Method and device for preventing neighbor discovery (ND) attack

Abstract

The invention discloses a method for preventing neighbor discovery (ND) attack. The method comprises the following steps: accessing a switch to receive an ND message from a terminal; extracting the identity information of the terminal from the ND message; judging whether the terminal is a legal authenticated terminal or not according to the identity information of the terminal; and upgrading a self ND SNOOPING item when the terminal is the legal authenticated terminal. The invention integrates an authentication mechanism with the ND SNOOPING to improve the safety of an ND item-studying mechanism and prevent common ND attacks, and the like.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to a method and device for preventing ND attacks. Background technique [0002] ND (Neighbor Discovery, Neighbor Discovery) protocol is a basic component of IPv6 (Internet Protocol Version6, Internet Protocol), and this ND agreement has realized ARP (Address Resolution Protocol, Address Resolution Protocol), ICMP (Internet Control Message Protocol, The router discovery part in the control message protocol), all the functions of the redirection protocol, and has a neighbor unreachable detection mechanism. [0003] However, because the ND protocol is proposed based on the premise of a trusted network, it will bring inherent hidden dangers to the Internet architecture; with the widespread application of IPv6 technology, the ND protocol has also become the main target of attack, spoofing gateway attacks and targeting The attack on the capacity of the gateway device ND table entr...

AI Technical Summary

Problems solved by technology

[0003] However, because the ND protocol is proposed based on the premise of a trusted network, it will bring inherent hidden dangers to the Internet architecture; with the widespread application of IPv6 technology, the ND protocol has also become the main target of attack, spoofing gateway attacks and targeting The attack on the capacity of the gateway device ND table entry is becoming more and more serious. Among them, the common ND attack types include: (1) flood attack; the attacker forges a large number of spoofed MAC (Media Access Control, Media Access Control) messages in the network, And quickly fill up the MAC table of the switch, so that the traffic is broadcast in all ports, causing the switch to work like a shared HUB (multi-port forwarder), and the attacker can use various sniffing attacks to obtain network information; in addition, when the MAC table is full After that, the traffic will be flooded to all interfaces, resulting in excessive load on the switch, slow network, packet loss or even paralysis

(2) NS/NA (Neighbor Request/NeighborAdvertisement, Neighbor Request/Neighbor Advertisement) spoofing attack; figure 1 As shown in the NS/NA attack diagram, the attacker forges the NS/NA message and sends it to the gateway or the victim host, thereby modifying the MAC address on the gateway or the victim host, so that the victim host cannot receive normal data packets

(3) DAD (Duplicate Address Detection, duplicate address detection) attack; figure 2 As shown in the DAD attack schematic diagram, when the victim host performs DAD detection, the attacker creates a conflict with the NS message of the victim host by forging the NS message; or, forges the NA message to reply the NS message of the victim host; so that the victim host cannot The correct address is obtained, and normal network communication cannot be performed

(4) RA (RouterAdvertisement, router advertisement) attack; i

Images