If there are two host IP addresses on the LAN, two hosts have alarm each other, causing confusion. Therefore, the IP address is stolen into the top pain of the network administrator. When hundreds of buildings, even thousands of hosts online, how to control IP address stealing?
Introduce problems
For group users, most of them use a special line to access the Internet. The network management department is assigned to registered users and develops corresponding network IP address resources to ensure normal transmission of communication data. Here, the static IP address is an essential configuration item, which has the privilege of "Network Communication Identity Card". When the network administrator is configuring IP address resources, there is a special requirement for its correctness. It is manifested in both aspects: allocated addresses should be within the planned subnet segment; allocated IP addresses must It is the only one, that is, no meaning.
In practice, network administrators are allocated and provided by the network user, only after the customer is properly registered. This provides a way for the end user directly touching the IP address. Due to the intervention of the end user, the network user may freely modify the IP address. The changed IP address can lead to three results when the network is running: 1. Illegal IP addresses, self-modified IP addresses are not in the planned network segment, network call interrupt; 2. Duplicate IP address, with the assigned and is being assigned The legal IP address of the networked operation has a resource conflict. It is impossible to link; The first two cases can be identified by the network system, resulting in operational interrupts, and the third case operating system cannot be effectively discriminated. If the system administrator has not taken prevention, the third situation will involve the legitimate rights and interests of registered users, and it is harmful.
working principle
The TCP / IP protocol model consists of four-layer structure. The network interface layer is between the network layer and the physical layer, consists of NIC and device drivers. The data on this layer can be transmitted and accepted by a single-specific network. This singleness and specificity are determined by the physical address MAC of the NIC. Ethernet NIC manufacturers must strictly abide by the IEEE organization's regulations to ensure that any NIC's Mac's Mac is only unrespectful. Therefore, MAC is cured in each NIC and is only granted access.
In the Ethernet, the MAC address exists on the head of each Ethernet package, and the Ethernet switched device implements the exchange and transmission of packets in accordance with the MAC source address in the Ethernet header and the destination address of the MAC.
When the network layer converts the network address in the high-level protocol into an address used by an agreement such as EtherNet, FDDI, token Ring, you need to map the IP address to the physical interface to implement communication between network nodes. To achieve this mapping, the TCP / IP protocol provides the Address Resolution Protocol (ARP) in the network interface layer, and converts the IP address into a hardware address. When communicating in network communication, the machine proposing the hardware address resolution request will send a broadcasted power to other networked machines in this website. The machine that matches the target IP address will respond to the address resolution request, return its hardware address to the source machine. Other machines in the network do not respond to this request, but they listen to these request packets and store the IP address of the source machine and hardware address. It is worth noting that the operation mechanism of ARP has a dynamic characteristic. When the IP address and the hardware address changes over time, the correction can be provided in time.
In practice, users have the possibility of change the client's IP address and replacement network adapter for some reason. This change sometimes has randomness, especially if such changes are not within the monitoring of network administrators, it will directly affect the security operation of network resource environments such as the management of network IP addresses, and the calculation of communication traffic. In order to effectively prevent and eliminate the occurrence of such problems, ensure that the IP address is unique, the network administrator must establish a specification IP address allocation table, IP address, and hardware address (MAC) registration form, and have a complete offer. Solutions
The corresponding IP address management measures and countermeasures can be developed by the following three methods to monitor and prevent the IP address from the random change of the IP address, and improve the scientific and security of network management.
Method 1: Use the ARP feature provided by UNIX, Windows system, set information, and direct output to the database or document file to form a real-time IP address and network card hardware address. Combined with the preparation of query procedures to automatically investigate and identify problems and causes problems.
Method 2: Using the network management function of the network switching device, improve the detection means to improve the inspection capacity of the network fault. There are currently many network switch built-in network management functions. For example, if the 3com SuperStack II series switches, the function of finding the IP address sets the conflict corresponding switch port, can quickly accurately position and find the fault host point.
Method 3: According to the IP address management of the access Internet Internet, the principle implemented by the IP address assignment and the router, can be set by setting the static routing table, complete the strict corresponding IP address and hardware address, to ensure complete IP address Uniqueness.
Three methods comparison
Method 1 There is no need to use additional network devices, the detection result needs to be manually judged, with a non-conflict, non-assigned IP address fault processing has a certain lag.
Method 2 The monitoring effect is quick and accurate. A switching device with network management functions is required. The switch automatically tracks the IP conflict address, and the monitoring conflict requires manual completion. Troubleshooting of non-conflicts, non-assigned IP addresses has certain lag.
Method 3 The IP address management effect on access Internet is obvious. It automatically locks the routing exit of any illegal IP address, allowing only internal IP addresses, running in a local area network, and has real time to non-conflict, non-assigned IP addresses. It also effectively stops access space of illegal IP address users, ensuring the legitimate rights and interests of registered users, but also provides more convenience to system maintenance.
