Unlock instant, AI-driven research and patent intelligence for your innovation.

Method, system and switch for preventing MAC address spoofing

A MAC address and switch technology, applied in the field of data products, to achieve the effect of ensuring network security

Active Publication Date: 2011-04-20
ZTE CORP
View PDF2 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The technical problem to be solved by the present invention is to provide a method, a system and a switch for preventing MAC address spoofing, which are used to detect network packets, prevent MAC address spoofing, and avoid the large amount of packet detection in the prior art and the existence of security risks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, system and switch for preventing MAC address spoofing
  • Method, system and switch for preventing MAC address spoofing
  • Method, system and switch for preventing MAC address spoofing

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings. In the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined with each other. It should be understood that the preferred embodiments described here are only used to illustrate and explain the present invention, not to limit the present invention.

[0036] In order to prevent MAC address spoofing attacks in the IPv6 network, in the technical solution of the embodiment of the present invention, a binding state table formed by information such as IP, MAC address, access port, and time-to-live of each access user is established on the switch (Binding State Table, BST), the BST entry is not a static configuration entry, but a dynamic entry with state transitions. When processing user packets, use the BST tabl...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method, a system and a switch for preventing MAC address spoofing, the switch comprises: a table entry generation unit of a binding state table used for generating the binding state table of a user when the user accesses to a network; a state processing unit of the binding state table used for processing state transition of the user address; a neighbor notice message detection processing unit used for detecting whether a target address of the neighbor notice message is valid according to user information recorded in the table entry of the binding state table after the switch received the neighbor notice message, when the message contains a target link layer address option, detecting whether the target link layer address option is accordant to that recorded in the table entry of the binding state table, if so, forwarding the message; otherwise, discarding the received neighbor notice message. With the method, the system and the switch for preventing MAC address spoofing, when the network has NA message carrying false link layer address, the switch discards the NA message to guarantee network security.

Description

technical field [0001] The invention relates to the field of data products, in particular to a method, a system and a switch for preventing MAC address spoofing in an IPv6 network. Background technique [0002] In the IPv6 network, ICMPv6-based Neighbor Discovery Protocol (ND) is used to solve the interaction problem between nodes on the same link. It replaces the address resolution protocol (ARP) used in IPv4, the router discovery part of the control message protocol (ICMP) and all functions of the redirection protocol, and can obtain network parameters such as link MTU and hop limit. The neighbor node discovery process of IPv6 is the process of using a series of ND packets and steps to determine the relationship between neighbor nodes and perform network configuration. [0003] Although the Neighbor Discovery Protocol (Neighbor Discovery Protocol) of the switch makes the network configuration process more automatic and reduces the burden on the administrator, since the li...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12H04L12/56H04L12/26
CPCH04L69/324H04L63/12H04L29/08027
Inventor 雷华
Owner ZTE CORP