IPv6 neighbor cache protection method and device based on reverse detection

A technology of neighbor caching and reverse detection, applied to electrical components, transmission systems, etc., can solve the problem of no reverse detection messages, achieve high practical value, strong protocol compatibility, and low resource consumption

Inactive Publication Date: 2017-06-20
THE PLA INFORMATION ENG UNIV
View PDF1 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although the reverse detection method reduces the possibility of the neighbor cache being attacked to a certain extent, since the reverse detection message does not have any protection mechanism, the attacker can still

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • IPv6 neighbor cache protection method and device based on reverse detection
  • IPv6 neighbor cache protection method and device based on reverse detection
  • IPv6 neighbor cache protection method and device based on reverse detection

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0035] In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be described in detail below with reference to the accompanying drawings and specific embodiments.

[0036] See figure 1 As shown, the method provided by the present invention may mainly include: the target node receives the ND message, and creates an entry record for storing the ND message information in the storage queue, where each node establishes an ND message information Stored storage queue. The entry record contains the IP address of the source node, the MAC address of the source node, the Timestamp field of the time when the IRD request message is sent to the source node, the Sequence field of the sequence number of the IRD request message sent to the source node, and the identifier Whether the status field of the IRD request message has been sent to the source node; after waiting time t, select a record from the head of the storage queue...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an IPv6 neighbor cache protection method and device based on reverse detection. The method comprises the following steps: a destination node receives an ND message and establishes an item record for storing the ND message information in a storage queue; after waiting for time t, one record is selected from the head portion of the storage queue, and an IRD neighbor request message is sent to a source node; corresponding data filling is carried out on an IRD option of the IRD neighbor request message according to the selected Sequence field and Timestamp field in the record, and setting is carried out on the Status field of the item record; the source node sends an IRD notification message, and fills in the IRD option with the same Sequence field and timestamp obtained when sending the notification message; and the destination node, for the received IRD notification message, carries out detection according to the Sequence field, the Status field and timeout time threshold, and carries out processing on neighbor cache and corresponding records in the storage queue according to the detection result. The method and device can effectively resist neighbor cache spoofing attack and denial-of-service attack, are small in resource consumption and high in protocol compatibility, and can be suitable for application environment better.

Description

technical field [0001] The invention relates to the technical field of IPv6 network security communication, in particular to a reverse detection-based IPv6 neighbor cache protection method and a device thereof. Background technique [0002] Neighbor Discovery Protocol (Neighbor Discovery Protocol, NDP) is a key protocol of IPv6. It combines ARP, ICMP router discovery and ICMP redirection protocols in IPv4, and improves them to solve the problem of different nodes on the same link. The problem of information exchange between. Since it does not provide any security mechanism for security threats in the link, attackers can use the security loopholes in NDP to implement denial of service attacks and redirection attacks on IPv6 subnets. The IETF standard stipulates that the reliability and integrity of the data packets in the NDP are guaranteed by IPSec AH, but the usage plan is not given. Secure Neighbor Discovery (SEND) guarantees the security of NDP by introducing Cryptograp...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/145H04L63/205
Inventor 张连成孔亚洲王振兴郭毅王禹辜苛峻
Owner THE PLA INFORMATION ENG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap