Unlock instant, AI-driven research and patent intelligence for your innovation.

A method and device for preventing gateway arp deception

An ARP spoofing and gateway technology, applied in the field of network security, can solve problems such as difficulty in locating attack sources, surge in abnormal network traffic, and low efficiency, so as to improve the efficiency of network fault operation and maintenance, improve network operation and maintenance efficiency, and solve the problem of locating attack sources difficult effect

Active Publication Date: 2022-06-21
广州锦行网络科技有限公司
View PDF11 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] 1. The existing way to prevent the ARP spoofing attack of the intranet gateway needs to manually set the binding relationship independently on each host connected to the network, which is cumbersome to configure and inefficient
[0007] 2. The existing ways to prevent the ARP spoofing attack of the intranet gateway are mostly to install an ARP-type protective firewall in the server connected to the network or add a static ARP entry of the gateway to each connected server, and the actual occurrence of When attacking, network administrators need to locate the attacking machine through packet capture and other investigation methods, which makes it difficult to locate the source of the attack
[0008] 3. Although the above patent documents can effectively protect against ARP spoofing attacks, they have not processed the actual attack source IP and MAC addresses, and have not solved the problem from the root cause. There are still attack risks in the network. When there are multiple When a host sends ARP spoofing packets at high frequency, it will cause abnormal traffic surge in the network, causing network congestion and affecting the overall network stability

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for preventing gateway arp deception
  • A method and device for preventing gateway arp deception
  • A method and device for preventing gateway arp deception

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0119] Refer to attached Figure 1-3 , according to a specific embodiment of the present invention, taking an attacker's gateway ARP spoofing as an example, the method for preventing gateway ARP spoofing provided by the present invention will be described in detail.

[0120] The attacker's IP address is: 192.168.2.2; the attacker's MAC address is: 40-8D-5C-6E-06-13;

[0121] The gateway IP address is: 192.168.2.1; the gateway MAC address is: 00-50-56-C0-00-01;

[0122] The IP address of the normal business host in the network is: 192.168.2.3; the MAC address of the normal business host is: 00-50-56-C0-00-08;

[0123] The IP address of the server for detecting gateway ARP spoofing is 192.168.5.3, which is connected to port 4 of the network aggregation layer switch. The network card of the current server is named eth0, and the bridge created by the server is named br0.

[0124] The invention provides a method for preventing gateway ARP spoofing, comprising the following steps:...

Embodiment 2

[0153] Refer to attached Figure 1-3 According to a specific embodiment of the present invention, taking no ARP spoofing attack in the network as an example, the method for preventing gateway ARP spoofing provided by the present invention will be described in detail.

[0154] The attacker's IP address is: 192.168.2.2; the attacker's MAC address is: 40-8D-5C-6E-06-13;

[0155] The gateway IP address is: 192.168.2.1; the gateway MAC address is: 00-50-56-C0-00-01;

[0156] The IP address of the normal business host in the network is: 192.168.2.3; the MAC address of the normal business host is: 00-50-56-C0-00-08;

[0157] The IP address of the server for detecting gateway ARP spoofing is 192.168.5.3, which is connected to port 4 of the network aggregation layer switch. The network card of the current server is named eth0, and the bridge created by the server is named br0.

[0158] The invention provides a method for preventing gateway ARP spoofing, comprising the following steps...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method and device for preventing gateway ARP cheating, belonging to the technical field of network security. The present invention mirrors the flow of the aggregation layer switch to a server configured with a TAP virtual network device, captures the data of the data link layer on the server, and combines the IP address of the gateway and its corresponding MAC address with the captured data of the data link layer. Compare the IP address and MAC address in the ARP response data. If there is an ARP response data packet that does not match the gateway IP address or MAC address, it is considered that the data is ARP spoofing. You can find out the spoofing through the actual MAC address of the response. The host can achieve the effect of preventing spoofing. Dynamic detection can be performed in a large network without cumbersome configuration of the intranet server. When this type of attack is actually detected, the MAC address of the attacking host can be blocked to eliminate other attacks. impact on the network.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method and device for preventing gateway ARP deception. Background technique [0002] Most of the existing ways to prevent gateway ARP spoofing are to download and install firewall-type client software that prevents ARP spoofing on hosts connected to the network, or configure static ARP entries in the system to uniquely bind the gateway IP address and MAC address. In a large network, there are problems of cumbersome configuration and low configuration efficiency, and when this type of attack actually occurs, network engineers need to actively capture packets for traffic analysis, and the traceability efficiency of locating the source host of the attack is relatively low. [0003] In the Chinese patent application document CN106488458A, a method for detecting gateway address resolution protocol ARP spoofing is disclosed, which is applied in the access point AP, includin...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/40H04L61/103H04L49/20
CPCH04L63/1466H04L61/103H04L49/208
Inventor 吴建亮胡鹏苏耀基
Owner 广州锦行网络科技有限公司