Traitement en cours

Veuillez attendre...

Paramétrages

Paramétrages

Aller à Demande

1. CN111526108 - Method and device for preventing network attack

Office
Chine
Numéro de la demande 201910105151.6
Date de la demande 01.02.2019
Numéro de publication 111526108
Date de publication 11.08.2020
Numéro de délivrance 111526108
Date de délivrance 20.08.2021
Type de publication B
CIB
H04L 29/06
HÉLECTRICITÉ
04TECHNIQUE DE LA COMMUNICATION ÉLECTRIQUE
LTRANSMISSION D'INFORMATION NUMÉRIQUE, p.ex. COMMUNICATION TÉLÉGRAPHIQUE
29Dispositions, appareils, circuits ou systèmes non couverts par un seul des groupes H04L1/-H04L27/135
02Commande de la communication; Traitement de la communication
06caractérisés par un protocole
H04L 29/12
HÉLECTRICITÉ
04TECHNIQUE DE LA COMMUNICATION ÉLECTRIQUE
LTRANSMISSION D'INFORMATION NUMÉRIQUE, p.ex. COMMUNICATION TÉLÉGRAPHIQUE
29Dispositions, appareils, circuits ou systèmes non couverts par un seul des groupes H04L1/-H04L27/135
12caractérisés par le terminal de données
CPC
H04L 61/6022
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
61Network arrangements or network protocols for addressing or naming
60Details
6018Address types
6022Layer 2 addresses, e.g. medium access control [MAC] addresses
H04L 63/1408
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
14for detecting or protecting against malicious traffic
1408by monitoring network traffic
H04L 63/1441
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
14for detecting or protecting against malicious traffic
1441Countermeasures against malicious traffic
H04L 29/06
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00
02Communication control
06characterised by a protocol
H04L 29/12
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00
12characterised by the data terminal
Déposants HUAWEI TECHNOLOGIES CO., LTD.
华为技术有限公司
Inventeurs YANG ZHENXING
杨振兴
WANG HAILIN
王海林
ZHANG YAOKUN
张耀坤
Mandataires 北京龙双利达知识产权代理有限公司 11329
北京龙双利达知识产权代理有限公司 11329
Titre
(EN) Method and device for preventing network attack
(ZH) 防止网络攻击的方法与装置
Abrégé
(EN)
The invention provides a method for preventing a network attack, which comprises the following steps: a first network node in an Ethernet virtual private network (EVPN) receives a first message, the first message carries a first media access control (MAC) address, and the first MAC address is a source MAC address of the first message; and first MAC table entry information is determined, the firstMAC table entry information comprising a first MAC address and a corresponding relationship between an identifier of the first MAC address and egress port information of the first MAC address, and theidentifier of the first MAC address being used for indicating that an egress port corresponding to the first MAC address is a trusted port. According to the method, the risk that the EVPN is in a paralyzed state due to the fact that an attacker attacks the EVPN can be reduced.

(ZH)
本申请提供了一种防止网络攻击的方法,包括以太网虚拟私有网络EVPN中第一网络节点接收第一报文,第一报文携带有第一媒体接入控制MAC地址,第一MAC地址为第一报文的源MAC地址;确定第一MAC表项信息,其中,第一MAC表项信息中包括第一MAC地址、第一MAC地址的标识与第一MAC地址的出端口信息的对应关系,第一MAC地址的标识用于指示与第一MAC地址对应的出端口为信任端口。该方法能够降低由于攻击者攻击EVPN所导致的EVPN处于瘫痪状态的风险。

Related patent documents