Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and network appliance for preventing repeated address detection attack

A duplicate address detection and network equipment technology, applied in the direction of data exchange network, digital transmission system, electrical components, etc., can solve problems such as subnet paralysis, IPv6 address configuration failure, affecting normal operation of the network, etc., to achieve low cost and prevent Effects of DAD Attacks

Inactive Publication Date: 2012-06-20
NEW H3C TECH CO LTD
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

As we all know, nodes can only communicate normally after configuring the address. If the user node cannot successfully configure the address, the user node will always be unable to communicate normally, which will greatly affect the normal business of the user node and the normal operation of the network.
If the attacking node responds to all received DAD NS messages, it will cause failure to configure IPv6 addresses for all nodes in the entire subnet, and the entire subnet will be paralyzed, greatly affecting the normal operation of the network

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and network appliance for preventing repeated address detection attack
  • Method and network appliance for preventing repeated address detection attack
  • Method and network appliance for preventing repeated address detection attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] Analyzing the process of the attacking node launching a DAD attack, it can be seen that when launching a DAD attack, the attacking node must first receive the DAD NS message sent by other user nodes, and attack the target address carried in the message. It can be seen that the target address attacked by the attacking node will inevitably not appear in the subnet before sending the DAD NS message. In this way, it can be determined that the first user to send a DAD NS message in a subnet must be a legitimate user.

[0021] Utilizing that the user who first sent the DAD NS message in the subnet is a legitimate user, the technical solution of the present invention is implemented as follows: the network device in the subnet responsible for message interaction between user nodes performs the processing of the received message Listen, record the first port that first receives the DAD NS message that detects the first IPv6 address; then discard the DAD NS message and DAD correspon...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for preventing the repetitive address detection attack, wherein a first port which firstly receives the DAD NS message of detecting a first IPv6 address is recorded; based on the recorded first port, the DAD NS message corresponding to the first IPv6 address and the DAD NA message, which are received from other ports, are discarded; because the DAD NA message and the DAD NS message which affect the enable of the first IPv6 address are discarded, the DAD attack initiated by an attacker is effectively prevented, and the user node can successfully distribute the IPv6 address; moreover, the invention also discloses network equipment for preventing the repetitive address detection attack.

Description

Technical field [0001] The present invention relates to IPv6 technology, in particular to a method and network equipment for preventing Duplicated Address Detection (DAD) attacks. Background technique [0002] The Internet Engineering Task Force (IETF, Internet Engineering Task Force) proposed the next-generation Internet protocol-IPv6 in the 1990s. At present, IPv6 has been recognized as the future upgraded version of IPv4. Among them, the most essential improvement of IPv6 technology is to increase the original address length from 32 bits to 128 bits, thus bringing almost unlimited address space. At the same time, the Neighbor Discovery (ND) protocol based on the Internet Control Messages Protocol version 6 (ICMPv6, Internet Control Messages Protocol version 6) replaces the Address Resolution Protocol (ARP) to achieve duplicate address detection, Address resolution, router discovery and other functions. [0003] Duplicate address detection is an operation performed by a node wh...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/26H04L29/12H04L12/56
Inventor 黄哲
Owner NEW H3C TECH CO LTD