Unlock instant, AI-driven research and patent intelligence for your innovation.

Authentication method and system of isatap tunnel based on dhcp monitoring

A technology of tunneling and IP address, which is applied in transmission systems, digital transmission systems, electrical components, etc., can solve problems such as attacks and insufficient security, and achieve the effect of avoiding network attacks

Active Publication Date: 2016-12-14
北京神州数码云科信息技术有限公司
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, one defect of ISATAP tunnel is that as long as the remote dual-protocol stack host node can reach the address of the ISATAP tunnel router that accesses the IPv6 network on the IPv4 route, the address of the IPv6 access network can be obtained without identity verification, which is very important in terms of security. Not enough, malicious unauthorized users can easily use the ISATAP tunnel as a springboard to attack the IPv6 network

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Authentication method and system of isatap tunnel based on dhcp monitoring
  • Authentication method and system of isatap tunnel based on dhcp monitoring
  • Authentication method and system of isatap tunnel based on dhcp monitoring

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] The technical solutions of the present invention will be further described below in conjunction with the accompanying drawings and through specific implementation methods.

[0036] figure 1 It is a schematic structural diagram of an ISATAP tunnel authentication system based on DHCP snooping according to an embodiment of the present invention. Such as figure 1As shown, the system includes a dual-protocol stack host connected based on the IPv4 network, an access switch, a DHCP server, and an ISATAP router for enabling the dual-protocol stack host to access the IPv6 network, wherein the dual-protocol stack host is connected to the access switch, The access switch is connected to the ISATAP router and the DHCP server through the IPv4 network, and is connected to the IPv4 and IPv6 networks.

[0037] In the system, the access switch includes a DHCP monitoring and binding module, the DHCP monitoring and binding module is used to monitor the DHCP request process of the dual-p...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an authentication method and system for an In-Site Automatic Tunnel Addressing Protocol (ISATAP) tunnel based on a Dynamic Host Configuration Protocol (DHCP) monitoring, and the method includes: A. an access switch monitors the DHCP of an IPv4 / IPv6 dual-protocol stack host Request process, set up the binding information that comprises the MAC address of described dual-protocol stack main frame, IP address, lease term, virtual local area network identification and port number, this binding information is encapsulated in the binding message and sent to ISATAP router; B , the dual-protocol stack host computer that will insert IPv6 network sends router solicitation message to ISATAP router, requests global IPv6 address prefix; C, ISATAP router inquires binding information according to the dual-protocol stack host computer IP address in the said router solicitation message and determines Whether to send a router advertisement to inform the dual-protocol host of the global IPv6 address prefix.

Description

technical field [0001] The invention relates to the field of computer data communication, in particular to an authentication method and system of an ISATAP tunnel based on DHCP snooping (DHCPSnooping). Background technique [0002] Dynamic Host Configuration Protocol (DHCP) is a network protocol developed from the BOOTP protocol, which is used to dynamically assign IP addresses and other related information to hosts. DHCP adopts the client / server mode. The DHCP client is used to propose a configuration request. The DHCP server responds to the configuration request and returns configuration information to the DHCP client according to a predetermined strategy. All DHCP messages use the User Datagram Protocol (User Datagram) Protocol, UDP) encapsulation. [0003] DHCP snooping (DHCP Snooping) function refers to the process that the switch monitors the DHCP client to obtain IP through the DHCP protocol. It prevents DHCP attacks and privately sets up DHCP servers by setting tru...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/70H04L29/12H04L45/60
Inventor 梁小冰
Owner 北京神州数码云科信息技术有限公司