Method and device for preventing MAC address flooding attacks

A MAC address and MAC address table technology, applied in the field of preventing MAC address flooding attacks, can solve problems such as increased cost and waste of bandwidth resources, and achieve the effect of reducing bandwidth pressure and shortening deletion time.

Inactive Publication Date: 2019-12-27
STATE GRID HEBEI ELECTRIC POWER RES INST +2
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

First, when a large number of terminals need to communicate, because the number of terminals is limited by the port, more switches are needed to meet the communication needs, resulting in increased costs; second, each port limits the number of terminal connections, which does not prevent the port from being attacked from the root cause. Once flooded, there is still a waste of bandwidth resources

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for preventing MAC address flooding attacks
  • Method and device for preventing MAC address flooding attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] The following will clearly and completely describe the technical solutions in the embodiments of the application with reference to the drawings in the embodiments of the application. Apparently, the described embodiments are only some of the embodiments of the application, not all of them. The following description of at least one exemplary embodiment is merely illustrative in nature and in no way serves as any limitation of the application, its application or uses. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of this application.

[0044] It should be noted that the terminology used here is only for describing specific implementations, and is not intended to limit the exemplary implementations according to the present application. As used herein, unless the context clearly dictates otherwise, the singular is intended to include the plural, a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and device for preventing MAC address flooding attacks. The method comprises the following steps: judging whether the sum of suspected times in a certain port MAC address table entry in a blacklist MAC address table is greater than a set threshold value of the sum of suspected times or not; and judging whether the port is attacked or not, if the port is attacked, shortening the aging time of the related MAC address table entry of the port in the MAC address table, and marking the related MAC address table entry as suspicious. According to the method, port attack conditions can be judged, emergency measures can be taken, suspicious MAC address table entry deletion time is shortened, MAC address table space is released, MAC address flooding attacks are controlled, and bandwidth pressure is reduced; and judging whether the MAC address is a factor causing flooding attack or not by judging whether the suspected times of the blacklist MAC address entry is greater than a set suspected times threshold or not, and if so, marking the state of the MAC address entry as dormancy. In the sleep period, the data frame is discarded, flooding caused by MAC address broadcasting is avoided, and then MAC address flooding attacks are avoided.

Description

technical field [0001] The invention belongs to the technical field of communications, and in particular relates to a method and device for preventing MAC address flooding attacks. Background technique [0002] An Ethernet switch is a switch that transmits data based on Ethernet. It works on the second layer of the OSI reference model, that is, the data link layer. It is a network device based on MAC (Media Access Control) address identification and Ethernet data frame forwarding. . The Ethernet switch can perform data transmission between multiple port pairs at the same time, so that each pair of hosts that communicate with each other can perform conflict-free data transmission, effectively isolate conflict domains, and ensure that the broadband of each terminal does not affect each other. Unlike the hub that broadcasts data packets to all nodes, an Ethernet switch can directly send data packets to the destination node. It is because there is a MAC address table inside th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1458H04L63/101H04L63/1466H04L61/5053H04L2101/622
Inventor 刘伟娜左晓军侯波涛董娜常杰陈泽
Owner STATE GRID HEBEI ELECTRIC POWER RES INST
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products