Method and device for preventing network attacks
First Claim
1. A method for preventing network attacks, comprising:
- obtaining a data packet, wherein a source address of the data packet is a cryptographically generated address (CGA);
detecting the obtained data packet, and determining whether the data packet comprises a CGA parameter and signature information;
authenticating the CGA parameter if the data packet comprises the CGA parameter and the signature information, and authenticating the signature information according to the successfully-authenticated CGA parameter; and
sending the data packet to a destination address after the signature information is authenticated.
4 Assignments
0 Petitions
Accused Products
Abstract
A method for preventing network attacks is provided, which includes: obtaining a data packet, where a source address of the data packet is a cryptographically generated address (CGA); determining that the obtained data packet includes a CGA parameter and signature information; authenticating the CGA parameter; authenticating the signature information according to the authenticated CGA parameter; and sending the data packet to a destination address when the signature information is authenticated. Accordingly, a device for preventing network attacks is also provided. A CGA parameter used by a data packet is directly used to ensure authenticity of a source address of the data packet, thus preventing network attacks performed by counterfeiting the address. In addition, by authenticating signature information, authenticity of identification of a sender of the data packet and bound address of the sender of the data packet are further ensured. Therefore, illegal data packets are filtered to prevent network attacks on servers, thus improving network security.
-
Citations
14 Claims
-
1. A method for preventing network attacks, comprising:
-
obtaining a data packet, wherein a source address of the data packet is a cryptographically generated address (CGA); detecting the obtained data packet, and determining whether the data packet comprises a CGA parameter and signature information; authenticating the CGA parameter if the data packet comprises the CGA parameter and the signature information, and authenticating the signature information according to the successfully-authenticated CGA parameter; and sending the data packet to a destination address after the signature information is authenticated. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for preventing network attacks, comprising:
-
generating a cryptographically generated address (CGA) parameter and signature information according to a source address and a public key; and attaching the source address of the data packet, the CGA parameter, and the signature information to the data packet, and sending the data packet, wherein the source address is the CGA generated according to the public key. - View Dependent Claims (7, 8, 9)
-
-
10. A device for preventing network attacks, comprising:
-
a data packet receiving module, configured to obtain a data packet, wherein a source address of the data packet is a cryptographically generated address (CGA); a data packet check module, configured to check the received data packet, determine whether the data packet comprises a CGA parameter and signature information, and send a first check result; a CGA authentication module, configured to authenticate the CGA parameter of the obtained data packet when the first check result indicates that the CGA parameter exists, and send an authentication result of the CGA parameter; a signature authentication module, configured to authenticate the signature information according to the successfully-authenticated CGA parameter if the authentication result sent by the CGA authentication module indicates that the CGA parameter is authenticated successfully, and send an authentication result of the signature information; and a main control module, configured to process the data packet sent to a server according to the received first check result, and the authentication result, sent by the CGA authentication module of the CGA parameter, or the authentication result, sent by the signature authentication module, of the signature information, wherein if the authentication on the CGA of the obtained data packet performed by the CGA authentication module succeeds, and the authentication performed by the signature authentication module succeeds, then the main control module sends the data packet to a destination address. - View Dependent Claims (11, 12, 13, 14)
-
Specification