Method for improving neighbor discovery safety in IPv6 (Internet Protocol Version 6) environment and broadband access equipment

A technology for neighbor discovery and access equipment, applied in security devices, digital transmission systems, electrical components, etc., can solve problems such as difficulty in ensuring user data flow security, and achieve the effect of avoiding paralysis and ensuring security.

Active Publication Date: 2010-06-30
ZTE CORP
View PDF0 Cites 24 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

At present, there is no corresponding security mechanism to ensure that the IPv6 address information of user nodes does not spread to the lines of other user nodes, so it is difficult to ensure the security of user data flow

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for improving neighbor discovery safety in IPv6 (Internet Protocol Version 6) environment and broadband access equipment
  • Method for improving neighbor discovery safety in IPv6 (Internet Protocol Version 6) environment and broadband access equipment
  • Method for improving neighbor discovery safety in IPv6 (Internet Protocol Version 6) environment and broadband access equipment

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0044] This embodiment provides a technical solution on how to effectively prevent duplicate address detection DoS attacks.

[0045] In the prior art IPv6ND process, a malicious attack node in a link can use the vulnerability of duplicate address detection to carry out DoS attacks, because the user's IPv6 address information will spread to other nodes in the link, and the malicious attack node can monitor the local All DAD packets of the link. The neighbor node request message sent by the user node of the present invention is not forwarded to other user lines, but is only uniformly controlled and replied by the broadband access equipment, so other users cannot attack through the ND request.

[0046] Below in conjunction with accompanying drawing, present embodiment is described in further detail:

[0047] The networking diagram of the broadband access network is as follows: figure 1 As shown, it includes a router, a broadband access device, and multiple user nodes connected ...

no. 2 example

[0063] This embodiment provides a technical solution on how to effectively prevent user IPv6 address information from spreading to other user lines.

[0064] The networking diagram of the broadband access network is the same as that of the first embodiment, for example figure 1 shown.

[0065] The router will periodically send a host request message (that is, initiate an ND request) to the user node recorded in the neighbor table, and the message carries the IP address of the user node.

[0066] The host request message is first sent to the broadband access device to which the user node belongs. In order not to spread the IP address of the user node to irrelevant user lines, the broadband access device must forward the host request message to the corresponding user line. After receiving the host request message, the user node sends a response to the router, carrying its own MAC address, and the router refreshes its neighbor table according to the content of the user node's re...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a method for improving neighbor discovery safety in IPv6 (internet protocol version 6) environment and broadband access equipment. When carrying out duplicate address detection on a temporary IP (internet protocol) address, a user node transmits an adjacent node request message to the broadband access equipment to which the user node belongs and the adjacent node request message carries the temporary IP address and an MAC (media access control) address of the user node; and when receiving the adjacent node request message, the broadband access equipment returns an adjacent node notice message to the user node when judging that a record containing the temporary IP address exists in the adjacent list but the MAC address in the record is different from the MAC address in the adjacent node request message. The method can effectively prevent duplicate address detection on DoS (Disk Operating System) attacks, blocks the communication among nodes attacked by a DoS and avoids the communicating paralysis of the whole link.

Description

technical field [0001] The present invention relates to an IP Version 6 (IPv6) network, and more specifically, relates to a Neighbor Discovery (Neighbor Discovery, ND) process in the IPv6 network and a broadband access device used therein. Background technique [0002] IPv6 Neighbor Discovery (Neighbor Discovery, ND) is a set of messages and procedures to determine the relationship between neighbor nodes. ND replaces "Address Resolution Protocol (ARP)", "Internet Control Message Protocol (Internet Control Message Protocol, ICMP)", "Router Discovery" and "ICMP Redirection" used in IP Version 4 (IPv4), And provides other functions. ND is described in RFC 2461 "Neighbor Discovery for IP Version 6 (IPv6)". [0003] When the network interface of a user node starts to be used, it will first generate a 64-bit interface identifier (Interface Identifier, interface ID) according to the 48-bit Media Access Control (MAC) address of the network interface (if considering the network Th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/56H04L12/26H04L12/24
CPCH04W80/04H04W12/12H04L63/1441H04W12/128
Inventor 孙鹏
Owner ZTE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap