ARP (address resolution protocol) attack centralized detection and defense method for wireless controller system

Abstract

The invention relates to an ARP (address resolution protocol) attack centralized detection and defense method for a wireless controller system. The method comprises the following steps that S01, all flow rate data of wireless terminals STA associated onto wireless access point equipment AP are sent to a wireless controller AC by the wireless access point equipment AP via a CAPWAP transmission tunnel, and in addition, the detection and the processing of ARP message legitimacy are carried out in the wireless controller AC; S02, legal data is retransmitted by the wireless controller equipment AC according to network topologies. The ARP attack centralized detection and defense method has the advantages that ARP messages are dynamically monitored on the wireless controller in real time, only the legal ARP messages are processed and retransmitted, an ARP attach source is directly switched off on AC equipment, the spreading of attack messages in a wireless local area network is avoided, and the legality of the ARP messages received by other equipment in the wireless local area network is ensured, so the goals of defending the ARP attack in a centralized way and guaranteeing the safety of the wireless local area network are realized.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a centralized detection and defense method for ARP attacks of a wireless controller system. Background technique [0002] With the rapid development of WLAN technology, especially the maturity of thin AP wireless architecture networking applications, more and more enterprises, units and public places have begun to use wireless networks for networking applications. With the expansion of the WLAN network application scale, the security of the wireless network becomes more and more important. Among them, the problem of ARP attack is an important hidden danger of wireless network. like figure 1 as shown, figure 1 It is a thin AP wireless network architecture diagram. In the figure, the main equipment types in the thin AP wireless LAN include wireless controller (AC), wireless access point (AP), wireless terminal (STA), and router (router). [0003] ARP attack is an attac...

AI Technical Summary

Problems solved by technology

This kind of attack can cause specific terminal users or all terminal users on the network to be unable to use the network normally.

The attack principle is that the attacker realizes ARP spoofing by forging IP addresses and MAC addresses, which can generate a large amount of ARP traffic in the network and block the network. As long as the attacker continuously sends out forged ARP response packets, the target host ARP IP-MAC entries in the cache, causing network outages or man-in-the-middle attacks

[0004] ARP attacks mainly exist in the LAN network. If an end user in the LAN initiates an ARP attack, it may cause the entire LAN communication to be interrupted.

[0005] At present, there are many preventive measures against ARP, but these preventive measures are mainly proposed during the use of wired networks. The main consideration is the networking application of wired networks, and many preventive measures have the following shortcomings: Fundamental method; 2. There are large constraints on network management, requiring the participation of user terminals, which is inconvenient and practical, and poor in operability; 3. There are negative effects, which may affect the normal use of network functions

Images