DK2472823T3 - Fremgangsmåde og anordning i et ip-netværk - Google Patents

Fremgangsmåde og anordning i et ip-netværk

Info

Publication number
DK2472823T3
DK2472823T3 DK12162190.8T DK12162190T DK2472823T3 DK 2472823 T3 DK2472823 T3 DK 2472823T3 DK 12162190 T DK12162190 T DK 12162190T DK 2472823 T3 DK2472823 T3 DK 2472823T3
Authority
DK
Denmark
Prior art keywords
address
filter
subscriber
dhcp
vlan1
Prior art date
Application number
DK12162190.8T
Other languages
English (en)
Inventor
Peter Nesz
Thomas Johansson
Michael Juhl
Original Assignee
Ericsson Telefon Ab L M
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ericsson Telefon Ab L M filed Critical Ericsson Telefon Ab L M
Application granted granted Critical
Publication of DK2472823T3 publication Critical patent/DK2472823T3/da

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L61/5014Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Communication Control (AREA)
DK12162190.8T 2002-11-06 2002-11-06 Fremgangsmåde og anordning i et ip-netværk DK2472823T3 (da)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
EP12162190.8A EP2472823B1 (en) 2002-11-06 2002-11-06 A method and a device in an IP network
PCT/SE2002/002021 WO2004042999A1 (en) 2002-11-06 2002-11-06 Method and arrangement for preventing illegitimate use of ip addresses
EP02783924A EP1559237B1 (en) 2002-11-06 2002-11-06 Method and arrangement for preventing illegitimate use of ip addresses

Publications (1)

Publication Number Publication Date
DK2472823T3 true DK2472823T3 (da) 2013-12-16

Family

ID=32310983

Family Applications (1)

Application Number Title Priority Date Filing Date
DK12162190.8T DK2472823T3 (da) 2002-11-06 2002-11-06 Fremgangsmåde og anordning i et ip-netværk

Country Status (8)

Country Link
US (2) US7996537B2 (da)
EP (3) EP2472824B1 (da)
CN (1) CN100490377C (da)
AT (1) ATE552692T1 (da)
AU (1) AU2002347725A1 (da)
DK (1) DK2472823T3 (da)
ES (2) ES2384377T3 (da)
WO (1) WO2004042999A1 (da)

Families Citing this family (53)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
USRE47253E1 (en) * 2002-11-06 2019-02-19 Telefonaktiebolaget Lm Ericsson (Publ) Method and arrangement for preventing illegitimate use of IP addresses
US7577735B1 (en) * 2002-11-27 2009-08-18 Cisco Technology, Inc. Transparent mode
CN1277373C (zh) * 2003-05-07 2006-09-27 华为技术有限公司 网络通信系统中用户位置信息的传递方法
US7516487B1 (en) * 2003-05-21 2009-04-07 Foundry Networks, Inc. System and method for source IP anti-spoofing security
US7523485B1 (en) * 2003-05-21 2009-04-21 Foundry Networks, Inc. System and method for source IP anti-spoofing security
US20040255154A1 (en) * 2003-06-11 2004-12-16 Foundry Networks, Inc. Multiple tiered network security system, method and apparatus
US7876772B2 (en) 2003-08-01 2011-01-25 Foundry Networks, Llc System, method and apparatus for providing multiple access modes in a data communications network
US7735114B2 (en) * 2003-09-04 2010-06-08 Foundry Networks, Inc. Multiple tiered network security system, method and apparatus using dynamic user policy assignment
US7774833B1 (en) 2003-09-23 2010-08-10 Foundry Networks, Inc. System and method for protecting CPU against remote access attacks
US8528071B1 (en) 2003-12-05 2013-09-03 Foundry Networks, Llc System and method for flexible authentication in a data communications network
ATE410875T1 (de) * 2004-01-23 2008-10-15 Siemens Ag Verfahren zur zuordnung einer ip-adresse zu einem gerät
US20050262218A1 (en) * 2004-04-30 2005-11-24 Cox Gabriel C System and method for DHCP-based assignment of IP addresses to servers based on geographic identifiers
BRPI0419056A (pt) * 2004-09-20 2007-12-11 Matsushita Electric Industrial Co Ltd método de gerenciamento de comutação de um ponto de terminação de túnel rede privada virtual de um primeiro endereço para um segundo endereço, e, gerenciador de comutação de ponto de terminação de túnel de rede privada virtual
FR2881592A1 (fr) * 2005-02-02 2006-08-04 France Telecom Procede et dispositif de detection d'usurpations d'adresse dans un reseau informatique
US7756976B2 (en) * 2005-03-18 2010-07-13 Hewlett-Packard Development Company, L.P. Systems and methods for denying rogue DHCP services
US20060225128A1 (en) * 2005-04-04 2006-10-05 Nokia Corporation Measures for enhancing security in communication systems
CN100442706C (zh) * 2005-04-19 2008-12-10 华为技术有限公司 一种使维护节点标识与媒体访问控制地址对应的方法
GB2425681A (en) 2005-04-27 2006-11-01 3Com Corporaton Access control by Dynamic Host Configuration Protocol snooping
JP4161981B2 (ja) * 2005-05-31 2008-10-08 ブラザー工業株式会社 通信装置、及び、プログラム
EP1739929B1 (en) * 2005-06-29 2012-05-30 Alcatel Lucent Method to forward downstream message and network unit realizing said method
US7778250B2 (en) * 2005-08-11 2010-08-17 Ericsson Ab Method and apparatus for securing a layer II bridging switch/switch for subscriber aggregation
CN101022472B (zh) * 2006-02-13 2010-06-09 中兴通讯股份有限公司 一种对消息接口异常的预防保护方法
CN1835514B (zh) * 2006-03-31 2010-05-12 北京润汇科技有限公司 Dhcp+客户端模式的宽带接入的管理方法
CN101083670B (zh) * 2006-06-02 2010-09-29 鸿富锦精密工业(深圳)有限公司 地址分配系统及方法
JP4825724B2 (ja) * 2006-06-09 2011-11-30 株式会社リコー ネットワーク機器
US8331266B2 (en) * 2006-06-14 2012-12-11 Nokia Siemens Networks Oy LAN topology detection and assignment of addresses
CN101098290B (zh) * 2006-06-29 2011-04-06 中兴通讯股份有限公司 一种在an上实现ip地址防欺骗的装置及其方法
CN101471966B (zh) * 2006-07-06 2011-07-20 华为技术有限公司 一种防止ip地址泄露的系统和设备
US8625456B1 (en) * 2006-09-21 2014-01-07 World Wide Packets, Inc. Withholding a data packet from a switch port despite its destination address
EP2074747B1 (en) 2006-09-28 2015-08-05 PacketFront Network Products AB Method for automatically providing a customer equipment with the correct service
US20080089323A1 (en) * 2006-10-13 2008-04-17 At&T Knowledge Ventures, L.P. System and method for assigning virtual local area networks
US8966608B2 (en) * 2006-12-22 2015-02-24 Telefonaktiebolaget L M Ericsson (Publ) Preventing spoofing
CN100563149C (zh) * 2007-04-25 2009-11-25 华为技术有限公司 一种dhcp监听方法及其装置
CN100586106C (zh) * 2007-05-22 2010-01-27 华为技术有限公司 报文处理方法、系统和设备
JP5164450B2 (ja) * 2007-06-28 2013-03-21 キヤノン株式会社 通信装置及びその制御方法とプログラム
CN101115063B (zh) * 2007-08-30 2011-11-30 中兴通讯股份有限公司 宽带接入设备中防止mac地址/ip地址欺骗的方法
US20090086639A1 (en) * 2007-09-27 2009-04-02 Verizon Services Corp. Testing dynamically addressed network devices
JP5104426B2 (ja) * 2008-03-13 2012-12-19 パナソニック株式会社 画像表示装置
WO2011153679A1 (zh) * 2010-06-07 2011-12-15 华为技术有限公司 业务配置方法、设备和系统
JP5385872B2 (ja) * 2010-07-27 2014-01-08 パナソニック株式会社 通信制御装置、通信システム及びプログラム
CN101984693A (zh) * 2010-11-16 2011-03-09 中兴通讯股份有限公司 终端接入局域网的监控方法和监控装置
CN110882021A (zh) 2011-04-15 2020-03-17 心脏缝合有限公司 用于缝合解剖学瓣的缝合装置和方法
US9819611B2 (en) * 2012-03-12 2017-11-14 Boobera Lagoon Technology, Llc Network device and a method for networking
US8855117B2 (en) * 2012-08-08 2014-10-07 Cisco Technology, Inc. Scalable media access control protocol synchronization techniques for fabric extender based emulated switch deployments
US8869275B2 (en) * 2012-11-28 2014-10-21 Verisign, Inc. Systems and methods to detect and respond to distributed denial of service (DDoS) attacks
US10277555B2 (en) * 2014-07-18 2019-04-30 Mitsubishi Electric Corporation IP address distribution system, switch device, and IP address distribution method
US10601766B2 (en) 2015-03-13 2020-03-24 Hewlett Packard Enterprise Development Lp Determine anomalous behavior based on dynamic device configuration address range
CN107046585A (zh) * 2017-03-30 2017-08-15 百富计算机技术(深圳)有限公司 Dhcp服务器选择方法和装置
CN109391586A (zh) * 2017-08-04 2019-02-26 深圳市中兴微电子技术有限公司 一种防止静态ip非法上网的装置及方法、onu设备和pon系统
CN110313155B (zh) * 2017-12-11 2020-10-09 华为技术有限公司 网络、网络管理方法以及该网络的控制器和交换机
US12489731B1 (en) * 2018-02-21 2025-12-02 F5, Inc. Methods for enforcing firewall and security policies based on subscriber identification and devices thereof
US11831420B2 (en) 2019-11-18 2023-11-28 F5, Inc. Network application firewall
US20230412594A1 (en) * 2022-06-20 2023-12-21 Micro Focus Llc Tying addresses to authentication processes

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0520709A3 (en) * 1991-06-28 1994-08-24 Digital Equipment Corp A method for providing a security facility for remote systems management
US5826014A (en) 1996-02-06 1998-10-20 Network Engineering Software Firewall system for protecting network elements connected to a public network
US5884024A (en) 1996-12-09 1999-03-16 Sun Microsystems, Inc. Secure DHCP server
CN1243366A (zh) * 1998-07-29 2000-02-02 蒋林涛 产品防伪通信信息系统
US6374295B2 (en) * 1998-10-29 2002-04-16 Nortel Networks Limited Active server management
US6839759B2 (en) * 1998-10-30 2005-01-04 Science Applications International Corp. Method for establishing secure communication link between computers of virtual private network without user entering any cryptographic information
US6427170B1 (en) * 1998-12-08 2002-07-30 Cisco Technology, Inc. Integrated IP address management
US6393484B1 (en) * 1999-04-12 2002-05-21 International Business Machines Corp. System and method for controlled access to shared-medium public and semi-public internet protocol (IP) networks
US7281036B1 (en) * 1999-04-19 2007-10-09 Cisco Technology, Inc. Method and apparatus for automatic network address assignment
US7079499B1 (en) * 1999-09-08 2006-07-18 Nortel Networks Limited Internet protocol mobility architecture framework
FI110975B (fi) * 1999-12-22 2003-04-30 Nokia Corp Huijaamisen estäminen tietoliikennejärjestelmissä
US20020016855A1 (en) 2000-03-20 2002-02-07 Garrett John W. Managed access point for service selection in a shared access network
US20020065919A1 (en) * 2000-11-30 2002-05-30 Taylor Ian Lance Peer-to-peer caching network for user data
US7127524B1 (en) * 2000-12-29 2006-10-24 Vernier Networks, Inc. System and method for providing access to a network with selective network address translation
US7139818B1 (en) * 2001-10-04 2006-11-21 Cisco Technology, Inc. Techniques for dynamic host configuration without direct communications between client and server
US7191331B2 (en) * 2002-06-13 2007-03-13 Nvidia Corporation Detection of support for security protocol and address translation integration
US7139828B2 (en) * 2002-08-30 2006-11-21 Ip Dynamics, Inc. Accessing an entity inside a private network
US7412515B2 (en) * 2002-09-26 2008-08-12 Lockheed Martin Corporation Method and apparatus for dynamic assignment of network protocol addresses

Also Published As

Publication number Publication date
WO2004042999A1 (en) 2004-05-21
CN1695341A (zh) 2005-11-09
AU2002347725A1 (en) 2004-06-07
ES2384377T3 (es) 2012-07-04
EP1559237B1 (en) 2012-04-04
ES2433272T3 (es) 2013-12-10
US20060155853A1 (en) 2006-07-13
CN100490377C (zh) 2009-05-20
USRE45445E1 (en) 2015-03-31
EP2472824B1 (en) 2013-09-18
EP2472823A1 (en) 2012-07-04
EP2472824A1 (en) 2012-07-04
ATE552692T1 (de) 2012-04-15
US7996537B2 (en) 2011-08-09
EP1559237A1 (en) 2005-08-03
EP2472823B1 (en) 2013-09-18

Similar Documents

Publication Publication Date Title
DK2472823T3 (da) Fremgangsmåde og anordning i et ip-netværk
CN101764734B (zh) IPv6环境下提高邻居发现安全性的方法及宽带接入设备
CN100527711C (zh) 包传输装置、通信网和数据包传输方法
US7457300B2 (en) Ethernet address management system
CN101741702B (zh) 实现arp请求广播限制的方法和装置
US9674144B1 (en) IP reflection
WO1997018657A1 (en) Method for establishing restricted broadcast groups in a switched network
JPWO2004051935A1 (ja) ユーザ特定システム、ユーザ特定装置、ユーザ特定方法、アドレス変換装置、及びプログラム
CA2499296A1 (en) Method and apparatus for preventing spoofing of network addresses
CN101459653B (zh) 基于Snooping技术的防止DHCP报文攻击的方法
US7881224B2 (en) Detection of duplicated network addresses
WO2012176087A1 (en) Preventing neighbor-discovery based denial of service attacks
KR101311198B1 (ko) Ipv6-가능한 집합 네트워크에 가입자 디바이스들을 접속하기 위한 방법 및 장치
CN101656762B (zh) 域名服务器信息的发送方法和装置
US20050111447A1 (en) Technique for tracing source addresses of packets
CN102571806B (zh) 一种主动防止路由器公告报文欺骗的装置和方法
CN116319684A (zh) 基于LLMNR查询的双栈Windows节点IPv6地址快速探测方法及系统
CN102594808B (zh) 一种防止DHCPv6服务器欺骗的系统及方法
US7826447B1 (en) Preventing denial-of-service attacks employing broadcast packets
CN100449989C (zh) 一种触发802.1x认证过程的方法
WO2001075626A9 (en) Bridge configuration over ip/web
US20070064691A1 (en) ARP relay
Spácil et al. Forcing usage rules in public wireless LANs
Erbacher et al. GULv3-A Novel Tool for Network Managers to Audit Networks.
SE520821C2 (sv) Metod och system för kundunik adressportsöversättning i IP- kommunikationsnät