Method for preventing attack of untrusted servers

A server, non-trust technology, applied in the field of network communication, to achieve the effect of preventing spoofing attacks

Inactive Publication Date: 2014-08-27
PHICOMM (SHANGHAI) CO LTD
View PDF8 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, the method of configuring trusted ports can only be effective in t

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for preventing attack of untrusted servers
  • Method for preventing attack of untrusted servers
  • Method for preventing attack of untrusted servers

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0013] The present invention will be further described below with reference to the drawings and embodiments.

[0014] The invention provides a method for preventing untrusted server attacks, which can effectively prevent untrusted server spoofing attacks.

[0015] In an embodiment, the present invention achieves the purpose of preventing untrusted server cheating by adding a trusted server IP address list in a switching device that enables the DHCP Snooping function. When a switching device receives a DHCP Snooping response packet, it needs to verify the source address of the DHCP response packet. The source address of the DHCP response packet is the IP address of the server that sent the DHCP response packet. Only the source address is in the trusted server IP address list. In this way, the host under the switching device will not receive spoofing attacks from untrusted servers. In addition, when the server's IP address has not changed, the server's location moves, and there is n...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method for preventing attack of untrusted servers. The method comprises the following steps: a trusted server IP address list is added to switching equipment starting DHCP Snooping for a local area network performing DHCP Snooping; when the switching equipment receives a DHCP response packet, the source address of the DHCP response packet is extracted, and the source address is verified based on IP addresses in the trusted server IP address list; and through the verification, the switching equipment only forwards DHCP response packets of which the source addresses exist in the trusted server IP address list. The method of the invention can effectively prevent spoofing attack of untrusted servers. Compared with the prior art, spoofing attack from trusted ports when untrusted servers are in a non-direct connection state can be avoided. Further, when the port of a server is switched, configuration of the switching equipment does not need to be modified, and data packets of trusted servers can continue to be forwarded effectively, and spoofing attack of untrusted servers can continue to be prevented effectively.

Description

【Technical Field】 [0001] The present invention relates to the field of network communication, in particular to a method for preventing untrusted service fraud attacks. 【Background technique】 [0002] At present, in a switching device running DHCP Snooping (Dynamic Host Configuration Protocol Snooping), DHCP Snooping technology prevents untrusted server spoofing attacks by configuring trusted ports. For example, configure port 1 of the switching device as a trusted port, and the DHCP response packet sent by the server connected to the trusted port 1 will be forwarded, while the DHCP response packet sent by other servers that are not connected to the trusted port will not be forwarded, such as figure 1 As shown, to filter out spoofing attacks from untrusted DHCP servers. However, this method can only be aimed at the server and the DHCP Snooping switching device must be directly connected, in order to filter out the spoofing attacks of untrusted servers. If multiple access devices ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/12
Inventor 梁剑华车任秋
Owner PHICOMM (SHANGHAI) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products