+

CN100484132C - A method for preventing counterfeit host in IP Ethernet - Google Patents

A method for preventing counterfeit host in IP Ethernet Download PDF

Info

Publication number
CN100484132C
CN100484132C CNB031544614A CN03154461A CN100484132C CN 100484132 C CN100484132 C CN 100484132C CN B031544614 A CNB031544614 A CN B031544614A CN 03154461 A CN03154461 A CN 03154461A CN 100484132 C CN100484132 C CN 100484132C
Authority
CN
China
Prior art keywords
address
arp
message
host
ethernet
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB031544614A
Other languages
Chinese (zh)
Other versions
CN1604586A (en
Inventor
杨磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CNB031544614A priority Critical patent/CN100484132C/en
Publication of CN1604586A publication Critical patent/CN1604586A/en
Application granted granted Critical
Publication of CN100484132C publication Critical patent/CN100484132C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

本发明公开了一种防范网际协议(IP)以太网中通过地址解析协议(ARP)报文假冒主机的方法,其特征在于该方法包括:A.网际协议以太网中的主机接收ARP报文;B.该主机根据步骤A所收到的ARP报文中的IP地址在以太网中获得该IP地址所对应的主机的真实硬件地址;C.该主机判断所得到的真实硬件地址是否与步骤A所接收到的ARP报文中的硬件地址相一致,如果是,则将步骤A所收到的ARP报文中的IP地址和硬件地址更新于该主机的ARP表中;否则,不对该主机的ARP表进行更新。

Figure 03154461

The invention discloses a method for preventing an Internet Protocol (IP) Ethernet from impersonating a host through an Address Resolution Protocol (ARP) message, which is characterized in that the method comprises: A. the host in the Internet Protocol Ethernet receives the ARP message; B. this main frame obtains the real hardware address of the corresponding main frame of this IP address according to the IP address in the ARP message that step A receives; C. this main frame judges whether the real hardware address obtained is consistent with step A The hardware address in the received ARP message is consistent, if yes, then the IP address and the hardware address in the ARP message received in step A are updated in the ARP table of the host; The ARP table is updated.

Figure 03154461

Description

A kind of method of taking precautions against personation main frame in the Internet protocol Ethernet
Technical field
The present invention relates to network safety filed, relate in particular to the method for palming off main frame in a kind of strick precaution Internet protocol (IP) Ethernet by the ARP message.
Background technology
Current, many new meanss of destruction have appearred in internet worm destructive more and more diversified.Attack for network reliability is exactly a kind of of these new meanss of destruction.This kind attack is not a purpose with the information of stealing, but at the leak in the network, the network equipment is attacked, destroy the normal communication of network, thereby cause network paralysis, and be a kind of common mode of this kind attack to the attack of Ethernet.The reason that Ethernet is subject to this kind attack is:
1, in the former network, Ethernet has more among the present Intranet, and traditional network management is thought, Intranet is very safe, therefore only is provided with network security for the outlet of Intranet and takes precautions against strategy, and the precautionary measures are not set in Intranet;
2,, cause network management department can't realize the network use of each user in the Intranet is monitored owing to the difference of client in the Intranet; And meanwhile, along with new means of destruction constantly appears in computer virus, and more uses of the low and middle-end networking products of much being attacked easily, cause the attack that is more prone to realize to this Ethernet;
3, along with the popularizing of the rise in broadband and novel business, Ethernet more and more is applied in the outer net with respect to network management department, and the broadband cell that Ethernet inserts is exactly an example wherein, and in such cases, Ethernet is more vulnerable to attack.
And for adopting this Ethernet to realize the user of communication, in case this Ethernet is under attack, cause network paralysis, even without losing any valued data, also can cause the very large loss that is directly proportional with the network paralysis time, and for utilizing Ethernet to carry out the company of Working service, this loss is often even more serious than losing data.
Below, introduce attack method at the Ethernet of Internet protocol (IP) agreement.
In the Ethernet of IP agreement, come node in the marked network by the IP address, realize transfer of data according to the hardware address of node in the network, therefore, in data transmission procedure, certainly exist the process that according to IP address resolution obtains hardware address.Each node in the Ethernet adopts the address (MAC) of Ethernet of IEEE802 protocol family location as hardware address more, when a main frame and another host communication, communication two party at first needs to obtain the other side's IP address, utilize ARP(Address Resolution Protocol) to carry out address resolution then, obtain and the corresponding hardware address MAC in this IP address, communication two party is according to obtaining the transmission of MAC Address at the enterprising line data message of Ethernet.In above-mentioned ARP agreement, exist two kinds of messages to realize the communication of this agreement, be respectively ARP request message and arp reply message, use these two kinds of messages to carry out the operation principle that the MAC of IP address is resolved to the ARP agreement below:
Main frame in Ethernet need be when an IP address sends message, use the ARP request message, this ARP request message adopts broadcast mode to send in Ethernet, the All hosts that comprises gateway in the Ethernet can both be received this ARP request message, in this ARP request message, comprise following information: the MAC Address of the IP address of sender's IP address, sender's MAC Address, request and request, because the current the unknown of MAC Address of being asked, so this is empty; The main frame that receives this ARP request can be kept at the IP address of the sender in the request message and sender's MAC Address in the ARP table of this main frame as a list item;
After main frame in Ethernet is received the ARP request message, can take out the IP address of the request in this request message and the IP address of oneself compares, if it is identical, then use the arp reply message that the MAC Address of this main frame is sent to the main frame that sends this ARP request message, specifically comprise: " MAC Address of request " item of ARP request message put into the MAC Address of oneself by this main frame, then current ARP request message is sent to the main frame that sends the ARP request message as the arp reply message, the main frame that receives this arp reply message is kept at " the IP address of request " in this arp reply message and " MAC Address of request " list item in its ARP table, thereby obtains and the corresponding MAC Address in IP address of being asked;
After finishing MAC parsing in the above described manner to the IP address, main frame in the Ethernet can be preserved corresponding IP address and MAC Address in the ARP table of himself, like this, main frame in Ethernet is when an IP address transmission data, can from the ARP table of himself, obtain and this corresponding MAC Address in IP address, and this MAC Address is filled up in the heading of data, these data just can be implemented in transmission on the Ethernet according to this MAC Address; Owing to the IP address of main frame in the Ethernet may thereby change owing to the former of the reason of artificial preparation or Random assignment, therefore, the corresponding relation of the IP address of main frame and MAC Address in view of the above will be different in the IP Ethernet, according to this kind situation, content in the ARP of the main frame in the Ethernet table is set to and can upgrades, to satisfy the needs that IP address that the IP address change caused and MAC Address corresponding relation change.
Malicious user in the Ethernet carries out in the MAC resolving of IP address Ethernet being attacked according to the above-mentioned ARP of utilization agreement usually, below in conjunction with object lesson its attack pattern is illustrated.
Referring to Fig. 1, be example with an IP agreement Ethernet that inserts the Internet (INTERNET), personal computer (PC) utilizes the normal access process of this Ethernet as follows:
With PC1 is example, when PC1 need visit external network, at first needs to know the IP address ip 1 of gateway 1, and the common static configuration in this IP address obtains, and also can obtain by other agreement; Then, PC1 utilizes ARP(Address Resolution Protocol) to comprise that in this Ethernet the All hosts of gateway 1 carries out ARP broadcasting, by ARP request message of this broadcast transmission, receiving each main frame of this ARP request can be with the IP address in this request message and during the corresponding hardware address ARP that is kept at self shows with it, according to above-mentioned MAC Address resolving, gateway in the IP Ethernet can receive the ARP request message that each main frame sent in the Ethernet, therefore, to preserve the IP address of each main frame and corresponding hardware address MAC with it in the ARP of this gateway table, gateway is according to these IP addresses and corresponding hardware address MAC and each main frame carry out communication with it.
Referring to Fig. 2, suppose the malicious user PC2 that in this Ethernet, has an attacking network, PC2 can utilize the main frame in the following method personation Ethernet, realizes the attack to the IP Ethernet:
PC2 forges and sends the ARP message of the corresponding IP1 of a hardware address MAC2, this message may be the ARP request message, it also can be the arp reply message, if the ARP request message, then " sender's the IP address " in this message and " sender's MAC Address " two contents are forged into " IP1 " and " MAC2 " respectively; If with the arp reply message as attack means, then " IP address of request " in this arp reply message and " MAC Address of request " two are forged into " IP1 " and " MAC2 " respectively; According to above-mentioned ARP agreement operation principle, after gateway is received this ARP message, with the content in the ARP list item on the new gateway more, with the pairing hardware address covering becoming of former IP1 MAC2, after carrying out aforesaid operations, the purpose hardware address of the data of the original designated PC1 of sending to just is modified to the hardware address MAC2 for malicious user on the gateway, thereby the data that cause sending to PC1 can be sent to PC2 mistakenly, the network data that causes PC1 normally not to be received from gateway being sent, thereby PC2 steals the data of PC1, and causes the communicating interrupt of PC1 and gateway.Equally, malicious user can adopt identical method that other main frame in the IP Ethernet is carried out the attack of above-mentioned personation main frame, and this attack also can cause the paralysis of Ethernet.
As mentioned above, attack method at personation main frame in the above-mentioned IP Ethernet, current also do not have an effective prevention method, and universal day by day along with network, and taking precautions against this kind will become the important problems that network safety filed faces at the attack of network self.
Summary of the invention
In view of this, main purpose of the present invention is to provide the method for personation main frame in a kind of IP of strick precaution Ethernet, and this method can prevent the attack that malicious user is carried out the IP Ethernet by the personation main frame, thereby guarantees the reliability and the fail safe of network.
The invention discloses a kind of method of palming off main frame in the Internet protocol IP Ethernet by ARP message of taking precautions against, it is characterized in that this method comprises:
Main frame in A, the IP Ethernet receives the ARP message;
IP address in the ARP message that B, this main frame receive according to steps A obtains the real hardware address of this pairing main frame in IP address in Ethernet;
C, this main frame judge that resulting real hardware address is whether consistent with the hardware address in the received ARP message of steps A, if then IP address in the ARP message that steps A is received and hardware address upgrade in the ARP of this main frame table; Otherwise the ARP table to this main frame does not upgrade.
Wherein, among the step C, if the hardware address in the received ARP message of described real hardware address and steps A is inconsistent, this method further comprises: to the give notice signal of attack that the personation main frame takes place of network manager.
Wherein, steps A further comprises:
Main frame is preserved IP address and the hardware address in the received ARP message;
Step B is that main frame takes out the IP address of preserving, and obtains the real hardware address of this pairing main frame in IP address in Ethernet according to this IP address.
Wherein, step B comprises:
Main frame sends an ARP request message by the All hosts of broadcasting in Ethernet, wherein, IP address in the ARP message of receiving for steps A in " the IP address of request " in this request message, this IP address is pairing have the real hardware address of host and receive this message after, return the arp reply message to main frame, described real hardware address is sent to described main frame by this response message.
Wherein, among the step C, if the hardware address in the received ARP message of described real hardware address and steps A is consistent, this method further comprises:
Described main frame judges whether to receive other arp reply message of the ARP request message that is sent among the step B in the predefined time, if not, then carry out IP address in the described ARP message that steps A is received and hardware address and upgrade step in the ARP of this main frame table; Otherwise the ARP table to this main frame does not upgrade.
Wherein, if described main frame is received other ARP request response message in the predefined time, this method further comprises: to the give notice signal of attack that the personation main frame takes place of network manager.
As seen, in the present invention, main frame in the IP Ethernet is after receiving the ARP message, directly do not upgrade the ARP table of this main frame according to the ARP principle, but obtain pairing real hardware address, this IP address according to the IP address in this ARP message, judge then whether the hardware address in the ARP message of being received is consistent with this true address, if it is inconsistent, then determine the attack that has been subjected to the personation main frame, then the ARP that upgrades on this main frame not according to the ARP message of being received shows, and further the informing network keeper handles it.The present invention effectively the preventing malice user by the personation main frame to the attack of IP Ethernet.Use this method, can interrupt network in other users' normal discharge, and, can also be with the timely informing network keeper of the concrete condition of suffered attack, so that the network manager makes timely processing.This method can so that the availability of the network equipment farthest guaranteed, and then farthest guarantee the reliability of network communication.In addition, this method also can effectively be taken precautions against at the attack that malicious user adopts intelligent means to carry out.
Description of drawings
Fig. 1 is a normal access process schematic diagram in the IP agreement Ethernet.
Fig. 2 is the attack process schematic diagram in the IP agreement Ethernet.
Fig. 3 realizes taking precautions against the flow chart of personation main frame in the IP Ethernet for the present invention.
Embodiment
The present invention is a kind of method of palming off main frame in the IP Ethernet by the ARP message of taking precautions against, in the method, after main frame in the Ethernet is received the ARP message, obtain pairing real hardware address, this IP address according to the IP address in this message, judge that then this real hardware address is whether consistent with the hardware address in the received message, if it is inconsistent, then show the attack that has been subjected to malicious user personation main frame, no longer IP address in the ARP message of receiving and hardware address are upgraded in the ARP table, and the informing network keeper does further processing.
Describe the present invention below in conjunction with accompanying drawing.
With the gateway is example, supposes to have malicious user in the Ethernet, and this malicious user will reach the purpose of palming off main frame by attacking gateway, and then for gateway, referring to Fig. 3, the present invention realizes that the method for palming off main frame may further comprise the steps:
Step 301~step 302: gateway is received ARP request message or the response message that main frame sent in the Ethernet, be kept in the internal memory of this main frame with the IP address in this message with the corresponding hardware address MAC in this IP address, and not immediately according to the ARP table of new gateway more of the address in the message of being received; Wherein, if the ARP message that receives is the ARP request message, then preserve " sender's IP address " and " sender's MAC Address " in this message; If the ARP message that receives is the arp reply message, then preserve " the IP address of request " and " MAC Address of request " in this message
Step 303: gateway is according to the IP address of being preserved in step 302, All hosts broadcast arp request message in this IP Ethernet, wherein, the IP address of " the IP address of request " item in this ARP request message for being preserved in the step 302, after this pairing main frame in IP address is received this ARP request message, return the hardware address MAC of this main frame to gateway by the arp reply message; By this step, gateway has obtained this IP address pairing real hardware address MAC according to the IP address of preserving;
Step 304: gateway judges whether the hardware address MAC that is received is consistent with the hardware address MAC that is preserved in step 302 in step 303, wherein, the IP address that these two hardware address are corresponding identical, if consistent, if then execution in step 306 and subsequent step are inconsistent, show that ARP message received in the step 301 is a counterfeit message, have malicious user to plan to utilize this message to be implemented in the IP Ethernet and palm off main frame, thereby Ethernet is attacked, then execution in step 305;
Step 305: gateway sends for example signal of the signal of telecommunication, light signal etc. to the network manager, the current attack that has taken place Ethernet of informing network keeper, the network manager carries out respective handling with prompting, and, gateway and not according to IP address in the ARP message received in the step 301 and hardware address MAC being upgraded in the ARP of gateway table for the normal process method of ARP message, after carrying out above-mentioned steps, finish whole strick precaution process, gateway still sends or receiving data packets according to the IP address in the ARP table of himself and the corresponding relation of MAC Address; Wherein, the respective handling that above-mentioned network manager carried out comprises: the network manager adopts modes such as well known to a person skilled in the art packet capturing to obtain pairing real hardware address, IP address, and with this real hardware address configuration in the ARP table;
Step 306~step 307: within the predefined time, gateway has judged whether to receive other arp reply message of the ARP request message that step 303 sent, if, then execution in step 305, otherwise, show that ARP message received in the step 301 is a normal message, gateway is according to the operation principle of ARP agreement, corresponding IP address in this message and hardware address MAC are upgraded in the ARP of gateway table, and then, gateway is handled according to the normal process flow process for this message;
Wherein, the purpose of carrying out above-mentioned steps 306 is: the malicious user in the Ethernet might adopt intelligent means realization more to attack, this kind adopts the attack that intelligent means realized to be generally: after malicious user is asked the ARP request message of the pairing real MAC address in IP address in being used to of receiving that gateway sends, can send the arp reply message of having forged IP address and MAC Address corresponding relation once more to gateway, the host hardware address of personation is sent on the gateway, thereby continue to reach the purpose of personation main frame, but because in embodiments of the present invention, the main frame of being palmed off is certain to send the ARP request response message to gateway, therefore, adopt the assailant under the situation of the intelligent attack means of this kind, gateway can be received at least two ARP request response message, this step is by judging whether also to receive other ARP request response message in the predefined time, judge whether gateway is subjected to the attack that malicious user adopts this kind aptitude manner to be carried out, if within the predefined time, receive two or more ARP request response message, represent that then gateway has been subjected to this kind attack, if do not receive, then expression is not subjected to this kind attack.
Concrete steps when the above specific embodiment is applied on the gateway for the present invention, same, the present invention also can be applicable in the IP Ethernet on each main frame of other except gateway, and its application process is identical with the application process on gateway.
The above only is preferred embodiment of the present invention, and is in order to restriction the present invention, within the spirit and principles in the present invention not all, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (6)

1、一种防范网际协议IP以太网中通过地址解析协议ARP报文假冒主机的方法,其特征在于该方法包括:1, a kind of method for counterfeiting host computer by Address Resolution Protocol ARP message in Internet Protocol IP Ethernet, it is characterized in that the method comprises: A、IP以太网中的主机接收ARP报文;A. The host in IP Ethernet receives the ARP message; B、该主机根据步骤A所收到的ARP报文中的IP地址在以太网中获得该IP地址所对应的主机的真实硬件地址;B, this main frame obtains the real hardware address of the corresponding main frame of this IP address according to the IP address in the ARP message that step A receives; C、该主机判断所得到的真实硬件地址是否与步骤A所接收到的ARP报文中的硬件地址相一致,如果是,则将步骤A所收到的ARP报文中的IP地址和硬件地址更新于该主机的ARP表中;否则,不对该主机的ARP表进行更新。C, whether the host computer judges whether the obtained real hardware address is consistent with the hardware address in the ARP message received by step A, if so, then use the IP address and the hardware address in the ARP message received by step A Update in the ARP table of the host; otherwise, do not update the ARP table of the host. 2、根据权利要求1所述的方法,其特征在于步骤C中,如果所述真实硬件地址与步骤A所接收到的ARP报文中的硬件地址不一致,该方法进一步包括:向网络管理员发出通知发生假冒主机的攻击的信号。2. The method according to claim 1, wherein in step C, if the real hardware address is inconsistent with the hardware address in the ARP message received in step A, the method further comprises: sending a message to the network administrator A signal that notifies an attack of impersonating a host. 3、根据权利要求1所述的方法,其特征在于,步骤A进一步包括:3. The method according to claim 1, wherein step A further comprises: 主机保存所接收到的ARP报文中的IP地址和硬件地址;The host saves the IP address and hardware address in the received ARP message; 步骤B为主机取出保存的IP地址,根据该IP地址在以太网中获得该IP地址所对应的主机的真实硬件地址。In step B, the host takes out the saved IP address, and obtains the real hardware address of the host corresponding to the IP address in the Ethernet according to the IP address. 4、根据权利要求1所述的方法,其特征在于,步骤B包括:4. The method according to claim 1, wherein step B comprises: 主机通过广播向以太网中的所有主机发送一个ARP请求报文,其中,该请求报文中的“请求的IP地址”一项为步骤A所收到的ARP报文中的IP地址,该IP地址所对应的具有真实硬件地址的主机收到该报文后,向主机返回ARP应答报文,通过该应答报文将所述真实硬件地址发送给所述主机。The host sends an ARP request message to all hosts in the Ethernet by broadcasting, wherein the "requested IP address" item in the request message is the IP address in the ARP message received in step A, and the IP The host with the real hardware address corresponding to the address returns an ARP response message to the host after receiving the message, and sends the real hardware address to the host through the response message. 5、根据权利要求4所述的方法,其特征在于步骤C中,如果所述真实硬件地址与步骤A所接收到的ARP报文中的硬件地址相一致,该方法进一步包括:5. The method according to claim 4, wherein in step C, if the real hardware address is consistent with the hardware address in the ARP message received in step A, the method further comprises: 所述主机判断是否在预先设定的时间内收到步骤B中所发送的ARP请求报文的其它ARP应答报文,如果不是,则执行所述将步骤A所收到的ARP报文中的IP地址和硬件地址更新于该主机的ARP表中的步骤;否则,不对该主机的ARP表进行更新。The host judges whether other ARP response messages of the ARP request message sent in step B are received within the preset time, if not, then execute the ARP response message in the ARP message received in step A The step of updating the IP address and hardware address in the ARP table of the host; otherwise, the ARP table of the host is not updated. 6、根据权利要求5所述的方法,其特征在于,如果所述主机在预先设定的时间内收到其它的ARP请求应答报文,该方法进一步包括:向网络管理员发出通知发生假冒主机的攻击的信号。6. The method according to claim 5, wherein if the host receives other ARP request response messages within the preset time, the method further comprises: notifying the network administrator that a fake host has occurred signal of an attack.
CNB031544614A 2003-09-29 2003-09-29 A method for preventing counterfeit host in IP Ethernet Expired - Fee Related CN100484132C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB031544614A CN100484132C (en) 2003-09-29 2003-09-29 A method for preventing counterfeit host in IP Ethernet

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB031544614A CN100484132C (en) 2003-09-29 2003-09-29 A method for preventing counterfeit host in IP Ethernet

Publications (2)

Publication Number Publication Date
CN1604586A CN1604586A (en) 2005-04-06
CN100484132C true CN100484132C (en) 2009-04-29

Family

ID=34659994

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB031544614A Expired - Fee Related CN100484132C (en) 2003-09-29 2003-09-29 A method for preventing counterfeit host in IP Ethernet

Country Status (1)

Country Link
CN (1) CN100484132C (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1878056B (en) * 2006-07-13 2011-07-20 杭州华三通信技术有限公司 Method for identifying whether there is false network apparatus in local area network or not
CN101094235B (en) * 2007-07-04 2010-11-24 中兴通讯股份有限公司 Method for preventing attack of address resolution protocol
CN101741855B (en) * 2009-12-16 2012-11-28 中兴通讯股份有限公司 Maintenance method of address resolution protocol cache list and network equipment
CN102196054B (en) * 2010-03-11 2013-08-28 正文科技股份有限公司 Routing device and related control circuit
CN102595250B (en) * 2012-03-05 2013-11-06 山东泰信电子股份有限公司 Method for digital television front end equipment to resist ARP attack
CN104219339A (en) * 2014-09-17 2014-12-17 北京金山安全软件有限公司 Method and device for detecting address resolution protocol attack in local area network
CN104883410B (en) * 2015-05-21 2018-03-02 上海沪景信息科技有限公司 A kind of network transfer method and network transmission device

Also Published As

Publication number Publication date
CN1604586A (en) 2005-04-06

Similar Documents

Publication Publication Date Title
CN100425025C (en) Security system and method for application server security law and network security law
US5805801A (en) System and method for detecting and preventing security
CN101589595B (en) Pinning mechanism for potentially contaminated end systems
US5905859A (en) Managed network device security method and apparatus
US7552478B2 (en) Network unauthorized access preventing system and network unauthorized access preventing apparatus
US8631496B2 (en) Computer network intrusion detection
CN103312689B (en) Network hiding method for computer and network hiding system based on method
JP4777461B2 (en) Network security monitoring device and network security monitoring system
EP1722535A2 (en) Method and apparatus for identifying and disabling worms in communication networks
JP2003527793A (en) Method for automatic intrusion detection and deflection in a network
CN100391180C (en) Method for binding hardware address and port of Ethernet layer 2 switching equipment
CN105262738A (en) Router and method for preventing ARP attacks thereof
CN102137111A (en) Method and device for preventing CC (Challenge Collapsar) attack and content delivery network server
JP2020017809A (en) Communication apparatus and communication system
CN102404318A (en) Method and device for prevention of DNS (Domain Name Server) cathe attack
US7596808B1 (en) Zero hop algorithm for network threat identification and mitigation
CN100420197C (en) A Method for Realizing Attack Defense of Network Equipment
US20140082693A1 (en) Updating security bindings in a network device
JP2004302538A (en) Network security system and network security management method
CN115174243A (en) Malicious IP address blocking processing method, device, equipment and storage medium
CN100484132C (en) A method for preventing counterfeit host in IP Ethernet
CN100493009C (en) The Method of Guarding against Counterfeit Hosts in Internet Protocol Ethernet
CN104410642B (en) Equipment access cognitive method based on ARP protocol
Song et al. Using FDAD to prevent DAD attack in secure neighbor discovery protocol
JP2005071218A (en) Unauthorized access defense system, policy management device, unauthorized access defense method, and program

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20090429

Termination date: 20180929

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载