Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and device for generating authorized address resolution protocol security entries

A technology of address resolution protocol and safety table, which is applied in the direction of electrical components, transmission systems, etc.

Active Publication Date: 2017-12-15
NEW H3C TECH CO LTD
View PDF4 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Simply put, the existing anti-attack methods can only defend against certain types of ARP attacks, and are powerless against other types of attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for generating authorized address resolution protocol security entries
  • Method and device for generating authorized address resolution protocol security entries
  • Method and device for generating authorized address resolution protocol security entries

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0019] The applicant analyzed a known existing solution to prevent ARP attacks through the authorized ARP function and found that: the existing authorized ARP function requires the DHCP Server / DHCP Relay and the gateway to be the same device. If they are not the same device, there is no authorized ARP security entry on the gateway, and it cannot defend against ARP attacks that deceive the gateway. However, in practical applications, there is often a dedicated DHCP Server responsible for allocating IP addresses, which is not the same device as the gateway, so the authorized ARP method cannot be applied to this scenario. the following to figure 1 As an example to illustrate:

[0020] exist figure 1 In the shown network, the DHCP Server / DHCP Relay and the gateway are not the same device. When the client goes online, it obtains its IP address and gateway address through DHCP, and then accesses the Internet through the gateway. The following ARP spoofing attack process often ex...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The application discloses a method and a device for generating an authorized ARP safety table entry. The method comprises the following steps that: a gateway monitors a DHCP request message sent to a DHCP server by a DHCP client, generates the authorized ARP safety table entry according to an IP address and an MAC address in the message, and sets the state of the safety table entry to be 'requesting'; the gateway monitors a free ARP message sent by the DHCP client, looks up the authorized ARP safety table entry with the corresponding state of 'requesting' according to the IP address and the MAC address in the message, and changes the state of the safety table entry to be 'valid'. According to the method and the device disclosed by the application, the gateway can also generate the authorized ARP safety table entry in the case that the gateway and DHCP server / DHCP relay are not the same equipment.

Description

technical field [0001] The present application relates to the technical field of data security, in particular to a method and device for generating an authorized ARP (Address Resolution Protocol, Address Resolution Protocol) security entry. Background technique [0002] The ARP can resolve the IP (Internet Protocol, Internet Protocol) address into an actual MAC (Media Access Control, Media Access Control) address, so as to realize the forwarding of the IP message on the Ethernet link. The process of ARP resolution is very simple: a request carrying an IP address and a response carrying a MAC address, the interaction of the two messages can let each other know the MAC address of the other. [0003] While ARP provides convenient services, it also provides opportunities for malicious attackers. Since the advent of ARP, ARP attacks have never stopped, and attacks such as spoofing and flooding have emerged in an endless stream. At present, there are many means of preventing ARP...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/12H04L29/06
Inventor 韩冰
Owner NEW H3C TECH CO LTD