Invention Grant
- Patent Title: Protecting address resolution protocol neighbor discovery cache against denial of service attacks
- Patent Title (中): 保护地址解析协议邻居发现缓存免受拒绝服务攻击
-
Application No.: US13459818Application Date: 2012-04-30
-
Publication No.: US09015852B2Publication Date: 2015-04-21
- Inventor: Pascal Thubert , Eric Levy-Abegnoli , Vincent J. Ribiere
- Applicant: Pascal Thubert , Eric Levy-Abegnoli , Vincent J. Ribiere
- Applicant Address: US CA San Jose
- Assignee: Cisco Technology, Inc.
- Current Assignee: Cisco Technology, Inc.
- Current Assignee Address: US CA San Jose
- Agency: Parker Ibrahim & Berg LLC
- Agent James M. Behmke; Kenneth J. Heywood
- Main IPC: G06F7/04
- IPC: G06F7/04 ; G06F21/10
Abstract:
In one embodiment, a device (e.g., switch or registry) maintains a binding table for all internet protocol (IP) addresses in a particular subnet associated with the device, and in response to receiving a neighbor solicitation (NS) lookup message from a router for a particular address, determines whether the particular address is within the binding table. When the particular address is not within the binding table, the device causes the router to not store the particular address in a neighbor discovery (ND) cache at the router (e.g., by responding to clear the cache, or ignoring to prevent state from being created). In another embodiment, the ND-requesting router ensures that the particular address is not kept in an ND cache at the router in response to the device indicating that the particular address is not within its binding table (e.g., an explicit response to clear, or absence of instruction to store state).
Public/Granted literature
- US20130291117A1 PROTECTING ADDRESS RESOLUTION PROTOCOL NEIGHBOR DISCOVERY CACHE AGAINST DENIAL OF SERVICE ATTACKS Public/Granted day:2013-10-31
Information query
