地址解析协议报文处理方法及通讯系统及转发平面处理器

Method for processing message in address resolution protocol, communication system, and forwarding planar process portion

Abstract

The invention is used for defending the network attack using ARP message. It comprises: the forwarding plane processor estimates the type of received ARP message; if it is a ARP request message, then directly returning a response; if it is a ARP response message, the enquiring the ARP list; if finding a list item corresponding to said ARP response message, then deciding if the report parameter insaid list item allows the report; if yes, then reporting ARP response message to the control plane processor; if not finding a list item corresponding to said ARP response message, then abandoning the ARP message. The invention also provides a communication system and a relevant apparatus thereof.
本发明公开了一种地址解析协议报文处理方法及通讯系统及转发平面处理器,用于防御利用ARP报文发起的网络攻击。本发明方法包括:转发平面处理器判断接收到的ARP报文的类型;若为ARP请求报文,则直接进行回应;若为ARP响应报文,则查询ARP表,若在表中查询到所述ARP响应报文对应的表项,则判断所述表项中的上报参数是否为允许上报,若为允许上报,则将所述ARP响应报文上报至控制平面处理器,若在所述表中未查询到所述ARP响应报文对应的表项,则丢弃所述ARP响应报文。此外还提供一种通讯系统及相关设备。本发明可以有效防御利用ARP报文发起的网络攻击。

Claims

Description

Topics

Download Full PDF Version (Non-Commercial Use)

Patent Citations (2)

    Publication numberPublication dateAssigneeTitle
    CN-1534933-AOctober 06, 2004华为技术有限公司Safety access control method for internet protocol
    CN-1870627-ANovember 29, 2006华为技术有限公司Arp缓存表防攻击方法

NO-Patent Citations (2)

    Title
    CN 1466341 A,全文.
    同上.

Cited By (1)

    Publication numberPublication dateAssigneeTitle
    CN-102255984-BJune 03, 2015华为技术有限公司Method and device for verifying ARP (Address Resolution Protocol) request message