracts mac address information and the IP address information in the ARP message that is received, and look into the IP address information of getting this MAC Address correspondence in the mapping table according to described MAC Address, determine then whether two IP address informations are identical, if identical then the ARP message is legal, otherwise the ARP message is illegal.In addition, may further include look into the IP address information of getting this MAC Address correspondence in the mapping table according to MAC Address before: the mac address information according to the ARP message that extracts checks in the mapping table whether have this mac address information, if exist, carry out normal process, otherwise judge that directly this ARP message is illegal, and carry out discard processing.
In said method, after determining that the ARP message is illegal and abandon this ARP message, steps d may further include: be recorded in the daily record the illegal situation of this ARP message and the informing network keeper.
By technical scheme of the present invention as can be seen, because the mode of the manual configuration host IP address of prior art is changed into by gateway dynamic assignment host IP address, the host IP address information of preserving in the gateway is by the own dynamic assignment of gateway, rather than offering gateway by main frame, malicious user can not forged other IP address personation main frames when gateway is set up main frame dynamic address and IP address corresponding relation for the first time like this.
In a single day set up the corresponding relation of host IP address and hardware address when gateway, can to carry out hack in the course of work of main frame different with ARP table in the prior art, in the present invention, this corresponding relation can not be modified before receiving the new IP Address requests of main frame, and malicious user just can not be palmed off main frame by the mode of forging the ARP message in the host work process like this.
Simultaneously, if malicious user is palmed off main frame by the mode of the IP address of forgery ARP message, the present invention can determine whether the IP address in this ARP message is identical with the corresponding IP address in the mapping table by searching the mapping table of setting up in advance, thereby can determine the legitimacy of ARP message, for illegal ARP message, the present invention will stop the processing to it, and further informing network keeper, thereby further take precautions against the behavior of malicious user personation main frame.
In sum, the present invention has fundamentally stopped the behavior of personation main frame in the IP Ethernet, has successfully solved prior art problems, has greatly improved the fail safe and the reliability of IP Ethernet.
Description of drawings
Fig. 1 is a normal access process schematic diagram in the IP Ethernet.
Fig. 2 is the attack process schematic diagram in the IP Ethernet.
Fig. 3 realizes taking precautions against the overall process flow figure of personation main frame in the IP Ethernet for the present invention.
Embodiment
The present invention is described in detail below in conjunction with the drawings and specific embodiments.
The present invention abandons the method for in the prior art host IP address being carried out manual configuration, changes into utilizing IP address dynamic assignment technology to come assign host machine IP address, thus the behavior that can stop malicious user personation main frame effectively.
Existing DHCP agreement can be adopted in dynamic assignment IP address.Using the DHCP protocol dynamic to distribute in the network of address, when carrying out the network settings of main frame, do not need the IP address of this main frame of manual configuration, but be arranged to obtain automatically the mode of IP address.When host-initiated, this main frame at first can send the Address requests message with the forms of broadcasting, and the Dynamic Host Configuration Protocol server in the network receives behind this request message and main frame carries out message interaction, thereby gives legal IP address of host assignment.
Below in conjunction with Fig. 3 the course of work of the present invention is described.
In order to realize dynamic assignment to the IP address, in the present invention, in step 301, at first starting dhcp server functionality as in the router of gateway, and the All hosts in the network obtain the mode that the IP address mode is set to dynamically obtain the IP address, and do not use the mode of existing manual configuration.
In step 302, after the main frame start, in entire I P Ethernet, send an IP Address requests message with the forms of broadcasting, carry the mac address information of main frame in this request message.
In step 303, gateway with dhcp server functionality is behind the IP Address requests message that receives from main frame, note the MAC Address of main frame, and, then the MAC Address of main frame and the corresponding relation distributed between the IP address of this main frame are kept in the dhcp message table to legal IP address of host assignment.The dhcp message table here comes down to the mapping table of a MAC Address and IP address, and this table is kept in the gateway.
In step 304, the IP address that gateway will be distributed to main frame sends to this main frame by IP Address requests response message.
By as above step, each main frame can receive gateway and distribute to the IP address of oneself, can use this IP address when sending the ARP message afterwards.And gateway has also been set up the IP address of main frame of all starts and the corresponding relation of MAC Address.
In step 305, gateway extracts the mac address information and the IP address information of this main frame that comprises in this message behind the ARP message that receives from main frame.
Whether in step 306, searching in the dhcp message table of gateway from be kept at self has corresponding MAC Address, if having, and execution in step 307; If there is not corresponding MAC Address in the information table, show that then MAC Address in this ARP message may be to forge MAC Address, this ARP message forgery ARP message of sending of malicious user just so, execution in step 309 in this case.
In step 307, relatively whether this MAC Address IP address of extracting in corresponding IP address and the step 305 in dhcp message table is identical for gateway, if identical, show that this ARP message sends from legal hosts, carries out normal process at step 308 pair this ARP message; If inequality, show that the IP address of this ARP message is forged, just there is malicious user to attempt to palm off main frame, execution in step 309 in this case.
In step 309, gateway abandons this ARP message, simultaneously this ARP message information is recorded in the daily record and the informing network keeper has the behavior of personation main frame, takes further behavior according to log information, for example search malicious user and cancel its network members qualification by the network manager.
In the present invention, even malicious user can be forged the IP address in the APR message, when this forgery behavior also can not occur in dynamically allocate address.In other words, gateway is set up its MAC Address and is distributed to the corresponding relation of the IP address of this main frame temporarily behind the IP Address requests message that the main frame that receives start sends.This in the ordinary course of things corresponding relation can not changed in the process of this main frame start.Even main frame discharges this IP address and applies for a new IP address again, this process does not need to use the ARP message yet, thereby the behavior that makes malicious user palm off main frame by the IP address in the forgery ARP message can not be implemented in dynamic address allocation.
In addition, after dynamic IP addressing is distributed, if receive an ARP message, the treatment in accordance with the present invention flow process, gateway can be checked the legitimacy of the IP address of this ARP message according to the dhcp message table of being stored, if the IP mail returned on ground of incorrect address of the identical MAC Address correspondence of storage in advance in this IP address and the dhcp message table, illustrate that then the employed IP of this ARP message address is the address of a forgery, can avoid the counterfeit behavior of malicious user main frame by abandoning this ARP message and informing network keeper.
As mentioned above, the present invention has fundamentally stopped the behavior of personation main frame in the IP Ethernet as can be seen, has successfully solved prior art problems, has improved security of network system and reliability.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (8)
1, the method for personation main frame in a kind of strick precaution Internet protocol (IP) Ethernet comprises the steps: at least
A., the mode of dynamic assignment IP address is set in the gateway of IP Ethernet in advance, and the IP address obtaining mode of main frame is set to dynamically obtain the IP address simultaneously;
When b. main frame need obtain information of self IP address, send the address request that includes this host hardware address information to gateway;
C. after gateway receives the request of obtaining the IP address information from main frame, send to main frame, set up and preserve the hardware address of this main frame and the mapping table of IP address simultaneously to IP address of host assignment and with described IP address information;
D. behind the ARP(Address Resolution Protocol) message that receives from main frame, gateway judges according to the described mapping table of preserving whether the ARP message of main frame is legal, if legal, this ARP message of normal process, otherwise abandon this ARP message.
2. the method for personation main frame in the strick precaution IP Ethernet according to claim 1, it is characterized in that the mode that dynamic assignment IP address is set described in the step a is to start DHCP (DHCP) server capability in gateway in the gateway of IP Ethernet.
3. the method for personation main frame is characterized in that the corresponding relation of the hardware address of main frame and IP address is kept in the dhcp message table of gateway among the step c in the strick precaution IP Ethernet according to claim 2.
4. the method for personation main frame is characterized in that in the strick precaution IP Ethernet according to claim 1, and described host hardware address is Ethernet media interviews control (MAC) address.
5. the method for personation main frame in the strick precaution IP Ethernet according to claim 1, it is characterized in that, be main frame when start when main frame need obtain information of self IP address among the step b, perhaps main frame discharges the IP address of using at present and when applying for a new IP address.
6. the method for personation main frame in the strick precaution IP Ethernet according to claim 1, it is characterized in that, gateway is determined according to the mapping table of preserving that the ARP message of main frame is whether legal and is in the steps d: gateway extracts mac address information and the IP address information in the ARP message that is received, and look into the IP address information of getting this MAC Address correspondence in the mapping table according to described MAC Address, determine then whether two IP address informations are identical, if identical then the ARP message is legal, otherwise the ARP message is illegal.
7. the method for personation main frame in the strick precaution IP Ethernet according to claim 6, it is characterized in that, further comprised look into the IP address information of getting this MAC Address correspondence in the mapping table according to MAC Address before: the mac address information according to the ARP message that extracts checks in the mapping table whether have this mac address information, if exist, carry out normal process, otherwise judge that directly this ARP message is illegal, and carry out discard processing.
8. the method for personation main frame in the strick precaution IP Ethernet according to claim 1, it is characterized in that, after steps d is determined that the ARP message is illegal and abandoned this ARP message, further comprise: be recorded in the daily record the illegal situation of this ARP message and the informing network keeper.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2003101033574A CN100493009C (en) | 2003-10-29 | 2003-10-29 | Method for preventing main computer from being counterfeited in IP ethernet |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2003101033574A CN100493009C (en) | 2003-10-29 | 2003-10-29 | Method for preventing main computer from being counterfeited in IP ethernet |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1612537A true CN1612537A (en) | 2005-05-04 |
| CN100493009C CN100493009C (en) | 2009-05-27 |
Family
ID=34756637
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2003101033574A Expired - Fee Related CN100493009C (en) | 2003-10-29 | 2003-10-29 | Method for preventing main computer from being counterfeited in IP ethernet |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100493009C (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101197659B (en) * | 2007-12-07 | 2010-08-04 | 张南希 | Supervisor encrypting type anti-attack information communication network safety defending method and system |
| CN101247396B (en) * | 2008-02-20 | 2011-06-15 | 北大方正集团有限公司 | Method, device and system for distributing IP address |
| CN101415012B (en) * | 2008-11-06 | 2011-09-28 | 杭州华三通信技术有限公司 | Method and system for defending address analysis protocol message aggression |
| CN102904902A (en) * | 2012-10-31 | 2013-01-30 | 北京锐安科技有限公司 | Dynamic host configuration protocol (DHCP)-based bypass blocking method |
| CN103856443A (en) * | 2012-11-29 | 2014-06-11 | 台众计算机股份有限公司 | Method of determination and blocking of website |
| CN103873434A (en) * | 2012-12-10 | 2014-06-18 | 台众计算机股份有限公司 | Method for identifying event of website |
| CN105262738A (en) * | 2015-09-24 | 2016-01-20 | 上海斐讯数据通信技术有限公司 | Router and method for preventing ARP attacks thereof |
| EP3038429A4 (en) * | 2013-08-22 | 2016-07-20 | Zte Corp | Distributed base station networking method and apparatus, and computer readable storage medium |
| CN107786496A (en) * | 2016-08-25 | 2018-03-09 | 大连楼兰科技股份有限公司 | For the method for early warning and device of local area network ARP list item spoofing attack |
| CN110061977A (en) * | 2019-03-29 | 2019-07-26 | 国网山东省电力公司邹城市供电公司 | A kind of effective monitoring and the system for taking precautions against ARP virus |
| CN112789840A (en) * | 2020-12-30 | 2021-05-11 | 华为技术有限公司 | Method, device and system for preventing ARP attack |
-
2003
- 2003-10-29 CN CNB2003101033574A patent/CN100493009C/en not_active Expired - Fee Related
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101197659B (en) * | 2007-12-07 | 2010-08-04 | 张南希 | Supervisor encrypting type anti-attack information communication network safety defending method and system |
| CN101247396B (en) * | 2008-02-20 | 2011-06-15 | 北大方正集团有限公司 | Method, device and system for distributing IP address |
| CN101415012B (en) * | 2008-11-06 | 2011-09-28 | 杭州华三通信技术有限公司 | Method and system for defending address analysis protocol message aggression |
| CN102904902B (en) * | 2012-10-31 | 2015-08-19 | 北京锐安科技有限公司 | A kind of based on DHCP method for blocking bypass by |
| CN102904902A (en) * | 2012-10-31 | 2013-01-30 | 北京锐安科技有限公司 | Dynamic host configuration protocol (DHCP)-based bypass blocking method |
| CN103856443A (en) * | 2012-11-29 | 2014-06-11 | 台众计算机股份有限公司 | Method of determination and blocking of website |
| CN103873434A (en) * | 2012-12-10 | 2014-06-18 | 台众计算机股份有限公司 | Method for identifying event of website |
| EP3038429A4 (en) * | 2013-08-22 | 2016-07-20 | Zte Corp | Distributed base station networking method and apparatus, and computer readable storage medium |
| CN105262738A (en) * | 2015-09-24 | 2016-01-20 | 上海斐讯数据通信技术有限公司 | Router and method for preventing ARP attacks thereof |
| CN105262738B (en) * | 2015-09-24 | 2019-08-16 | 上海斐讯数据通信技术有限公司 | A kind of method of router and its preventing ARP aggression |
| CN107786496A (en) * | 2016-08-25 | 2018-03-09 | 大连楼兰科技股份有限公司 | For the method for early warning and device of local area network ARP list item spoofing attack |
| CN107786496B (en) * | 2016-08-25 | 2020-06-19 | 大连楼兰科技股份有限公司 | Early warning method and device for ARP (Address resolution protocol) table entry spoofing attack of local area network |
| CN110061977A (en) * | 2019-03-29 | 2019-07-26 | 国网山东省电力公司邹城市供电公司 | A kind of effective monitoring and the system for taking precautions against ARP virus |
| CN112789840A (en) * | 2020-12-30 | 2021-05-11 | 华为技术有限公司 | Method, device and system for preventing ARP attack |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100493009C (en) | 2009-05-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US5884024A (en) | Secure DHCP server | |
| EP0943202B1 (en) | Method and apparatus for assignment of ip addresses | |
| US9246926B2 (en) | Packet validation using watermarks | |
| US8332925B2 (en) | System and method for distributed multi-processing security gateway | |
| US7702785B2 (en) | Methods, systems and computer program products for selectively allowing users of a multi-user system access to network resources | |
| CN1177439C (en) | Method of acting address analytic protocol Ethernet Switch in application | |
| CN101453495B (en) | Method, system and equipment for preventing authentication address resolution protocol information loss | |
| CN1713593A (en) | Security system and method using server security solution and network security solution | |
| CN1901551A (en) | Repeat address detecting method and its device for supporting IPv6 two layer access net | |
| CN1487696A (en) | Intelligent terminal managing method | |
| CN1968271A (en) | Method and apparatus for identifying and disabling worms in communication networks | |
| CN1682516A (en) | Method and apparatus for preventing spoofing of network addresses | |
| CN100493009C (en) | Method for preventing main computer from being counterfeited in IP ethernet | |
| CN101060495A (en) | Message processing method, system and equipment | |
| CN101039176A (en) | DHCP monitoring method and apparatus thereof | |
| CN101459653B (en) | Method for preventing DHCP packet attack based on Snooping technique | |
| KR100533785B1 (en) | Method for preventing arp/ip spoofing automatically on the dynamic ip address allocating environment using dhcp packet | |
| CN1863193A (en) | Method for implementing safety tactics of network safety apparatus | |
| CN101039223A (en) | DHCP monitoring method and apparatus thereof | |
| Bi et al. | Source address validation improvement (SAVI) solution for DHCP | |
| CN1604586A (en) | A method for preventing counterfeit host in IP Ethernet | |
| CN1225864C (en) | Safety management method of network comprehensive switch on equipment | |
| EP1592199A1 (en) | Administration of network security | |
| CN103905383A (en) | Data message forwarding method, device and system | |
| CN1204719C (en) | Method for realizing domain name system address convertion applied gateway based on inner server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090527 Termination date: 20151029 |
|
| EXPY | Termination of patent right or utility model |