ARP spoofing attack detection method based on local area network

A technology of ARP spoofing and attack detection, applied in the field of network communication, can solve problems such as low efficiency and heavy network burden

Inactive Publication Date: 2019-06-28
山东信天辰信息安全技术有限公司
View PDF5 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The purpose of the present invention is to provide a method for detecting ARP spoofing attacks based on a local area network. The ARP detection system is realized through a packet capture tool, and the port mirroring technology is used to bind MAC and IP bidirectionally with static IP without changing the IPV4 protocol. At the same time, VLAN is used to reduce the local area network, improve retrieval efficiency, and solve the problem of low efficiency of defense against ARP spoofing and heavy burden on the network

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • ARP spoofing attack detection method based on local area network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0022] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0023] see figure 1 As shown, the present invention is a local area network-based ARP spoofing attack detection method, which is applied to a wireless terminal, an authentication server, a management device, and at least two access devices that do not share a MAC address with a gateway device in a wireless local area network, and is characterized in that , including the following steps:

[0024] Step S01: use the packet capture tool to obtain the data packet for a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an ARP spoofing attack detection method based on a local area network, and relates to the technical field. The method comprises the following steps: acquiring a data packet byusing a packet capturing tool and analyzing the data packet to obtain MAC and IP pairs of a destination and a source address of the data packet; independently monitoring a port corresponding to the unreasonable MAC address; detecting MAC and IP mapping pairs in the response packet, and judging whether mapping of a source address in the response packet is reasonable or not within a certain period of time; and when the mapping of the source address in the packet is unreasonable, finding a port corresponding to the switch by using the MAC address, and quickly finding out the fraud host. Accordingto the packet capturing tool, an ARP detection system is realized. In cooperation with the port mirroring technology, the static IP is used for carrying out bidirectional binding on the MAC and the IP under the condition that the IPV4 protocol is not changed, meanwhile, the VLAN is used for reducing the local area network, the retrieval efficiency is improved, the ARP deception defense efficiencyis improved, and the burden generated to the network is avoided.

Description

technical field [0001] The invention belongs to the technical field of network communication, in particular to a local area network-based ARP deception attack detection method. Background technique [0002] Address Resolution Protocol (ARP, Address Resolution Protocol) is a TCP / IP sub-protocol for obtaining a physical address based on an IP address. When the host sends information, it broadcasts the ARP request containing the target IP address to all hosts on the network, and receives the return message to determine the physical address of the target; after receiving the return message, store the IP address and physical address in the local ARP In the cache and keep it for a certain period of time, the next request will directly query the ARP cache to save resources. The address resolution protocol is based on the mutual trust of each host in the network. A host on the network can send an ARP reply message independently. When other hosts receive the reply message, they will...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12
Inventor 常秀军
Owner 山东信天辰信息安全技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap