Method and system for protecting network attack

A network attack and network equipment technology, applied in the field of network communication, can solve the problems of increasing the workload of service personnel and poor maintainability, and achieve the effect of reducing human errors and workload.

Inactive Publication Date: 2010-05-12
苏师大半导体材料与设备研究院(邳州)有限公司
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0040] poor maintainability
When network expansion occurs and a Layer 2 switch or router needs to be added, the service personnel need to manually configure a static MAC address for each Layer 2 switch, which increases the workload of the service personnel.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for protecting network attack
  • Method and system for protecting network attack
  • Method and system for protecting network attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0066] The core idea of ​​the present invention is to pre-configure the port MAC address entries of all planned upper-layer network devices in the second-layer network equipment, and automatically configure static MAC address entries or Create a dynamic MAC address entry with a special identifier.

[0067] The present invention provides a system for preventing network attacks, such as figure 2 Shown is the framework diagram of the system of the present invention, by figure 2 It can be seen that the system of the present invention includes: a terminal device, a layer-2 network device and an upper-layer network device, and the described terminal device can be a terminal device of a legal user or an attacker's terminal device; the above-mentioned upper-layer network device It can be a three-layer switch, a router, etc.; the two-layer network device can be a bridge, a two-layer switch and a DSLAM; Send the data frame and send it to the destination address of the data frame thr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a system and method for preventing network attack, the said method includes MAC address table that the ports of network device which is mounted on the two layers network device; when the upper layer network device sends the data frames to the two layer network device; the two layer network device processes the MAC address table of ports of upper layer network device. The system includes terminal device, two layer network device and upper layer network device, said two layer network device configures the MAC address table of ports of upper layer network device, and processes the MAC address table of ports of upper layer network device according to the received data frame. Using the method and system provided by the invention, it can inspect the attacker who copies the MAC address of ports of upper layer network device intelligently, and there is no need to configure by hand to reduce the work of user greatly.

Description

technical field [0001] The invention relates to the field of network communication, in particular to a method and system for preventing network attacks. Background technique [0002] With the increasing popularity of broadband access and the huge increase in the number of users, the requirements for network security are getting higher and higher. Network operators usually configure security policies on digital subscriber line access devices. Among many strategies, preventing user MAC address spoofing is one of the basic but also one of the most important strategies. [0003] MAC address spoofing uses the MAC address learning principle of layer 2 network devices (such as bridges, layer 2 switches, and DSLAMs). When such devices receive a data frame, there is a dynamic learning process: [0004] First, the Layer 2 network device extracts the source MAC address of the data frame and the port number that receives the data frame; [0005] Secondly, the Layer 2 network device ch...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/32H04L29/12
Inventor 姚政肖平
Owner 苏师大半导体材料与设备研究院(邳州)有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap