Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

IP address filtering method and device

A technology of IP address and filtering method, which is applied in the field of communication, can solve the problems of unable to filter messages, unable to deploy router systems, and unable to solve the problem of forging source addresses on the same reverse path, so as to improve security and reliability and reduce network attacks possible, good message filtering effect

Inactive Publication Date: 2011-08-17
NAT UNIV OF DEFENSE TECH
View PDF2 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Among them, the SAVE protocol is faced with the requirements of asymmetric routing. SAVE can better solve the problem of forged source address filtering under asymmetric routing, but it still cannot solve the problem of attackers forging source addresses on the same reverse path.
Moreover, there is another problem with SAVE: the routers participating in the protocol must exchange a large amount of authenticated data, which is not only complicated, but also this process may become the target of DoS attacks; at the same time, the SAVE protocol needs to be deployed globally before it can be used. Function, because routers that do not support the SAVE protocol do not send SAVE update packets before global deployment, so the source address-interface correspondence table learned by the actual router is incomplete, that is, it does not mean that an interface can only receive packets to the corresponding source addresses, but only indicates that this interface may receive packets from these source addresses, therefore, the inability to incrementally deploy limits the application of SAVE
The iDPF method reduces the number of address prefixes that can be used for spoofing, and can locate the source of spoofed packets within a certain range. However, iDPF can only be used to verify the real source address between domains, and cannot be used in domains that do not run the BGP protocol. Deployed on a router system, it is also impossible to accurately and quickly filter packets with forged source addresses at the location closest to the source of forged addresses
[0014] To sum up, the existing iDPF technology based on the filtering scheme on the path is only applicable to inter-domain, that is, the authentic source address verification using BGP as the main routing protocol between autonomous systems, and for intra-domain, that is, in autonomous systems, especially for For routers using the new generation IPv6 Internet OSPFv3 routing protocol, how to perform more accurate, incremental deployment, low communication cost and low system load real source address verification has become a technical problem that needs to be solved

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • IP address filtering method and device
  • IP address filtering method and device
  • IP address filtering method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0049] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0050] The IP address filtering method provided by the present invention is to calculate the legal incoming interface to these routing prefixes by calculating the routing prefixes of routers in the network area of ​​the Open Shortest Path First (Open Shortest Path First, OSPF) routing protocol as the source address, thereby Based on this, the rout...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an IP address filtering method and device. The method comprises the following steps of: based on OSPF (open shortest path first) protocol link state information, obtaining a shortest path from a source router to the current router in a region, wherein an interface of a previous node of the current router in the shortest path is taken as a legal input interface for OSPF route prefix of the source router; and based on the legal input interface, building a message filter rule for the route prefix of the source router, processing IP messages using the OSPF route prefix of the source router as source address prefix, and filtering messages sent by input interfaces except for the legal input interface. Through the technical scheme of the invention, message on faking the source IP address can be effectively filtered; the computation process of the filter rule is simple, the network load is not increased and the safety of the network can be effectively improved.

Description

technical field [0001] The invention relates to communication technology, in particular to an IP address filtering method and device. Background technique [0002] The Internet has penetrated into people's daily life and work. However, with the development of Internet technology, malicious attacks have appeared on the Internet, for example, the behavior of using forged source addresses to launch network attacks, this kind of attack behavior using forged source addresses It is easy to launch and difficult to be traced, which brings hidden dangers to the security of the Internet. Therefore, how to stop such network attacks is the key to ensuring the safe use of the Internet. [0003] In normal communication on the Internet, the sender of the message needs to fill in the real IP address assigned to the sender in the source address field of the sent message. The real IP address is an authorized address assigned by the Internet authoritative management organization. In this way,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/12H04L12/56H04L45/122
Inventor 陶孜谨卢泽新刘亚萍王宝生郦苏丹张晓哲王宏徐金义
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com