Method, device and system for preventing DHCP (Dynamic Host Configuration Protocol) attacks in flat network

A technology for flattening networks and users. It is applied in the field of communication and can solve problems such as exhaustion of available addresses, exhaustion of address pools, and no available addresses for users.

Active Publication Date: 2016-03-23
HUNAN KEAYSHARE COMM TECH CO LTD
View PDF3 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] Through Supervlan, vlan isolation, DHCPserver and DHCPSnooping, a flat network can be established, but in this network, users may perform DHCP attacks to exhaust the address pool; for example, most of the current campus networks use flat network extensions, and Configure a large address pool for the Supervlan. At this time, if the user conducts a DHCP attack, all available addresses under the Supervlan will inevitably be exhausted, resulting in no address available for users in the remaining sub-vlans under the Supervlan.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device and system for preventing DHCP (Dynamic Host Configuration Protocol) attacks in flat network
  • Method, device and system for preventing DHCP (Dynamic Host Configuration Protocol) attacks in flat network
  • Method, device and system for preventing DHCP (Dynamic Host Configuration Protocol) attacks in flat network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046]The core of the present invention is to provide a method, device and system for preventing DHCP attacks in a flat network, which can prevent address exhaustion caused by DHCP attacks, improve network security, and improve the usability and user experience of the overall solution.

[0047] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0048] DHCP is divided into two parts, one is the serve...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method, a device and a system for preventing DHCP (Dynamic Host Configuration Protocol) attacks in a flat network. The method comprises the following steps: setting an interface ID, a Supervlan ID and a corresponding user limit value in DHCP snooping; receiving a discover message sent by a client through the DHCP snooping, and judging whether the client is online or not; if the client is not online, determining the corresponding user limit value according to the interface ID and the Supervlan ID in the discover message; judging whether a quantity of current online users exceeds the user limit value or not; if so, not forwarding the discover message; and otherwise, adding the quantity of the current online users with 1, and forwarding the discover message. Through adoption of the method, the device and the system, address exhausting caused by the DHCP attacks can be prevented; the network security is enhanced; and the availability and user experience of a whole scheme are improved.

Description

technical field [0001] The invention relates to the field of communication technology, in particular to a method, device and system for preventing DHCP attacks in a flat network. Background technique [0002] VLAN is the abbreviation of Virtual Local Area Network (Virtual Local Area Network), which is a logical network divided on a physical network, and the effect is the same as that of a normal local area network. The unicast, broadcast and multicast frames of the second layer are forwarded and diffused in a VLAN, and will not directly enter other VLANs. Therefore, if a host connected to a port wants to communicate with other hosts not in the same VLAN, it must pass through a layer-3 device. [0003] Supervlan, that is, super vlan, also called vlan aggregation, is defined in RFC (RequestForComments, request for comment document) 3069. Its principle is to assign the IP of a network segment to different subVLANs (SubVLAN), and these SubVLANs belong to the same SuperVLAN. Ea...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/0876H04L63/1466H04L61/5061H04L61/5014
Inventor 王德刚张滔钟洪明
Owner HUNAN KEAYSHARE COMM TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products