Unlock instant, AI-driven research and patent intelligence for your innovation.

Method, apparatus and system for preventing ARP aggression

An ARP request, IP address technology, applied in the field of ARP attack prevention, can solve the problems of inability to defend against ARP attack methods, difficult to apply dynamic allocation of Internet Protocol, etc., to achieve the effect of defending against ARP attacks

Active Publication Date: 2009-07-29
HUAWEI TECH CO LTD
View PDF0 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0009] The inventor finds that the prior art has the following problems: due to the needs of the security department to monitor the network, it is difficult to apply the DHCP protocol for dynamically distributing Internet Protocol (Internet Protocol, IP) addresses in public Internet access places such as Internet cafes
And DHCP snooping cannot defend against the ARP attack method of masquerading as legal MAC and IP

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, apparatus and system for preventing ARP aggression
  • Method, apparatus and system for preventing ARP aggression
  • Method, apparatus and system for preventing ARP aggression

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] figure 1 It is a schematic diagram of an application scenario of an embodiment of the present invention.

[0030] In an application scenario of the embodiment of the present invention, a host is connected to a gateway through an access switch, and then connected to a core network or a public network through the gateway. Because the security department needs to monitor the network and other reasons, each host has a fixed network-wide IP address, so there is no need for a DHCP server to assign a dynamic IP address to the host. The access switch here may also be other link layer devices, including switches, bridges or routers supporting link layer mode.

[0031] figure 2 It is a flowchart of a method for preventing an ARP attack in an embodiment of the present invention. The method includes:

[0032] 202. Configure the binding between the IP address and the MAC address of each host within the management range of the link layer device. For example, the IP address and ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the network communication field, in particular to a method for preventing ARP attack, a device and a system thereof. The method comprises the following steps of: configuring an internet protocol IP address and the binding of media access control MAC address of each host in the range of the link layer equipment management, transmitting an ARP request message containing the internet protocol IP address and the binding of media access control MAC address, receiving an ARP response message of the gateway, which is generated according to the ARP request message and forwarding the ARP response message to corresponding host. By adopting the technical proposal provided by the embodiment of the invention, as the ARP message transmitted to the gateway by the host is lost and the ARP request message is transmitted to the gateway according to the IP address and the binding of media access control MAC address, the ARP messages transmitted by the host are shielded in a user network, thus solving the problem of preventing ARP attack to the gateway equipment on link layer equipment.

Description

technical field [0001] The invention relates to the field of network communication, in particular to a method, device and system for preventing ARP attacks. Background technique [0002] Due to the openness and no authentication mechanism of the Address Resolution Protocol (Address Resolution Protocol, ARP protocol), ARP attacks often occur. [0003] Some ARP attacks are aimed at hosts in the network, and some are aimed at gateways. ARP address spoofing attacks are generally carried out against individual hosts or a certain range of hosts, and the damage is relatively small. However, due to the particularity of its network location, the ARP attack against the gateway device will cause a large area of ​​users to be unable to access the Internet. [0004] The methods currently deployed on switches to prevent ARP attacks mainly include: [0005] 1) Port learning Media Access Control (MAC) address limit: when the specified MAC address is exceeded, you can choose to close the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/00H04L29/06
Inventor 赵永鹏
Owner HUAWEI TECH CO LTD