Method for identification authentication of IPv6 broadcast source and inhibiting attack of malice/non-malice service

A technology of identity authentication and multicast source, applied in branch offices providing special services, data exchange details, digital transmission systems, etc.

Active Publication Date: 2008-10-08
TSINGHUA UNIV
View PDF0 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Combining with the ACL settings of flow control and source address control in the router configuration, it effectively solves the security problems of multicast source authentication and anti-DOS attack

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for identification authentication of IPv6 broadcast source and inhibiting attack of malice/non-malice service
  • Method for identification authentication of IPv6 broadcast source and inhibiting attack of malice/non-malice service

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] On CNGI-CERNET2, according to the above definition method, taking Tsinghua University, Peking University, Shanghai Jiaotong University, Southeast University, Xi'an Jiaotong University as an example, the campus network users of each school are assigned specific source multicast and arbitrary source multicast ( The static RP) group address scheme is shown in Table 1:

[0045]

[0046] The example of controlling the source address of Tsinghua University, Shanghai Jiaotong University, and Xi’an Jiaotong University multicast streams on the Cisco (CISCO) router is as follows:

[0047] ipv6 access-list multicast-source permit 2001:250:ABCD:200:: / 64 FF38:0:0:0:0:0:F000:: / 100

[0048] ipv6 access-list multicast-source deny any FF00:: / 8

[0049] The control configuration example of the source address of the Shanghai Jiaotong University multicast stream on the Cisco (CISCO) router is as follows:

[0050] ipv6 access-list multicast-source permit 2001:250:ABCD:6000:: / 64FF38:0:0...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

IPv6 multicast source identity authentication and method of restraining malicious / non- malicious service attack belong to the technical field of computer network communication; the present invention is characterized in, on the basis of following RFC about IPv6 multicast group address format definition and distributing principle, independently distributing a block / 48 IPv6 address for the multicast source, distributing block / 64 for each park network, the identifier is corresponding to the identifier of each park network; embedding the unicast address of eth special group multicast source and bandwidth demand identifier needed for supporting the multicast into the reserved 20 bit through finely defining 32-bit user self-definition and forming multicast group new definition formation facing to the special source multicast SSM and any source multicast ASM and other protocols. The combination of ACL enactment about flow control, source address control, etc. configured in the router effectively resolves the safety problem of multicast source authentication and anti-DOS attack, laying the first stone of better implementing the operation and management of large-scale IPv6 non-tunnel multicast network.

Description

technical field [0001] The invention relates to an IPv6 multicast source identity authentication method and a method for suppressing malicious / non-malicious service attacks, belonging to the technical category of computer Internet communication. Background technique [0002] RFC4291, RFC3306, and RFC3307 define multicast group addresses for different IPv6 multicast protocols: source-specific multicast (SSM), arbitrary source multicast (ASM) and embedded RP arbitrary source multicast (ASM-Embeded RP) of different formats. In the entire 128-bit address, the last 32 bits define the value range of the multicast group address by the user. At present, the construction of IPv6 multicast network is mostly carried out in the local area network. The operation and management of IPv6 multicast in the local area network is relatively simple, and the use of IPv6 multicast group addresses can completely follow the relevant regulations of RFC. As a large-scale Internet service provider (I...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/18H04L12/56H04L29/12H04L45/16
Inventor 包丛笑李星
Owner TSINGHUA UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap