Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for preventing neighbor discovery protocol message attack and device

A neighbor discovery protocol and message technology, applied in the field of communication, can solve the problems of high application difficulty, waste of resources, complex configuration, etc., to ensure network security, improve overall robustness, and reduce resource occupation.

Active Publication Date: 2009-11-11
NEW H3C TECH CO LTD
View PDF0 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] When using the neighbor unreachable detection through multicast packets to prevent the ND entry from being attacked, the attacker can also use the neighbor unreachable detection to attack. For example, after receiving the multicast packet, the attacker can send For NA packets with different source MAC addresses, the gateway device needs to send multicast packets for NA packets with each source MAC address, resulting in waste of resources
[0011] When using the above security authentication through IPsec to prevent ND entries from being attacked, when there are a large number of users in the network, security associations need to be established for each user, that is, many security associations need to be established, which brings a great burden to the administrator. At the same time, relevant equipment and terminal upgrades are required, the deployment is complicated, and the application is difficult
[0012] When using the above static configuration method to prevent ND entries from being attacked, the configuration is complicated, and the deployment and management costs are high for large-scale IPv6 deployments.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for preventing neighbor discovery protocol message attack and device
  • Method for preventing neighbor discovery protocol message attack and device
  • Method for preventing neighbor discovery protocol message attack and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0060] The core idea of ​​the present invention is by configuring the DHCPv6 server in the network with the gateway device, after the DHCPv6 server configures the IP address for the client successfully, store the legal ND entry of the client in the gateway device (comprising at least the legal IP address and Correspondence between legitimate MAC addresses), and set the legal ND entry as a semi-static entry. When receiving an NS packet from a user (or an attacker) that needs to dynamically update an ND entry, the ND entry will not be updated. Update, the ND entry is updated only when the user notifies the administrator to update the ND entry statically, thereby preventing the attack of the attacker's NS packet and enhancing the security of the network.

[0061] A method for preventing neighbor discovery protocol message attacks proposed by the present invention is applied to a system including at least a client, a DHCP server and a gateway device, wherein the DHCP server can be ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for preventing neighbor discovery protocol message attack, which is applied to a system comprising a client and a gateway device. The method comprises the following steps: the gateway device obtains a legal neighbor discovery ND list item corresponding to the client; the gateway device stores the legal ND list item and sets the legal ND list item as the semi-static list item; when receiving dynamic configuration requests from other clients, the gateway device does not update the legal ND list item according to the dynamic configuration requests; when receiving a static configuration request from the client, the gateway device updates the legal ND list item according to the static configuration request. The method improves the reliability of DHCPv6 network equipment, ensures the safety of neighbor list items and reduces invalid resource occupation. The invention also provides a device corresponding to the method of the invention.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to a method and device for preventing the attack of the neighbor discovery protocol message. Background technique [0002] With the continuous expansion of the network scale and the continuous improvement of the network complexity, the network configuration has become more and more complicated. When the terminals often move (such as laptops or wireless networks) and the number of terminals exceeds the assignable IP (Internet Protocol, Internet Protocol) address, etc., the original BOOTP (BOOTstrap Protocol) protocol for static host configuration has become increasingly unable to meet actual needs. In order to facilitate users to quickly access and exit the network and improve the use of IP address resources Based on BOOTP, an automatic mechanism is established to allocate IP addresses, that is, DHCP (DynamicHost Configuration Protocol, Dynamic Host Configuration Protocol). ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/56
Inventor 葛建壮周立萍
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com