CN102546429B - The authentication method of Intra-site Automatic Tunnel Addressing Protocol based on DHCP monitoring and system - Google Patents
The authentication method of Intra-site Automatic Tunnel Addressing Protocol based on DHCP monitoring and system Download PDFInfo
- Publication number
- CN102546429B CN102546429B CN201210024450.5A CN201210024450A CN102546429B CN 102546429 B CN102546429 B CN 102546429B CN 201210024450 A CN201210024450 A CN 201210024450A CN 102546429 B CN102546429 B CN 102546429B
- Authority
- CN
- China
- Prior art keywords
- router
- address
- message
- binding
- isatap
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 238000012544 monitoring process Methods 0.000 title claims description 15
- 230000009977 dual effect Effects 0.000 claims abstract description 61
- 230000008569 process Effects 0.000 claims abstract description 12
- 239000000284 extract Substances 0.000 claims description 8
- 230000004044 response Effects 0.000 claims description 8
- 235000013399 edible fruits Nutrition 0.000 claims description 2
- 238000012795 verification Methods 0.000 description 5
- 238000012545 processing Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000004321 preservation Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000004353 relayed correlation spectroscopy Methods 0.000 description 1
- 238000009941 weaving Methods 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
Abstract
The invention discloses authentication method and the system in automatic tunnel addressing protocol (ISATAP) tunnel in the station monitored based on DHCP (DHCP), described method includes: A, access switch monitor the DHCP request process of IPv4/IPv6 dual stack main frame, set up and include the MAC Address of described dual stack main frame, IP address, rental period, VLAN ID and the binding information of port numbers, this binding information is packaged in binding message and is sent to ISATAP router;B, the dual stack main frame of IPv6 network to be accessed send router solicitation message to ISATAP router, ask global I Pv6 address prefix;C, ISATAP router is inquired about binding information according to the dual stack host IP address in described router solicitation message and is determined whether that sending router advertisement informs described pair of protocol host global I Pv6 address prefix.
Description
Technical field
The present invention relates to Computer Data Communication field, particularly relate to a kind of based on DHCP monitoring (DHCP
The authentication method of Intra-site Automatic Tunnel Addressing Protocol Snooping) and system.
Background technology
It is one that DynamicHost arranges agreement (Dynamic Host Configuration Protocol, DHCP)
Individual develop procotol from BOOTP agreement, for main frame dynamic IP address allocation and other relevant letter
Breath.DHCP uses customer end/server mode dhcp client to be used for proposing configuring request, Dynamic Host Configuration Protocol server
Configuration information, all of DHCP is returned according to predetermined policy to dhcp client in response to described configuring request
Message all uses user datagram protocol (User Datagram Protocol, UDP) to encapsulate.
DHCP monitors (DHCP Snooping) function and refers to that switch monitoring dhcp client passes through DHCP protocol
Obtain the process of IP.It is by arranging trusted port and untrusted port, prevents DHCP from attacking and setting up illegally
Dynamic Host Configuration Protocol server.The DHCP message received from trusted port can forward without verification.Typical arrange be by
Trusted port connects Dynamic Host Configuration Protocol server or dhcp relay agent (DHCP RELAY).Untrusted port connects
Dhcp client, switch will forward from untrusted port receive DHCP request message, do not forward from non-can
The DHCP back message that letter port receives.
Automatic tunnel addressing protocol (Intra-Site Automatic Tunnel Addressing in standing
Protocol, ISATAP) it is that a kind of address is distributed and host-to-host, main frame to router and router are to main
The automatic tunnel technology of machine, it is the clean culture IPv6 providing between IPv6 main frame and crossing over IPv4 internal network
Connective.The internodal communication of IPv6/IPv4 that ISATAP is generally used in IPv4 network.ISATAP makes
By the interface identifier of local management:: 0:5EFE:w.x.y.z, wherein: 0:5EFE part is by internet numbers
Fixing mechanism unit identifier (00-00-5E) and expression that distributing center (IANA) is distributed are embedded
The style number (FE) of IPv4 address style combines.W.x.y.z part is arbitrary clean culture IPv4 ground
Location, both can be private address, it is also possible to be public address.The 64 of any effective IPv6 unicast address
Position prefix can combine with ISATAP interface identifier and form ISATAP address, and described prefix includes chain
Road home address prefix (FE80: :/64), global prefix (including 6to4 prefix) and website this locality prefix.
IPv6/IPv4 dual stack main frame (at rear abbreviation dual stack main frame) with other main frames or router
Before communication, first have to obtain an ISATAP address.Dual stack main frame is first sent out to ISATAP server
Send route requests, obtain the IPv6 address prefix of 64, then add the interface identifier of 64
:: the 0:5EFE:X.X.X.X IPv4 unicast address of dual stack main frame (X.X.X.X here be), so
Just constitute an ISATAP address.After dual stack main frame is configured with ISATAP address, just become one
ISATAP client computer, and then just can communicate with other ISATAP client computer in IPv4 territory.
Meanwhile, Intra-site Automatic Tunnel Addressing Protocol uses very universal at the current IPv6 network application initial stage, and it makes remote double assist
View stack host node can arrive local IPv6 access network router through IPv4 network, obtains IPv6 ground
Location prefix, generates the legal address of local IPv6 network, it is achieved access the purpose of IPv6 network.
Intra-site Automatic Tunnel Addressing Protocol both can be at enterprise network internal implementation, it is also possible to implement in network-external.But ISATAP
As long as tunnel defect be remote double protocol stack host node in IPv4 route up to accessing IPv6 net
The Intra-site Automatic Tunnel Addressing Protocol router address of network, it is not necessary to authentication is obtained with the ground of this IPv6 access network
Location, this is inadequate in safety, and maliciously unauthorized user is easy for borrowing Intra-site Automatic Tunnel Addressing Protocol for jumping
IPv6 network is attacked by plate.
Summary of the invention
It is an object of the invention to provide Intra-site Automatic Tunnel Addressing Protocol authentication method and the system of more safety, with weaving
Maliciously unauthorized user accesses IPv6 network by Intra-site Automatic Tunnel Addressing Protocol.
In the invention discloses a kind of station monitored based on DHCP (DHCP), automatic tunnel is sought
The authentication method in location agreement (ISATAP) tunnel, including:
A, access switch monitor the DHCP request process of IPv4/IPv6 dual stack main frame, and foundation includes
Tying up of the MAC Address of described dual stack main frame, IP address, rental period, VLAN ID and port numbers
Determine information, this binding information is packaged in binding message and is sent to ISATAP router;
B, the dual stack main frame of IPv6 network to be accessed send router solicitation message to ISATAP router,
Request global I Pv6 address prefix;
C, ISATAP router is inquired about according to the dual stack host IP address in described router solicitation message
Binding information determines whether that sending router advertisement informs described pair of protocol host global I Pv6 address prefix.
Preferably, described step A also includes:
Described ISATAP router extracts described binding information, according to described binding from the binding message received
Information is set up and updates binding information table.
Preferably, described step C includes:
After receiving described router solicitation message, route requests message described in ISATAP router authentication
Whether the IPv4 address that IPv6 address, source includes has record at the binding information table of ISATAP router, as
Fruit has, then respond the router advertisement message (Router with IPv6 global address prefix
Advertisement) dual stack host ip v6 global address prefix is informed, if it is not, do not respond,
So that unauthorized remote double protocol stack main frame cannot obtain IPv6 address by ISATAP router,
IPv6 network can not be accessed.
Preferably, described step A includes:
Set up after the DHCP request message of A01, access switch intercepting and capturing dual stack main frame and include this pair of agreement
The interim binding of the MAC Address of stack main frame, access interface and VLAN ID;
A02, access switch are intercepted and captured and are sent to after the DHCP response message of dual stack main frame according to this message
In the interim binding of MAC Address inquiry extract described DHCP response message IP address and the rental period set up include double
The MAC Address of protocol stack main frame, IP address, rental period, VLAN ID and the binding information of port numbers;
After A03, access switch create and preserve binding information, binding information is encapsulated in binding message,
According to the ISATAP router address being pre-configured with, binding information is sent to ISATAP router;
A04, ISATAP router receives binding message, extracts binding information and preserve from described binding message
In local binding information table.
Preferably, described binding message is encrypted and hashes by access switch described in described step A03
Send to ISATAP router again after process.
Preferably, described encryption is des encryption, and described hashing is MD5 hashing.
The invention also discloses automatic tunnel in a kind of station monitored based on DHCP (DHCP)
Addressing protocol (ISATAP) tunnel authentication system, described system include dual stack main frame, access switch,
Dynamic Host Configuration Protocol server and ISATAP router, wherein:
Described dual stack main frame is for Dynamic Host Configuration Protocol server request IPv4 address and accessing IPv6 net at needs
Router solicitation is sent to ask global I Pv6 address prefix to described ISATAP router during network;
Described access switch, for monitoring the DHCP request process of IPv4/IPv6 dual stack main frame, is set up
MAC Address, IP address, rental period, VLAN ID and port numbers including described dual stack main frame
Binding information, this binding information is packaged in binding message in be sent to ISATAP router;
Described Dynamic Host Configuration Protocol server is for the request in response to described dual stack main frame, to described dual stack master
Machine distribution IPv4 address;
Described ISATAP router is for according to the dual stack host ip ground in described router solicitation message
Before location inquiry binding information determines whether that sending router advertisement informs described pair of protocol host global I Pv6 address
Sew.
Preferably, described ISATAP router extracts described binding information from the binding message received, according to
Described binding information is set up and updates binding information table.
Preferably, after receiving described router solicitation message, described in ISATAP router authentication, route please
IPv4 address that the IPv6 address, source of message includes is asked whether to have at the binding information table of ISATAP router
Record, if it has, then respond the router advertisement message (Router with IPv6 global address prefix
Advertisement) dual stack host ip v6 global address prefix is informed, if it is not, do not respond,
So that unauthorized remote double protocol stack main frame cannot obtain IPv6 address by ISATAP router,
IPv6 network can not be accessed.
The present invention believes by monitoring the binding of DHCP request Procedure Acquisition dual stack main frame at access switch
Breath, and binding information is uploaded the preservation of ISATAP router so that ISATAP router is receiving double association
When discussing the routing information request of stack main frame, it is possible to access IPv6 network according to request described in binding information list deciding
The legitimacy of main frame, thus avoid the disparate networks carried out as springboard and attack.
Accompanying drawing explanation
Fig. 1 is that the structure of the Verification System of the Intra-site Automatic Tunnel Addressing Protocol based on DHCP monitoring of the embodiment of the present invention is shown
It is intended to;
Fig. 2 is the method stream of the authentication method of the Intra-site Automatic Tunnel Addressing Protocol based on DHCP monitoring of the embodiment of the present invention
Cheng Tu;
Fig. 3 is the schematic diagram of the binding message format that the embodiment of the present invention uses.
Detailed description of the invention
Further illustrate technical scheme below in conjunction with the accompanying drawings and by detailed description of the invention.
Fig. 1 is that the structure of the Verification System of the Intra-site Automatic Tunnel Addressing Protocol based on DHCP monitoring of the embodiment of the present invention is shown
It is intended to.As it is shown in figure 1, described system includes dual stack main frame based on the connection of IPv4 network, accesses and hand over
Change planes, Dynamic Host Configuration Protocol server and for make dual stack main frame access IPv6 network ISATAP router,
Wherein dual stack main frame is connected to access switch, and access switch is by IPv4 network and ISATAP road
Connected by device and Dynamic Host Configuration Protocol server, connect IPv4 and IPv6 network.
In the system, described access switch includes that DHCP monitors binding module, and described DHCP monitors
Binding module, for monitoring the DHCP request process of dual stack main frame, is set up and is included described dual stack main frame
MAC Address, IP address, rental period, VLAN ID (VLAN ID) and the binding information of port numbers,
This binding information is packaged in binding message and is sent to ISATAP router.
When dual stack main frame is wished from IPv4 network insertion IPv6 network, dual stack main frame generates ISTAP
Address, i.e. according to its IPv4 address w.x.y.z generation interface identifier:: 0:5EFE:w.x.y.z, then add
Upper link-local prefix fe80 to the ISTAP address fe80::0:5EFE:w.x.y.z of self, be consequently formed with
IPv6 between ISATAP router connects.
If IPv6 network to be accessed, then dual stack main frame needs to obtain the IPv6 address prefix of the overall situation,
Therefore dual stack main frame needs to send router solicitation message (Router to described ISATAP router
Solicitation) request ISATAP router informs global I Pv6 address prefix.
ISATAP router is set up and continuous updating binding information table according to the binding information in binding message.?
After receiving the router solicitation message that described dual stack main frame sends, road described in ISATAP router authentication
By the IPv4 address x.y.z.w contained in IPv6 address, the source fe80::5efe:x.y.z.w of request message it is
The no binding table at ISATAP router has record, if it has, then respond the route with global address prefix
Device advertisement message (Router Advertisement) informs dual stack host ip v6 global address prefix,
If it is not, do not respond, such unauthorized remote double protocol stack main frame cannot pass through ISATAP router
Obtain IPv6 address, it is impossible to access IPv6 network.
Fig. 2 shows the side of the authentication method of the Intra-site Automatic Tunnel Addressing Protocol based on DHCP monitoring of the embodiment of the present invention
Method flow chart.As in figure 2 it is shown, described method comprises the steps:
Step 100, access switch monitor the DHCP request process of dual stack main frame, set up described in including
The MAC Address of dual stack main frame, IP address, rental period, VLAN ID (VLAN ID) and port
Number binding information.This binding information is packaged in binding message and is sent to ISATAP router.ISATAP
Router is set up and continuous updating binding information table according to the binding information in binding message.
Specifically, access switch enables DHCP and monitors module, trusted port is set, and configuration connects
Receive the IP address of the ISATAP router of binding information, the interface of ISATAP router enables ISATAP tunnel
Road authentication module.
The DHCP monitoring module of access switch issues DHCP message and is redirected to switch DHCP monitoring module
Rule to exchange chip, after switch exchange chip receives DHCP message, do not perform hardware forward behavior,
But message redirecting to switch DHCP is monitored module.
Access switch monitors the DHCP request process of dual stack main frame, concrete mistake by DHCP
Journey is as follows:
101, after the DHCP of access switch monitors the DHCP request message that module intercepts and captures dual stack main frame,
Binding table is inquired about, if this MAC exists in binding table, from the trusted port being pre-configured with according to source MAC
Forward;Otherwise, exchange opportunity creates an interim binding, records the MAC of described main frame, port and VLAN
ID, forwards from the trusted port being pre-configured with.
102, the DHCP of access switch monitors module and intercepts and captures the DHCP response message (DHCP ACK) of user
After, bind according to the chaddr Field Inquiry in message temporarily, if there is same subscriber MAC in interim binding,
Then create a binding information, according to the IP address of distribution in described interim binding and described DHCP response message
The MAC Address of described dual stack main frame, IP address, rental period, vlan number and port numbers is recorded with the rental period.
103, after access switch creates and preserves binding information, binding information is encapsulated in binding message,
And binding message is encrypted and hashing, according to the ISATAP road receiving binding information being pre-configured with
By the IP address of device, binding information is sent to ISATAP router;
Binding information is joined in binding message, relay to ISATAP router.Switch and ISATAP
Binding message between router utilizes udp protocol to carry, and its message format is as it is shown on figure 3, each field solution
Release as follows:
Version: version number, is 1 at present
Type: type, is 1 at present, represents and comprises binding information
SeqNo: serial number, often sends a message, adds 1
SecretLen: the length of encrypted message
The MD5 hashed result of the Signature:DHCP SNOOPING binding all fields of message
The IP address of SwitchIPAddr: switch
SwitchID: switch ID, take switch CPU MAC Address
Count: binding quantity
ClientMAC: rent the PC terminal MAC address of address
Reserved: retain, fill out 0
The VLAN ID of ClientVlanId:DHCP user's access switch
The switch ports themselves number at PortNum:DHCP user place
ClientIP: IP address
ClientMask: address mask
ClientGateway: gateway parameter
ClientLease:DHCP address lease
BindingTimeStamp: the timestamp of distribution address
In order to prevent user profile from revealing and transmitting procedure be maliciously tampered, binding message can be carried out
Encryption and hashing, encryption and hashing select des encryption and MD5 hash in embodiments of the present invention
Processing, DES key is configured by user, and access switch must assure that consistent with the key of ISATAP router.
Send before message, be first encrypted, after carry out hashing, detailed process is as follows:
From SwitchIPAddr field, until the message content of ending carries out des encryption, ciphertext with
The most isometric, ciphertext puts into the message that in DHCP SNOOPING binding message, SwitchIPAddr field starts
Region, ciphertext length is placed in the SecretLen field of DHCP SNOOPING binding message, then gives scattered
Column processing module.Message is bound for the DHCP SNOOPING after switch des encryption, calculates MD5 and dissipate
During row, Signature field first resets, and then whole message is made hash operations, and Hash operation dissipates after completing
Train value inserts Signature field, and at this moment message can send switch.
104, ISATAP router receives binding message, extracts binding information and preserve from described binding message
In local binding information table.
After receiving binding message, ISATAP router first carries out hash and calculates, then deciphers, and detailed process is as follows:
First backing up the value of signature field during calculating, then signature field resets, then calculates whole
The MD5 hashed value of individual message, if hashed value is as the value of the signature field of backup, then hashes
It is proved to be successful, continues binding message is made DES decryption processing.If Hash verification failure, abandon this binding
Message.For the successful message of MD5 Hash verification received, switch to from Signature field it
Rear position starts, and the message content that length is specified by SecretLen field carries out DES decryption processing, reduction
Come from the binding message content that SwitchIPAddr field starts.
Step 200, the dual stack main frame of IPv6 network to be accessed are asked to ISATAP router transmission router
Seek message, ask global I Pv6 address prefix.
Step 300, receive described dual stack main frame send router solicitation message after, ISATAP
Whether the IPv4 address contained in the IPv6 address, source of route requests message described in router authentication is at ISATAP
The binding information table of router has record, if it has, then respond the router advertisement with global address prefix
Message (Router Advertisement) informs dual stack host ip v6 global address prefix, if do not had
Having, do not respond, such unauthorized remote double protocol stack main frame cannot obtain IPv6 by ISATAP router
Address, it is impossible to access IPv6 network.
The present invention believes by monitoring the binding of DHCP request Procedure Acquisition dual stack main frame at access switch
Breath, and binding information is uploaded the preservation of ISATAP router so that ISATAP router is receiving double association
When discussing the routing information request of stack main frame, it is possible to access IPv6 network according to request described in binding information list deciding
The legitimacy of main frame, thus avoid the disparate networks carried out as springboard and attack.
Above are only presently preferred embodiments of the present invention and institute's application technology principle, any be familiar with the art
Technical staff in the technical scope that the invention discloses, the change that can readily occur in or replacement, all should contain
In protection scope of the present invention.
Claims (9)
1. automatic tunnel addressing protocol in the station monitored based on DHCP (DHCP)
(ISATAP) authentication method in tunnel, including:
A, access switch monitor the DHCP request process of IPv4/IPv6 dual stack main frame, and foundation includes
Tying up of the MAC Address of described dual stack main frame, IP address, rental period, VLAN ID and port numbers
Determine information, this binding information is packaged in binding message and is sent to ISATAP router;
B, the dual stack main frame of IPv6 network to be accessed send router solicitation message to ISATAP router,
Request global I Pv6 address prefix;
C, ISATAP router is inquired about according to the dual stack host IP address in described router solicitation message
Binding information determines whether that sending router advertisement informs described pair of protocol host global I Pv6 address prefix.
2. the method for claim 1, it is characterised in that described step A also includes:
Described ISATAP router extracts described binding information, according to described binding from the binding message received
Information is set up and updates binding information table.
3. method as claimed in claim 2, it is characterised in that described step C includes:
After receiving described router solicitation message, route requests message described in ISATAP router authentication
Whether the IPv4 address that IPv6 address, source includes has record at the binding information table of ISATAP router, as
Fruit has, then respond the router advertisement message (Router with IPv6 global address prefix
Advertisement) dual stack host ip v6 global address prefix is informed, if it is not, do not respond,
So that unauthorized remote double protocol stack main frame cannot obtain IPv6 address by ISATAP router,
IPv6 network can not be accessed.
4. the method for claim 1, it is characterised in that described step A includes:
Set up after the DHCP request message of A01, access switch intercepting and capturing dual stack main frame and include this pair of agreement
The interim binding of the MAC Address of stack main frame, access interface and VLAN ID;
A02, access switch are intercepted and captured and are sent to after the DHCP response message of dual stack main frame according to this message
In MAC Address inquire about described interim binding, interim binding and the described DHCP extracted according to inquiring should
Answer the IP address in message and rental period set up include the MAC Address of dual stack main frame, IP address, the rental period,
VLAN ID and the binding information of port numbers;
After A03, access switch create and preserve binding information, binding information is encapsulated in binding message,
According to the ISATAP router address being pre-configured with, binding information is sent to ISATAP router;
A04, ISATAP router receives binding message, extracts binding information and protect from described binding message
It is stored in the binding information table of this locality.
5. method as claimed in claim 4, it is characterised in that access exchange described in described step A03
Described binding message is encrypted and sends to ISATAP router after hashing again by machine.
6. method as claimed in claim 5, it is characterised in that described encryption is des encryption, institute
Stating hashing is MD5 hashing.
7. automatic tunnel addressing protocol in the station monitored based on DHCP (DHCP)
(ISATAP) tunnel authentication system, described system includes that dual stack main frame, access switch, DHCP take
Business device and ISATAP router, wherein:
Described dual stack main frame is for Dynamic Host Configuration Protocol server request IPv4 address and accessing IPv6 net at needs
Router solicitation is sent to ask global I Pv6 address prefix to described ISATAP router during network;
Described access switch, for monitoring the DHCP request process of IPv4/IPv6 dual stack main frame, is set up
MAC Address, IP address, rental period, VLAN ID and port numbers including described dual stack main frame
Binding information, this binding information is packaged in binding message in be sent to ISATAP router;
Described Dynamic Host Configuration Protocol server is for the request in response to described dual stack main frame, to described dual stack master
Machine distribution IPv4 address;
Described ISATAP router is for according to the dual stack host ip ground in described router solicitation message
Location inquiry binding information determines whether that sending router advertisement informs described pair of protocol host global I Pv6 address
Prefix.
8. system as claimed in claim 7, it is characterised in that: described ISATAP router is from reception
Binding message extracts described binding information, sets up according to described binding information and update binding information table.
9. system as claimed in claim 8, it is characterised in that: receiving described router solicitation message
After, the IPv4 address that the IPv6 address, source of route requests message described in ISATAP router authentication includes is
The no binding information table at ISATAP router has record, if it has, then respond with IPv6 global address
The router advertisement message (Router Advertisement) of prefix informs the dual stack host ip v6 overall situation
Address prefix, if it is not, do not respond, so that unauthorized remote double protocol stack main frame cannot lead to
Cross ISATAP router and obtain IPv6 address, it is impossible to access IPv6 network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210024450.5A CN102546429B (en) | 2012-02-03 | 2012-02-03 | The authentication method of Intra-site Automatic Tunnel Addressing Protocol based on DHCP monitoring and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210024450.5A CN102546429B (en) | 2012-02-03 | 2012-02-03 | The authentication method of Intra-site Automatic Tunnel Addressing Protocol based on DHCP monitoring and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102546429A CN102546429A (en) | 2012-07-04 |
| CN102546429B true CN102546429B (en) | 2016-12-14 |
Family
ID=46352417
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210024450.5A Active CN102546429B (en) | 2012-02-03 | 2012-02-03 | The authentication method of Intra-site Automatic Tunnel Addressing Protocol based on DHCP monitoring and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102546429B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103227844B (en) * | 2013-04-19 | 2016-04-20 | 深圳市吉祥腾达科技有限公司 | In DHCP, second grade router IP conflicts automatic solution and device |
| CN106332084A (en) * | 2016-09-08 | 2017-01-11 | 上海斐讯数据通信技术有限公司 | Wireless network expanding method, wireless network expanding system and wireless network |
| CN111343295B (en) * | 2020-02-18 | 2022-09-27 | 支付宝(杭州)信息技术有限公司 | Method and device for determining risk of IPv6 address |
| CN114006854B (en) * | 2020-07-16 | 2023-06-06 | 北京华为数字技术有限公司 | Communication method and network equipment |
| CN112468475B (en) * | 2020-11-19 | 2021-11-30 | 清华大学 | Verification method and system for access sub-network source address |
| CN112565018B (en) * | 2020-12-04 | 2022-08-30 | 北京天融信网络安全技术有限公司 | Flow statistical method, device, gateway equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1571334A (en) * | 2003-07-18 | 2005-01-26 | 华为技术有限公司 | Access authentication method for tunnel of intra-site automatic addressing protocol |
| CN101656725A (en) * | 2009-09-24 | 2010-02-24 | 杭州华三通信技术有限公司 | Method for implementing safety access and access equipment |
| CN102244651A (en) * | 2010-05-14 | 2011-11-16 | 杭州华三通信技术有限公司 | Method for preventing attack of illegal neighbor discovery protocol message and access equipment |
| CN102316101A (en) * | 2011-08-09 | 2012-01-11 | 神州数码网络(北京)有限公司 | Safe access method based on dynamic host configuration protocol (DHCP) SNOOPING |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1901449B (en) * | 2006-07-19 | 2010-05-12 | 华为技术有限公司 | Network access method and network communication system |
-
2012
- 2012-02-03 CN CN201210024450.5A patent/CN102546429B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1571334A (en) * | 2003-07-18 | 2005-01-26 | 华为技术有限公司 | Access authentication method for tunnel of intra-site automatic addressing protocol |
| CN101656725A (en) * | 2009-09-24 | 2010-02-24 | 杭州华三通信技术有限公司 | Method for implementing safety access and access equipment |
| CN102244651A (en) * | 2010-05-14 | 2011-11-16 | 杭州华三通信技术有限公司 | Method for preventing attack of illegal neighbor discovery protocol message and access equipment |
| CN102316101A (en) * | 2011-08-09 | 2012-01-11 | 神州数码网络(北京)有限公司 | Safe access method based on dynamic host configuration protocol (DHCP) SNOOPING |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102546429A (en) | 2012-07-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109981633B (en) | Method, apparatus and computer-readable storage medium for accessing server | |
| CN102546429B (en) | The authentication method of Intra-site Automatic Tunnel Addressing Protocol based on DHCP monitoring and system | |
| CN102316101B (en) | Safe access method based on dynamic host configuration protocol (DHCP) SNOOPING | |
| CN102045314B (en) | The method of anonymous communication, register method, information transceiving method and system | |
| US7701956B2 (en) | Method and system for using a transfer agent for translating a configuration file | |
| CN103944867B (en) | Processing method, the device and system of dynamic host configuration protocol message | |
| CN100546304C (en) | A kind of method and system that improves network dynamic host configuration DHCP safety | |
| US20090172156A1 (en) | Address security in a routed access network | |
| CN101115063B (en) | Method for prevent MAC address/IP address spuriousness of broadband access equipment | |
| US20200344208A1 (en) | Method and apparatus for processing service request | |
| CN101827138B (en) | Optimized method and device for processing IPV6 filter rule | |
| US20040168062A1 (en) | Contents transmission/reception scheme with function for limiting recipients | |
| US11870701B2 (en) | Data transmission method, switch, and site | |
| US20170264590A1 (en) | Preventing dns cache poisoning | |
| JP2010283607A (en) | Network management method, network management program, network system, and relay equipment | |
| CN107534643A (en) | Mobile service is changed between IP VPN and transport layer VPN | |
| US10341286B2 (en) | Methods and systems for updating domain name service (DNS) resource records | |
| JP6128352B2 (en) | Method, relay device, server, and system for transferring authentication information | |
| CN101459653B (en) | Method for preventing DHCP packet attack based on Snooping technique | |
| BR112017007974B1 (en) | METHOD OF PROCESSING A MESSAGE FOR A SUBSCRIBER SESSION, COMPUTER READABLE MEDIA, NETWORK ELEMENT, MOBILITY MANAGEMENT SYSTEM, AND, LOAD SYSTEM | |
| CN102438028A (en) | Method, device and system for preventing fraud of dynamic host configuration protocol (DHCP) server | |
| CN102118398B (en) | Access control method, device and system | |
| US10965651B2 (en) | Secure domain name system to support a private communication service | |
| CN113746788A (en) | Data processing method and device | |
| CN102546428A (en) | System and method for internet protocol version 6 (IPv6) message switching based on dynamic host configuration protocol for IPv6 (DHCPv6) interception |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 100085 Beijing Haidian District, No. 9 Shangdi Jiujie Digital Science and Technology Plaza Patentee after: Beijing Shenzhou Digital Cloud Information Technology Co.,Ltd. Country or region after: China Address before: 100085 Beijing Haidian District, No. 9 Shangdi Jiujie Digital Science and Technology Plaza Patentee before: DIGITAL CHINA NETWORKS (BEIJING) Ltd. Country or region before: China |
|
| CP03 | Change of name, title or address | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240806 Address after: 100085 No.301, 3rd floor, 9 shangdijiu street, Haidian District, Beijing Patentee after: Beijing Shenzhou Digital Cloud Information Technology Co.,Ltd. Country or region after: China Patentee after: Shenzhou Kuntai (Xiamen) Information Technology Co.,Ltd. Address before: 100085 Beijing Haidian District, No. 9 Shangdi Jiujie Digital Science and Technology Plaza Patentee before: Beijing Shenzhou Digital Cloud Information Technology Co.,Ltd. Country or region before: China |
|
| TR01 | Transfer of patent right |