Unlock instant, AI-driven research and patent intelligence for your innovation.

Method for preventing attack of illegal neighbor discovery protocol message and access equipment

A technology for access device and neighbor discovery, applied in the field of packet transmission, it can solve problems such as increasing complexity and achieve the effect of preventing attacks

Active Publication Date: 2014-04-16
NEW H3C TECH CO LTD
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0016] 3. The attacker uses RS / RA packets to deceive the gateway that the MAC address of a legitimate user in the same network segment has been updated, causing the gateway to send all packets to the attacker. The attack process is as follows: image 3 Shown:
The disadvantage of this method is that encryption-related configurations need to be performed when networking, and related configurations need to be performed on any node that needs to communicate, which increases the complexity of user use

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for preventing attack of illegal neighbor discovery protocol message and access equipment
  • Method for preventing attack of illegal neighbor discovery protocol message and access equipment
  • Method for preventing attack of illegal neighbor discovery protocol message and access equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0047] The present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0048] Figure 4 The flow chart of the method for preventing illegal ND protocol packet attacks provided by Embodiment 1 of the present invention, as shown in Figure 4 As shown, the specific steps are as follows:

[0049] Step 401: The access device receives the Duplicate Address Detection (DAD, Duplicate Address Detection) message for the local link address or the RS message with no source IP address specified from the host, and records the source MAC address and ingress port of the message Identification (ID), virtual local area network (VLAN, VirtualLocal Network) ID.

[0050] There is only one unicast address in the local link scope of the interface, the prefix is ​​fixed as FE80::, and the mask length is 64. After the host goes online, it will automatically generate a link-local address, and then send a DAD message carrying t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method for preventing an attack of an illegal neighbor discovery (ND) protocol message and access equipment. The method comprises the following steps that: access equipment receives a DAD message that is sent by a host and is directed at a local link address or a router solicitation (RS) message of an unspecified source IP address, wherein the RS message is sent by the host, and an MAC address of the host is extracted from the message; the access equipment determines a prefix that is distributed to the host, a global unicast IPv6 address of the host is generated by using the prefix and the MAC address, and safety items including the global unicast IPv6 address and the MAC address of the host are established; the access equipment receives an ND protocol message sent by any host; if the message is discovered as being neither the DAD message nor the RS message of the unspecified source IP address, the message matches the established safety items one by one; if the matching is done, the message is received; if not, the message is refused. According to the invention, an attack of an illegal ND protocol message can be prevented without adding any configuration.

Description

technical field [0001] The invention relates to the technical field of message transmission, in particular to a method and an access device for preventing illegal neighbor discovery (ND, Neighbor Discovery) protocol message attacks. Background technique [0002] Currently, IPv6 is a next-generation network protocol that solves the problem of lack of IPv4 addresses. Compared with IPv4, IPv6 supports a concise fixed-length message header, built-in security, better quality of service (QoS, Quality of Service) support and mobility support. As the basic protocol of IPv6, the ND protocol also provides functions such as address resolution, router discovery, neighbor unreachable detection, and duplicate address detection. ND protocol packets are easy to be forged by attackers and used for attacks. [0003] The main attack methods are as follows: [0004] 1. The attacker uses NS / NA packets to impersonate the gateway to deceive other users on the same network segment under the gate...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/12
Inventor 周立萍
Owner NEW H3C TECH CO LTD