CN1812340A - Realizing method for preventing point-to point protocol recognization from being attacked in wideband cut-in network - Google Patents
Realizing method for preventing point-to point protocol recognization from being attacked in wideband cut-in network Download PDFInfo
- Publication number
- CN1812340A CN1812340A CN 200510033035 CN200510033035A CN1812340A CN 1812340 A CN1812340 A CN 1812340A CN 200510033035 CN200510033035 CN 200510033035 CN 200510033035 A CN200510033035 A CN 200510033035A CN 1812340 A CN1812340 A CN 1812340A
- Authority
- CN
- China
- Prior art keywords
- user
- point
- authentication
- broadband
- peer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
- Small-Scale Networks (AREA)
Abstract
This invention is a kind of point-to-point protocol identification attacking prevention method in the board-band network. This invention overcomes the question that current techniques do not have effective means to restrain PPP identification attacking. It can automatically identify PPP identification attacked users and filter the attacking messages. It avoids that the illegal internet-accessing process uses identification messages to attack BRAS devices and identification server.
Description
Technical field
The present invention relates to the broadband access network technical field, relate in particular to the implementation method that prevents in a kind of broadband access network that point-to point protocol recognization from attacking.
Background technology
Present broadband access network be one can run, manageable network.But the managerial ability of runing of broadband access network is to be based upon on user's the authentication and authorization technology, and the authentication mechanism of PPP (peer-peer protocol) is adopted in the authentication and authorization of broadband access network usually.Ppp protocol suggestion user reaches the standard grade and needs through three phases, i.e. link layer negotiation stage, authentication phase and network layer negotiation phase.When the user reaches the standard grade, arrive authentication phase, the message that then contains authentication information between user and the BRAS (Broadband Remote Access Server) alternately, BRAS can be finished user's authentication in this locality or authentication information is sent to certificate server by Radius (the remote validation user dials in service agreement) user is carried out authentication and authorization.The user only by the authentication after, could be in the good external network of the visit within the scope of authority resource of configured in advance.Generally adopt the networking model of on certificate server, finishing authentication and authorization.
Be illustrated in figure 1 as broadband access networking model schematic diagram, PPPoE (transmitting the PPP message on the Ethernet) and PPPoA (is to transmit the PPP message on the ATM Adaptation Layer 5 at AAL5) are the normally used PPP deriving technologies of present broadband access.The mode of carrying out the authentification of user access at ether online operation ppp protocol is called PPPoE, and the operation ppp protocol comes the mode of managing user authentication to be called PPPoA on ATM (asynchronous transfer mode) network.PPPoA is identical with effect with the principle of PPPoE, and the main distinction is to carry the link layer difference of ppp protocol message.
In broadband network operation process, the situation that the improper use of the access user PPP message identifying attacking network of part PPPoE or PPPoA usually occurs, be that the user uses wrong username and password request authentication, after such authentication request is rejected, the request authentication that the user does not still stop.The user who has in actual the use reaches 1,000,000 dial attempts every day.
Will cause BRAS equipment performance instability if there be more this type of to attempt the dial user in the network.If authentication is carried out on certificate server, then can consume the resource of certificate server, cause normal users to reach the standard grade, even can influence the accuracy of charging.
The user frequently sends the situation of wrong PPP message identifying consumption of network resources to BRAS and certificate server, be referred to as the PPP authentication and attack, and this class user is referred to as authentication and attacks the user.It is multiple to cause that reason that PPP authentication is attacked has, subscriber arrearage for example, and office side disposes on certificate server and forbids that the user reaches the standard grade, but ustomer premises access equipment is still attempted reaching the standard grade; Malicious user deliberately sends the message identifying attacking network; Malicious user deliberately sends message identifying and attempts to steal right user name and password.
Because the PPP authentication is attacked in broadband access network often occur, had a strong impact on the normal operation of broadband access network in certain areas, authenticate the influence of attacking network so must take effective means to suppress PPP.Be merely able on certificate server, the user of known users name be added up the number of times of authentification failure at present, if the user authentication failure frequency abnormality then notifies this user that dialing equipment (as modulator-demodulator or PC) is disconnected the generation that prevents to authenticate attack with being connected of network.
The shortcoming of prior art is:
1, office side can't initiatively prevent to authenticate the generation of attack.After finding rogue attacks, if the user does not initiatively disconnect and being connected of network, then attack still can continue to carry out.
2, effectively orientation authentication is attacked the user.Authentication is attacked when sending, and user's beacon information (as user name) of carrying in the message identifying may be to forge, and may frequently change.Therefore on certificate server, can't effectively add up, attack the user thereby also just can't be decided to be to the authentification failure number of times.
3, need manual intervention.When having located the user who attacks, need office side personnel and user communication to halt attacks by it, this need expend bigger manpower.
Summary of the invention
Technical problem to be solved by this invention is: overcoming prior art does not have effective means to suppress the deficiency that the PPP authentication is attacked, the implementation method that prevents in a kind of broadband access network that the PPP authentication from attacking is provided, thereby can discern the PPP authentication automatically and attack the user, and attack message filtered, prevent that illegal last line process from using the attack of message identifying to BRAS equipment and certificate server.
The present invention solves the problems of the technologies described above the technical scheme that is adopted to be:
Prevent the implementation method that point-to point protocol recognization is attacked in this broadband access network, may further comprise the steps:
A, choose can unique identification a peer-peer protocol user's information as this user's unique identification information;
B, the duration of following the tracks of the authentification failure user is set on Broadband Remote Access Server, and a threshold values is set, if in the tracking duration of setting, the number of times of user authentication failure reaches this threshold values, thinks that then the user of this unique identification information correspondence illegally attacks the user;
C, to the rogue attacks user, print the alarm information noticing keeper, perhaps filter attacking user's message, suppress rogue attacks.
In the described steps A, the dial user for transmitting the peer-peer protocol message on the Ethernet can choose dialing equipment and send to the unique identification information of the Ethernet media access control address of Broadband Remote Access Server as this user.User for transmitting the peer-peer protocol message on asynchronous transfer mode the 5th adaptation layer can choose the unique identification information of the Permanent Virtual Path link information of dialing equipment access band remote access server as this user.
Among the described step B, the authentification failure track database can be set in Broadband Remote Access Server, behind the user authentication failure, Broadband Remote Access Server adds user's unique identification information in the authentification failure track database, if this user's information not in the database, then newly create a data list item, and start a timer this user is followed the tracks of, the triggered time of timer is set tracking duration; If this user profile exists in the database, then increase the cumulative number of this user authentication failure; If certain user's timer then triggers in the authentification failure track database, then take out the frequency of failure of this user accumulative total and the threshold values comparison of setting, if greater than threshold values then think to attack the user; If less than threshold values then this user profile is deleted from authentification failure trace information storehouse.
When filtering among the described step C, for the dial user who transmits the peer-peer protocol message on the Ethernet, increase by a media access control address filter table at Broadband Remote Access Server, the dialing equipment media access control address that is designated authentication attack user is added in this table, Broadband Remote Access Server uses the address in source media access control address and the filter table to compare for the Ethernet message that receives, if identical then dropping packets.Attack the user for the authentication that transmits the peer-peer protocol message on asynchronous transfer mode the 5th adaptation layer, Permanent Virtual Path connection to user's access band remote access server is provided with the packet loss sign, and Broadband Remote Access Server connects the message of receiving from this Permanent Virtual Path and will all abandon.
The forbidding duration is set on Broadband Remote Access Server, when the user is identified as the attack user, starting a triggered time is the timer of forbidding duration, in the forbidding duration, all messages that this user sends are abandoned by Broadband Remote Access Server, when timer triggers, then stop filtration, make the user can carry out dialing authentication once more user's message.
Attacking the user by input command for authentication on Broadband Remote Access Server lifts a ban, for the user who transmits the peer-peer protocol message on the Ethernet, delete this user's media access control address from the media access control address filter table, perhaps, to transmitting the user of peer-peer protocol message on asynchronous transfer mode the 5th adaptation layer, the Permanent Virtual Path of removing this user's correspondence connects list item dropping packets flag bit, thereby this user can be dialled again.
Described warning information comprises unique beacon information of user and the access interface information that is used for the consumer positioning office direction.
Beneficial effect of the present invention is: the present invention has overcome prior art can't prevent initiatively that the authentication attack from taking place, effectively orientation authentication is attacked the user, need deficiencies such as manual intervention, the implementation method that prevents in a kind of broadband access network that the PPP authentication from attacking is provided, thereby can discern the PPP authentication automatically and attack the user, can adopt and print the alarm information noticing keeper, perhaps filter attacking user's message, suppress rogue attacks, prevent that illegal last line process from using the attack of message identifying to BRAS equipment and certificate server.
The present invention can identify authentication exactly according to configuration and attack the user, provide the interface message that the user inserts BRAS and the MAC Address of the equipment of attack for PPPoE user, for the atm line information that PPPoA user provides the user to insert BRAS, help the concrete orientation of consumer positioning.The present invention discerns PPP authentication attack user automatically by authentification failure tracking duration and failure threshold values are set, and filters the authentication attack message by mac address filter table and PVC dropping packets flag bit.Insert side at BRAS and abandon the message of attacking the user, it is unaffected to protect BRAS to go up the user's message forwarding down of other interfaces, has avoided illegal message identifying to send to certificate server and causes attack to certificate server.
The present invention also provides and enables/forbids authenticating attack protection, automatic identification attack user, prints alarm, automatic or manual releasing to attacking user's multiple management means flexibly such as forbidding, makes this scheme can adapt to various maintenance needs.
Description of drawings
Fig. 1 is a broadband access networking model schematic diagram;
Fig. 2 is PPP authentication attack protection system construction drawing of the present invention.
Embodiment
With embodiment the present invention is described in further detail with reference to the accompanying drawings below:
The invention provides a kind of method that prevents that on BRAS (Broadband Remote Access Server) equipment the PPP authentication from attacking, can discern the PPP authentication automatically according to the decision condition of configuration and attack the user, and attack message filtered, thereby prevent that illegal last line process from using the attack of message identifying to BRAS equipment and certificate server.
The present invention is the scheme of a software and hardware combining, and whole proposal all realizes on BRAS.Be illustrated in figure 2 as PPP authentication attack protection system construction drawing, on BRAS equipment, increase authentication attack protection software module, authentification failure track database and attack the forbidding subscriber's meter, increase the mac address filter table at the hardware components that inserts side, and increase an attribute bit at PVC table: dropping packets flag bit, 1 of this mark position abandon corresponding message by strategy.The present invention is cooperatively interacted by PPP module, PPPoA module, PPPOE module, AAA module, hardware forwarding module, alarm module and authentication attack protection module and finishes the function that prevents to authenticate attack, wherein:
The AAA module is responsible for finishing user's authentication and authorization alternately with certificate server.
The PPP module is responsible for the processing of ppp protocol.
The PPPoE module is responsible for the processing of PPPoE agreement.In the present invention, also responsible interface message and the ethernet mac address that the user is reached the standard grade of PPPoE module reports the PPP module.
The PPPoA module is responsible for the processing of PPPoA agreement.In the present invention, also responsible PVC (Permanent Virtual Path connection) information that the user is reached the standard grade of PPPoA module reports the PPP module.
Alarm module is responsible for outputting alarm information and is write alarm log.
Authentication attack protection module is responsible for the identification authentication and is attacked the user, and by hardware table item is set, thereby reach the function that user's message filters is attacked in authentication.
The hardware forwarding module is responsible for the message that BRAS receives is transmitted.
At the attack of PPP authentication, need to solve two subject matters:
1, how to identify the user that illegal authentication is attacked;
If 2 identify the user that authentication is attacked, need provide effective means to suppress rogue attacks.
Specifically describe respectively below:
One, how to identify the user that illegal authentication is attacked
The present invention provides a kind of automatic identification illegally to authenticate the method for attack on BRAS.
1, PPP user of unique identification how
Discern an authentication and attack the user, at first will have certain information to come user of unique identification.Generally use user name to identify for the dial user at present, but authenticate when attacking, the disabled user is the attack of conversion user name trial property constantly.In order to identify the physical equipment of attack, need choose a kind of user and be difficult to information by configuration modification.
The mode that present BRAS goes up PPP access user mainly is PPPoE and PPPoA user.For the PPPoE dial user, can choose the ether MAC Address identifying user that dialing equipment sends to BRAS; For PPPoA user, can choose the PVC message identification user that dialing equipment inserts BRAS.
2, how discerning a PPP user is that the user is attacked in authentication
Define a PPP user and be illegal authentication and attack the user based on following two features:
1) user sends message identifying continually in a period of time;
2) authentication information that is contained in the message identifying can't be by authentication.
At above feature and consider that BRAS goes up the restriction of factors such as internal memory, disposal ability, adopts and a kind ofly follow the tracks of the mechanism that the statistics threshold values triggers and discern the attack user.
At first concrete condition of attacking according to various places authentications and the situation of considering the normal users misoperation are provided with the duration interval that follows the tracks of the authentification failure user on BRAS; A threshold values value is set simultaneously, if in the tracking duration of setting, the number of times of user authentication failure reaches threshold values, thinks that then this PPP user illegally attacks the user.Detailed process is as follows:
1) AAA module notice PPP module user authentication failure, then the PPP module is user's unique identification information (PPPoE:MAC address, PPPoA:PVC information) give authentication attack protection module, authentication attack protection module adds these information in the authentification failure track database.If database is this user's information not, illustrate that then this user is an authentification failure first, then newly to create a data list item, and start a timer this user is followed the tracks of, the triggered time of timer is exactly the tracking duration that is provided with.If this user profile of database exists, just increase the cumulative number of this user's failure.
2) if certain user's tracking timer then triggers in the authentification failure track database, authentication attack protection module is taken out the frequency of failure of this user's accumulative total and the threshold values of setting compares, if greater than threshold values then think to attack the user, authentication attack protection module adds this user profile attacks the blocking information table, and user profile is passed to alarm module print alarm, from the authentification failure track database, delete then; For PPPoE user, user's MAC address adds the mac address filter table, for PPPoA user, the PVC list item dropping packets flag bit of this user's correspondence is set afterwards.If less than threshold values then this user profile is deleted from authentification failure trace information storehouse.Why no longer continue to follow the tracks of for the user less than threshold values, several considerations are arranged: at first the user may forget password, and he finds initiatively to disconnect connection after the password mistake in following the tracks of duration; Secondly, BRAS is a forwarding unit, and resource-constrained can not carry out long-term follow to all users that fails.
For example, tracking duration interval=30s is set, threshold values value=90 time.If if this PPP user is in the time of 30s so, fail 95 times, judge that then this user is that the user is attacked in authentication.
Two, the method that suppresses rogue attacks
Attack the user if identified authentication, the invention provides two kinds of measures and suppress to attack:
1, printing the alarm information noticing keeper gets involved.
Attack the user when authentication attack protection module recognizes an authentication, then can notify alarm module user profile, alarm module is responsible for printing alarm and writing alarm log at control desk.The keeper can judge the particular location that the user inserts according to warning information.The access interface information that warning information comprises user's beacon information and is used for the consumer positioning office direction.For PPPoE user, warning information comprises the ether MAC Address of dialing equipment, interface name (as fast-ethernet10/0/0), the VLAN ID (PPPoEoVLAN user) that the user inserts BRAS.For PPPoA user, warning information comprises that dialing equipment inserts interface name (as atm12/0/0), VPI, the VCI of BRAS, and these information help seat offence user's particular location.Warning information can write daily record, can long-time maintenance.
2, attacking user's message in the forwarding hardware that inserts side filters.
In the access side message that the attack user sends is abandoned, can protect the forwarding resource of BRAS and the resource of radius server effectively.
For PPPoE user, in the hardware that inserts side, increase by a mac address filter table, the dialing equipment MAC Address that is designated authentication attack user can be added in this table.The hardware forwarding module all can use the address in source MAC and the mac address filter table to compare for the Ethernet message that receives, if identical then dropping packets.
For PPPoA user, the PVC that authentication attack user inserts BRAS is provided with the packet loss sign at hardware view.The hardware forwarding module will all abandon from the message that this PVC receives, promptly attack all messages that the user sends to BRAS and all can be dropped.
Except that above major function, for the ease of using, the present invention also provides following function:
1, enables and closes authentication attack protection function.
Enable PPP authentication attack protection function, situation about inserting for PPPoE all will be compared with the address in the mac address filter table inserting all messages that enter BRAS of side, can reduce some forwarding performances like this.Therefore, attack for PPP authentication and to occur seldom or, can close PPP authentication attack protection function, thereby avoid the comparison process of MAC Address for the office point that forward efficiency is had relatively high expectations.
2, authentication is set and attacks the duration that user's message filters.
Attacking the user if in a single day the user is identified as, just need the artificial disabled status of removing, for attacking the more office point of user, is because subscriber arrearage causes that then keeper's workload can be very big and attack then.At analogue, the angle from protection BRAS and radius server can be provided with the forbidding duration on BRAS, and when the user was identified as the attack user, starting a triggered time was the timer of forbidding duration.In the forbidding duration, all messages that this user sends are abandoned by BRAS.Timer triggers, and then deletes this user profile from attack the forbidding subscriber's meter, simultaneously for PPPoE user, from mac address filter list deletion user's MAC address; For PPPoA user, remove the PVC list item dropping packets flag bit of this user's correspondence, so this user just can carry out dialing authentication once more.
3, manually lift a ban for the user who is identified as the authentication attack.
Under special circumstances, before the forbidding timer triggered, the keeper need remove forbidding for the user.The present invention provides order on BRAS, the keeper can be forbidden the user profile of deleting appointment the subscriber's meter from attacking by input command, simultaneously for PPPoE user, from mac address filter list deletion user's MAC address, for PPPoA user, remove the PVC list item dropping packets flag bit of this user's correspondence, thereby this user can be dialled again.The user profile of appointment is:
PPPoE user: the veneer groove of access number, pilot trench number, MAC Address.
PPPoA user: the interface name of access, VPI, VCI.
The present invention has overcome prior art can't prevent initiatively that the authentication attack from taking place, effectively orientation authentication is attacked the user, need deficiencies such as manual intervention, the implementation method that prevents in a kind of broadband access network that the PPP authentication from attacking is provided, thereby can discern the PPP authentication automatically and attack the user, and attack message filtered, prevent that illegal last line process from using the attack of message identifying to BRAS equipment and certificate server.
The present invention can identify authentication exactly according to configuration and attack the user, provide the interface message that the user inserts BRAS and the MAC Address of the equipment of attack for PPPoE user, for the atm line information that PPPoA user provides the user to insert BRAS, help the concrete orientation of consumer positioning.The present invention discerns PPP authentication attack user automatically by authentification failure tracking duration and failure threshold values are set, and filters the authentication attack message by mac address filter table and PVC dropping packets flag bit.Insert side at BRAS and abandon the message of attacking the user, it is unaffected to protect BRAS to go up the user's message forwarding down of other interfaces, has avoided illegal message identifying to send to certificate server and causes attack to certificate server.
The present invention also provides and enables/forbids authenticating attack protection, automatic identification attack user, prints alarm, automatic or manual releasing to attacking user's multiple management means flexibly such as forbidding, makes this scheme can adapt to various maintenance needs.
Those skilled in the art do not break away from essence of the present invention and spirit, can there be the various deformation scheme to realize the present invention, the above only is the preferable feasible embodiment of the present invention, be not so limit to interest field of the present invention, the equivalent structure that all utilizations specification of the present invention and accompanying drawing content are done changes, and all is contained within the interest field of the present invention.
Claims (9)
1, prevent the implementation method that point-to point protocol recognization is attacked in a kind of broadband access network, it is characterized in that, may further comprise the steps:
A, choose can unique identification a peer-peer protocol user's information as this user's unique identification information;
B, the duration of following the tracks of the authentification failure user is set on Broadband Remote Access Server, and a threshold values is set, if in the tracking duration of setting, the number of times of user authentication failure reaches this threshold values, thinks that then the user of this unique identification information correspondence illegally attacks the user;
C, to the rogue attacks user, print the alarm information noticing keeper, perhaps filter attacking user's message, suppress rogue attacks.
2, prevent the implementation method that point-to point protocol recognization is attacked in the broadband access network according to claim 1, it is characterized in that: in the described steps A, dial user for transmitting the peer-peer protocol message on the Ethernet chooses dialing equipment and sends to the unique identification information of the Ethernet media access control address of Broadband Remote Access Server as this user.
3, prevent the implementation method that point-to point protocol recognization is attacked in the broadband access network according to claim 1, it is characterized in that: in the described steps A, user for transmitting the peer-peer protocol message on asynchronous transfer mode the 5th adaptation layer chooses the unique identification information of the Permanent Virtual Path link information of dialing equipment access band remote access server as this user.
4, according to the implementation method that prevents in claim 1, the 2 or 3 described broadband access networks that point-to point protocol recognization from attacking, it is characterized in that: among the described step B, the authentification failure track database is set in Broadband Remote Access Server, behind the user authentication failure, Broadband Remote Access Server adds user's unique identification information in the authentification failure track database, if this user's information not in the database, then newly create a data list item, and start a timer this user is followed the tracks of, the triggered time of timer is set tracking duration; If this user profile exists in the database, then increase the cumulative number of this user authentication failure;
If certain user's timer then triggers in the authentification failure track database, then take out the frequency of failure of this user accumulative total and the threshold values comparison of setting, if greater than threshold values then think to attack the user; If less than threshold values then this user profile is deleted from authentification failure trace information storehouse.
5, prevent the implementation method that point-to point protocol recognization is attacked in the broadband access network according to claim 4, it is characterized in that: when filtering among the described step C, for the dial user who transmits the peer-peer protocol message on the Ethernet, increase by a media access control address filter table at Broadband Remote Access Server, the dialing equipment media access control address that is designated authentication attack user is added in this table, Broadband Remote Access Server uses the address in source media access control address and the filter table to compare for the Ethernet message that receives, if identical then dropping packets.
6, prevent the implementation method that point-to point protocol recognization is attacked in the broadband access network according to claim 4, it is characterized in that: when filtering among the described step C, attack the user for the authentication that transmits the peer-peer protocol message on asynchronous transfer mode the 5th adaptation layer, Permanent Virtual Path connection to user's access band remote access server is provided with the packet loss sign, and Broadband Remote Access Server connects the message of receiving from this Permanent Virtual Path and will all abandon.
7, prevent the implementation method that point-to point protocol recognization is attacked in the broadband access network according to claim 4, it is characterized in that: the forbidding duration is set on Broadband Remote Access Server, when the user is identified as the attack user, starting a triggered time is the timer of forbidding duration, in the forbidding duration, all messages that this user sends are abandoned by Broadband Remote Access Server, when timer triggers, then stop filtration, make the user can carry out dialing authentication once more user's message.
8, prevent the implementation method that point-to point protocol recognization is attacked in the broadband access network according to claim 4, it is characterized in that: on Broadband Remote Access Server, attack the user for authentication and lift a ban by input command, for the user who transmits the peer-peer protocol message on the Ethernet, delete this user's media access control address from the media access control address filter table, perhaps, to transmitting the user of peer-peer protocol message on asynchronous transfer mode the 5th adaptation layer, the Permanent Virtual Path of removing this user's correspondence connects list item dropping packets flag bit, thereby this user can be dialled again.
9, prevent the implementation method that point-to point protocol recognization is attacked in the broadband access network according to claim 4, it is characterized in that: described warning information comprises unique beacon information of user and the access interface information that is used for the consumer positioning office direction.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100330356A CN100388684C (en) | 2005-01-26 | 2005-01-26 | Realizing method for preventing point-to point protocol recognization from being attacked in wideband cut-in network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100330356A CN100388684C (en) | 2005-01-26 | 2005-01-26 | Realizing method for preventing point-to point protocol recognization from being attacked in wideband cut-in network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1812340A true CN1812340A (en) | 2006-08-02 |
| CN100388684C CN100388684C (en) | 2008-05-14 |
Family
ID=36845046
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005100330356A Expired - Fee Related CN100388684C (en) | 2005-01-26 | 2005-01-26 | Realizing method for preventing point-to point protocol recognization from being attacked in wideband cut-in network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100388684C (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101068181B (en) * | 2007-06-27 | 2010-08-04 | 中兴通讯股份有限公司 | Wideband switch-in business protecting method |
| CN102185871A (en) * | 2011-06-09 | 2011-09-14 | 杭州华三通信技术有限公司 | Method and equipment for processing messages |
| CN103763144A (en) * | 2014-01-26 | 2014-04-30 | 杭州华三通信技术有限公司 | Method and device of user for carrying out renewal to go online |
| CN104601560A (en) * | 2014-12-31 | 2015-05-06 | 北京华为朗新科技有限公司 | Broadband access device and user authentication method |
| WO2015074451A1 (en) * | 2013-11-22 | 2015-05-28 | 华为技术有限公司 | Malicious attack detection method and apparatus |
| CN104852974A (en) * | 2015-04-29 | 2015-08-19 | 华为技术有限公司 | Message processing method in the process of PPPoE authentication and related equipment |
| CN105142146A (en) * | 2015-09-24 | 2015-12-09 | 上海斐讯数据通信技术有限公司 | Authentication method of WIFI hotspot access, device and system |
| WO2016045347A1 (en) * | 2014-09-25 | 2016-03-31 | 中兴通讯股份有限公司 | Malicious attack detection method, terminal, and computer storage medium |
| CN108270601A (en) * | 2016-12-30 | 2018-07-10 | 中兴通讯股份有限公司 | Mobile terminal, warning information acquisition, alarm information sender method and device |
| CN111756559A (en) * | 2019-03-26 | 2020-10-09 | 华为技术有限公司 | Method and device for acquiring tracking information |
| CN112600908A (en) * | 2020-12-07 | 2021-04-02 | 南京指掌易信息科技有限公司 | Method, device, equipment and storage medium for acquiring communication link |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1494291A (en) * | 2002-11-02 | 2004-05-05 | 深圳市中兴通讯股份有限公司 | Method of preventing reject service attack using ether net point to point protocol |
-
2005
- 2005-01-26 CN CNB2005100330356A patent/CN100388684C/en not_active Expired - Fee Related
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101068181B (en) * | 2007-06-27 | 2010-08-04 | 中兴通讯股份有限公司 | Wideband switch-in business protecting method |
| CN102185871A (en) * | 2011-06-09 | 2011-09-14 | 杭州华三通信技术有限公司 | Method and equipment for processing messages |
| US10313375B2 (en) | 2013-11-22 | 2019-06-04 | Huawei Technologies Co., Ltd | Method and apparatus for malicious attack detection in an SDN network |
| WO2015074451A1 (en) * | 2013-11-22 | 2015-05-28 | 华为技术有限公司 | Malicious attack detection method and apparatus |
| US11637845B2 (en) | 2013-11-22 | 2023-04-25 | Huawei Technologies Co., Ltd. | Method and apparatus for malicious attack detection in a software defined network (SDN) |
| CN103763144B (en) * | 2014-01-26 | 2017-04-05 | 杭州华三通信技术有限公司 | A kind of user continues to pay dues the method and apparatus reached the standard grade |
| CN103763144A (en) * | 2014-01-26 | 2014-04-30 | 杭州华三通信技术有限公司 | Method and device of user for carrying out renewal to go online |
| WO2016045347A1 (en) * | 2014-09-25 | 2016-03-31 | 中兴通讯股份有限公司 | Malicious attack detection method, terminal, and computer storage medium |
| CN105516987A (en) * | 2014-09-25 | 2016-04-20 | 中兴通讯股份有限公司 | Malicious attack detection method and terminal |
| CN104601560A (en) * | 2014-12-31 | 2015-05-06 | 北京华为朗新科技有限公司 | Broadband access device and user authentication method |
| WO2016173269A1 (en) * | 2015-04-29 | 2016-11-03 | 华为技术有限公司 | Message processing method and related device during pppoe authentication |
| US10666650B2 (en) | 2015-04-29 | 2020-05-26 | Huawei Technologies Co., Ltd. | Packet processing method in PPPoE authentication process and relevant device |
| CN104852974A (en) * | 2015-04-29 | 2015-08-19 | 华为技术有限公司 | Message processing method in the process of PPPoE authentication and related equipment |
| CN105142146A (en) * | 2015-09-24 | 2015-12-09 | 上海斐讯数据通信技术有限公司 | Authentication method of WIFI hotspot access, device and system |
| CN108270601A (en) * | 2016-12-30 | 2018-07-10 | 中兴通讯股份有限公司 | Mobile terminal, warning information acquisition, alarm information sender method and device |
| CN111756559A (en) * | 2019-03-26 | 2020-10-09 | 华为技术有限公司 | Method and device for acquiring tracking information |
| CN112600908A (en) * | 2020-12-07 | 2021-04-02 | 南京指掌易信息科技有限公司 | Method, device, equipment and storage medium for acquiring communication link |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100388684C (en) | 2008-05-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1812340A (en) | Realizing method for preventing point-to point protocol recognization from being attacked in wideband cut-in network | |
| CN101068183A (en) | Network invitation to enter controlling method and network invitation to enter controlling system | |
| CN100512109C (en) | Access authentication system and method by verifying safety of accessing host | |
| CN101188557B (en) | Method, client, server and system for managing user network access behavior | |
| CN1845491A (en) | Access authentication method of 802.1x | |
| CN101651597B (en) | Deployment method of IPSec-VPN in address discrete mapping network | |
| CN1414759A (en) | Controlled group broadcasting system and its realizing method | |
| CN1921488A (en) | Method for preventing forgery of source address based on signature authentication inside IPv6 sub network | |
| CN101098227A (en) | User safety protection method of broadband access equipment | |
| WO2006114053A1 (en) | A method, system and apparatus for preventing from counterfeiting the mac address | |
| CN1175621C (en) | Method of detecting and monitoring malicious user host machine attack | |
| CN1744607A (en) | System and method for blocking worm attack | |
| CN1567868A (en) | Authentication method based on Ethernet authentication system | |
| CN1553674A (en) | Method for wideband connection server to obtain port numbers of its uers | |
| CN102594834B (en) | Method and device for defending network attack and network equipment | |
| CN1277373C (en) | Method for transmitting user position information in network communication system | |
| CN1878061A (en) | Bridge protocol data unit message verification method and device therefor | |
| CN1225870C (en) | Method and apparatus for VLAN based network access control | |
| CN1852222A (en) | Method and apparatus for managing wireless access-in wide-band users | |
| CN102316119B (en) | Security control method and equipment | |
| CN101931607A (en) | Method and device for preventing user address spoofing in broadband access equipment | |
| CN1527557A (en) | Method of transmitting 802.1X audit message via bridging device | |
| CN1780231A (en) | Backup system and method for access servo interface | |
| CN101516091A (en) | Wireless local area network access control system and method based on ports | |
| CN1996960B (en) | A filtering method for instant communication message and instant communication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20080514 Termination date: 20150126 |
|
| EXPY | Termination of patent right or utility model |