A server ip protection method and system

A technology for protecting systems and servers, applied in transmission systems, electrical components, etc., can solve the problems of unoccupied and cumbersome illegal hosts

Active Publication Date: 2017-12-08
山东华软金盾软件股份有限公司
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The technical problem to be solved by the present invention is that even if the server goes down (that is, the IP is temporarily released), the IP of the server cannot be occupied by the illegal host, and all actions are only carried out on a small number of (generally, only one) hosts. All machines in the network need to perform cumbersome operations such as ARP binding

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A server ip protection method and system
  • A server ip protection method and system
  • A server ip protection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0040] Such as figure 1 Shown is a schematic diagram of the system topology of the server IP protection method of the present invention, wherein, according to the above topology diagram, a server IP protection method includes:

[0041] Step 1) select a machine in the network segment as a working machine, which maintains a protection list;

[0042] Step 2) the working machine obtains the ARP query packet sent by the host under the same network segment, and the ARP query packet is a MAC address that includes the IP address that the host will obtain and the visitor;

[0043] Step 3) extract IP address and MAC address from described APR inquiry packet, and inquire whether this IP address is in the protection list, wherein, if IP address is in IP protection list and MAC does not correspond, then think it is illegal host, and reply to the host with an ARP packet whose IP is occupied.

[0044] Wherein, before step 1), the protected IP protection list and their legal MAC mapping rec...

Embodiment 2

[0047] It will be described in detail in combination with Embodiment 2.

[0048]Specifically, the implementation method of this scheme is to select a machine in the network segment to do the protection action, called the working machine, and this machine protects the specified IP from being used by illegal MAC through ARP attack. The principle lies in the process of IP acquisition. When a host wants to use a certain IP, it needs to obtain the consent of the intranet. This is the process of ARP negotiation. The normal process is that the host will first send an ARP broadcast to ask whether there is an IP address in the intranet. Use this IP, if yes, tell me (MAC), if this IP is indeed occupied, the ARP protocol defines the behavior of this IP occupant: reply an ARP packet to the inquirer, indicating that the IP is used by me (MAC) , the initiator of the ARP query knows that the IP is occupied, and the IP acquisition fails. Conversely, if there is no reply packet from any host ...

Embodiment 3

[0051] It will be described in conjunction with a specific program design. Specifically, the method includes the following steps in detail:

[0052] 1. Record the policy (protected IP list and their legal MAC mapping) into the memory for backup.

[0053] 2. Use the winpcap library to capture packets in promiscuous mode on all network cards in order to capture ARP query packets.

[0054] 3. To judge each captured ARP query packet, the judgment logic is as follows:

[0055] 1) If it is initiated by the local machine, it will not be processed;

[0056] 2) If sender_ip and target_ip in the ARP structure are consistent, or sender_ip is 0, then it is considered that this is an inquiry packet that wants to obtain an IP address, and only this kind of inquiry packet that wants to obtain an IP address is processed.

[0057] 3) Look for target_ip in the protection list, if found, it means this is a protected IP

[0058] 4) Find the MAC of this IP mapping from the protection list, if i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a server IP protection method and system, comprising: step 1) selecting a machine in the network segment as a working machine, which maintains a protection list; step 2) the working machine obtaining the The ARP query packet, the ARP query packet is a MAC address that contains the IP address that the host will obtain and the visitor; Step 3) extracts the IP address and the MAC address from the APR query packet, and inquires whether the IP address is In the protection list, if the IP address is in the protection list but the MAC does not correspond, it is considered to be an illegal host, and an ARP packet that the IP is occupied is replied to the host.

Description

technical field [0001] The invention belongs to the field of computer Internet, and relates to a server IP protection method and system. Background technique [0002] As the main provider of resources, the server in the LAN plays an important role and plays an important role in the normal and efficient operation of other terminals in the network. Many of the data submitted to the server are sensitive resources, and many clients connect to the server based on IP, so if the server IP is fraudulently used, it means that many clients may try to connect to the fake server and submit sensitive resources. Data, this is a very dangerous behavior. If the server is running all the time, the IP is always occupied. Generally speaking, it will not be used fraudulently. However, if someone maliciously causes the server to go offline or crash, and seizes the opportunity to seize the IP address that originally belonged to the server, the server will reconnect. After entering the network, ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/12
Inventor 吴永
Owner 山东华软金盾软件股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap