Method for preventing hostile exhausting of DHCP (dynamic host configuration protocol) server address pool

Abstract

The invention discloses a method for preventing hostile exhausting of a DHCP (dynamic host configuration protocol) server address pool. A DHCP server actively sends a Detect message to all on-line DHCP clients in a local network at first, users who do not respond to the Alive messages are screened out, Search messages are sent to the users for secondary on-line verification, if the response is not received, Rejest messages are sent to a gateway router of an affiliated network band of the users, and the network access of the users is refused through the gateway router. For the sending of the Search messages, the work can be realized in a way of getting off from Detect messages, i.e., the server can regularly select some users from an IP address distribution table, and the Search messages are sent for on-line confirmation. The invention provides a mechanism for enabling the server to actively trigger the detection, the IP address pool is effectively used, the on-line operation of legal users can be ensured, meanwhile, certain safety protection can also be provided, and the hostile attack is reduced.

Description

technical field [0001] The invention relates to the technical field of dynamic host configuration protocols, in particular to a method for preventing malicious exhaustion of a DHCP server address pool. Background technique [0002] Each computer connected to the Internet (Internet) needs to know its IP address before sending or receiving data packets; network administrators usually configure the Dynamic Host Configuration Protocol server (DHCP Server) to provide a set of IP addresses (address pool) , whenever a new computer is connected to the network, the server selects an address from the configured address pool and assigns it to the computer, that is, using the DHCP protocol. The protocol adopts the CS mode (client-server). The DHCP server centrally manages network configuration information such as IP addresses, and the DHCP client requests its own configuration information from the DHCP server, thereby realizing automatic configuration of network devices. [0003] The D...

AI Technical Summary

Problems solved by technology

If the release message is not delivered to the server in time due to network failure; or some low-end devices will not actively trigger the release action; or the client originally applied for a long lease period, it has already gone offline; these situations can easily cause the IP address to be idle , especially in scenarios where IP allocation is tight, resulting in waste of resources

[0004] If no security measures are taken, as long as the process of applying for an IP address conforms to the normal interaction process, the client can successfully obtain the IP address; the attacker can impersonate a legitimate client by tampering with the source MAC address (SMAC) of the data packet, and continuously request Obtaining an IP address exhausts the address pool in a short period of time, causing legitimate user devices to no longer request an IP and thus unable to access the network normally

Images