| 摘要 |
Illegitimate use of IP addresses is counteracted. A network (1) includes a switch (5) with ports (P1,P2,P3) to subscribers (6,6A) and a port (PN) to a core network (2) with DHCP servers (4, 4a,4b). The switch includes a database (MAC1, MAC2), port numbers (P1, P2)) and VLAN identities (VLAN1, VLAN2) for the subscribers (6, 6A) and the filter has a list over trusted DHCP servers. Initially onlY DHCP messages from the subscribers are allowed. When the subscriber (6) requests (M1, M3) for an IP address it is checked that it is a DHCP message with valid subscriber values (MAC1, P1, VLAN1). A respond (M2, M4) with an allocated IP address (IP1) and lease time interval (T1) is checked to come from a trusted DHCP server. If so, a list in the filter (9) with correct information is dynamically generated (MAC1, P1, VLAN1, IP1, T1). A message (M5) from the subscriber (6) with false IP address is discarded by the filter. Attempts by the subscriber to use false IP address are counted and a warning signal is generated. |
| 主权项 |
1. A method for preventing illegitmate use of an Internet Protocol (IP) address by a subscriber device in an IP network, the network including a switch node and at least one id="REI-00003" date="20150331" DHCPid="REI-00003" id="REI-00004" date="20150331" Dynamic Host configuration Protocol (DHCP) id="REI-00004" server, said subscriber device in communication with the switch node, the method including the steps of:
creating a list of trusted ones of the DHCP servers in said switch node; transmitting by the subscriber device receiving from the subscriber a DHCP request message for an IP address; forwarding the DHCP request message; receiving a reply message by said switch node which carries from one of the DHCP servers, said reply message carrying an assigned subscriber IP address, and said switch node comprising a list noting trusted ones of the DHCP servers; analysing the reply message, wherein said analysing comprises determining the reply message by said switch node to be a DHCP message and having a source addressoriginating from one of thea trusted DHCP serversserver; updating a filter dynamically in the switch node, the filter storing an identification of the subscriber device and the assigned subscriber IP address; transmitting a frame from the subscriber device usingreceiving a frame from the subscriber device having a source IP address; comparing in the filter said source IP address with the stored subscriber IP address; and discarding said frame when said source IP address differs from the stored subscriber IP address. |
