Method and system for defending address analysis protocol message aggression

A technology of address resolution protocol and message, which is applied in the field of address resolution protocol, can solve the problems of inapplicability to user hosts and acquisition, and achieve the effect of reducing the difficulty of implementation and upgrade cost, and the difficulty of deployment

A technology of address resolution protocol and message, which is applied in the field of address resolution protocol, can solve the problems of inapplicability to user hosts and acquisition, and achieve the effect of reducing the difficulty of implementation and upgrade cost, and the difficulty of deployment

CN101415012AInactive Publication Date: 2009-04-22NEW H3C TECH CO LTD
0 Cites 41 Cited by

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for defending address analysis protocol message aggression
  • Method and system for defending address analysis protocol message aggression
  • Method and system for defending address analysis protocol message aggression

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032]Usually, the ARP message used as an attack message shows that the Sender IP and Sender MAC of the message are forged. This scheme considers intercepting the ARP message attack from the perspective of the Sender MAC address. For the forged Sender MAC, usually the Sender MAC address of the ARP packet may be the attacker's MAC address, a random MAC value, or a gateway MAC address. However, forging an attacker's MAC address is equivalent to self-reporting, which is also a security risk for the attacker. Therefore, in most cases, the attacker will not use the local MAC address to construct ARP packets, and the more common attack The method is to construct the Sender MAC field as a random MAC value or a gateway MAC address when constructing an ARP message, so as to avoid revealing one's own identity.

[0033] For the ARP message whose Sender MAC field is a random MAC value and a gateway MAC address, the basic idea of ​​the defense method proposed by the embodiment of the prese...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method used for defending address resolution protocol message attack, comprising the steps as follows: media access control MAC address of legal user is configured in advance; network equipment receives the address resolution protocol ARP message coming from the user; the field content of the MAC address of the sender is extracted out of the received ARP message; whether the extracted MAC address of the sender is the MAC address of the legal user configured in advance or not is judged; if not, the received ARP message is abandoned. The invention also discloses a system which can defend the address resolution protocol message attack. The method and the system are suitable for the users which adopt all types and do not need to modify the network equipment greatly.

Description

technical field [0001] The invention relates to Address Resolution Protocol (ARP, Address Resolution Protocol) technology, in particular to a method for defending against ARP message attacks and a system for defending against ARP message attacks. Background technique [0002] As one of the lower layer protocols in the protocol stack of the Transmission Control Protocol (TCP / IP, Transmission Control Protocol), ARP is used to implement a data link from an IP address to an address such as a Media Access Control (MAC, Media Access Control) address layer address translation. Communication between network devices is addressed by MAC address, while various applications based on TCP / IP are addressed by IP address, and various data packets based on IP address addressing need to be encapsulated in MAC-based Address-addressed Ethernet frames are transmitted. Therefore, when a network device communicates, it needs to know the MAC address of the destination network device. The ARP pro...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
22 Apr 2009
Publication
CN101415012A
IPC
H04L29/06; H04L12/56; H04L45/74
Inventors
李金平