A method to filter and verify open real IPv6 source address

A verification method and source address technology, applied in the Internet field

Active Publication Date: 2007-04-25
TSINGHUA UNIV
View PDF0 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method is in sharp contrast to the standard ingress filtering method, because the latter will only work if it is configured on the router closest to the source of the message, and has little effect on other routers

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method to filter and verify open real IPv6 source address
  • A method to filter and verify open real IPv6 source address
  • A method to filter and verify open real IPv6 source address

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041] As shown in Figure 1, the present invention includes two functional engines: the filter rule generation engine dynamically generates a filter rule table according to the communication message and switches the filter rule; the filter engine judges whether to Filtering, and can selectively decide whether to add, delete, and check signatures on the message based on the content of the signature filtering rule table, or perform boundary marking operations on the message, or process Internet control information protocol messages . As shown in FIG. 1 , this method needs to cooperate with the routing engine and the forwarding engine of the traditional router. The filtering module also includes a signature processing module, a message marking module and an Internet Control Information Protocol message processing module.

[0042] The most important data table in the present invention is the filter rule table. The filtering rule table consists of three parts: prefix mapping tabl...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a real IPv6 resource address filter check technique. Wherein, it is characterized in that: one filter at the outlet of autonomous edge route is distributed with a filter rule generate engine and filter engine cooperated with said route, while the first one will generate filter rule list with real source address filter strategy based on the communication report of autonomous control server, and switches filter strategy; said strategy comprises SPM, SAVE, and inlet filter, etc; the second one has internet control information protocol report processing module, sign processing module, and edge mark module, to check and filter the report from internal network interface of edge route transfer engine based on filter strategy. The invention can flexibly embed filter strategy and the filter rule list provides unique and effective data-level support for embedding filter strategy.

Description

technical field [0001] The method belongs to the technical field of the Internet, and in particular relates to a real IPv6 source address filtering verification technology. Background technique [0002] The most common attack type on the Internet at present is denial of service attack (DoS), and a main way of denial of service attack is to send a large number of messages with forged source addresses to the attacked party. [0003] The design of the Internet inherently lacks authentication and security guarantees for the source network address of the message, which means that anyone can modify the source address of the message to be sent at will. In the current TCP / IP protocol, the source address of the message is not only used for addressing when replying the message, but also used as the identity mark of the sender of the message. An attacker can freely use different "identities" to send a large number of messages to the attacked party, making the attacker fall into the si...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/32H04L29/06H04L12/24H04L12/56H04L12/66G06F17/30
Inventor 毕军吴建平叶明江任罡姚广
Owner TSINGHUA UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap