Unlock instant, AI-driven research and patent intelligence for your innovation.

Message processing method and device, storage medium and processor

A message processing and message technology, applied in the field of communication, can solve the problems of inability to effectively identify the source IP address, spoofing, etc., and achieve the effect of solving network attacks and the processing method is simple and effective

Inactive Publication Date: 2019-10-25
ZTE CORP
View PDF0 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] The embodiment of the present invention provides a message processing method, device storage medium and processor, so as to at least solve the problem in the related art that the network attack behavior of source IP address spoofing cannot be effectively identified

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Message processing method and device, storage medium and processor
  • Message processing method and device, storage medium and processor
  • Message processing method and device, storage medium and processor

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment 1

[0045] The network architecture diagram of this specific embodiment is as follows figure 2 shown, where:

[0046] Network features:

[0047] An ASBR is interconnected with multiple ASs, and the interconnection ports are independent of each other.

[0048] Routing characteristics:

[0049] 1. Learn the routes of directly connected ASs and some non-directly connected ASs from multiple ASs;

[0050] 2. The route sets of the same non-directly connected AS learned from different directly connected ASs are inconsistent but overlap.

[0051] security strategy:

[0052] Policy 1: Only the traffic whose source IP address belongs to the BGP routing prefix received from the AS is allowed to pass through the port connected to the specified AS.

[0053] Specific steps:

[0054] Option One:

[0055] Step 1. Configure URPF id=100 based on neighbor AS100 and URPFid=200 based on neighbor AS200 on router ASBR1;

[0056] Step 2, configure application extended URPF and URPF id=100 on por...

specific Embodiment 2

[0079] The network architecture of this specific embodiment is as image 3 shown, where:

[0080] Network features:

[0081] Multiple ASBRs are connected to the same AS.

[0082] Routing characteristics:

[0083] The sets of routes learned from different ASBRs in the same AS are inconsistent but overlap

[0084] Security policy: (can support 2 types)

[0085] Policy 1: On the designated ASBR point, only the traffic whose source IP address belongs to the BGP routing prefix received by the ASBR from the directly connected AS is allowed to pass;

[0086] Strategy 2: On the designated ASBR point, allow the flow of the BGP routing prefix received from the AS with the source IP address belonging to the entire network (ASBR1, ASBR2 and ASBR3 in this specific embodiment) to pass through.

[0087] Specific steps:

[0088] Strategy 1 & Solution 1:

[0089] Step 1. Configure URPF id=1 based on neighbor 1 on router ASBR1, configure URPF id=2 based on neighbor 2 on router ASBR2, and...

specific Embodiment 3

[0139] The network architecture of the third embodiment of the present invention is as follows Figure 4 shown, where:

[0140] Network features:

[0141] Multiple ASBRs are interconnected with different ASs.

[0142] Routing characteristics:

[0143] Learn the routes of AS itself and non-directly connected ASs from multiple ASs;

[0144] The sets of routes learned from multiple ASs to the same non-directly connected AS are inconsistent but overlap.

[0145] security strategy:

[0146] Policy 1: On the designated ASBR, only the traffic whose source IP address belongs to the BGP routing prefix received from the AS directly connected to the ASBR is allowed to pass.

[0147] Specifically include the following steps:

[0148] Option One:

[0149] Step 1: Configure URPF id=100 based on neighbor 1 on router ASBR1; configure URPF id=200 based on neighbor 2 on router ASBR2; configure URPF id=300 based on neighbor 3 on router ASBR3.

[0150] Step 2: Configure extended URPF and ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a message processing method and device, a storage medium and a processor. The method comprises the following steps: after a to-be-forwarded message is received, determining a unicast reverse path check identifier set corresponding to a source Internet protocol IP address of the to-be-forwarded message, and unicast reverse path check identifiers configured for an ingress portof the to-be-forwarded message in advance; when it is determined that the unicast reverse path check identifier set comprises the unicast reverse path check identifier of the ingress port, forwardingthe message to be forwarded; and when it is determined that the unicast reverse path check identifier set does not include the unicast reverse path check identifier of the ingress port, discarding the message to be forwarded. According to the method and the device, the problem that the network attack behavior of source IP address spoofing cannot be effectively identified in the prior art is solved.

Description

technical field [0001] The present invention relates to the communication field, in particular, to a message processing method, device, storage medium and processor. Background technique [0002] In related technologies, a network attack based on source IP address spoofing has become a very common attack form on the Internet, which will cause serious network security problems. URPF is the abbreviation of Unicast Reverse Path Forwarding, also known as unicast reverse path inspection, which is used to prevent network attacks based on source IP address spoofing. Usually, after receiving a packet, the router will search the forwarding table according to the destination address of the packet, and forward the packet if found, otherwise discard the packet. URPF checks whether the route corresponding to the source IP address exists in the forwarding table. If it does not exist, it considers that the source IP address is forged and discards the packet directly. In this way, URPF ca...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/721
CPCH04L63/1441H04L63/1483H04L45/38H04L9/40
Inventor 朱小龙张玮玮沈益明叶正鑫黄红建
Owner ZTE CORP