Unlock instant, AI-driven research and patent intelligence for your innovation.

Method, system and switch for preventing MAC address spoofing

A MAC address, switch technology, applied in the field of data products, to ensure the effect of network security

Active Publication Date: 2015-06-03
ZTE CORP
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The technical problem to be solved by the present invention is to provide a method, a system and a switch for preventing MAC address spoofing, which are used to detect network packets, prevent MAC address spoofing, and avoid the large amount of packet detection in the prior art and the existence of security risks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, system and switch for preventing MAC address spoofing
  • Method, system and switch for preventing MAC address spoofing
  • Method, system and switch for preventing MAC address spoofing

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings. In the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined with each other. It should be understood that the preferred embodiments described here are only used to illustrate and explain the present invention, not to limit the present invention.

[0036] In order to prevent MAC address spoofing attacks in the IPv6 network, in the technical solution of the embodiment of the present invention, a binding state table formed by information such as IP, MAC address, access port, and time-to-live of each access user is established on the switch (Binding State Table, BST), the BST entry is not a static configuration entry, but a dynamic entry with state transitions. When processing user packets, use the BST tabl...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Disclosed are a method and a system for preventing MAC address cheat, and a switch. The switch comprises: a binding state table item generation unit, configured to generate a binding state table of a user according to user information when the user accesses a network; a binding state table state processing unit, configured to process state migration of a user address; a packet detection processing unit, configured to, after the switch receives a neighbor notification packet, detect whether a destination address of the neighbor notification packet is valid according to the user information recorded in binding state table items; in the case that a destination link layer address option exists in the packet, check whether the destination link layer address option is consistent with that recorded in the binding state table items; if yes, forward the packet; otherwise, discard the received neighbor notification packet. Through application of the present invention, when an NA packet with a false link layer address exists in the network, the switch discards the packet, thereby ensuring the network security.

Description

technical field [0001] The invention relates to the field of data products, in particular to a method, a system and a switch for preventing MAC address spoofing in an IPv6 network. Background technique [0002] In the IPv6 network, ICMPv6-based Neighbor Discovery Protocol (ND) is used to solve the interaction problem between nodes on the same link. It replaces the address resolution protocol (ARP) used in IPv4, the router discovery part of the control message protocol (ICMP) and all functions of the redirection protocol, and can obtain network parameters such as link MTU and hop limit. The neighbor node discovery process of IPv6 is the process of using a series of ND packets and steps to determine the relationship between neighbor nodes and perform network configuration. [0003] Although the Neighbor Discovery Protocol (Neighbor Discovery Protocol) of the switch makes the network configuration process more automatic and reduces the burden on the administrator, since the li...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/12H04L12/70H04L12/26
CPCH04L63/12H04L69/324
Inventor 雷华
Owner ZTE CORP