Method and system for preventing address spoofing attacks by ns reverse query

Abstract

The invention discloses a method and a system for preventing an address spoofing attack by NS reverse query, belongs to the technical field of prevention of ND address spoofing, and solves the problems that the prior art is not suitable for complex networks and the number of hosts is huge. The method for preventing address spoofing attacks through NS reverse query comprises the following steps ofacquiring an NS request message sent by a PC to generate neighbor table entries; obtaining an NS request message incoming interface, packaging an NS request message, sending the packaged NS request message as an NS reverse query request message to a PC, and recording a mark of the sent NS sending request message in the neighbor table entry; and carrying out aging processing on the corresponding neighbor table entry, and determining whether to forward a service message corresponding to the IP address of the neighbor table entry according to whether an NA response message corresponding to the NSreverse query request message is received or not. Under the condition of not being limited by the network environment and the number of hosts, the ND address spoofing attack in the network environment is effectively prevented.

Description

technical field [0001] The invention relates to the technical field of preventing ND address spoofing, in particular to a method and system for preventing address spoofing attacks by NS reverse query. Background technique [0002] The ND protocol is a key protocol in the IPv6 protocol, but because the ND protocol does not provide an authentication mechanism, the nodes in the network are untrustworthy, and a series of attacks can be launched against the ND protocol, the most common of which is address spoofing attacks. Attackers use NS / NA / message to modify the MAC address of the victim host or the MAC address of the gateway, so that the victim host cannot communicate with the network normally. There are many ways to prevent ND address spoofing, including: IP-MAC binding, ND learning control , ND active protection and other technical means. [0003] The IP-MAC binding is to bind the IPv6 address and the MAC address, and the device will check the forwarded message and the NS m...

AI Technical Summary

Problems solved by technology

[0004] The IP-MAC binding technology adds a huge maintenance cost to the network administrator. The administrator must manually enter the IP-MAC binding table. This method is suitable for a relatively stable network environment and a small number of hosts. The network is complex and the number of hosts is large, so this method is not suitable; ND learning control generally works with IP-MAC binding technology. This method is to disable the learning function of ND neighbor entries on the interface. This method can also effectively solve ND spoofing attacks, but it has the same defect as IP-MAC binding; ND active protection is that the gateway device periodically sends free NA packets to update the ND entries of the hosts in the network. There are two problems in the scheme. The interval of periodic sending is likely to be attacked by address spoofing. At the same time, this method has high maintenance costs and requires administrators to continuously maintain the active protection list. It is not suitable for scenarios with complex network environments.

Images