Unlock instant, AI-driven research and patent intelligence for your innovation.

Bandwidth limitation detection method and device and storage medium

A bandwidth limitation and detection method technology, applied in digital transmission systems, electrical components, transmission systems, etc., can solve problems such as network bandwidth limitations, difficulty in responding to normal service requests, and inability to update maintenance table items

Pending Publication Date: 2021-09-07
西安交大捷普网络科技有限公司
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For example, a large number of ARP request packets are sent first, and then a large number of false ARP response packets are sent, which causes the CPU utilization rate of the gateway or the host to If the response message is delayed for a period of time or sent several more times, the ARP cache table of the gateway or host will be filled with wrong ARP entries, resulting in failure to update and maintain normal table entries, consuming network bandwidth resources, resulting in network bandwidth being limited or even disconnected
At present, there is still a lack of effective detection methods that can accurately identify bandwidth limitation attacks and attack sources

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Bandwidth limitation detection method and device and storage medium
  • Bandwidth limitation detection method and device and storage medium
  • Bandwidth limitation detection method and device and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0038] Such as figure 1 As shown, the detection method of bandwidth limitation includes:

[0039] Every 10s, send PING packets to all IPs in the network, record the IP and Ethernet source MAC in the received ICMP packets, and generate an IP-MAC list;

[0040] Send ARP requests to all IPs in the network, and count the number of ARP response packets received within 5 seconds after the policy takes effect and the ARP request is sent;

[0041] Every 10s, the number of received ARP packets is reset, and before each reset, if the number of ARP reply packets is greater than a preset threshold, it is determined that the bandwidth is limited.

[0042] The IP-MAC list is also obtained by periodically reporting IP and MAC information from hosts in the network.

[0043] The preset threshold may be a predicted value based on historical records of the number of ARP reply packets under normal conditions. For example, count the number of response packets received within 5 seconds after eac...

Embodiment 2

[0046]A method for identifying the source of an attack in the embodiment may have the following misjudgment: when the controlled host accesses the LAN, in order to obtain the MAC addresses of other hosts, it may frequently use and send ARP request messages, and there is a detected The ARP message received during bandwidth limitation is not the possibility of attack message. At this time, it is not accurate enough to find the attack source according to the Ethernet source MAC in the received message. Based on the method, another method to identify the attack source is proposed:

[0047] For each ARP response message received, according to the source IP of the message, it is searched whether there is a statistical record of the corresponding relationship between the source IP and the source MAC in the message number information list.

[0048] If there is a record, then add up the number of packets of the IP; if there is no record, then add the source IP and source MAC of this pa...

Embodiment 3

[0052] The present invention also provides a bandwidth limit detection device, including:

[0053] The message sending module is used to send PING packets and ARP requests to IP in the network;

[0054] The message receiving module receives and parses the returned ICMP packets and ARP response packets;

[0055] The IP-MAC information processing module records the IP-MAC information to generate an IP-MAC list, and counts the number of ARP response messages;

[0056] The bandwidth limit judging module periodically resets the number of ARP response packets, and before each reset, if the number of ARP response packets is greater than a preset threshold, it is determined that the bandwidth limit is imposed.

[0057] As a preferred embodiment, the above-mentioned bandwidth limit detection device also includes an attack source identification module, when it is judged that the bandwidth limit is imposed, according to the Ethernet source MAC in the newly received message, the IP-MAC l...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a bandwidth limit detection method and device and a storage medium, and the method comprises the steps: building a credible IP-MAC list, sending an ARP request to all hosts in a network, carrying out the statistics of the number of ARP response messages received in a specified time, and when the number of the messages exceeds a threshold value specified by a preset strategy, namely, the number of the response messages in the network exceeds a specified reasonable range, determining that a large number of false response messages exist, so the judgment is limited by the bandwidth; furthermore, a mode of identifying an attack source IP is provided. According to the technical scheme, the bandwidth limitation based on ARP spoofing can be efficiently detected, and the attack source IP and MAC can be accurately identified.

Description

technical field [0001] The invention belongs to the technical field of network and host security, and in particular relates to a detection method, a device and a computer-readable storage medium for a host suffering from bandwidth limitation. Background technique [0002] ARP (Address Resolution Protocol, Address Resolution Protocol) is a network layer located in the TCP / IP protocol stack, which is responsible for resolving an IP address into a corresponding MAC address. [0003] ARP spoofing is one of the attack methods commonly used by hackers. ARP spoofing is realized by forging IP addresses and MAC addresses, which can generate a large amount of ARP traffic in the network and block the network. For example, a large number of ARP request packets are sent first, and then a large number of false ARP response packets are sent, which causes the CPU utilization rate of the gateway or host to increase and it is difficult to respond to normal service requests. If the response m...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L29/06H04L29/12
CPCH04L43/0876H04L43/50H04L63/1491H04L61/103
Inventor 何建锋刘江南李长江
Owner 西安交大捷普网络科技有限公司