User safety protection method of broadband access equipment

A technology for access equipment and security protection, applied in user identity/authority verification, electrical components, transmission systems, etc., can solve problems such as inability to access the Internet, hidden dangers of DHCP access, etc., to achieve a simple implementation scheme and reduce packet processing amount of effect

Inactive Publication Date: 2008-01-02
ZTE CORP
View PDF0 Cites 21 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] 4. Potential security risks in the DHCP access mode
But at the same time, the problem is that if the user host changes, such as changing the network card, the user's MAC address changes, and the user cannot access the Internet.
This brings great inconvenience to users and even operators

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • User safety protection method of broadband access equipment
  • User safety protection method of broadband access equipment
  • User safety protection method of broadband access equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] The DHCP snooping function is realized on a digital subscriber line access multiplexer (Digital Subscribe Loop Access Multiplexer, DSLAM). Its specific functions include: extracting uplink and downlink DHCP messages, creating and maintaining a binding database (binding database) for user ports, each entry in the database includes the following fields: user host IP address, user host MAC Address, permanent virtual circuit channel (Permanent Virtual Circuit, PVC) used by the user, and record status status (indicating whether the record is enabled), where IP / MAC / PVC are key fields.

[0036] On the basis of realizing the DHCP snooping function, realize the IP Source guard function: restrict and filter the passage of user packets: users cannot access the network before obtaining a legal IP address through DHCP, and at this time DSLAM only captures DHCP packets and discards them. All other packets; illegal packets that steal other people's IP addresses will be discarded at th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a user safe protection method of wideband access device, for resolving the problem of prior DHCP access method, in which before user requests legal IP address, superior device can not process ACL safe filter based on IP on the report from the port. The inventive method comprises that A, detecting dynamic host setting protocol report on a digit user line access complex device, B, detecting the resource of IP report, to limit and filter the pass of the user report. The invention realizes the filter on user data report at lower layer with simple process, and dynamically bonds user IP and MAC, to overcome the defects of traditional ACL safe mechanism based on IP, to effectively protect device from IP theft internet or attach. When two layers of access devices use the invention, the superior device reduces processed reports, thereby reducing system development complexity and improving system reliability.

Description

technical field [0001] The invention relates to a security protection method for a user accessing in a DHCP (Dynamic Host Configuration Protocol, Dynamic Host Configuration Protocol) mode on a two-layer broadband access device. Background technique [0002] 1. DHCP access authentication [0003] DHCP (Dynamic Host Configuration Protocol, Dynamic Host Configuration Protocol) is a relatively common broadband access authentication method at present. It is built on the client-server (client-server) model. In the initial stage of authentication, the client user host (DHCP client) initiates a request, sends a DHCP request (DHCP DISCOVER) message, and applies for a network IP address. The DHCP server (DHCP server) in the network responds: if the IP can be allocated, the configuration parameters are sent to the user host by sending a DHCP allocation response (DHCP ACK) message; if it cannot be allocated, it sends a DHCP refusal to allocate (DHCP NAK) message. When the user quits...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/32H04L29/06
Inventor 任捷熊文杰
Owner ZTE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap