Method and device for preventing network attack

A network attack and network node technology, applied in the computer field, can solve problems such as EVPN paralysis, network errors, EVPNMAC address confusion, etc., and achieve the effect of reducing risks, avoiding refreshing, and reducing the risk of paralysis

Active Publication Date: 2020-08-11
HUAWEI TECH CO LTD
View PDF9 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

If the PE subsequently receives a packet carrying the masqueraded MAC address, it will send the packet to the attacker through the outbound port information, causing confusion among the MAC addresses in the entire EVPN, and causing network error, causing EVPN to be in a paralyzed state

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for preventing network attack
  • Method and device for preventing network attack
  • Method and device for preventing network attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] The technical solution in this application will be described below with reference to the accompanying drawings.

[0029] combine first figure 1 Introduce the network architecture applicable to this application.figure 1 Shows an EVPN established by a plurality of network nodes (eg, PEs). For example, a plurality of PEs may establish the EVPN based on BGP, and each PE is connected to a plurality of devices through a respective port, and the plurality of devices may include user equipment and service equipment.

[0030] Such as figure 1 As shown, user equipment 1 accesses EVPN through PE1, user equipment 2 accesses EVPN through PE2, and service equipment accesses EVPN through PE3. Information transmission between user equipment and service equipment can be performed through PE.

[0031] For example, the service device can send the data packet to the user equipment 1 through PE2 and PE1, and the service device can send the data packet to the user equipment 2 through PE2 a...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method for preventing a network attack, which comprises the following steps: a first network node in an Ethernet virtual private network (EVPN) receives a first message, the first message carries a first media access control (MAC) address, and the first MAC address is a source MAC address of the first message; and first MAC table entry information is determined, the firstMAC table entry information comprising a first MAC address and a corresponding relationship between an identifier of the first MAC address and egress port information of the first MAC address, and theidentifier of the first MAC address being used for indicating that an egress port corresponding to the first MAC address is a trusted port. According to the method, the risk that the EVPN is in a paralyzed state due to the fact that an attacker attacks the EVPN can be reduced.

Description

technical field [0001] The present application relates to the computer field, and more specifically, to a method and device for preventing network attacks. Background technique [0002] In an Ethernet virtual private network (Ethernet virtual personal network, EVPN) established through multiple provider edge devices (provider edge, PE) through the border gateway protocol (border gateway protocol, BGP), each PE communicates with multiple The devices are connected, and the multiple devices may include user equipment and service equipment. [0003] In EVPN, there may be situations where an attacker connects to EVPN through a PE (for example, PE1). In this case, the attacker can obtain the MAC address of the service device through an address resolution protocol (address resolution protocol, ARP) request. , and then use spoofing technology to simulate the source MAC address carried by its own packet as the MAC address of the service device, and send the packet to the PE. At this...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1441H04L63/1408H04L2101/622H04L63/0272H04L63/0876H04L63/162H04L61/103H04L12/4641H04L63/126H04L63/1416
Inventor 杨振兴王海林张耀坤
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap