CN118827195B - A method for generating IPv6 real source address blacklist and whitelist based on trusted routing classification - Google Patents
A method for generating IPv6 real source address blacklist and whitelist based on trusted routing classification Download PDFInfo
- Publication number
- CN118827195B CN118827195B CN202410919547.5A CN202410919547A CN118827195B CN 118827195 B CN118827195 B CN 118827195B CN 202410919547 A CN202410919547 A CN 202410919547A CN 118827195 B CN118827195 B CN 118827195B
- Authority
- CN
- China
- Prior art keywords
- prefix
- ipv6
- black
- white list
- trusted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
本发明涉及一种基于可信路由分类的IPv6真实源地址黑白名单生成方法,属于计算机网络研究技术领域。路由器收集各种途径所获取的网络前缀信息,在进行分析和整理后对每个网络前缀根据起源进行分类打标签,路由器在生成IPv6真实源地址黑白名单时,将遍历每个网络前缀所对应的多个起源标签,并且对每个起源的分类标签可信程度进行打分,取出可信程度分值最高的路由起源信息,生成可信的IPv6真实源地址黑白名单,实现路由器对IPv6真实源地址精准验证功能。
The present invention relates to a method for generating a blacklist and whitelist of IPv6 real source addresses based on trusted routing classification, and belongs to the technical field of computer network research. A router collects network prefix information obtained through various channels, and after analysis and sorting, classifies and labels each network prefix according to its origin. When generating a blacklist and whitelist of IPv6 real source addresses, the router traverses multiple origin labels corresponding to each network prefix, and scores the credibility of the classification label of each origin, takes out the routing origin information with the highest credibility score, generates a credible blacklist and whitelist of IPv6 real source addresses, and realizes the accurate verification function of the router on the IPv6 real source address.
Description
Technical Field
The invention relates to a method for generating an IPv6 real source address black-and-white list based on trusted route classification, belonging to the technical field of computer network research.
Background
The router is a main node device of the Internet, the router decides the forwarding of data through the route, the forwarding strategy is called routing (routing), which is also the source of the router name, and is used as a junction for interconnection between different networks, the router system forms the main context of the Internet based on TCP/IP, and the router forms the skeleton of the Internet.
The main task of the router is to find an optimal transmission path for each data frame passing through the router and to efficiently transmit the data to the destination site. It follows that the strategy of selecting the best path, i.e. the routing algorithm, is the key place for routers. In order to accomplish this, a router Table (Routing Table), which is related data of various transmission paths, is stored in the router, and is used for Routing, and the router Table stores contents such as the identification information of the subnet, the number of routers on the network, and the name of the next router, and may be fixedly set by a system administrator, or may be learned through a dynamic Routing protocol.
The generation of the IPv6 real source address black-and-white list needs to judge the real inlet of the data traffic according to the routing table stored in the router, so that the IPv6 real source address verification is realized at the inlet of the data traffic into the router, and the credibility of the selected routing information plays a role in the accuracy of the implementation result of the generated IPv6 real source address black-and-white list.
Therefore, how to select the route information with the highest credibility from various sources in the router provides a reliable basis for generating the black-and-white list of the IPv6 real source address, realizes the verification of the IPv6 real source address, has little or no error blocking, and is a problem to be solved in the Internet routing system. For this purpose, the present invention is proposed.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a method for generating an IPv6 real source address black-and-white list based on trusted route classification, which classifies the reliability degree of the collected route prefix information based on the router, and marks the routes from different sources in the router in a classified manner, thereby providing accurate trusted route information for generating an IPv6 real source address verified black-and-white list and achieving the aim of accurately verifying the IPv6 real source address.
Specifically, the router collects network prefix information acquired by various approaches, classifies and labels each network prefix according to the origin after analysis and arrangement, traverses a plurality of origin labels corresponding to each network prefix when the router generates an IPv6 real source address black-and-white list, scores the credibility of the classification labels of each origin, takes out route origin information with the highest credibility score, generates an IPv6 real source address black-and-white list, and realizes the function of accurately verifying the IPv6 real source address by the router.
The technical scheme of the invention is as follows:
A method for generating IPv6 real source address black-and-white list based on trusted route classification comprises the following steps:
(1) The router software system initializes a trusted IPv6 routing prefix classification table;
(2) The router software system initializes an IPv6 real source address black-and-white list;
(3) The router software system initializes a trusted route scoring table;
(4) Each module of the router assembles a trusted IPv6 prefix report message to a black-and-white list generation module;
(5) The black-and-white list generation module starts to collect trusted IPv6 prefix report messages from each module of the router and generates an IPv6 real source address black-and-white list;
(6) The black-and-white list generation module receives the trusted IPv6 prefix report message, scans the trusted IPv6 routing prefix classification table, and creates a trusted IPv6 routing prefix classification table entry and a prefix information node;
(7) Scanning and updating the information of the reliable IPv6 routing prefix classification table by utilizing the table item of the reliable IPv6 routing prefix classification table obtained in the step (6);
(8) Scanning a black-and-white list of the IPv6 real source address by utilizing the table entry of the trusted IPv6 routing prefix classification table obtained in the step (6) and updating the black-and-white list;
(9) And (5) generating prompt information in the system, and returning to the step (5) for continuous execution.
In the step (1), the reliable IPv6 routing prefix classification table comprises an IPv6 network prefix, a network prefix length and a prefix information node, wherein the IPv6 network prefix is an IPv6 network prefix of the reliable IPv6 routing, and the network prefix length is the reliable IPv6 routing prefix length;
The stored data structure of the prefix information node is a linked list and comprises a plurality of records, each record comprises a route grading value, an output interface index value, a black-and-white list type to be generated and a network identifier, the grading value is a grading value given by a system according to a trusted IPv6 route source mode, the output interface index value is an output interface index value of a trusted route, the black-and-white list type to be generated is informed of generating a black list or a white list identifier when a route module announces a prefix, the network identifier is that route prefix information of the current source is optimal trusted IPv6 route prefix information, and a trusted IPv6 route prefix classification table is initialized to be empty.
According to the preferred embodiment of the present invention, in the step (2), the black-and-white list of the IPv6 real source address includes an IPv6 real source address prefix, a prefix length, a black-and-white list identifier, and an interfacing index, where the IPv6 real source address prefix is an IPv6 source prefix of the black-and-white list, the prefix length is a mask value of the black-and-white list IPv6 source address prefix, the black-and-white list identifier is a category of a record of the current list, 0 represents the white list, 1 represents the black list, the interfacing index is an interfacing index value of entering the device when the IPv6 source address of the data stream hits the IPv6 real source address prefix, and the initial IPv6 real source address black-and-white list is null.
According to the invention, in the step (3), the trusted route scoring table comprises route types and scores, wherein the route types are route sources, the value range is 0-6, the scores are scores set by a system for the current route sources, the score value range is 0-10, the higher the scores are high in reliability of the current route types, the trusted route scoring table is initialized, information in a configuration file is read for initialization, and different route types have corresponding scores, for example, BGP route type 1, OSPF route type 2, static route type 3, direct connection route type 4 and SPA route type 5;
In step (4), the router modules assemble the reliable IPv6 prefix report message, where the message includes the IPv6 routing prefix, the prefix length, the module name, the outbound interface index value, and the black-and-white list identifier, and send the reliable IPv6 prefix report message to the black-and-white list generating module.
According to the preferred embodiment of the present invention, in step (6), specifically, an IPv6 routing prefix, a prefix length, a module name, an outgoing interface index value, and a black-and-white list identifier are extracted from a trusted IPv6 prefix report message, and the IPv6 routing prefix classification table is scanned by using the IPv6 routing prefix and the prefix length, and if no record is found, step (6.1) and step (6.2) are performed, and if a record is found, step (6.3) is performed;
(6.1) creating a trusted IPv6 routing prefix classification table entry, and filling IPv6 routing prefixes and prefix lengths obtained from the message in the step (6) into IPv6 network prefixes and network prefix length fields in the table entry;
(6.2) creating a prefix information node, filling the outlet interface index value and the black-and-white list identification obtained in the step (6) into the outlet interface index value and the type of the black-and-white list to be generated of the prefix information node, filling a network identification field into 1, and setting the newly created prefix information node as a head node of a linked list;
And (6.3) creating a prefix information node, filling the outlet interface index value and the black-and-white list identification obtained in the step (6) into the outlet interface index value and the type of the black-and-white list to be generated of the prefix information node, filling the network identification field into 0, traversing the prefix information node linked list, and putting the newly created prefix information node into the tail part of the linked list.
According to the preferred embodiment of the present invention, in the step (7), specifically, the table entry of the trusted IPv6 routing prefix classification table obtained in the step (6) is used to scan the score of the prefix information linked list, and the prefix information node record with the highest current score is taken out;
Scanning the network identification of the prefix information linked list by utilizing the list item of the trusted IPv6 routing prefix classification list in the step (6), and taking out the prefix information node record with the network identification of 1;
comparing the obtained 2 prefix information node records, if the obtained 2 prefix information node records are not the same record, executing the step (7.1), and if the obtained 2 prefix information node records are the same record, executing the step (7.2);
(7.1) changing a prefix information node record with a network identification field of 1 to 0, changing a network identification field of another prefix information node record to 1, and recording a prefix node record with a network identification field of 1;
(7.2) recording a prefix node record with a network identification field of 1.
According to the preferred embodiment of the present invention, in step (8), specifically, the IPv6 network prefix and prefix length recorded in the trusted IPv6 routing prefix classification table in step (6) are used to scan the black-and-white list of the IPv6 real source address, if the record is matched, step (8.1) is performed, and if the record is not matched, step (8.2) is performed;
(8.1) updating an interface entering index field and a black-and-white list identification field of the black-and-white list record of the IPv6 real source address acquired in the step (8) by utilizing the interface exiting index value and the type of the black-and-white list to be generated in the prefix information node record acquired in the step (7);
And (8.2) creating a black-and-white list record of the IPv6 real source address, and updating the IPv6 real source address prefix, prefix length, black-and-white list identification and interface index of the created black-and-white list record of the IPv6 real source address by utilizing the IPv6 network prefix and prefix length recorded in the trusted IPv6 routing prefix classification table in the step (6) and the type of the black-and-white list to be generated and the interface index value in the latest prefix information node obtained in the step (7).
The invention has the beneficial effects that:
The invention provides a method for generating an IPv6 real source address black-and-white list based on trusted route classification, which classifies the reliability degree of the collected route prefix information based on a router, classifies and labels routes from different sources in the router, provides accurate trusted route information for generating an IPv6 real source address verified black-and-white list, and achieves the aim of accurately verifying an IPv6 real source address.
Drawings
FIG. 1 is a schematic architecture diagram of the present invention;
FIG. 2 is a diagram of a trusted IPv6 routing prefix class representation of the present invention;
FIG. 3 is a schematic diagram of a black and white list of IPv6 real source addresses in accordance with the present invention;
FIG. 4 is a schematic diagram of a trusted routing scoring table of the present invention;
FIG. 5 is a diagram of a trusted IPv6 prefix report message according to the present invention;
FIG. 6 is a flow chart of a method according to an embodiment of the invention.
Detailed Description
The invention will now be further illustrated by way of example, but not by way of limitation, with reference to the accompanying drawings.
Example 1:
The embodiment provides a method for generating a black-and-white list of an IPv6 real source address based on trusted route classification, the schematic diagram of an architecture is shown in fig. 1, the left side of fig. 1 is a module for statically generating a trusted route prefix of a router, the module is used for marking the action position of the static generated trusted route in the architecture, the right side is a module for dynamically learning and releasing the trusted route prefix, the action position of the dynamic generated trusted route in the architecture is marked, the middle of fig. 1 is a core module for generating the black-and-white list, after the static trusted route prefix module and the dynamic trusted route prefix module report respective trusted route information, the static trusted route prefix module and the dynamic trusted route prefix module record the respective trusted route information in a trusted IPv6 route prefix classification table, and the optimal trusted IPv6 route prefix information is selected through score comparison to generate the black-and-white list of the IPv6 real source address, and the method comprises the following steps:
S100, starting a router software system, creating a trusted IPv6 routing prefix classification table and configuring an initial value;
The trusted IPv6 routing prefix classification table is shown in fig. 2, in which each IPv6 prefix and prefix mask generates a record, and each recorded prefix information node is in a linked list structure, and possibly multiple records are generated due to multiple routing sources, and each record includes an IPv6 network prefix field occupying 128 bits, a network prefix length field occupying 32 bits, and a prefix information node linked list, and each prefix information node includes a routing score value field occupying 32 bits, an outgoing interface index value field occupying 32 bits, a black-and-white list type field occupying 32 bits, and a network identification field occupying 32 bits.
S200, establishing an IPv6 real source address black-and-white list and configuring an initial value;
The black-and-white list of the IPv6 real source address is shown in fig. 3, each black-and-white list occupies a table item, and in each table item, an IPv6 real source address prefix field occupying 128 bits, a prefix length field occupying 32 bits, a black-and-white list identification field occupying 32 bits and an interface index field occupying 32 bits are respectively used.
S300, establishing a trusted route scoring table and configuring an initial value;
the trusted route scoring table is shown in fig. 4 as a routing type field occupying 8 bits and a score field occupying 8 bits, respectively.
S400, each module of the router assembles a trusted IPv6 prefix report message to a black-and-white list generation module;
The trusted IPv6 prefix report message is shown in fig. 5, and is an IPv6 routing prefix field occupying 128 bits, a prefix length field occupying 32 bits, a module name field occupying 8 bits, an outgoing interface index field occupying 16 bits, and a black-and-white list identifier field occupying 16 bits, respectively.
S500, a black-and-white list generation module starts to receive the trusted IPv6 prefix report message and generates a black-and-white list;
S600, a black-and-white list generation module receives the trusted IPv6 prefix report message sent by the step S400, extracts relevant information, scans the trusted IPv6 routing prefix classification table, executes S601 and S602 if no record exists, and executes S603 if record exists;
S601, creating a trusted IPv6 routing prefix classification table entry, and filling IPv6 network prefix and network prefix length fields in the table entry according to the information acquired in the S600;
S602, creating a prefix information node, filling the information acquired in the step S600 into the newly created prefix information node, and setting the node as a head node;
And S603, creating a prefix information node, filling the information acquired in the step S600 into the newly created prefix information node, and placing the node into the tail of a linked list.
S700, according to the obtained list item of the reliable IPv6 routing prefix classification list in S600, scanning the score field of the prefix information linked list, and taking out the prefix information node record with the highest score;
s800, according to the acquired list item of the trusted IPv6 routing prefix classification list in S600, scanning a network identification field of a prefix information linked list, and taking out a prefix information node record with a network identification of 1;
S900, comparing the two prefix information node records obtained in the S700 and the S800, if the two prefix information node records are not the same record, executing the S901, and if the two prefix information node records are the same record, executing the S902;
s901, updating network identification fields of two records, and recording prefix information node records with a preferred field of 1;
s902, recording a prefix information node record with a preferred field of 1;
s1000, scanning an IPv6 real source address black-and-white list according to the information recorded in the S600, executing the S1001 if the record exists, and executing the S1002 if the record does not exist;
s1001, updating the black-and-white list record of the IPv6 real source address acquired in S1000 according to the information acquired in S900;
S1002, creating an IPv6 real source address black-and-white list record, and updating the content of the created IPv6 real source address black-and-white list record according to the information acquired in S600 and S900;
and S1100, generating prompt information in the system, and returning to S500 for continuous execution.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (8)
1. The IPv6 real source address black-and-white list generation method based on trusted route classification is characterized by comprising the following steps:
(1) Initializing a trusted IPv6 routing prefix classification table;
(2) Initializing an IPv6 real source address black-and-white list;
(3) Initializing a trusted route scoring table;
(4) Assembling the trusted IPv6 prefix report message to a black-and-white list generation module;
(5) The black-and-white list generation module starts to collect the trusted IPv6 prefix report message and generates an IPv6 real source address black-and-white list;
(6) The black-and-white list generation module receives the trusted IPv6 prefix report message, scans the trusted IPv6 routing prefix classification table, and creates a trusted IPv6 routing prefix classification table entry and a prefix information node;
(7) Scanning and updating the information of the reliable IPv6 routing prefix classification table by utilizing the table item of the reliable IPv6 routing prefix classification table obtained in the step (6);
(8) Scanning a black-and-white list of the IPv6 real source address by utilizing the table entry of the trusted IPv6 routing prefix classification table obtained in the step (6) and updating the black-and-white list;
(9) And (5) generating prompt information in the system, and returning to the step (5) for continuous execution.
2. The method for generating black-and-white list of IPv6 real source address based on trusted route classification as claimed in claim 1, wherein in step (1), the trusted IPv6 route prefix classification table includes IPv6 network prefix, network prefix length and prefix information node, the IPv6 network prefix is an IPv6 network prefix of the trusted IPv6 route, and the network prefix length is a trusted IPv6 route prefix length;
The stored data structure of the prefix information node is a linked list and comprises a plurality of records, each record comprises a route grading value, an output interface index value, a black-and-white list type to be generated and a network identifier, the grading value is a grading value given according to a trusted IPv6 route source mode, the output interface index value is an output interface index value of a trusted route, the black-and-white list type to be generated is informed of generating a black list or a white list identifier when a route module announces a prefix, the network identifier is that route prefix information of the current source is optimal trusted IPv6 route prefix information, and a trusted IPv6 route prefix classification table is initialized to be empty.
3. The method for generating black-and-white list of IPv6 real source addresses based on the trusted route classification of claim 2, wherein in the step (2), the black-and-white list of IPv6 real source addresses includes an IPv6 real source address prefix, a prefix length, a black-and-white list identifier, and an interfacing index, wherein the IPv6 real source address prefix is an IPv6 source prefix of the black-and-white list, the prefix length is a mask value of the black-and-white list IPv6 source address prefix, the black-and-white list identifier is a category of a current list record, 0 represents the white list, 1 represents the black list, the interfacing index is an interfacing index value of an ingress device when the IPv6 source address of the data stream hits the IPv6 real source address prefix, and the initial IPv6 real source address black-and-white list is null.
4. The method for generating black-and-white list of IPv6 real source address based on trusted route classification as claimed in claim 3, wherein in step (3), the trusted route scoring table includes a route type and a score, the route type is a route source, the value range is 0-6, the score is a score set by a current route source, the value range is 0-10, the higher the score is the higher the credibility of the current route type, the trusted route scoring table is initialized, information in the configuration file is read for initialization, and different route types have corresponding scores.
5. The method for generating black-and-white list of IPv6 real source address based on trusted routing classification as claimed in claim 4, wherein in step (4), specifically, the message comprising IPv6 routing prefix, prefix length, module name, output interface index value and black-and-white list identification is assembled, and the message is sent to black-and-white list generating module.
6. The method for generating black-and-white list of IPv6 real source address based on trusted route classification as claimed in claim 5, wherein in step (6), specifically, IPv6 route prefix, prefix length, module name, outgoing interface index value and black-and-white list identification are taken out from the trusted IPv6 prefix report message, the trusted IPv6 route prefix classification table is scanned by using IPv6 route prefix and prefix length, if no record is found, step (6.1) and step (6.2) are executed, and if a record is found, step (6.3) is executed;
(6.1) creating a trusted IPv6 routing prefix classification table entry, and filling IPv6 routing prefixes and prefix lengths obtained from the message in the step (6) into IPv6 network prefixes and network prefix length fields in the table entry;
(6.2) creating a prefix information node, filling the outlet interface index value and the black-and-white list identification obtained in the step (6) into the outlet interface index value and the type of the black-and-white list to be generated of the prefix information node, filling a network identification field into 1, and setting the newly created prefix information node as a head node of a linked list;
And (6.3) creating a prefix information node, filling the outlet interface index value and the black-and-white list identification obtained in the step (6) into the outlet interface index value and the type of the black-and-white list to be generated of the prefix information node, filling the network identification field into 0, traversing the prefix information node linked list, and putting the newly created prefix information node into the tail part of the linked list.
7. The method for generating black-and-white list of IPv6 real source address based on trusted route classification as claimed in claim 6, wherein in step (7), specifically, the method uses the list item of the trusted IPv6 route prefix classification table obtained in step (6), scans the value of the prefix information linked list, and takes out the prefix information node record with the highest current value;
Scanning the network identification of the prefix information linked list by utilizing the list item of the trusted IPv6 routing prefix classification list in the step (6), and taking out the prefix information node record with the network identification of 1;
comparing the obtained 2 prefix information node records, if the obtained 2 prefix information node records are not the same record, executing the step (7.1), and if the obtained 2 prefix information node records are the same record, executing the step (7.2);
(7.1) changing a prefix information node record with a network identification field of 1 to 0, changing a network identification field of another prefix information node record to 1, and recording a prefix node record with a network identification field of 1;
(7.2) recording a prefix node record with a network identification field of 1.
8. The method for generating black-and-white list of IPv6 real source address based on trusted routing classification as claimed in claim 7, wherein in step (8), specifically, IPv6 real source address black-and-white list is scanned by using IPv6 network prefix and prefix length recorded by the trusted IPv6 routing prefix classification table in step (6), if the records are matched, step (8.1) is executed, and if the records are not matched, step (8.2) is executed;
(8.1) updating an interface entering index field and a black-and-white list identification field of the black-and-white list record of the IPv6 real source address acquired in the step (8) by utilizing the interface exiting index value and the type of the black-and-white list to be generated in the prefix information node record acquired in the step (7);
And (8.2) creating a black-and-white list record of the IPv6 real source address, and updating the IPv6 real source address prefix, prefix length, black-and-white list identification and interface index of the created black-and-white list record of the IPv6 real source address by utilizing the IPv6 network prefix and prefix length recorded in the trusted IPv6 routing prefix classification table in the step (6) and the type of the black-and-white list to be generated and the interface index value in the latest prefix information node obtained in the step (7).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410919547.5A CN118827195B (en) | 2024-07-10 | 2024-07-10 | A method for generating IPv6 real source address blacklist and whitelist based on trusted routing classification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410919547.5A CN118827195B (en) | 2024-07-10 | 2024-07-10 | A method for generating IPv6 real source address blacklist and whitelist based on trusted routing classification |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN118827195A CN118827195A (en) | 2024-10-22 |
| CN118827195B true CN118827195B (en) | 2025-02-14 |
Family
ID=93074321
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410919547.5A Active CN118827195B (en) | 2024-07-10 | 2024-07-10 | A method for generating IPv6 real source address blacklist and whitelist based on trusted routing classification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118827195B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117527428A (en) * | 2023-12-12 | 2024-02-06 | 中国联合网络通信集团有限公司 | Access control methods, equipment and storage media based on ACL rules |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101155196B (en) * | 2006-09-27 | 2011-05-11 | 中国电信股份有限公司 | Service-oriented IPv6 address specification and distribution method, terminal and system for implementing the same |
| US8161155B2 (en) * | 2008-09-29 | 2012-04-17 | At&T Intellectual Property I, L.P. | Filtering unwanted data traffic via a per-customer blacklist |
| US10200375B2 (en) * | 2016-03-15 | 2019-02-05 | Sony Interactive Entertainment America Llc | Dynamic denial of service detection and automated safe mitigation |
| US11677759B1 (en) * | 2020-07-02 | 2023-06-13 | Cox Communications, Inc. | System to detect and/or prevent unauthorized access to a communication network |
| CN118101323B (en) * | 2024-04-12 | 2024-11-08 | 泉城省实验室 | Network attack dynamic defense method based on RPKI route management and control |
-
2024
- 2024-07-10 CN CN202410919547.5A patent/CN118827195B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117527428A (en) * | 2023-12-12 | 2024-02-06 | 中国联合网络通信集团有限公司 | Access control methods, equipment and storage media based on ACL rules |
Also Published As
| Publication number | Publication date |
|---|---|
| CN118827195A (en) | 2024-10-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8699493B2 (en) | Routing validation | |
| US7215644B2 (en) | Inter-domain constraint-based shortest path first technique for supporting hierarchical routing in interconnected multi-domain optical transport networks | |
| JP4112492B2 (en) | Use of link state information for IP network topology discovery | |
| Gao | On inferring autonomous system relationships in the Internet | |
| US6526450B1 (en) | Method and apparatus for domain name service request resolution | |
| US6871235B1 (en) | Fast path forwarding of link state advertisements using reverse path forwarding | |
| EP1238515B1 (en) | Automatically identifying subnetworks in a network | |
| US6757742B1 (en) | Computer-based system for validating hash-based table lookup schemes in a network switch | |
| US5754790A (en) | Apparatus and method for selecting improved routing paths in an autonomous system of computer networks | |
| US20030112808A1 (en) | Automatic configuration of IP tunnels | |
| US8165038B2 (en) | Network physical connection inference for IP tunnels | |
| CN118487857B (en) | A method for verifying IPv6 real source address prefix based on reverse error correction | |
| EP2050237A2 (en) | Mapping off-network traffic to an administered network | |
| US20070041355A1 (en) | Network physical connection inference for IP tunnels | |
| US20130242801A1 (en) | Reverse Engineering Peering At Internet Exchange Points | |
| CN118827195B (en) | A method for generating IPv6 real source address blacklist and whitelist based on trusted routing classification | |
| CN1953373A (en) | A method to filter and verify open real IPv6 source address | |
| Amini et al. | Issues with inferring Internet topological attributes | |
| Marder et al. | Vrfinder: Finding outbound addresses in traceroute | |
| US7035934B1 (en) | System and method for improving traffic analysis and network modeling | |
| Shamim | Troubleshooting IP routing protocols | |
| Martey | IS-IS network design solutions | |
| US7969995B2 (en) | Method and apparatus for constructing a forwarding database for a data communications network | |
| CN119384820A (en) | Intermediate system to intermediate system for source address verification | |
| CN114244763B (en) | Dynamic network topology management method and system based on rule engine |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |