Early warning method and device for arp entry spoofing attack on local area network

An ARP table entry and spoofing attack technology, applied in the field of network communication, can solve problems such as user network connection failure, and achieve the effect of preventing spoofing attacks

Active Publication Date: 2020-06-19
DALIAN ROILAND SCI & TECH CO LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

ARP attacks mainly exist in the LAN network. If a user in the LAN is infected with the ARP virus, the system of the user infected with the ARP virus may try to intercept the communication information of other computers in the network by means of "ARP spoofing". Network connection failure of other users in the network

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Early warning method and device for arp entry spoofing attack on local area network
  • Early warning method and device for arp entry spoofing attack on local area network
  • Early warning method and device for arp entry spoofing attack on local area network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0015] Embodiment 1: a kind of early warning method for the ARP entry spoofing attack of local area network, comprises the following steps:

[0016] S1. Network data interception;

[0017] S2. ARP message authenticity confirmation;

[0018] S2.1. When the ARP message is untrustworthy, perform an early warning judgment on ARP entry spoofing;

[0019] S2.2. When the ARP message is authentic, analyze the ARP message entry to determine the ARP entry spoofing.

[0020] As a kind of embodiment, in its described step S1, network data interception is: obtain the DHCPDiscover request message in the network, record in table A; Obtain the DHCP ACK message in the network, record in table B; Obtain ARP broadcast packets in the network are recorded in Table C.

[0021] As an embodiment, the specific steps of its step S2 are: analyze the IP address of the ARP request packet sent by the user, judge whether it appears in Table A and Table C, and judge whether it is stored in the static IP a...

Embodiment 2

[0040] Embodiment 2: As a supplement to the technical solution of Embodiment 1 or as a separate embodiment, this embodiment provides an early warning method for ARP entry spoofing attacks on a local area network. First listen through network data frames. Obtain the DHCPDiscover request message in the network and record it in table A; at the same time obtain the DHCPACK message and record it in table B; at the same time obtain the ARP broadcast message in the network and record it in table C. Then compare the data in the above record table to confirm the credibility of the ARP message, analyze the ARP message entry, and analyze whether the source MAC in the ARP frame header and the source MAC in the message are consistent. Whether to update the ARP entry, whether it meets the characteristics of ARP spoofing. If it meets the characteristics of ARP spoofing, then output the status word of ARP spoofing attack alarm. Then output the log of ARP spoofing attack alarm. The program ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an early warning method and device for an address resolution protocol (ARP) table entry spoofing attack in a local area network, and belongs to the technical field of network communication. The early warning problem of the ARP table entry spoofing attack in the local area network is solved. The technical points are as follows: S1. monitoring network data; S2. confirming thecredibility of an ARP message; S2.1. when the ARP message is not credible, performing early warning judgment on ARP table entry spoofing; and S2.2. when the ARP message is credible, performing analysis on an ARP message table entry to judge the ARP table entry spoofing. The early warning method and device have the beneficial effects that the ARP table entry spoofing attack can be prevented.

Description

technical field [0001] The invention relates to the technical field of network communication, in particular to an early warning method for ARP spoofing attacks in a local area network. Background technique [0002] Address Resolution Protocol (ARP, Address Resolution Protocol) is a TCP / IP sub-protocol for obtaining a physical address based on an IP address. When the host sends information, it broadcasts the ARP request containing the target IP address to all hosts on the network, and receives the return message to determine the physical address of the target; after receiving the return message, store the IP address and physical address in the local ARP In the cache and keep it for a certain period of time, the next request will directly query the ARP cache to save resources. [0003] ARP spoofing attack is to realize ARP spoofing by forging IP address and MAC address, which can generate a large amount of ARP traffic in the network and block the network. ARP attacks mainly ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1466
Inventor 田雨农张东辉付政国
Owner DALIAN ROILAND SCI & TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap