Early warning method and device for ARP table entry spoofing attack in local area network

An ARP entry and spoofing attack technology, applied in the field of network communication, can solve problems such as user network connection failures, and achieve the effect of preventing spoofing attacks

Active Publication Date: 2018-03-09
DALIAN ROILAND SCI & TECH CO LTD
View PDF4 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

ARP attacks mainly exist in the LAN network. If a user in the LAN is infected with the ARP virus, the system of the user infected with the ARP virus may try to intercept the communication information of other computers in the network by means of "ARP spoofing". Network connection failure of other users in the network

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Early warning method and device for ARP table entry spoofing attack in local area network
  • Early warning method and device for ARP table entry spoofing attack in local area network
  • Early warning method and device for ARP table entry spoofing attack in local area network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0015] Embodiment 1: An early warning method for ARP entry spoofing attacks on a local area network, including the following steps:

[0016] S1. Network data interception;

[0017] S2. ARP message credibility confirmation;

[0018] S2.1. When the ARP message is untrustworthy, the ARP entry spoofing early warning judgment is performed;

[0019] S2.2. When the ARP message is credible, analyze the ARP message table entry to determine the ARP table entry spoofing.

[0020] As an embodiment, in the step S1, the network data interception is: obtain the DHCPDiscover request message in the network and record it in table A; obtain the DHCP ACK message in the network and record it in table B; obtain ARP broadcast messages in the network are recorded in Table C.

[0021] As an embodiment, the specific steps of step S2 are: analyzing the IP address of the ARP request packet sent by the user, judging whether it appears in Table A and Table C, and at the same time judging whether it is stored in a st...

Embodiment 2

[0040] Embodiment 2: As a supplement to the technical solution of Embodiment 1, or a separate embodiment, this embodiment provides an early warning method for ARP entry spoofing attacks in a local area network. First listen through network data frames. Obtain the DHCPDiscover request message in the network and record it in Table A; at the same time, obtain the DHCPACK message and record it in Table B; at the same time, obtain the ARP broadcast message in the network and record it in Table C. Then compare the data in the above record table to confirm the credibility of the ARP message, analyze the ARP message table entries, and analyze whether the source MAC in the header of the ARP frame and the source MAC in the message are consistent. Whether to update the ARP table entry and whether it meets the characteristics of ARP spoofing. If it meets the characteristics of ARP spoofing, output the status word of the ARP spoofing attack alarm. Then output the log of ARP spoofing attac...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an early warning method and device for an address resolution protocol (ARP) table entry spoofing attack in a local area network, and belongs to the technical field of network communication. The early warning problem of the ARP table entry spoofing attack in the local area network is solved. The technical points are as follows: S1. monitoring network data; S2. confirming thecredibility of an ARP message; S2.1. when the ARP message is not credible, performing early warning judgment on ARP table entry spoofing; and S2.2. when the ARP message is credible, performing analysis on an ARP message table entry to judge the ARP table entry spoofing. The early warning method and device have the beneficial effects that the ARP table entry spoofing attack can be prevented.

Description

Technical field [0001] The present invention relates to the technical field of network communication, in particular to an early warning method for ARP spoofing attacks in a local area network. Background technique [0002] Address Resolution Protocol (ARP) is a TCP / IP sub-protocol that obtains physical addresses based on IP addresses. When the host sends information, it broadcasts the ARP request containing the target IP address to all hosts on the network, and receives the return message to determine the physical address of the target; after receiving the return message, the IP address and physical address are stored in the local ARP It is kept in the cache for a certain period of time, and the ARP cache is directly queried when requested next time to save resources. [0003] ARP spoofing attack is to realize ARP spoofing by forging IP address and MAC address, which can generate a large amount of ARP traffic in the network to block the network. ARP attacks mainly exist in the lo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1466
Inventor 田雨农张东辉付政国
Owner DALIAN ROILAND SCI & TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap