A method for preventing attacks based on virtual network devices forging ip addresses

A virtual network device and IP address technology, which is applied in the field of anti-attack based on virtual network device forged IP address, can solve the problems of no response strategy, inability to obtain relevant information, lack of passive response to sudden attacks, etc., and achieve the goal of passive response Effect

Active Publication Date: 2021-03-19
广州锦行网络科技有限公司
View PDF1 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] 1. The existing technology detects the usage status of IP addresses in real time and adds idle IP addresses to the list, which belongs to active detection. However, for sudden attacks, the existing technology has no response strategy, that is, it lacks passive response measures for sudden attacks
[0011] 2. The existing technology only hides the host IP address, and when an attack is judged, the attack cannot be used to obtain relevant information for subsequent analysis

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method for preventing attacks based on virtual network devices forging ip addresses
  • A method for preventing attacks based on virtual network devices forging ip addresses

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0072] In the communication of IPv4 address, the communication parties need to obtain the physical address (MAC address) of the other party's network through the ARP protocol first, and the subsequent IP data exchange can only be carried out after completing the data link layer communication.

[0073] The present invention creates a TAP virtual network device by using TUN / TAP (virtual network device). Protocol) request data packets to respond, forge the data link layer communication of IP data packets, after completing the data link layer data interaction, forward and perform other secondary processing on the subsequent interactive network data, and record and analyze the attack traffic Analysis, sensing threats, is not simply avoiding attacks. Under normal circumstances, only when the IP address is actually configured on the hardware network card can a reply be made to the relevant ARP request. The present invention captures all data link layer data packets through the TAP vi...

Embodiment 2

[0102] as attached figure 2 As shown, after the TAP network device is connected to the bridge, it first reads the virtual IP address that needs to be forged from the configuration file configured with the virtual IP address that needs to be forged. When the attacker accesses the virtual IP address that needs to be forged in the above configuration file through the network For the IP address, it is similar to configuring the IP address on the physical network card of the host, and then the TAP network device captures all ARP request data for the forged IP address at the data link layer, when the ARP request data for the forged IP address is captured , the TAP network device will forge ARP reply data and send it to the requester; configure system policy routing in the created TUN virtual network device, and capture the network layer data of the above-mentioned IP address that needs to be forged by the attacker at the network layer. For ICMP data, directly Encapsulate the ICMP r...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides an anti-attack method by counterfeiting an IP address based on virtual network equipment, and relates to the field of network security. The method comprises the following steps:firstly, creating a network bridge and TAP virtual network equipment; configuring an IP address to be counterfeited; capturing all ARP request data for accessing the counterfeited IP address in the TAP virtual network equipment; if the ARP request data is captured, replying a counterfeited ARP reply message to an attacker; after ARP data packet interaction is completed, capturing all IP data packets by creating TUN virtual network equipment, and guiding the captured attack traffic to a honeynet system, so that the purposes of normally generating data interaction and analyzing attack behaviorsand data after an IP address is counterfeited are achieved. According to the method, the TUN / TAP virtual network equipment is used for counterfeiting the host IP, protecting the actual host and sending the equipment ARP reply message to the attacker, and the method is used for network attack analysis and is high in expandability.

Description

technical field [0001] The invention relates to the field of network security, in particular to a method for preventing attacks based on virtual network equipment forging IP addresses. Background technique [0002] With the rapid development of the Internet, network security has become a matter of great concern to people. Improving network security and preventing network attacks have always been a concern of network security personnel. [0003] Common network attack methods include: TCP SYN denial of service attack, ICMP flood, UDP flood, port scan, fragmented IP packet attack, SYN bit and FIN bit set at the same time, TCP packet attack without any flag set, FIN bit set flag but does not set the ACK flag attack on TCP packets, overlong PING packets, address guessing attacks, teardrop attacks, IP packets with source routing options, IP packets with record routing options, and IP packets with unknown protocol fields. Text, IP address spoofing, WinNuke attack, Land attack, Sc...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1491H04L69/16
Inventor 吴建亮胡鹏苏耀基
Owner 广州锦行网络科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap