A dynamic host configuration protocol monitoring and protection method and system

A dynamic host configuration and protocol technology, applied in transmission systems, electrical components, etc., can solve problems such as address exhaustion, DHCP user's MAC address/IP address theft, and failure to assign IP addresses to DHCP clients, so as to prevent starvation attack, prevent spoofing attack, and guarantee the effect of normal network connection

Active Publication Date: 2021-07-02
台州市吉吉知识产权运营有限公司
View PDF10 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Part of the AP access network will use the Dynamic Host Configuration Protocol (DHCP) to exchange information. However, because the IP address obtained by the DHCP user is not fixed, it needs to be obtained through information exchange. When the information exchange contains false information and the AP does not find it in time, Then the MAC address / IP address of the DHCP user will be stolen, which will seriously cause the addresses in the address pool of the DHCP server to be exhausted, making it impossible to assign IP addresses to legal DHCP clients, or causing the DHCP server to consume too much system resources. Unable to handle normal business

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A dynamic host configuration protocol monitoring and protection method and system
  • A dynamic host configuration protocol monitoring and protection method and system
  • A dynamic host configuration protocol monitoring and protection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0053] Such as figure 1 As shown, this embodiment provides a dynamic host configuration protocol monitoring and protection method, which is applied to a wireless access point, commonly known as AP in English, and the method includes:

[0054] S10: After detecting that a user has established a connection, create a user information record item to save the physical address of the corresponding user and the wireless interface associated when the user connects;

[0055] In this step, after it is detected that a user establishes a connection, it is detected that a user (STA) is online, rather than a previously connected STA. Specifically: STA1 finds the wireless network name (SSID) of AP1 and associates it with the SSID of AP1. AP1 will receive the CLIENT_IN message that STA1 goes online. After STA1 goes online (STA1 associates with AP1), AP1 will create a user information record corresponding to STA1. Item, which stores the physical address (that is, the MAC address) of STA1 and t...

Embodiment 2

[0063] Such as figure 2 As shown, the difference between this embodiment and the previous embodiments is that this embodiment provides a more detailed method that can prevent terminals from forging DHCP messages (including forging DHCP messages of other terminals under the same wireless interface) to cheat or starve to death. method of attack.

[0064] Before said step S10 includes:

[0065] S01: check whether a wireless bridge is established;

[0066] Considering that wireless bridging is generally used to bridge wired APs to APs in widening wireless networks at present, and STAs are connected to wireless bridging APs, and information exchange is also required. However, due to the limitation of the data transmission distance, the wireless bridged AP cannot actively monitor the DHCP message, and can only transmit it through the wired AP.

[0067] S02: Set a trusted port according to the establishment of the wireless bridge.

[0068] In this step, whether the wireless brid...

Embodiment 3

[0081] Such as image 3 As shown, the difference between this embodiment and Embodiment 2 is that this embodiment also provides a method that can prevent the terminal from frequently going online and offline by modifying the local physical address and prevent the terminal from forging a DHCP server. DHCP response message, perform the following steps:

[0082] S21b: Determine whether the entry of the DHCP response message is a trusted port, if not, discard the DHCP response message, and if so, execute S22b;

[0083] S22b: Search whether there is a corresponding MAC in the user information record item according to the client MAC of the DHCP response message, if not, discard or forward according to the establishment of the wireless bridge, and if it exists, execute Step S23b;

[0084] S23b: Forward the DHCP response message, and if the DHCP response message is a DHCP ACK message in response to finding a corresponding lease record, add the corresponding user IP address and DHCP ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention discloses a dynamic host configuration protocol monitoring and protection method and system, which are applied to wireless access points. The method includes: S10: After detecting that a user has established a connection, create a user information record item to save the physical address of the corresponding user And the wireless interface associated when the user connects; S20: Monitor the DHCP message between the user and the DHCP server, update the content of the user information record item, and select the monitor according to the user information record item Forwarding or discarding the dynamic host configuration protocol message; S30: After detecting that the user is disconnected, delete the user information record item corresponding to the user. The invention can help the wireless network access point to prevent the dynamic host configuration protocol deception and starvation attack caused by the forged message being forwarded by the attacker.

Description

technical field [0001] The invention relates to the field of wireless local area networks, in particular to a monitoring and protection method and system for a dynamic host configuration protocol. Background technique [0002] Wireless local area network (WLAN) refers to a computer local area network with wireless channels as the transmission medium. It is the product of the combination of computer network and wireless communication technology. Truly realizing anytime, anywhere, random broadband network access, almost every day we can experience the efficiency and convenience that WLAN brings to our lives. [0003] The reason why WLAN can provide a convenient broadband network depends on the establishment of WLAN architecture. WLAN has two basic architectures. One is the FAT AP architecture, which is also called an autonomous network architecture. Home wireless routers use the FAT AP architecture, that is, many Fat APs are directly called by people. Fat APs can not only tra...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/12
Inventor 李俊奎
Owner 台州市吉吉知识产权运营有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap