Nothing Special   »   [go: up one dir, main page]

ATE446642T1 - Verfahren und vorrichtung zur verhinderung des fälschens von netzwerkadressen - Google Patents

Verfahren und vorrichtung zur verhinderung des fälschens von netzwerkadressen

Info

Publication number
ATE446642T1
ATE446642T1 AT03795710T AT03795710T ATE446642T1 AT E446642 T1 ATE446642 T1 AT E446642T1 AT 03795710 T AT03795710 T AT 03795710T AT 03795710 T AT03795710 T AT 03795710T AT E446642 T1 ATE446642 T1 AT E446642T1
Authority
AT
Austria
Prior art keywords
network addresses
preventing
forging
address
binding
Prior art date
Application number
AT03795710T
Other languages
English (en)
Inventor
Ammar Rayes
Michael Cheung
Original Assignee
Cisco Tech Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cisco Tech Inc filed Critical Cisco Tech Inc
Application granted granted Critical
Publication of ATE446642T1 publication Critical patent/ATE446642T1/de

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/145Detection or countermeasures against cache poisoning

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
AT03795710T 2002-09-16 2003-09-16 Verfahren und vorrichtung zur verhinderung des fälschens von netzwerkadressen ATE446642T1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/244,996 US7234163B1 (en) 2002-09-16 2002-09-16 Method and apparatus for preventing spoofing of network addresses
PCT/US2003/029308 WO2004025926A1 (en) 2002-09-16 2003-09-16 Method and apparatus for preventing spoofing of network addresses

Publications (1)

Publication Number Publication Date
ATE446642T1 true ATE446642T1 (de) 2009-11-15

Family

ID=31992016

Family Applications (1)

Application Number Title Priority Date Filing Date
AT03795710T ATE446642T1 (de) 2002-09-16 2003-09-16 Verfahren und vorrichtung zur verhinderung des fälschens von netzwerkadressen

Country Status (8)

Country Link
US (1) US7234163B1 (de)
EP (1) EP1609291B1 (de)
CN (1) CN1682516B (de)
AT (1) ATE446642T1 (de)
AU (1) AU2003276894A1 (de)
CA (1) CA2499296C (de)
DE (1) DE60329786D1 (de)
WO (1) WO2004025926A1 (de)

Families Citing this family (100)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7359333B1 (en) * 2002-06-10 2008-04-15 Cisco Technology, Inc. Approach for managing internet protocol telephony devices in networks
US7506360B1 (en) * 2002-10-01 2009-03-17 Mirage Networks, Inc. Tracking communication for determining device states
US20050207447A1 (en) * 2003-01-29 2005-09-22 Fujitsu Limited IP address duplication monitoring device, IP address duplication monitoring method and IP address duplication monitoring program
US7523485B1 (en) * 2003-05-21 2009-04-21 Foundry Networks, Inc. System and method for source IP anti-spoofing security
US7516487B1 (en) * 2003-05-21 2009-04-07 Foundry Networks, Inc. System and method for source IP anti-spoofing security
US20040255154A1 (en) * 2003-06-11 2004-12-16 Foundry Networks, Inc. Multiple tiered network security system, method and apparatus
US20070113272A2 (en) 2003-07-01 2007-05-17 Securityprofiling, Inc. Real-time vulnerability monitoring
US8984644B2 (en) 2003-07-01 2015-03-17 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
US9118708B2 (en) 2003-07-01 2015-08-25 Securityprofiling, Llc Multi-path remediation
US9118709B2 (en) 2003-07-01 2015-08-25 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
US9100431B2 (en) 2003-07-01 2015-08-04 Securityprofiling, Llc Computer program product and apparatus for multi-path remediation
US9118711B2 (en) * 2003-07-01 2015-08-25 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
EP1494433B1 (de) * 2003-07-03 2011-05-04 Alcatel Lucent Überprüfung auf doppelte MAC Adressen und dynamische Zuweisung von MAC Adressen
US7876772B2 (en) 2003-08-01 2011-01-25 Foundry Networks, Llc System, method and apparatus for providing multiple access modes in a data communications network
JP4174392B2 (ja) * 2003-08-28 2008-10-29 日本電気株式会社 ネットワークへの不正接続防止システム、及びネットワークへの不正接続防止装置
US7735114B2 (en) 2003-09-04 2010-06-08 Foundry Networks, Inc. Multiple tiered network security system, method and apparatus using dynamic user policy assignment
US7774833B1 (en) 2003-09-23 2010-08-10 Foundry Networks, Inc. System and method for protecting CPU against remote access attacks
CN1319338C (zh) * 2003-11-06 2007-05-30 北京佳讯飞鸿电气有限责任公司 网络通信中解决ip地址冲突的方法
US8528071B1 (en) 2003-12-05 2013-09-03 Foundry Networks, Llc System and method for flexible authentication in a data communications network
US20050198242A1 (en) * 2004-01-05 2005-09-08 Viascope Int. System and method for detection/interception of IP collision
US7607021B2 (en) * 2004-03-09 2009-10-20 Cisco Technology, Inc. Isolation approach for network users associated with elevated risk
US7801123B2 (en) * 2004-04-16 2010-09-21 Alcatel Lucent Method and system configured for facilitating residential broadband service
WO2005112390A1 (en) * 2004-05-12 2005-11-24 Alcatel Automated containment of network intruder
US8065408B2 (en) * 2004-06-30 2011-11-22 Nokia, Inc. Method and system for dynamic device address management
US7697545B1 (en) * 2004-07-14 2010-04-13 Computer Associates Think, Inc. Discovery of component relationships in distributed data processing networks
US8068414B2 (en) * 2004-08-09 2011-11-29 Cisco Technology, Inc. Arrangement for tracking IP address usage based on authenticated link identifier
EP1643710A1 (de) * 2004-09-30 2006-04-05 Nagravision S.A. Verfahren zum Aktualisieren einer Nachschlagetabelle mit Adressen und Identifizierungsnummern
US7877519B2 (en) * 2004-10-18 2011-01-25 Intel Corporation Selecting one of a plurality of adapters to use to transmit a packet
US7471684B2 (en) * 2004-10-21 2008-12-30 International Machines Corporation Preventing asynchronous ARP cache poisoning of multiple hosts
US20060090196A1 (en) * 2004-10-21 2006-04-27 Van Bemmel Jeroen Method, apparatus and system for enforcing security policies
CN1780287B (zh) * 2004-11-18 2012-09-05 中兴通讯股份有限公司 一种自动绑定动态地址解析协议表条目的方法
US7500269B2 (en) 2005-01-07 2009-03-03 Cisco Technology, Inc. Remote access to local content using transcryption of digital rights management schemes
US7533258B2 (en) * 2005-01-07 2009-05-12 Cisco Technology, Inc. Using a network-service credential for access control
FR2881592A1 (fr) * 2005-02-02 2006-08-04 France Telecom Procede et dispositif de detection d'usurpations d'adresse dans un reseau informatique
US20060209818A1 (en) * 2005-03-18 2006-09-21 Purser Jimmy R Methods and devices for preventing ARP cache poisoning
US7715409B2 (en) * 2005-03-25 2010-05-11 Cisco Technology, Inc. Method and system for data link layer address classification
KR100528171B1 (ko) * 2005-04-06 2005-11-15 스콥정보통신 주식회사 네트워크 상에서 특정 아이피 주소 또는 특정 장비를보호/차단하기 위한 아이피 관리 방법 및 장치
CN1855812B (zh) * 2005-04-25 2010-04-28 华为技术有限公司 防止mac地址仿冒的实现方法和设备
US8028160B1 (en) * 2005-05-27 2011-09-27 Marvell International Ltd. Data link layer switch with protection against internet protocol spoofing attacks
CN100417123C (zh) * 2005-06-09 2008-09-03 华为技术有限公司 弹性分组环地址绑定方法
JP4664143B2 (ja) * 2005-07-22 2011-04-06 株式会社日立製作所 パケット転送装置、通信網及びパケット転送方法
US8238352B2 (en) * 2005-09-02 2012-08-07 Cisco Technology, Inc. System and apparatus for rogue VoIP phone detection and managing VoIP phone mobility
US8118677B2 (en) 2005-09-07 2012-02-21 Bally Gaming International, Inc. Device identification
US8392707B2 (en) * 2005-09-07 2013-03-05 Bally Gaming, Inc. Gaming network
CN100581162C (zh) * 2006-01-26 2010-01-13 西门子(中国)有限公司 一种防止地址解析欺骗的方法
GB0601700D0 (en) * 2006-01-27 2006-03-08 Claricom Ltd Printing Method
US8804729B1 (en) * 2006-02-16 2014-08-12 Marvell Israel (M.I.S.L.) Ltd. IPv4, IPv6, and ARP spoofing protection method
CN100579121C (zh) * 2006-02-17 2010-01-06 华为技术有限公司 一种保障专线用户上网的方法
CN100407704C (zh) * 2006-02-20 2008-07-30 杭州华三通信技术有限公司 媒体接入控制层地址的动态学习方法
US7730181B2 (en) 2006-04-25 2010-06-01 Cisco Technology, Inc. System and method for providing security backup services to a home network
CN100452772C (zh) * 2006-05-31 2009-01-14 杭州华三通信技术有限公司 三层转发方法、装置及地址解析协议信息表更新方法
WO2008009160A1 (fr) * 2006-06-30 2008-01-24 Zte Corporation Procédé de configuration d'accès pour l'ajout de liens et systèmes d'ajout de liens
US8107396B1 (en) * 2006-07-24 2012-01-31 Cisco Technology, Inc. Host tracking in a layer 2 IP ethernet network
US7539189B2 (en) * 2006-08-01 2009-05-26 Cisco Technology, Inc. Apparatus and methods for supporting 802.1X in daisy chained devices
US7860099B2 (en) * 2006-12-21 2010-12-28 Alpha Networks Inc. Method for managing and setting many network devices
US8635680B2 (en) 2007-04-19 2014-01-21 Microsoft Corporation Secure identification of intranet network
CN101321054B (zh) * 2007-06-08 2011-02-09 华为技术有限公司 自动防止网络侧媒体接入控制地址被仿冒的方法及其装置
CN101193116B (zh) * 2007-07-09 2010-07-28 福建星网锐捷网络有限公司 一种联动对抗地址解析协议攻击的方法、系统及路由器
US8437360B2 (en) * 2007-11-14 2013-05-07 Cisco Technology, Inc. Stateful DHCPv6 relay agent in a cable modem termination system
US8521856B2 (en) * 2007-12-29 2013-08-27 Cisco Technology, Inc. Dynamic network configuration
US7778203B2 (en) * 2008-02-01 2010-08-17 Microsoft Corporation On-demand MAC address lookup
US8289879B2 (en) * 2008-02-07 2012-10-16 Ciena Corporation Methods and systems for preventing the misconfiguration of optical networks using a network management system
US8578488B2 (en) * 2008-10-10 2013-11-05 Plustech Inc. Method for neutralizing the ARP spoofing attack by using counterfeit MAC addresses
WO2010041788A1 (en) * 2008-10-10 2010-04-15 Plustech Inc. A method for neutralizing the arp spoofing attack by using counterfeit mac addresses
CN101436934B (zh) * 2008-10-20 2013-04-24 福建星网锐捷网络有限公司 一种控制用户上网的方法、系统及设备
EP2182683B1 (de) * 2008-10-29 2012-07-25 Alcatel Lucent Selbstkonfiguration einer Adressentabelle in einem Zugangsknoten
CN101488964B (zh) * 2009-02-20 2011-09-28 杭州华三通信技术有限公司 实现地址解析和实现二层通信的方法、系统和路由器
US20100235914A1 (en) * 2009-03-13 2010-09-16 Alcatel Lucent Intrusion detection for virtual layer-2 services
DE102009030726A1 (de) * 2009-06-26 2010-12-30 Repower Systems Ag Anordnung und Verfahren zum Steuern des Zugriffs auf ein windparkinternes Datennetz
TWI413375B (zh) * 2010-03-04 2013-10-21 Gemtek Technology Co Ltd 路由裝置及相關的控制電路
US20120047583A1 (en) * 2010-08-20 2012-02-23 Nyemahame Nsirim L Cable fraud detection system
EP2651081A1 (de) * 2010-12-09 2013-10-16 Nec Corporation Computersystem, steuerung dafür und netzwerküberwachungsverfahren
KR101236822B1 (ko) * 2011-02-08 2013-02-25 주식회사 안랩 Arp록킹 기능을 이용한 arp스푸핑 공격 탐지 방법과 그 방법을 실행하기 위한 프로그램이 기록된 기록매체
CN103763120A (zh) * 2011-03-09 2014-04-30 成都勤智数码科技股份有限公司 基于snmp的网络终端管理的方法
CN103763119A (zh) * 2011-03-09 2014-04-30 成都勤智数码科技股份有限公司 基于Telnet/SSH的网络终端管理的方法
CN103716179A (zh) * 2011-03-09 2014-04-09 成都勤智数码科技股份有限公司 一种基于Telnet/SSH的网络终端管理的方法
CN102137109B (zh) * 2011-03-18 2013-08-28 华为技术有限公司 一种访问控制方法、接入设备及系统
CN102694771A (zh) * 2011-03-22 2012-09-26 上海艾泰科技有限公司 在网关dhcp服务端绑定ip-mac的方法及网关dhcp服务端
KR101231975B1 (ko) * 2011-05-12 2013-02-08 (주)이스트소프트 차단서버를 이용한 스푸핑 공격 방어방법
KR101270041B1 (ko) * 2011-10-28 2013-05-31 삼성에스디에스 주식회사 Arp 스푸핑 공격 탐지 시스템 및 방법
CN103095858B (zh) * 2011-10-28 2018-02-16 中兴通讯股份有限公司 地址解析协议arp报文处理的方法、网络设备及系统
US9270454B2 (en) 2012-08-31 2016-02-23 Hewlett Packard Enterprise Development Lp Public key generation utilizing media access control address
KR101228089B1 (ko) * 2012-09-10 2013-02-01 한국인터넷진흥원 Ip 스푸핑 탐지 장치
TWI491233B (zh) * 2012-11-26 2015-07-01 Sofnet Corp 用以認定網點之發生事件之方法
CN105981079A (zh) * 2013-07-15 2016-09-28 赛博赛尔有限公司 网络保护
US8789040B1 (en) * 2013-07-16 2014-07-22 Appenity LLC Converting non-natively executable programs to downloadable executable programs
CN105024949A (zh) * 2014-04-28 2015-11-04 国网山西省电力公司电力科学研究院 端口自动绑定方法及系统
JP2016158011A (ja) * 2015-02-23 2016-09-01 ルネサスエレクトロニクス株式会社 配信制御装置、データ配信システム、配信制御方法及びプログラム
KR102064614B1 (ko) * 2015-03-10 2020-01-09 엘에스산전 주식회사 Plc 이더넷 통신 모듈의 ip 주소 충돌 확인방법
CN105991794B (zh) * 2015-06-01 2019-05-07 杭州迪普科技股份有限公司 一种地址学习方法及装置
KR101687811B1 (ko) 2015-09-07 2017-02-01 박준영 ARP_Probe 패킷을 이용한 Agent 방식의 ARP 스푸핑 탐지 방법
US10382392B2 (en) * 2016-08-01 2019-08-13 Big Switch Networks, Inc. Systems and methods for network address translation
CN108574672A (zh) * 2017-03-10 2018-09-25 武汉安天信息技术有限责任公司 应用于移动终端的arp攻击感知的方法及装置
US10469529B2 (en) * 2017-07-13 2019-11-05 Nicira, Inc. Address checking to protect against denial of service attack
CN111226427B (zh) 2017-08-14 2021-11-26 华为技术有限公司 避免以太网类型pdu的arp广播期间的寻呼风暴的方法和装置
US11418478B2 (en) * 2018-12-20 2022-08-16 Arris Enterprises Llc Systems and methods for improving ARP/ND performance on host communication devices
US11277442B2 (en) * 2019-04-05 2022-03-15 Cisco Technology, Inc. Verifying the trust-worthiness of ARP senders and receivers using attestation-based methods
US11438375B2 (en) 2020-06-02 2022-09-06 Saudi Arabian Oil Company Method and system for preventing medium access control (MAC) spoofing attacks in a communication network
CN111835880A (zh) * 2020-06-23 2020-10-27 新浪网技术(中国)有限公司 一种ip地址分配方法及系统
CN114697059A (zh) * 2020-12-29 2022-07-01 慧盾信息安全科技(北京)有限公司 一种视频信令攻击的防护系统和方法

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH1011369A (ja) * 1996-06-27 1998-01-16 Hitachi Ltd 通信システムおよびホットスタンバイ切替機能を備える情報処理装置
EP0947067A4 (de) 1996-12-09 2002-05-02 Motorola Inc System, vorrichtung und verfahren zur wegeleitung von dhcp paketen in einem öffentlichen datennetzwerk
US5978373A (en) * 1997-07-11 1999-11-02 Ag Communication Systems Corporation Wide area network system providing secure transmission
US6108703A (en) * 1998-07-14 2000-08-22 Massachusetts Institute Of Technology Global hosting system
US6618398B1 (en) * 1998-08-06 2003-09-09 Nortel Networks Limited Address resolution for internet protocol sub-networks in asymmetric wireless networks
US6256314B1 (en) * 1998-08-11 2001-07-03 Avaya Technology Corp. Apparatus and methods for routerless layer 3 forwarding in a network
US6980515B1 (en) * 1999-02-23 2005-12-27 Alcatel Multi-service network switch with quality of access
US6393484B1 (en) 1999-04-12 2002-05-21 International Business Machines Corp. System and method for controlled access to shared-medium public and semi-public internet protocol (IP) networks
US6611525B1 (en) * 1999-10-07 2003-08-26 3Com Corporation Apparatus for and method of learning MAC addresses in a LAN emulation network
US6466986B1 (en) 1999-12-30 2002-10-15 Nortel Networks Limited Method and apparatus for providing dynamic host configuration protocol (DHCP) tagging
US20020013858A1 (en) * 2000-02-09 2002-01-31 Anderson Keith R. ARP caching apparatus and method
US6807179B1 (en) * 2000-04-18 2004-10-19 Advanced Micro Devices, Inc. Trunking arrangement in a network switch
IL144100A (en) 2000-07-06 2006-08-01 Samsung Electronics Co Ltd A method based on MAC address in communication restriction
US6633761B1 (en) * 2000-08-11 2003-10-14 Reefedge, Inc. Enabling seamless user mobility in a short-range wireless networking environment
JP2003018196A (ja) * 2001-04-27 2003-01-17 Fujitsu Ltd パケット転送装置、半導体装置、および、パケット転送システム
US7134012B2 (en) * 2001-08-15 2006-11-07 International Business Machines Corporation Methods, systems and computer program products for detecting a spoofed source address in IP datagrams
US7054944B2 (en) * 2001-12-19 2006-05-30 Intel Corporation Access control management system utilizing network and application layer access control lists
US6745333B1 (en) * 2002-01-31 2004-06-01 3Com Corporation Method for detecting unauthorized network access by having a NIC monitor for packets purporting to be from itself

Also Published As

Publication number Publication date
CN1682516B (zh) 2012-05-30
US7234163B1 (en) 2007-06-19
EP1609291A1 (de) 2005-12-28
AU2003276894A1 (en) 2004-04-30
EP1609291B1 (de) 2009-10-21
WO2004025926A1 (en) 2004-03-25
DE60329786D1 (de) 2009-12-03
CN1682516A (zh) 2005-10-12
CA2499296A1 (en) 2004-03-25
CA2499296C (en) 2010-11-16

Similar Documents

Publication Publication Date Title
ATE446642T1 (de) Verfahren und vorrichtung zur verhinderung des fälschens von netzwerkadressen
JP4043052B2 (ja) Dhcpを用いてネットワークにおける学習されたipアドレスをオーバライドする方法
EP1986386A4 (de) Verfahren zum binden der adresse des benutzerendgeräts in den zugangsgeräten
AU2003259554A1 (en) Network terminal device, address management server, communication system, and network communication method using mac addresses to determine the ip target addresses
ATE318478T1 (de) Techniken zur abladung kryptographischer verarbeitung für mehrfachnetzwerkverkehrsströme
WO2004079497A3 (en) Using tcp to authenticate ip source addresses
ATE422778T1 (de) Verfahren, vorrichtung und computerprogramm- produkt zur bereitstellung einer gesicherten verbindung zu einem rechnergestützten gerät
DE60221843D1 (de) Verfahren und vorrichtung zum auflösen einer geräteidentifikation zu einer internetadresse via domänennamenserver
WO2002082794A3 (en) System and method for performing ip telephony
GB2418804B (en) Method and system for generating IP addresses of access terminals and transmitting messages for generation of IP addresses in an IP system
DE60111823D1 (de) Verfahren zur vermeidung von ppp-zeitrüberschreitungen während ipcp-verhandlungen
WO2007143731A3 (en) Methods, computer readable medium and apparatus for airlink communication
WO2002103460A3 (en) Network address and/or port translation
WO2006101678A3 (en) Method and system for automatically interconnecting ipv4 networks across an ipv6 network
WO2003079642A3 (en) A ddns server, a ddns client terminal and a ddns system, and a web server terminal, its network system and an access control method
GB0104908D0 (en) Method for determining master or slave mode in a storage server subnet
AU2003222452A8 (en) Mobile node, router, server and method for mobile communications under ip version 6 (ipv6) protocol
WO2007142759A3 (en) Name challenge enabled zones
EP2169918A3 (de) Netzwerkvorrichtung mit Proxy-Adressauflösungsprotokoll
WO2003094366A3 (en) System and method for registering ip address of wireless communication device
WO2006098837A3 (en) Method for facilitating application server functionality and access node comprising same
WO2001086866A3 (en) Unique address space and method for a transport network
WO2006028674A3 (en) A system and method for sharing an ip address
TW200705887A (en) Apparatus, method for monitoring network, network system, network monitoring method and network communication method
ATE401734T1 (de) Vorrichtung und verfahren zur gemeinsamen benutzung einer ip adresse

Legal Events

Date Code Title Description
RER Ceased as to paragraph 5 lit. 3 law introducing patent treaties