Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and network appliance for preventing repeated address detection attack

A technology of duplicate address detection and network equipment, applied in data exchange networks, digital transmission systems, electrical components, etc., can solve problems such as subnet paralysis, failure to configure IPv6 addresses, and affect the normal operation of the network, to prevent DAD attacks, realize low cost effect

Inactive Publication Date: 2008-07-16
NEW H3C TECH CO LTD
View PDF0 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

As we all know, nodes can only communicate normally after configuring the address. If the user node cannot successfully configure the address, the user node will always be unable to communicate normally, which will greatly affect the normal business of the user node and the normal operation of the network.
If the attacking node responds to all received DAD NS messages, it will cause failure to configure IPv6 addresses for all nodes in the entire subnet, and the entire subnet will be paralyzed, greatly affecting the normal operation of the network

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and network appliance for preventing repeated address detection attack
  • Method and network appliance for preventing repeated address detection attack
  • Method and network appliance for preventing repeated address detection attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0019] Analyzing the process of launching a DAD attack by an attack node, it can be seen that when launching a DAD attack, the attack node must first receive the DAD NS message sent by other user nodes, and attack the target address carried in the message. It can be seen that the target address attacked by the attack node must not appear in the subnet before sending the DAD NS message. In this way, it can be determined that the first user to send a DAD NS message in a subnet must be a legitimate user.

[0020] Utilize the user who first sends the DAD NS message in the subnet as a legitimate user, the technical solution of the present invention is realized in this way: the network equipment responsible for message interaction between the user nodes in the subnet performs the processing of the received message Monitor and record the first port that receives the DAD NS message that detects the first IPv6 address; then discard the DAD NS message and DAD message corresponding to th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for preventing the repetitive address detection attack, wherein a first port which firstly receives the DAD NS message of detecting a first IPv6 address is recorded; based on the recorded first port, the DAD NS message corresponding to the first IPv6 address and the DAD NA message, which are received from other ports, are discarded; because the DAD NA message and the DAD NS message which affect the enable of the first IPv6 address are discarded, the DAD attack initiated by an attacker is effectively prevented, and the user node can successfully distribute the Ipv6 address; moreover, the invention also discloses network equipment for preventing the repetitive address detection attack.

Description

technical field [0001] The invention relates to IPv6 technology, in particular to a method and network equipment for preventing Duplicated Address Detection (DAD, Duplicated Address Detection) attacks. Background technique [0002] In the 1990s, the Internet Engineering Task Force (IETF, Internet Engineering Task Force) proposed the next-generation Internet protocol—IPv6. Currently, IPv6 has been recognized as a future upgrade version of IPv4. Among them, the most essential improvement of IPv6 technology is to increase the original address length from 32 bits to 128 bits, thus bringing about an almost unlimited address space. At the same time, the Address Resolution Protocol (ARP, Address Resolution Protocol) is replaced by the Neighbor Discovery (ND, Neighbor Discovery) protocol based on the Internet Control Message Protocol version 6 (ICMPv6, Internet Control Messages Protocol version 6) to realize duplicate address detection, Address resolution, router discovery and othe...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/26H04L29/12H04L12/56
Inventor 黄哲
Owner NEW H3C TECH CO LTD