Method and equipment for preventing source address spoofing attack

A technology of spoofing attacks and source addresses, applied in the field of communication, can solve problems such as wrongly discarded packets, network failure, etc., and achieve the effect of avoiding wrongly discarded

Inactive Publication Date: 2011-01-12
NEW H3C TECH CO LTD
View PDF9 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, when the round-trip paths are inconsistent, the existing URPF technology prevents source address spoofing attacks from discarding packets by mistake, resulting in network failure

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and equipment for preventing source address spoofing attack
  • Method and equipment for preventing source address spoofing attack
  • Method and equipment for preventing source address spoofing attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0045] Embodiment 1 of the present invention provides a method for preventing source address spoofing attacks. The device uses URPF technology to prevent source address spoofing attacks. The device performs URPF check on the received message, and forwards the message when the check result is legal. When the check result is illegal, such as image 3 As shown, the method includes the following steps:

[0046] Step 301, search for the route corresponding to the source IP address of the message in the original routing database of the device; if the outgoing interface of any route in the found route is consistent with the incoming interface of the message, perform step 302; if not found If the outbound interface of the corresponding route or all the found routes is inconsistent with the inbound interface of the packet, step 303 is executed.

[0047] When the device is learning routes, it can learn multiple routes to the same IP address. At this time, the device will select an opti...

Embodiment 2

[0055] Embodiment 2 of the present invention provides a method for preventing source address spoofing attacks. On the basis of Embodiment 1, in order to prevent the device from repeatedly searching the original route database for packets of the same data flow, when the route found by the device in the original route database If the outbound interface of any route is the same as the inbound interface of the packet, the device also stores the correspondence between the found IP address and the interface.

[0056] Below to figure 2 Take R7 as an example to illustrate the method provided in this embodiment. Assume that R7 can learn the IP address A of PC2 from R8 and R6 respectively during route learning. R7 judges that the priority of the route from R6 is high, and stores address A in the forwarding table. The corresponding relationship with Eth0 / 1, but the route to PC2 learned from R8 is stored in the original route database, and the outbound interface of this route is Eth0 / 2, ...

Embodiment 3

[0084] Embodiment 3 of the present invention provides a device for preventing source address spoofing attacks, using unicast reverse path forwarding URPF technology to prevent source address spoofing attacks, such as Figure 5 As shown, the equipment includes:

[0085] A checking unit 10, configured to perform a URPF check on the message received by the device;

[0086] A search unit 11, connected to the check unit 10, is used to search for the source IP address corresponding to the message in the original routing database of the device when the check result of the check unit 10 is that the message is illegal. routing;

[0087] The forwarding unit 12 is connected with the inspection unit 10 and the search unit 11, and is used to forward the message when the inspection result of the inspection unit 10 is that the message is legal; when the search unit 11 finds When the outbound interface of any route in the route is consistent with the inbound interface of the message, forwar...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and equipment for preventing a source address spoofing attack. The method comprises the following steps of: carrying out URPF (Unicast Reverse Path Forwarding) checking on a received message by the equipment, if a checking result is legal, forwarding the message, and if the checking result is illegal, searching routes corresponding to a source IP (Internet Protocol) address of the message in a route original database of the equipment; when an outlet interface of any one of the searched routes is consistent with an inlet interface of the message, forwarding the message according to a target IP address of the message; and if the corresponding routes are not searched or the outlet interfaces of all the searched are not consistent with the inlet interface, discarding the message. The invention avoids false message discards caused by preventing the source address spoofing attack by using the URPF technology.

Description

technical field [0001] The invention relates to the communication field, in particular to a method and equipment for preventing source address spoofing attacks. Background technique [0002] A source address spoofing attack is a way for attackers to attack network devices by sending packets with forged source addresses. For devices that use IP address-based authentication, this attack method can cause unauthorized users to gain access to the system as others, or even access with administrator privileges. Even if the response message cannot reach the attacker, it will also Cause damage to the target being attacked. like figure 1 As shown in the figure, the attacking device Router A forges a packet with the source address 2.2.2.1 / 8 and sends a request to the server Router B. When Router B responds to the request, it sends the packet to Device C according to the source address 2.2.2.1 / 8 of the packet. message. This illegal packet attacks both Router B and Router C. [0003...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12H04L12/56H04L45/50
Inventor 林涛
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap