Method, unit and system for preventing address resolution protocol flux attack

A traffic attack and processing unit technology, applied in transmission systems, digital transmission systems, electrical components, etc.

Active Publication Date: 2010-09-29
BEIJING XINWANG RUIJIE NETWORK TECH CO LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004]1. Due to the uncertainty of the network being attacked by ARP traffic, the administrator cannot discover the existence of the problem in time. For intermittent ARP traffic attacks, the administrator cannot find out at all The existence of the problem or misjudgment is ARP spoofing;
[0005]2. Due to manual processing, when an ARP traffic attack occurs in the network, the administrator cannot quickly detect, locate and deal with the illegal user who initiated the ARP traffic attack ;
[0006]3. The administrator locates illegal users by grabbing messages from different network locations, resulting in a huge workload;
[0007]4. Even if the administrator can locate the illegal user who initiates the ARP traffic attack, he cannot handle it flexibly. Instead, he can only shut down the attacking host or unplug the Disconnect the network cable of the attacking host and perform antivirus to deal with it

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, unit and system for preventing address resolution protocol flux attack
  • Method, unit and system for preventing address resolution protocol flux attack
  • Method, unit and system for preventing address resolution protocol flux attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0031] like figure 1 Shown is the flow chart of embodiment one of the method for preventing ARP flow attack of the present invention, and this method comprises the following steps:

[0032] Step 11, detecting the number of ARP packets with the same characteristics in the network;

[0033] Under normal circumstances, the process of using the ARP protocol to make an ARP request when sending a message is completed by the operating system, so each host usually only needs to send an ARP request message to the gateway device to realize the IP address and MAC address. parsing process. Based on this principle, the gateway device can determine whether an ARP traffic attack has occurred in the current network by detecting the number of ARP packets with the same characteristics in the network within a certain time range.

[0034] Step 12, judging whether the quantity exceeds a preset threshold, if it exceeds the threshold, execute step 13, if not, execute step 11;

[0035] Step 13, s...

Embodiment 2

[0044] like figure 2 Shown is the flow chart of Embodiment 2 of the method for preventing ARP traffic attacks of the present invention, including

[0045] Step 20, establishing a mapping relationship between the gateway device and the access switch;

[0046] The mapping relationship represents the corresponding relationship between the port of the gateway device and the access switch existing under the port. The way to establish the mapping relationship between the gateway device and the access switch can be that the access switch uses its own MAC address to poll all gateway devices through the port and MAC address mapping table (802.1d table) stored in the standard gateway device, and from the gateway Obtain on the device which port the access switch itself is under the gateway device; you can also establish a corresponding relationship between the access switch IP-gateway device IP-corresponding gateway device port through the gateway information, switch information and th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention discloses method, unit and system for preventing address analysis agreement flow capacity attack. The method includes: testing the number of ARP packet with same character in network; judging the number of ARP packet exceed presetting value, transmitting the ARP flow capacity to attack happened broadcast message if the value is exceed; lawless user is located and disposed according to ARP flow capacity attack by the broadcast message. The system includes: gateway equipment unit, processing unit for preventing ARP flow capacity attack, access switch unit. According to theinvention, only disposable configure is executed for testing and locating the ARP packet before testing, process modus of illegal user is also flexible, thereby this can maximum reduce amount of workof administrator to reach the effect of convenient management, simple operation and intelligent.

Description

technical field [0001] The invention relates to the field of network data communication security, in particular to a method, unit and system for preventing ARP traffic attacks. Background technique [0002] With the rapid development of the network, the security of the data communication network is also concerned. When hosts on different subnets communicate, the communication data needs to be forwarded through the gateway device, and the gateway device needs to support the Address Resolution Protocol (Address Resolution Protocol, hereinafter referred to as: ARP) technology, and process the ARP message to Ensure the normal operation of the gateway equipment and realize the normal progress of network communication. However, in the process of network data communication, illegal users often send ARP requests or responses to the gateway device with a large number of legal ARP packets, which will cause the ARP processing resources of the gateway device and a large amount of netwo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/00H04L12/56H04L29/06
Inventor 林雁敏
Owner BEIJING XINWANG RUIJIE NETWORK TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap