Method for preventing neighbor discovery protocol message attack and device

A neighbor discovery protocol and message technology, applied in the field of communication, can solve the problems of high application difficulty, waste of resources, complex configuration, etc., to ensure network security, improve overall robustness, and reduce resource occupation.

Active Publication Date: 2009-11-11
NEW H3C TECH CO LTD
View PDF0 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] When using the neighbor unreachable detection through multicast packets to prevent the ND entry from being attacked, the attacker can also use the neighbor unreachable detection to attack. For example, after receiving the multicast packet, the attacker can send For NA packets with different source MAC addresses, the gateway device needs to send multicast packets for NA packets with each source MAC address, resulting in waste of resources
[0011] When using the above security authentication through IPsec to prevent ND entries from being attacked, when the

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for preventing neighbor discovery protocol message attack and device
  • Method for preventing neighbor discovery protocol message attack and device
  • Method for preventing neighbor discovery protocol message attack and device

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0060] The core idea of ​​the present invention is to configure a DHCPv6 server in a network with a gateway device. After the DHCPv6 server successfully configures an IP address for the client, the gateway device stores the client's legal ND entry (including at least the legal IP address and Correspondence between legal MAC addresses), and set the legal ND entry as a semi-static entry. When receiving a user (or attacker) NS message that needs to dynamically update the ND entry, the ND entry is not performed Update: Only when the user informs the administrator to update the ND table entry statically, the ND table entry is updated, thereby preventing the attacker's NS packet attack and enhancing the security of the network.

[0061] The method for preventing Neighbor Discovery Protocol message attacks proposed by the present invention is applied to a system including at least a client, a DHCP server, and a gateway device. The DHCP server can be configured on the gateway device as re...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for preventing neighbor discovery protocol message attack, which is applied to a system comprising a client and a gateway device. The method comprises the following steps: the gateway device obtains a legal neighbor discovery ND list item corresponding to the client; the gateway device stores the legal ND list item and sets the legal ND list item as the semi-static list item; when receiving dynamic configuration requests from other clients, the gateway device does not update the legal ND list item according to the dynamic configuration requests; when receiving a static configuration request from the client, the gateway device updates the legal ND list item according to the static configuration request. The method improves the reliability of DHCPv6 network equipment, ensures the safety of neighbor list items and reduces invalid resource occupation. The invention also provides a device corresponding to the method of the invention.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to a method and device for preventing the attack of the neighbor discovery protocol message. Background technique [0002] With the continuous expansion of the network scale and the continuous improvement of the network complexity, the network configuration has become more and more complicated. When the terminals often move (such as laptops or wireless networks) and the number of terminals exceeds the assignable IP (Internet Protocol, Internet Protocol) address, etc., the original BOOTP (BOOTstrap Protocol) protocol for static host configuration has become increasingly unable to meet actual needs. In order to facilitate users to quickly access and exit the network and improve the use of IP address resources Based on BOOTP, an automatic mechanism is established to allocate IP addresses, that is, DHCP (DynamicHost Configuration Protocol, Dynamic Host Configuration Protocol). ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/56
Inventor 葛建壮周立萍
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap