CN1893392A - Method and apparatus for preventing user from obtaining operation trader network information - Google Patents
Method and apparatus for preventing user from obtaining operation trader network information Download PDFInfo
- Publication number
- CN1893392A CN1893392A CNA2005100827176A CN200510082717A CN1893392A CN 1893392 A CN1893392 A CN 1893392A CN A2005100827176 A CNA2005100827176 A CN A2005100827176A CN 200510082717 A CN200510082717 A CN 200510082717A CN 1893392 A CN1893392 A CN 1893392A
- Authority
- CN
- China
- Prior art keywords
- network
- user
- message
- icmp
- router
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The method includes main steps: determining edge router between network of operation manager and network of user; the edge router carries out filtering process for received time-out message sent from operation manager to network of user in Internet control message protocol ICMP. The invention makes network of operation manager not return router information of user data to user.
Description
Technical field
The present invention relates to communication field, relate in particular to the method and apparatus that a kind of user of preventing obtains operation trader network information.
Background technology
The IP agreement is the core of suite of the Internet protocols, and it has shielded the bottom physical network with unified routing mechanism, thereby the wide area of having realized heterogeneous network is interconnected.At present be the IPv4 agreement at the IP protocol version that uses on the internet.
Though the IP agreement has the ability of powerful transmission message, the losing of IP agreement and not responsible message, repetition, delay and situation such as out of order, therefore, the IP agreement can not guarantee that message one is delivered to the destination surely.So, pay probability of successful in order to improve the IP message, accurately reflect the delivery situation of message, IETF (Internet Engineering Task Force) has designed ICMP (the Internet Internet Control Message Protocol).
From the structure of internet, the internet is made up of the main frame of transmitting-receiving message and the router of transfer message.In view of some unreliabilities of IP agreement itself, the ICMP agreement is mainly used in control and the Report of Discrepancy message between transmission network equipment and the node.The purpose that is the ICMP agreement only is to send out main frame to the source to inform the problem that occurs in the network environment.The ICMP agreement supports that mainly by router the object information of message transmissions being fed back to the source sends out main frame.
The user of ICMP mainly is a router, and the recipient sends out host side for the source of IP message, and the simple transmission process of icmp packet is as follows:
1, when router found that certain part of IP message can't continue forwarding and delivery because of certain reason, relevant entity (being generally upper layer entity) just formed icmp packet.
2, router is according to the fault category of judging, inserts type of message, message code, message check and and the data division of message in this icmp packet respectively.
3, router intercepting source from the IP message that breaks down sends the IP address of main frame, forms the new IP message that carries this icmp packet;
4, router utilizes channel by certain route main frame to be sent out in this IP message source of being transmitted to;
5, after the source is sent out host side and received the IP message that carries icmp packet, therefrom extract icmp packet, read each field value of icmp packet, and then judge the fault type and the failure cause thereof of the IP message that breaks down.
The IP message that carries icmp packet does not have any priority in the feedback transmission process, with the same forwarding of normal IP message, unique different be that the router of transmitting this IP message just will not produce any new error message if carrying the IP message of icmp packet breaks down in transmission course.
Icmp packet mainly can be divided into two class messages, i.e. ICMP mistake report message and ICMP informedness message.
ICMP mistake report message mainly contains five kinds, promptly
1, the unreachable message in point of destination: when router or main frame can not just send the inaccessible message in point of destination to the source station when message is paid in the point of destination.
2, the source station suppresses message: owing to during congested and dropping packets, just send source station inhibition message message to the source station, the source station is known slows down the transmission rate of message when router or main frame.
3, timeout packet: when router receives that life span is zero message, except that abandoning this message, also will send timeout packet to the source station.In the time can not receiving the full content of a message in the time that the point of destination is being predesignated, just paid-in message content is all abandoned, and send above message to the source station.
4, parameter problem message: when router or destination host find that the value of the field that has in the stem of the message received is incorrect, just abandon this message, and send the parameter problem message to the source station.
5, change route (being redirected) message: router sends to main frame by changing the route message, allows main frame know and message should be issued other router next time.
Several situations that should not send ICMP mistake report message are as follows:
1, ICMP mistake report message is no longer sent ICMP mistake report message;
2, all the subsequent packet sheets to the message sheet of first burst do not send ICMP mistake report message;
3, the message with multicast address is not sent ICMP mistake report message;
4, the message with special address (as 127.0.0.0 or 0.0.0.0) is not sent ICMP mistake report message.
ICMP informedness message has four kinds:
1, echo request (Echo Request) and reply message (Echo Reply): when main frame or router after a specific destination host sends the echo request message, receive that the machine of this message must be sent out main frame or router returns reply message to the source.
2, timestamp request and reply message: this message is mainly used in please certain main frame or the current date and time of router answer.
3, mask address request message: this message is mainly used in the address mask that obtains certain interface from the subnet mask server.
4, router inquiry and notification packet: this message is mainly used in understands whether operate as normal of the router that is connected on the present networks.Main frame is broadcasted the router inquiry message.One or more routers of receiving inquiry message just use carried router notification message to broadcast its routing information.
By echo request and the function of replying two class messages (informedness message) and two kinds of messages of timeout packet (error message) are made up, can obtain the Network Transmission path of IP message.
Below we are that example illustrates traceRoute (a kind of method of tracking data transmission path or program) function with the IPv4 network.
The traceroute that uses comprises two kinds at present: ICMP traceroute and UDP (User Datagram Protoco (UDP)) traceroute.Some software companys uses ICMP traceroute, so that the traceRT that sends on some operating system uses is ICMP traceroute, other operating system is all used UDP traceroute such as the router of unix and some company.
In router and main frame, TraceRoute decides next step operation according to the value of message TTL (Time to Live, life span):
If the message TTL=0 that receives then abandons this message, send the ICMP timeout packet to source node simultaneously;
If the message TTL that receives is not equal to 0, then TTL is subtracted 1 after, this message is transmitted to upper-layer protocol handles.
General TraceRoute is provided with the value of TTL very little, painstakingly allows node on the path return the ICMP timeout packet and obtains routing information.
The operation principle of ICMP traceroute is as follows:
ICMP traceroute uses ICMP Echo Request message, ICMP Echo Reply message and ICMP TTL-expired message.Source host sends ICMP Echo Request message, and the TTL of first request message is that the TTL of 1, the second request message is 2, and increasing progressively until TTL later on according to this is 30; Middle router is sent ICMP TTL-expired (ICMP type 11) message notifying source host back to, packet is overtime by drop because of TTL simultaneously, source host is known message each router of process on the way thus, and last destination host is sent ICMP Echo Reply message back to.
The operation principle of UDP traceroute is as follows:
UDP traceroute uses ICMP TTL-expired (type 11) message, ICMP portunreachable (type 3, and code 3) message and UDP port>32768 messages.Source host sends UDPpacket, source port uses at random any greater than 32768 high section port#, destination port# whenever send a probe to increase progressively according to this since 33434, until 33434+29, (using the extended-traceroute order can revise this 33434 initial port# on the cisco router), TTL increases progressively according to this since 1 simultaneously, until 1+29=30 (sending 30 probe at most).Middle router is sent ICMP TTL-expired message back to, make source host get each middle router of cicada, last destination host is sent TTL-expired message and ICMP port unreachable message (because all using the high section port# that uses UDP port#>32768 such on any main frame) back to.
Operation principle according to ICMP traceroute recited above and UDP traceroute, the user can utilize ICMP traceroute and UDP traceroute to obtain nodal information and routing information in the network, and can be by changing the destination address of message, obtain a plurality of routing informations, these information combination are got up and just can be produced network topology.
From user's angle, what the user was concerned about is service quality, and the user needn't be concerned about the transmission which node to finish message by, and the user obtains the satisfaction that routing information also is unprofitable to improve the user.But bad assailant can utilize routing information to come network is launched a offensive, so, should obtain network route information by limited subscriber.
A kind of safe precaution method at ICMP TraceRoute is in the prior art: limit router retrieval system information by the message processing rule that changes router.The message processing rule that this method changes is mainly:
If 1, any one router filters ICMP Echo Request on the intermediate path, Traceroute just can not work;
2, sealed type 11 (Time Exceeded) message, middle router be can't see entirely, but can see that message has arrived last destination;
3, sealed ICMP Echo Reply message, all middle nodes can return TimeExceeded information, and last destination be can't see, and therefore, the user still can obtain routing information.
A kind of safe precaution method at UDP TraceRoute is in the prior art: limit router retrieval system information by the message processing rule that changes router.The message processing rule that this method changes is mainly:
If 1, any one router filters out UDP port>32768 on the intermediate path, traceroute just can not work;
2, envelope is fallen the TTL timeout packet, makes source host can't see middle router;
3, envelope is fallen Echo Reply message, makes source host can not obtain the reaction of destination node.
Shortcoming at the safe precaution method of ICMP TraceRoute and UDP TraceRoute in the described prior art is: this method will cause the inner TraceRoute of use of carrier network also to be restricted, and the important tool of TraceRoute function to be operator administer and maintain network.
Summary of the invention
In view of above-mentioned existing in prior technology problem, the purpose of this invention is to provide the method and apparatus that a kind of user of preventing obtains operation trader network information, thereby can make carrier network routing information not returned to the user.
The objective of the invention is to be achieved through the following technical solutions:
A kind of user of preventing obtains the method for operation trader network information, comprising:
A, determine the edge router between carrier network and the user network;
The Internet Internet Control Message Protocol ICMP timeout packet that mails to user network from carrier network that B, described edge router will receive carries out filtration treatment.
Described step B specifically comprises:
The ICMP timeout packet that mails to user network from carrier network that described edge router will receive abandons.
Described step B specifically comprises:
The source address that mails to the ICMP timeout packet of user network from carrier network that described edge router will receive is made amendment, and then message is normally transmitted.
Described step B specifically comprises:
The source address modification that mails to the ICMP timeout packet of user network from carrier network that described edge router will receive is self address, then message is normally transmitted.
Described step B also comprises:
What described edge router will receive mails to the address that the destination address of the ICMP timeout packet of user network is revised as the main frame that causes this ICMP timeout packet from carrier network, and this address obtains from the message body of ICMP timeout packet.
Described step B specifically comprises:
Described edge router will receive mails to the operation trader network information that comprises the ICMP timeout packet of user network from carrier network and deletes or conversion process, will be transmitted to the purpose user network through the ICMP timeout packet after deletion or the conversion process then.
Described step B specifically comprises:
B1, described edge router are according to the attribute that carries the IP message of ICMP timeout packet itself, judge that the source node that mails to the ICMP timeout packet of user network from carrier network receive is from carrier network or user network, if from carrier network, execution in step B2 then; Otherwise, execution in step B3;
B2, described edge router abandon or the address retouching operation the ICMP timeout packet that receives, and perhaps the operation trader network information that comprises in the ICMP timeout packet that receives are deleted or conversion process;
B3, described edge router are transmitted to the purpose user network with the ICMP timeout packet that receives.
The attribute of the described IP message of described step B1 itself comprises the life span TTL or the jumping figure restriction Hop Limit of IP message.
Described method is applicable to IPv4 or IPv6 network.
A kind of user of preventing obtains the device of operation trader network information, and this device is realized by router, it is characterized in that, described router comprises:
The packet filtering module: be used for through this router, the ICMP timeout packet that mails to user network from carrier network carries out filtration treatment.
Described packet filtering module comprises:
The packet loss module: be used for through this router, the ICMP timeout packet that mails to user network from carrier network abandons;
And/or,
Operation trader network information processing module: be used for mailing to the operation trader network information that comprises the ICMP timeout packet of user network from carrier network and deleting or conversion process with through this router;
And/or,
The message address modified module: be used for through this router, the ICMP timeout packet that mails to user network from carrier network carries out the address to be revised.
As seen from the above technical solution provided by the invention, the present invention is by filtering, abandon or revise the ICMP timeout packet that sends to user network through the carrier network edge, can prevent that the ICMP timeout packet that carrier network will comprise the carrier network routing information from returning to the user, or the ICMP timeout packet that returns can not be with generating the carrier network routing information.The present invention guarantees still can successfully use path trace programs such as TraceRoute simultaneously in carrier network.
Description of drawings
Fig. 1 is the concrete process chart of the method for the invention;
Fig. 2 is the networking schematic diagram of embodiment of the present invention;
Fig. 3 is the structure chart of device of the present invention.
Embodiment
The invention provides the method and apparatus that a kind of user of preventing obtains operation trader network information.Core of the present invention is: when the ICMP timeout packet sent to user network through the carrier network edge router, network edge router carried out filter operation to this ICMP timeout packet.
Describe the present invention in detail below in conjunction with accompanying drawing, the concrete handling process of the method for the invention comprises the steps: as shown in Figure 1
Step 1-1, subscriber equipment send ICMP Echo or UDP message by carrier network to the purpose user, and produce the ICMP timeout packet.
Subscriber equipment, it may be a main frame, also may be the network that multiple host, router, switch are formed, send ICMP Echo message in a plurality of ICMP TraceRoute functions to the purpose user, perhaps send the UDP message in a plurality of UDP TraceRoute functions by carrier network.
Some ICMP Echo messages or UDP message arrive intermediate router or the edge router in the carrier network, and during the router in outer some other user network of carrier network, TTL=0 in the message, so, according to the icmp packet processing rule in the router, router is with the ICMP Echo message or the UDP packet loss that receive, and according to ICMP timeout packet of IP protocols generation, the destination address of this ICMP timeout packet is set to the address of source user equipment, and source address is set to the address of router self.
Intermediate router in step 1-2, the carrier network or edge router receive the ICMP timeout packet.
The ICMP timeout packet that described step 1-1 produces will send to source user equipment by carrier network.Therefore, intermediate router in the carrier network or edge router will receive this ICMP timeout packet, if intermediate router receives this ICMP timeout packet, then execution in step 1-3; If edge router receives this ICMP timeout packet, then execution in step 1-4.
Step 1-3, intermediate router are normally transmitted the ICMP timeout packet.
Intermediate router is transmitted rule according to normal message, and the ICMP timeout packet that receives is transmitted, and message is not done special processing.
Step 1-4, edge router judge whether timeout packet is to mail to user network from carrier network.
After edge router receives the ICMP timeout packet, need to judge whether this ICMP timeout packet is to mail to user network from carrier network, if, execution in step 1-6 then; Otherwise, execution in step, 1-5.
Step 1-5, edge router are normally transmitted the ICMP timeout packet.
Edge router is transmitted rule according to normal message, and the ICMP timeout packet that receives is transmitted, and message is not done special processing.
Step 1-6, edge router carry out filter operation to the ICMP timeout packet.
If edge router judges that this ICMP timeout packet is to mail to user network from carrier network, then abandon this ICMP timeout packet; Perhaps the operation trader network information that comprises in this ICMP timeout packet is deleted or conversion process, made the user can not generate the routing information of carrier network according to this ICMP timeout packet, this path is the path of request message process; Perhaps the source address of this ICMP timeout packet is replaced with the address of edge router self, destination address replaces with source address original in the message, is about to this ICMP timeout packet and returns.
Therefore, through after the operation recited above, can prevent that the user is according to the network connection information in the ICMP timeout packet acquisition carrier network.
To the step 1-6 of the method for the invention, the invention allows for a kind of improvement project, specifically describe as follows:
Some attributes of the IP message itself of ICMP timeout packet are carried in the edge router utilization, judge that the source node that produces this ICMP timeout packet is from carrier network or user network.Because in some network plans, the TTL of the message of the node generation in the carrier network has been assigned with different scopes with the TTL of the message that the node in the user network produces, and therefore, can realize this judgement according to the message ttl value.
Edge router for the ICMP timeout packet from carrier network, does not allow it to be forwarded to user network from carrier network behind the source of having judged the ICMP timeout packet, promptly according to top description, the ICMP timeout packet is carried out filter operation; For ICMP timeout packet, still normally be transmitted to user network from user network.
Above-mentioned improvement project has certain meaning to VPN (Virtual Private Network), because two a plurality of user network/places/websites at diverse geographic location belong to same client, user in the same like this VPN can trace in other the user network/places/website that belongs to same VPN, and the user also can not obtain the information of carrier network simultaneously.
The present invention also provides the embodiment an of the method for the invention, and the networking schematic diagram of this embodiment as shown in Figure 2.
In networking shown in Figure 2, CPN is a subscriber equipment, may be a main frame, also may be the network that multiple host, router or switch are formed, and CPN may belong to same or different personal user, domestic consumer, enterprise customer or content supplier, IDC (Internet data center).
PE is a provider edge router, is positioned at the border of user network with carrier network, and PE need have two major functions:
1, as required the ICMP timeout packet is carried out filter operation,, perhaps the operation trader network information that comprises in the message is deleted or conversion process comprising message being abandoned or the address retouching operation.
2, according to the ICMP protocols, message is transmitted normally; Produce the ICMP timeout packet.
P is operator's core router, and its major function is: according to the ICMP protocols, message is transmitted normally; Produce the ICMP timeout packet.
In networking shown in Figure 2, path trace flow process of Client-initiated is as follows:
1, the user Host1 in the CPN1 sends the Echo message to the interior destination node Host4 of CPN4, and Host1 acquires the jumping figure N (the forward node number of intermediate demand process) of destination node from the Echo Reply message that returns.
2, the Host1 in the CPN1 sends a plurality of ICMP Echo or UDP message, and destination address is the address of the node Host4 in the CPN4, and the TTL of each message is made as TTL=1 successively, and 2,3 ..., N, N is the jumping figure N of destination node here.
3, some ICMP Echo of Host1 transmission or UDP message are after arriving PE1, P1, P2, PE4, its TTL=0, so, according to the icmp packet processing rule in the router, these PE1, P1, P2, PE4 are with the ICMP Echo message or the UDP packet loss that receive, and according to ICMP timeout packet of IP rules generation, the destination address of this ICMP timeout packet is set to the address of Host1, and source address is set to the address of PE1, P1, P2, PE4 self.
4, after provider edge routers such as PE1, PE2, PE3, PE4 receive the ICMP timeout packet, will check this message, judge whether this message is to mail to user network from carrier network, if then this message is carried out filter operation; Otherwise, continue to transmit this message.
Such as, if PE1 receives the ICMP timeout packet that P2 mails to Host1, then this message is carried out filter operation; If PE4 receives the ICMP timeout packet that Host4 mails to Host1, then continue to transmit this message.This message will arrive PE1 subsequently.
If do not adopt a kind of improvement project of the present invention recited above, PE1 receives after Host4 mails to the ICMP timeout packet of Host1, then this message is carried out filter operation.
If adopt a kind of improvement project of the present invention recited above, PE1 receives after Host4 mails to the ICMP timeout packet of Host1, then continues to transmit this message.
The structure chart of device of the present invention as shown in Figure 3.This device is realized by router, and is increased in router as lower module:
The packet loss module, be used for through this router, the ICMP timeout packet that mails to user network from carrier network abandons.
The message address modified module, be used for through this router, the ICMP timeout packet that mails to user network from carrier network carries out the address to be revised, and makes this ICMP timeout packet can not arrive user network.
Operation trader network information processing module: be used for mailing to the operation trader network information that comprises the ICMP timeout packet of user network from carrier network and deleting or conversion process with through this router.Make the user can not obtain the routing information of carrier network according to the ICMP timeout packet after handling.
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (11)
1, a kind of user of preventing obtains the method for operation trader network information, it is characterized in that, comprising:
A, determine the edge router between carrier network and the user network;
The Internet Internet Control Message Protocol ICMP timeout packet that mails to user network from carrier network that B, described edge router will receive carries out filtration treatment.
2, obtain the method for operation trader network information according to the described user of preventing of claim 1, it is characterized in that, described step B specifically comprises:
The ICMP timeout packet that mails to user network from carrier network that described edge router will receive abandons.
3, obtain the method for operation trader network information according to the described user of preventing of claim 1, it is characterized in that, described step B specifically comprises:
The source address that mails to the ICMP timeout packet of user network from carrier network that described edge router will receive is made amendment, and then message is normally transmitted.
4, obtain the method for operation trader network information according to the described user of preventing of claim 3, it is characterized in that, described step B specifically comprises:
The source address modification that mails to the ICMP timeout packet of user network from carrier network that described edge router will receive is self address, then message is normally transmitted.
5, obtain the method for operation trader network information according to the described user of preventing of claim 4, it is characterized in that, described step B also comprises:
What described edge router will receive mails to the address that the destination address of the ICMP timeout packet of user network is revised as the main frame that causes this ICMP timeout packet from carrier network, and this address obtains from the message body of ICMP timeout packet.
6, obtain the method for operation trader network information according to the described user of preventing of claim 1, it is characterized in that, described step B specifically comprises:
Described edge router will receive mails to the operation trader network information that comprises the ICMP timeout packet of user network from carrier network and deletes or conversion process, will be transmitted to the purpose user network through the ICMP timeout packet after deletion or the conversion process then.
7, obtain the method for operation trader network information according to the described user of preventing of claim 1, it is characterized in that, described step B specifically comprises:
B1, described edge router are according to the attribute that carries the IP message of ICMP timeout packet itself, judge that the source node that mails to the ICMP timeout packet of user network from carrier network receive is from carrier network or user network, if from carrier network, execution in step B2 then; Otherwise, execution in step B3;
B2, described edge router abandon or the address retouching operation the ICMP timeout packet that receives, and perhaps the operation trader network information that comprises in the ICMP timeout packet that receives are deleted or conversion process;
B3, described edge router are transmitted to the purpose user network with the ICMP timeout packet that receives.
8, obtain the method for operation trader network information according to the described user of preventing of claim 7, it is characterized in that, the attribute of the described IP message of described step B1 itself comprises the life span TTL or the jumping figure restriction Hop Limit of IP message.
9, obtain the method for operation trader network information according to the described user of preventing of claim 1, it is characterized in that, described method is applicable to IPv4 or IPv6 network.
10, a kind of user of preventing obtains the device of operation trader network information, and this device is realized by router, it is characterized in that, described router comprises:
The packet filtering module: be used for through this router, the ICMP timeout packet that mails to user network from carrier network carries out filtration treatment.
11, obtain the device of operation trader network information according to the described user of preventing of claim 10, it is characterized in that, described packet filtering module comprises:
The packet loss module: be used for through this router, the ICMP timeout packet that mails to user network from carrier network abandons;
And/or,
Operation trader network information processing module: be used for mailing to the operation trader network information that comprises the ICMP timeout packet of user network from carrier network and deleting or conversion process with through this router;
And/or,
The message address modified module: be used for through this router, the ICMP timeout packet that mails to user network from carrier network carries out the address to be revised.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100827176A CN100502352C (en) | 2005-07-07 | 2005-07-07 | Method and apparatus for preventing user from obtaining operation trader network information |
| PCT/CN2006/000935 WO2007006193A1 (en) | 2005-07-07 | 2006-05-10 | A method for preventing the user from obtaining the service provider network information and the equipment as well as the system thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100827176A CN100502352C (en) | 2005-07-07 | 2005-07-07 | Method and apparatus for preventing user from obtaining operation trader network information |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1893392A true CN1893392A (en) | 2007-01-10 |
| CN100502352C CN100502352C (en) | 2009-06-17 |
Family
ID=37597914
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005100827176A Expired - Fee Related CN100502352C (en) | 2005-07-07 | 2005-07-07 | Method and apparatus for preventing user from obtaining operation trader network information |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN100502352C (en) |
| WO (1) | WO2007006193A1 (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101964723A (en) * | 2010-07-30 | 2011-02-02 | 中国联合网络通信集团有限公司 | Communication operator network information interaction management method and system |
| CN102025483B (en) * | 2009-09-17 | 2012-07-04 | 国基电子(上海)有限公司 | Wireless router and method for preventing malicious scanning by using same |
| CN103986652A (en) * | 2014-05-22 | 2014-08-13 | 杭州华三通信技术有限公司 | Router tracking method and device |
| CN105828218A (en) * | 2016-04-19 | 2016-08-03 | 华为技术有限公司 | Method for detecting transmission quality of multicast streams, device and system |
| WO2022247603A1 (en) * | 2021-05-28 | 2022-12-01 | 中兴通讯股份有限公司 | Information processing method, network device, network system, and storage medium |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112448912B (en) * | 2019-08-27 | 2023-08-01 | 中兴通讯股份有限公司 | Method, device and storage medium for preventing message attack |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5892753A (en) * | 1996-12-02 | 1999-04-06 | International Business Machines Corporation | System and method for dynamically refining PMTU estimates in a multimedia datastream internet system |
| US6339595B1 (en) * | 1997-12-23 | 2002-01-15 | Cisco Technology, Inc. | Peer-model support for virtual private networks with potentially overlapping addresses |
| US20030236913A1 (en) * | 2002-06-25 | 2003-12-25 | Hoban Adrian C. | Network address translation for internet control message protocol packets |
-
2005
- 2005-07-07 CN CNB2005100827176A patent/CN100502352C/en not_active Expired - Fee Related
-
2006
- 2006-05-10 WO PCT/CN2006/000935 patent/WO2007006193A1/en active Application Filing
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102025483B (en) * | 2009-09-17 | 2012-07-04 | 国基电子(上海)有限公司 | Wireless router and method for preventing malicious scanning by using same |
| CN101964723A (en) * | 2010-07-30 | 2011-02-02 | 中国联合网络通信集团有限公司 | Communication operator network information interaction management method and system |
| CN101964723B (en) * | 2010-07-30 | 2012-03-28 | 中国联合网络通信集团有限公司 | Communication operator network information interaction management method and system |
| CN103986652A (en) * | 2014-05-22 | 2014-08-13 | 杭州华三通信技术有限公司 | Router tracking method and device |
| CN105828218A (en) * | 2016-04-19 | 2016-08-03 | 华为技术有限公司 | Method for detecting transmission quality of multicast streams, device and system |
| CN105828218B (en) * | 2016-04-19 | 2019-06-11 | 华为技术有限公司 | A kind of method, apparatus and system detecting multicast data flow transmission quality |
| WO2022247603A1 (en) * | 2021-05-28 | 2022-12-01 | 中兴通讯股份有限公司 | Information processing method, network device, network system, and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100502352C (en) | 2009-06-17 |
| WO2007006193A1 (en) | 2007-01-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Pusateri | Distance vector multicast routing protocol | |
| CN101030943A (en) | Method for transmitting message and route | |
| CN1909503A (en) | Method for detecting maximal transmission unit of path | |
| CN1221153C (en) | Data packet tranmitting method and communicating system thereof | |
| CN1929472A (en) | Method, system, signal and medium for managing data transmission in a data network | |
| CN1921457A (en) | Network equipment and message transferring method based on multiple-core processor | |
| CN1863147A (en) | Method for implementing multicast data stream retransmission in virtual special LAN service | |
| CN1893392A (en) | Method and apparatus for preventing user from obtaining operation trader network information | |
| CN1716912A (en) | Method and apparatus providing rapid end-to-end failover in a packet switched communications network | |
| CN1777149A (en) | Method for realizing multicast translation in three-layer switching unit | |
| CN1879348A (en) | Method of controlling communication between devices in a network and apparatus for the same | |
| CN101047601A (en) | Implementing method and system of double-attach network based on VPLS | |
| CN101047714A (en) | Apparatus and method for processing network data | |
| CN1976313A (en) | High performance router routing protocol distribution parallel realizing method | |
| CN1852239A (en) | Method for actualizing route strategy through boundary gateway | |
| CN1929444A (en) | Operator's boundary notes, virtual special LAN service communication method and system | |
| CN1949740A (en) | Processing method for BGP load sharing medium route | |
| CN101047614A (en) | Flow transmission route set-up method and data transmission system in IPv6 network environment | |
| CN1501659A (en) | Communication device, edge router device, server device, communication system and communication method | |
| CN1441580A (en) | Packet communication system and trasmission equipment | |
| CN101064637A (en) | Method for guaranteeing quality of service of operation maintenance data stream | |
| CN1711715A (en) | Determining a path through a managed network | |
| CN1503539A (en) | Routing table management method using interface ID in the IPV6 | |
| CN101043385A (en) | System and method for detecting service healthiness | |
| CN101052004A (en) | Multicast transmission method based on virtual distribution net in network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090617 Termination date: 20170707 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |