DE60329786D1 - Verfahren und vorrichtung zur verhinderung des fälschens von netzwerkadressen - Google Patents

Verfahren und vorrichtung zur verhinderung des fälschens von netzwerkadressen

Info

Publication number
DE60329786D1
DE60329786D1 DE60329786T DE60329786T DE60329786D1 DE 60329786 D1 DE60329786 D1 DE 60329786D1 DE 60329786 T DE60329786 T DE 60329786T DE 60329786 T DE60329786 T DE 60329786T DE 60329786 D1 DE60329786 D1 DE 60329786D1
Authority
DE
Germany
Prior art keywords
network addresses
preventing false
address
binding
preventing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
DE60329786T
Other languages
English (en)
Inventor
Ammar Rayes
Michael Cheung
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cisco Technology Inc
Original Assignee
Cisco Technology Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cisco Technology Inc filed Critical Cisco Technology Inc
Application granted granted Critical
Publication of DE60329786D1 publication Critical patent/DE60329786D1/de
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/145Detection or countermeasures against cache poisoning
DE60329786T 2002-09-16 2003-09-16 Verfahren und vorrichtung zur verhinderung des fälschens von netzwerkadressen Expired - Lifetime DE60329786D1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/244,996 US7234163B1 (en) 2002-09-16 2002-09-16 Method and apparatus for preventing spoofing of network addresses
PCT/US2003/029308 WO2004025926A1 (en) 2002-09-16 2003-09-16 Method and apparatus for preventing spoofing of network addresses

Publications (1)

Publication Number Publication Date
DE60329786D1 true DE60329786D1 (de) 2009-12-03

Family

ID=31992016

Family Applications (1)

Application Number Title Priority Date Filing Date
DE60329786T Expired - Lifetime DE60329786D1 (de) 2002-09-16 2003-09-16 Verfahren und vorrichtung zur verhinderung des fälschens von netzwerkadressen

Country Status (8)

Country Link
US (1) US7234163B1 (de)
EP (1) EP1609291B1 (de)
CN (1) CN1682516B (de)
AT (1) ATE446642T1 (de)
AU (1) AU2003276894A1 (de)
CA (1) CA2499296C (de)
DE (1) DE60329786D1 (de)
WO (1) WO2004025926A1 (de)

Families Citing this family (99)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7359333B1 (en) * 2002-06-10 2008-04-15 Cisco Technology, Inc. Approach for managing internet protocol telephony devices in networks
US8260961B1 (en) * 2002-10-01 2012-09-04 Trustwave Holdings, Inc. Logical / physical address state lifecycle management
US20050207447A1 (en) * 2003-01-29 2005-09-22 Fujitsu Limited IP address duplication monitoring device, IP address duplication monitoring method and IP address duplication monitoring program
US7562390B1 (en) * 2003-05-21 2009-07-14 Foundry Networks, Inc. System and method for ARP anti-spoofing security
US7516487B1 (en) * 2003-05-21 2009-04-07 Foundry Networks, Inc. System and method for source IP anti-spoofing security
US20040255154A1 (en) * 2003-06-11 2004-12-16 Foundry Networks, Inc. Multiple tiered network security system, method and apparatus
US8984644B2 (en) 2003-07-01 2015-03-17 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
US9118708B2 (en) 2003-07-01 2015-08-25 Securityprofiling, Llc Multi-path remediation
US9118711B2 (en) * 2003-07-01 2015-08-25 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
US9100431B2 (en) 2003-07-01 2015-08-04 Securityprofiling, Llc Computer program product and apparatus for multi-path remediation
US20070113272A2 (en) 2003-07-01 2007-05-17 Securityprofiling, Inc. Real-time vulnerability monitoring
US9118709B2 (en) 2003-07-01 2015-08-25 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
EP1494433B1 (de) * 2003-07-03 2011-05-04 Alcatel Lucent Überprüfung auf doppelte MAC Adressen und dynamische Zuweisung von MAC Adressen
US7876772B2 (en) 2003-08-01 2011-01-25 Foundry Networks, Llc System, method and apparatus for providing multiple access modes in a data communications network
JP4174392B2 (ja) * 2003-08-28 2008-10-29 日本電気株式会社 ネットワークへの不正接続防止システム、及びネットワークへの不正接続防止装置
US7735114B2 (en) 2003-09-04 2010-06-08 Foundry Networks, Inc. Multiple tiered network security system, method and apparatus using dynamic user policy assignment
US7774833B1 (en) 2003-09-23 2010-08-10 Foundry Networks, Inc. System and method for protecting CPU against remote access attacks
CN1319338C (zh) * 2003-11-06 2007-05-30 北京佳讯飞鸿电气有限责任公司 网络通信中解决ip地址冲突的方法
US8528071B1 (en) 2003-12-05 2013-09-03 Foundry Networks, Llc System and method for flexible authentication in a data communications network
US20050198242A1 (en) * 2004-01-05 2005-09-08 Viascope Int. System and method for detection/interception of IP collision
US7607021B2 (en) * 2004-03-09 2009-10-20 Cisco Technology, Inc. Isolation approach for network users associated with elevated risk
US7801123B2 (en) * 2004-04-16 2010-09-21 Alcatel Lucent Method and system configured for facilitating residential broadband service
US20070192862A1 (en) * 2004-05-12 2007-08-16 Vincent Vermeulen Automated containment of network intruder
US8065408B2 (en) * 2004-06-30 2011-11-22 Nokia, Inc. Method and system for dynamic device address management
US7697545B1 (en) * 2004-07-14 2010-04-13 Computer Associates Think, Inc. Discovery of component relationships in distributed data processing networks
US8068414B2 (en) * 2004-08-09 2011-11-29 Cisco Technology, Inc. Arrangement for tracking IP address usage based on authenticated link identifier
EP1643710A1 (de) * 2004-09-30 2006-04-05 Nagravision S.A. Verfahren zum Aktualisieren einer Nachschlagetabelle mit Adressen und Identifizierungsnummern
US7877519B2 (en) * 2004-10-18 2011-01-25 Intel Corporation Selecting one of a plurality of adapters to use to transmit a packet
US20060090196A1 (en) * 2004-10-21 2006-04-27 Van Bemmel Jeroen Method, apparatus and system for enforcing security policies
US7471684B2 (en) * 2004-10-21 2008-12-30 International Machines Corporation Preventing asynchronous ARP cache poisoning of multiple hosts
CN1780287B (zh) * 2004-11-18 2012-09-05 中兴通讯股份有限公司 一种自动绑定动态地址解析协议表条目的方法
US7500269B2 (en) 2005-01-07 2009-03-03 Cisco Technology, Inc. Remote access to local content using transcryption of digital rights management schemes
US7533258B2 (en) * 2005-01-07 2009-05-12 Cisco Technology, Inc. Using a network-service credential for access control
FR2881592A1 (fr) * 2005-02-02 2006-08-04 France Telecom Procede et dispositif de detection d'usurpations d'adresse dans un reseau informatique
US20060209818A1 (en) * 2005-03-18 2006-09-21 Purser Jimmy R Methods and devices for preventing ARP cache poisoning
US7715409B2 (en) * 2005-03-25 2010-05-11 Cisco Technology, Inc. Method and system for data link layer address classification
KR100528171B1 (ko) * 2005-04-06 2005-11-15 스콥정보통신 주식회사 네트워크 상에서 특정 아이피 주소 또는 특정 장비를보호/차단하기 위한 아이피 관리 방법 및 장치
CN1855812B (zh) * 2005-04-25 2010-04-28 华为技术有限公司 防止mac地址仿冒的实现方法和设备
US8028160B1 (en) * 2005-05-27 2011-09-27 Marvell International Ltd. Data link layer switch with protection against internet protocol spoofing attacks
CN100417123C (zh) * 2005-06-09 2008-09-03 华为技术有限公司 弹性分组环地址绑定方法
JP4664143B2 (ja) * 2005-07-22 2011-04-06 株式会社日立製作所 パケット転送装置、通信網及びパケット転送方法
US8238352B2 (en) * 2005-09-02 2012-08-07 Cisco Technology, Inc. System and apparatus for rogue VoIP phone detection and managing VoIP phone mobility
US8118677B2 (en) 2005-09-07 2012-02-21 Bally Gaming International, Inc. Device identification
US8392707B2 (en) * 2005-09-07 2013-03-05 Bally Gaming, Inc. Gaming network
CN100581162C (zh) * 2006-01-26 2010-01-13 西门子(中国)有限公司 一种防止地址解析欺骗的方法
GB0601700D0 (en) * 2006-01-27 2006-03-08 Claricom Ltd Printing Method
US8804729B1 (en) * 2006-02-16 2014-08-12 Marvell Israel (M.I.S.L.) Ltd. IPv4, IPv6, and ARP spoofing protection method
CN100579121C (zh) * 2006-02-17 2010-01-06 华为技术有限公司 一种保障专线用户上网的方法
CN100407704C (zh) * 2006-02-20 2008-07-30 杭州华三通信技术有限公司 媒体接入控制层地址的动态学习方法
US7730181B2 (en) 2006-04-25 2010-06-01 Cisco Technology, Inc. System and method for providing security backup services to a home network
CN100452772C (zh) * 2006-05-31 2009-01-14 杭州华三通信技术有限公司 三层转发方法、装置及地址解析协议信息表更新方法
WO2008009160A1 (fr) * 2006-06-30 2008-01-24 Zte Corporation Procédé de configuration d'accès pour l'ajout de liens et systèmes d'ajout de liens
US8107396B1 (en) * 2006-07-24 2012-01-31 Cisco Technology, Inc. Host tracking in a layer 2 IP ethernet network
US7539189B2 (en) * 2006-08-01 2009-05-26 Cisco Technology, Inc. Apparatus and methods for supporting 802.1X in daisy chained devices
US7860099B2 (en) * 2006-12-21 2010-12-28 Alpha Networks Inc. Method for managing and setting many network devices
US8635680B2 (en) 2007-04-19 2014-01-21 Microsoft Corporation Secure identification of intranet network
CN101321054B (zh) * 2007-06-08 2011-02-09 华为技术有限公司 自动防止网络侧媒体接入控制地址被仿冒的方法及其装置
CN101193116B (zh) * 2007-07-09 2010-07-28 福建星网锐捷网络有限公司 一种联动对抗地址解析协议攻击的方法、系统及路由器
US8437360B2 (en) * 2007-11-14 2013-05-07 Cisco Technology, Inc. Stateful DHCPv6 relay agent in a cable modem termination system
US8521856B2 (en) * 2007-12-29 2013-08-27 Cisco Technology, Inc. Dynamic network configuration
US7778203B2 (en) * 2008-02-01 2010-08-17 Microsoft Corporation On-demand MAC address lookup
US8289879B2 (en) * 2008-02-07 2012-10-16 Ciena Corporation Methods and systems for preventing the misconfiguration of optical networks using a network management system
WO2010041788A1 (en) * 2008-10-10 2010-04-15 Plustech Inc. A method for neutralizing the arp spoofing attack by using counterfeit mac addresses
KR100996288B1 (ko) * 2008-10-10 2010-11-23 플러스기술주식회사 가상 mac 주소를 이용하여 arp 스푸핑 공격에 대응하는 방법
CN101436934B (zh) * 2008-10-20 2013-04-24 福建星网锐捷网络有限公司 一种控制用户上网的方法、系统及设备
EP2182683B1 (de) 2008-10-29 2012-07-25 Alcatel Lucent Selbstkonfiguration einer Adressentabelle in einem Zugangsknoten
CN101488964B (zh) * 2009-02-20 2011-09-28 杭州华三通信技术有限公司 实现地址解析和实现二层通信的方法、系统和路由器
US20100235914A1 (en) * 2009-03-13 2010-09-16 Alcatel Lucent Intrusion detection for virtual layer-2 services
DE102009030726A1 (de) * 2009-06-26 2010-12-30 Repower Systems Ag Anordnung und Verfahren zum Steuern des Zugriffs auf ein windparkinternes Datennetz
TWI413375B (zh) * 2010-03-04 2013-10-21 Gemtek Technology Co Ltd 路由裝置及相關的控制電路
US20120047583A1 (en) * 2010-08-20 2012-02-23 Nyemahame Nsirim L Cable fraud detection system
JP5532458B2 (ja) * 2010-12-09 2014-06-25 日本電気株式会社 コンピュータシステム、コントローラ、及びネットワーク監視方法
KR101236822B1 (ko) * 2011-02-08 2013-02-25 주식회사 안랩 Arp록킹 기능을 이용한 arp스푸핑 공격 탐지 방법과 그 방법을 실행하기 위한 프로그램이 기록된 기록매체
CN103716179A (zh) * 2011-03-09 2014-04-09 成都勤智数码科技股份有限公司 一种基于Telnet/SSH的网络终端管理的方法
CN103763120A (zh) * 2011-03-09 2014-04-30 成都勤智数码科技股份有限公司 基于snmp的网络终端管理的方法
CN103763119A (zh) * 2011-03-09 2014-04-30 成都勤智数码科技股份有限公司 基于Telnet/SSH的网络终端管理的方法
CN102137109B (zh) * 2011-03-18 2013-08-28 华为技术有限公司 一种访问控制方法、接入设备及系统
CN102694771A (zh) * 2011-03-22 2012-09-26 上海艾泰科技有限公司 在网关dhcp服务端绑定ip-mac的方法及网关dhcp服务端
KR101231975B1 (ko) * 2011-05-12 2013-02-08 (주)이스트소프트 차단서버를 이용한 스푸핑 공격 방어방법
KR101270041B1 (ko) * 2011-10-28 2013-05-31 삼성에스디에스 주식회사 Arp 스푸핑 공격 탐지 시스템 및 방법
CN103095858B (zh) * 2011-10-28 2018-02-16 中兴通讯股份有限公司 地址解析协议arp报文处理的方法、网络设备及系统
US9270454B2 (en) 2012-08-31 2016-02-23 Hewlett Packard Enterprise Development Lp Public key generation utilizing media access control address
KR101228089B1 (ko) * 2012-09-10 2013-02-01 한국인터넷진흥원 Ip 스푸핑 탐지 장치
TWI491233B (zh) * 2012-11-26 2015-07-01 Sofnet Corp 用以認定網點之發生事件之方法
US10015176B2 (en) * 2013-07-15 2018-07-03 Cyberseal Ltd. Network protection
US8789040B1 (en) * 2013-07-16 2014-07-22 Appenity LLC Converting non-natively executable programs to downloadable executable programs
CN105024949A (zh) * 2014-04-28 2015-11-04 国网山西省电力公司电力科学研究院 端口自动绑定方法及系统
JP2016158011A (ja) * 2015-02-23 2016-09-01 ルネサスエレクトロニクス株式会社 配信制御装置、データ配信システム、配信制御方法及びプログラム
KR102064614B1 (ko) * 2015-03-10 2020-01-09 엘에스산전 주식회사 Plc 이더넷 통신 모듈의 ip 주소 충돌 확인방법
CN105991794B (zh) * 2015-06-01 2019-05-07 杭州迪普科技股份有限公司 一种地址学习方法及装置
KR101687811B1 (ko) 2015-09-07 2017-02-01 박준영 ARP_Probe 패킷을 이용한 Agent 방식의 ARP 스푸핑 탐지 방법
US10382392B2 (en) * 2016-08-01 2019-08-13 Big Switch Networks, Inc. Systems and methods for network address translation
CN108574672A (zh) * 2017-03-10 2018-09-25 武汉安天信息技术有限责任公司 应用于移动终端的arp攻击感知的方法及装置
US10469529B2 (en) * 2017-07-13 2019-11-05 Nicira, Inc. Address checking to protect against denial of service attack
BR112020003137A2 (pt) 2017-08-14 2020-08-04 Huawei Technologies Co., Ltd. métodos e aparelhos para evitar tempestade de paginação durante difusão de arp para pdu tipo ethernet
US11418478B2 (en) * 2018-12-20 2022-08-16 Arris Enterprises Llc Systems and methods for improving ARP/ND performance on host communication devices
US11277442B2 (en) * 2019-04-05 2022-03-15 Cisco Technology, Inc. Verifying the trust-worthiness of ARP senders and receivers using attestation-based methods
US11438375B2 (en) 2020-06-02 2022-09-06 Saudi Arabian Oil Company Method and system for preventing medium access control (MAC) spoofing attacks in a communication network
CN111835880A (zh) * 2020-06-23 2020-10-27 新浪网技术(中国)有限公司 一种ip地址分配方法及系统

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH1011369A (ja) * 1996-06-27 1998-01-16 Hitachi Ltd 通信システムおよびホットスタンバイ切替機能を備える情報処理装置
AU5514298A (en) 1996-12-09 1998-07-03 Motorola, Inc. System, device, and method for routing dhcp packets in a public data network
US5978373A (en) * 1997-07-11 1999-11-02 Ag Communication Systems Corporation Wide area network system providing secure transmission
US6108703A (en) * 1998-07-14 2000-08-22 Massachusetts Institute Of Technology Global hosting system
US6618398B1 (en) * 1998-08-06 2003-09-09 Nortel Networks Limited Address resolution for internet protocol sub-networks in asymmetric wireless networks
US6256314B1 (en) * 1998-08-11 2001-07-03 Avaya Technology Corp. Apparatus and methods for routerless layer 3 forwarding in a network
US6980515B1 (en) * 1999-02-23 2005-12-27 Alcatel Multi-service network switch with quality of access
US6393484B1 (en) 1999-04-12 2002-05-21 International Business Machines Corp. System and method for controlled access to shared-medium public and semi-public internet protocol (IP) networks
US6611525B1 (en) * 1999-10-07 2003-08-26 3Com Corporation Apparatus for and method of learning MAC addresses in a LAN emulation network
US6466986B1 (en) 1999-12-30 2002-10-15 Nortel Networks Limited Method and apparatus for providing dynamic host configuration protocol (DHCP) tagging
US20020013858A1 (en) * 2000-02-09 2002-01-31 Anderson Keith R. ARP caching apparatus and method
US6807179B1 (en) * 2000-04-18 2004-10-19 Advanced Micro Devices, Inc. Trunking arrangement in a network switch
IL144100A (en) 2000-07-06 2006-08-01 Samsung Electronics Co Ltd A method based on MAC address in communication restriction
US6633761B1 (en) * 2000-08-11 2003-10-14 Reefedge, Inc. Enabling seamless user mobility in a short-range wireless networking environment
JP2003018196A (ja) * 2001-04-27 2003-01-17 Fujitsu Ltd パケット転送装置、半導体装置、および、パケット転送システム
US7134012B2 (en) * 2001-08-15 2006-11-07 International Business Machines Corporation Methods, systems and computer program products for detecting a spoofed source address in IP datagrams
US7054944B2 (en) * 2001-12-19 2006-05-30 Intel Corporation Access control management system utilizing network and application layer access control lists
US6745333B1 (en) * 2002-01-31 2004-06-01 3Com Corporation Method for detecting unauthorized network access by having a NIC monitor for packets purporting to be from itself

Also Published As

Publication number Publication date
WO2004025926A1 (en) 2004-03-25
US7234163B1 (en) 2007-06-19
EP1609291A1 (de) 2005-12-28
ATE446642T1 (de) 2009-11-15
CA2499296C (en) 2010-11-16
CN1682516B (zh) 2012-05-30
AU2003276894A1 (en) 2004-04-30
EP1609291B1 (de) 2009-10-21
CN1682516A (zh) 2005-10-12
CA2499296A1 (en) 2004-03-25

Similar Documents

Publication Publication Date Title
DE60329786D1 (de) Verfahren und vorrichtung zur verhinderung des fälschens von netzwerkadressen
JP4043052B2 (ja) Dhcpを用いてネットワークにおける学習されたipアドレスをオーバライドする方法
ATE318478T1 (de) Techniken zur abladung kryptographischer verarbeitung für mehrfachnetzwerkverkehrsströme
EP1986386A4 (de) Verfahren zum binden der adresse des benutzerendgeräts in den zugangsgeräten
DE60221843D1 (de) Verfahren und vorrichtung zum auflösen einer geräteidentifikation zu einer internetadresse via domänennamenserver
AU2003259554A1 (en) Network terminal device, address management server, communication system, and network communication method using mac addresses to determine the ip target addresses
ATE524913T1 (de) Netzwerkadressenübersetzung ankommender sip verbindungen
WO2002082794A3 (en) System and method for performing ip telephony
ATE422778T1 (de) Verfahren, vorrichtung und computerprogramm- produkt zur bereitstellung einer gesicherten verbindung zu einem rechnergestützten gerät
AU2002347725A1 (en) Method and arrangement for preventing illegitimate use of ip addresses
GB2418804B (en) Method and system for generating IP addresses of access terminals and transmitting messages for generation of IP addresses in an IP system
ATE410875T1 (de) Verfahren zur zuordnung einer ip-adresse zu einem gerät
ATE504151T1 (de) Intelligenter netzwerkadressenübersetzer und verfahren zur netzwerkadressenübersetzung
GB2372849B (en) Method for determining master or slave mode in a storage server subnet
WO2006101678A3 (en) Method and system for automatically interconnecting ipv4 networks across an ipv6 network
WO2006028674A3 (en) A system and method for sharing an ip address
CA2520501A1 (en) Methods and apparatus for securing proxy mobile ip
DE60111823D1 (de) Verfahren zur vermeidung von ppp-zeitrüberschreitungen während ipcp-verhandlungen
DE60315143D1 (de) Verfahren und Einrichtung zur Ethernet-MAC-Adressumsetzung in Ethernet-Zugangsnetzwerken
DE60211270D1 (de) Vorrichtung und Verfahren zur Erbringung von Rechnernetzwerken
WO2006098837A3 (en) Method for facilitating application server functionality and access node comprising same
ATE433249T1 (de) Verfahren und vorrichtung zur untersuchung von adressenbindeprotokollen zwischen schichten
WO2001086866A3 (en) Unique address space and method for a transport network
DE602005011622D1 (de) Bereitstellung von Lokaleranschluss IPV4-Adressierung über mehrere Schnittstellen eines Netzwerkknotens
TW200705887A (en) Apparatus, method for monitoring network, network system, network monitoring method and network communication method

Legal Events

Date Code Title Description
8364 No opposition during term of opposition