Method and system for preventing address spoofing attack by NS reverse query

A technology of spoofing attack and reverse query, applied in transmission systems, electrical components, etc., can solve the problems of inappropriate complex scenarios, increase maintenance overhead, address spoofing attacks, etc., and achieve the effect of preventing ND address spoofing attacks

Active Publication Date: 2020-07-28
武汉思普崚技术有限公司
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The IP-MAC binding technology adds a huge maintenance cost to the network administrator. The administrator must manually enter the IP-MAC binding table. This method is suitable for a relatively stable network environment and a small number of hosts. The network is complex and the number of hosts is large, so this method is not suitable; ND learning control generally works with IP-MAC binding technology. This method is to disable the learning function of ND neighbor entries on the interface. This method can also effectively solve ND spoofing attacks, but it has the same defect as IP-MAC binding; ND active protection is that the gateway device periodically sends free NA packets to update the ND entries of the hosts in the network. There are two problems in the scheme. The interval of periodic sending is likely to be attacked by address spoofing. At the same time, this method has high maintenance costs and requires administrators to continuously maintain the active protection list. It is not suitable for scenarios with complex network environments.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for preventing address spoofing attack by NS reverse query
  • Method and system for preventing address spoofing attack by NS reverse query
  • Method and system for preventing address spoofing attack by NS reverse query

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0033] An embodiment of the present invention provides a method for NS reverse query to prevent address spoofing attacks, and a schematic flowchart of the method is as follows: figure 1 As shown, the method includes the following steps:

[0034] Obtain the NS request message sent by the PC, record the source IP and source MAC address of the NS request message, and generate a neighbor table entry according to the source IP and source MAC address;

[0035] Obtain the inbound interface of the NS request message, encapsulate the NS request message according to the source IP and the inbound interface of the NS request message, and send the encapsulated NS request message to the PC as an NS reverse check request message. The item records the flag of the sent request message sent by the NS;

[0036] When the sent NS sends the mark of the request packet, record the timestamp of the NS reverse query request packet in the corresponding neighbor entry, and regularly detect the timestamp...

Embodiment 2

[0047] An embodiment of the present invention provides a method for NS reverse query to prevent address spoofing attacks, including the following steps:

[0048] After receiving the NS request message from the PC, the ND protector records the source IP and source MAC address of the NS message to generate a neighbor table entry, and records the incoming interface of the message and the number of NS requests;

[0049] Encapsulate the NS request message according to the source IP and ingress interface, send the encapsulated request message to the PC, record the sent NS reverse check request mark in the neighbor entry, and record the NS reverse check time stamp;

[0050] If the NS request message from the PC is received again when the NS reverse check response message is not received, the number of NS requests in the neighbor table entry will increase by 1;

[0051] When the ND protector receives the NA response message of the reverse-check NS message, it sets the ND entry of the ...

Embodiment 3

[0054] The embodiment of the present invention provides a system for preventing address spoofing attacks by NS reverse query, including a neighbor entry generation module, an NS reverse query module, a message forwarding module, a timestamp recording module, and an aging processing module;

[0055] The neighbor entry generating module is used to obtain the NS request message sent by the PC, record the source IP and source MAC address of the NS request message, and generate neighbor entries according to the source IP and source MAC address;

[0056] The NS reverse lookup module is used to obtain the incoming interface of the NS request message, encapsulate the NS request message according to the source IP and the incoming interface of the NS request message, and send the encapsulated NS request message as the NS reverse lookup request message to the PC, and simultaneously record the flag of the sent NS request message in the neighbor table entry;

[0057] The time stamp recordi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a system for preventing an address spoofing attack by NS reverse query, belongs to the technical field of prevention of ND address spoofing, and solves the problems that the prior art is not suitable for complex networks and the number of hosts is huge. The method for preventing address spoofing attacks through NS reverse query comprises the following steps ofacquiring an NS request message sent by a PC to generate neighbor table entries; obtaining an NS request message incoming interface, packaging an NS request message, sending the packaged NS request message as an NS reverse query request message to a PC, and recording a mark of the sent NS sending request message in the neighbor table entry; and carrying out aging processing on the corresponding neighbor table entry, and determining whether to forward a service message corresponding to the IP address of the neighbor table entry according to whether an NA response message corresponding to the NSreverse query request message is received or not. Under the condition of not being limited by the network environment and the number of hosts, the ND address spoofing attack in the network environment is effectively prevented.

Description

technical field [0001] The present invention relates to the technical field of preventing ND address spoofing, in particular to a method and system for preventing address spoofing attacks by NS reverse query. Background technique [0002] The ND protocol is a key protocol in the IPv6 protocol, but because the ND protocol does not provide an authentication mechanism, the nodes in the network are untrustworthy, and a series of attacks can be launched against the ND protocol. The most common one is the address spoofing attack. Attackers use NS / NA / message to modify the MAC address of the victim host or modify the MAC address of the gateway, so that the victim host cannot communicate with the network normally. There are many ways to prevent ND address spoofing, including: IP-MAC binding, ND learning control , ND active protection and other technical means. [0003] The IP-MAC binding is to bind the IPv6 address and the MAC address, and the device will check the forwarding messa...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1466
Inventor 张康康
Owner 武汉思普崚技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap