Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

ARP (address resolution protocol) attack centralized detection and defense method for wireless controller system

A wireless controller and ARP message technology, applied in the field of network security, can solve problems such as attacks, large network management constraints, and negative effects, and achieve the effect of eliminating ARP attacks, strong prevention capabilities, and small negative effects

Inactive Publication Date: 2014-04-02
FUJIAN SUNNADA NETWORK TECH CO LTD
View PDF4 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This kind of attack can cause specific terminal users or all terminal users on the network to be unable to use the network normally.
The attack principle is that the attacker realizes ARP spoofing by forging IP addresses and MAC addresses, which can generate a large amount of ARP traffic in the network and block the network. As long as the attacker continuously sends out forged ARP response packets, the target host ARP IP-MAC entries in the cache, causing network outages or man-in-the-middle attacks
[0004] ARP attacks mainly exist in the LAN network. If an end user in the LAN initiates an ARP attack, it may cause the entire LAN communication to be interrupted.
[0005] At present, there are many preventive measures against ARP, but these preventive measures are mainly proposed during the use of wired networks. The main consideration is the networking application of wired networks, and many preventive measures have the following shortcomings: Fundamental method; 2. There are large constraints on network management, requiring the participation of user terminals, which is inconvenient and practical, and poor in operability; 3. There are negative effects, which may affect the normal use of network functions

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • ARP (address resolution protocol) attack centralized detection and defense method for wireless controller system
  • ARP (address resolution protocol) attack centralized detection and defense method for wireless controller system
  • ARP (address resolution protocol) attack centralized detection and defense method for wireless controller system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] The present invention will be further described below in conjunction with the accompanying drawings and embodiments.

[0029] The idea of ​​the present invention is to dynamically monitor ARP messages on the wireless controller in real time, only legal ARP messages are processed and forwarded, and the ARP attack source is directly cut off on the AC device, so as to avoid the propagation of attack messages in the wireless LAN and ensure The validity of ARP packets received by other devices in the wireless LAN, so as to achieve the purpose of centralized defense against ARP attacks and ensure the security of the wireless LAN.

[0030] like figure 2 Shown, the present invention provides a kind of wireless controller system ARP attack centralized detection and defense method, it is characterized in that comprising the following steps:

[0031] Step S01: Send all traffic data associated with the wireless terminal STA on the wireless access point device AP to the wireless c...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to an ARP (address resolution protocol) attack centralized detection and defense method for a wireless controller system. The method comprises the following steps that S01, all flow rate data of wireless terminals STA associated onto wireless access point equipment AP are sent to a wireless controller AC by the wireless access point equipment AP via a CAPWAP transmission tunnel, and in addition, the detection and the processing of ARP message legitimacy are carried out in the wireless controller AC; S02, legal data is retransmitted by the wireless controller equipment AC according to network topologies. The ARP attack centralized detection and defense method has the advantages that ARP messages are dynamically monitored on the wireless controller in real time, only the legal ARP messages are processed and retransmitted, an ARP attach source is directly switched off on AC equipment, the spreading of attack messages in a wireless local area network is avoided, and the legality of the ARP messages received by other equipment in the wireless local area network is ensured, so the goals of defending the ARP attack in a centralized way and guaranteeing the safety of the wireless local area network are realized.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a centralized detection and defense method for ARP attacks of a wireless controller system. Background technique [0002] With the rapid development of WLAN technology, especially the maturity of thin AP wireless architecture networking applications, more and more enterprises, units and public places have begun to use wireless networks for networking applications. With the expansion of the WLAN network application scale, the security of the wireless network becomes more and more important. Among them, the problem of ARP attack is an important hidden danger of wireless network. like figure 1 as shown, figure 1 It is a thin AP wireless network architecture diagram. In the figure, the main equipment types in the thin AP wireless LAN include wireless controller (AC), wireless access point (AP), wireless terminal (STA), and router (router). [0003] ARP attack is an attac...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04W12/06H04W12/12H04W12/122
Inventor 宋永磊
Owner FUJIAN SUNNADA NETWORK TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com