摘要 |
Illegitimate use of IP addresses is counteracted. A network ( 1 ) includes a switch ( 5 ) with ports (P 1 ,P 2 ,P 3 ) to subscribers ( 6,6 A) and a port (PN) to a core network ( 2 ) with DHCP servers ( 4, 4 a ,4 b). The switch includes a database (MAC 1 , MAC 2 ), port numbers (P 1 , P 2 ) and VLAN identities (VLAN 1 , VLAN 2 ) for the subscribers ( 6, 6 A) and the filter has a list over trusted DHCP servers. Initially only DHCP messages from the subscribers are allowed. When the subscriber ( 6 ) requests (M 1 , M 3 ) for an IP address it is checked that it is a DHCP message with valid subscriber values (MAC 1 , P 1 , VLAN 1 ). A respond (M 2 , M 4 ) with an allocated IP address (IP 1 ) and lease time interval (T 1 ) is checked to come from a trusted DHCP server. If so, a list in the filter ( 9 ) with correct information is dynamically generated (MAC 1 , P 1 , VLAN 1 , IP 1 , T 1 ). A messsage (M 5 ) from the subscriber ( 6 ) with false IP address is discarded by the filter. Attempts by the subscriber to use false IP address are counted and a warning signal is generated.
|