If there are two hosts with the same IP address on the LAN, the two hosts will alarm each other, causing application confusion. Therefore, IP address theft has become the most troublesome problem for network administrators. When hundreds or even thousands of hosts go online at the same time, how to control IP address theft ?
Introduce problems
For group users, most of them use dedicated lines to access the Internet. In the planned network segment, the network management department has allocated and formulated corresponding network IP address resources for registered users to ensure the normal transmission of communication data. Here, static IP address is one of the essential configuration items, which enjoys the privilege of "network communication ID card. When configuring IP address resources, network administrators have special requirements for their correctness, which are reflected in the following two Aspects: The assigned address should be within the planned subnet segment; the assigned IP address must be unique to any networked host, that is, without ambiguity.
In practice, the IP addresses assigned and provided by network administrators to network users are valid only after the customers have properly registered. This provides a way for end-users to have direct access to IP addresses. Due to the intervention of end users, network users may freely modify IP addresses. The changed IP address can lead to three results when it is running on the network: 1. Illegal IP address, the IP address modified by itself is not in the planned network segment, and the network call is interrupted; The legitimate IP address running on the Internet has a resource conflict and cannot be linked; 3. Illegal occupation of the allocated resources, stealing the legitimate IP address of other registered users (and the machine registered with the IP address is not powered on) to communicate online. The first two cases can be identified and shielded by the network system, resulting in interruption of operation. In the third case, the operating system cannot effectively discriminate. If the system administrator does not take preventive measures, the third situation will involve the legitimate rights and interests of registered users, which is very harmful.
working principle
The TCP/IP protocol model consists of four layers. The network interface layer is located between the network layer and the physical layer, and consists of NIC and device drivers. Data on this layer can be sent and received over a single and specific network. This uniqueness and specificity is determined by the physical address MAC of the NIC. The MAC of each Ethernet NIC manufacturer must strictly abide by the regulations of the IEEE organization to ensure that the MAC of any NIC in the world is unique and unambiguous. Therefore, the MAC is fixed in each NIC and is only granted access.
In Ethernet, the MAC address exists in the header of each Ethernet packet, and the Ethernet switching device implements the exchange and transmission of data packets according to the MAC source address and MAC destination address in the Ethernet packet header.
When the network layer converts the network address in the high-level protocol into the address used by protocols such as Ethernet, FDDI, and Token Ring, it needs to map the IP address to the physical interface to realize the communication between network nodes. To implement this mapping, the TCP/IP protocol suite provides the Address Resolution Protocol (ARP) in the network interface layer to convert IP addresses into hardware addresses. During network communication, the machine that makes the hardware address resolution request will send a broadcast message to other networked machines in the network. The machine that matches the target IP address will respond to the address resolution request and return its hardware address to the source machine. Other machines in the network do not respond to this request, but they listen to these request packets and record the IP address and hardware address of the source machine. It is worth noting that the operating mechanism of ARP is dynamic, providing timely corrections when IP addresses and hardware addresses change over time.
In practice, the user may change the IP address of the client and replace the network adapter for some reason. Such changes are sometimes arbitrary, especially when such changes are not within the monitoring of network administrators, which will directly affect the safe operation of network resource environments such as network IP address management and communication traffic calculation. In order to effectively prevent and eliminate the occurrence of such problems and ensure the uniqueness of IP addresses, network administrators must establish a standardized IP address allocation table, IP address and hardware address (MAC) registration table, and complete the record.
Solutions
The following three methods can be used to formulate corresponding IP address management measures and countermeasures to monitor and prevent random changes of IP addresses and improve the scientificity and security of network management.
Method 1: Use the ARP function provided by UNIX and Windows systems to collect information regularly, store the directed output in a database or document file, and form a real-time correspondence table between IP addresses and network card hardware addresses. Combined with writing a query program to realize automatic investigation with historical records, determine the occurrence point and cause of the problem.
Method 2: Use the network management function of the network switching device to improve the detection means and improve the ability to check network faults. There are many types of network switches with built-in network management functions. For example, 3Com SUPERSTACK II series switches have the function of finding the corresponding switch ports for IP address settings conflicts, which can quickly and accurately locate and find the faulty host point.
Method 3: According to the principle that the management of IP addresses connected to the Internet is achieved through IP address allocation and router configuration, a static routing table can be set to complete the strict correspondence between IP addresses and hardware addresses to ensure the completeness of the assigned IP addresses. uniqueness.
Comparison of the three methods
Method 1 does not require additional network equipment, the detection results need to be manually interpreted, and there is a certain hysteresis in the troubleshooting of non-conflicting and non-assigned IP addresses.
Method 2 The monitoring effect is fast and accurate. A switching device with network management function is required. The switch automatically tracks IP conflicting addresses, and the conflict monitoring needs to be done manually. There is a certain lag in the troubleshooting of non-conflicting and non-assigned IP addresses.
Method 3 has obvious effects on the management of IP addresses connected to the Internet. It can automatically lock the routing exit of any illegal IP address, so that it can only access the internal IP address, run in the local area network, and have real-time fault handling for non-conflicting and non-distributing IP addresses. It also effectively prevents the access space of illegal IP address users, guarantees the legitimate rights and interests of registered users, and provides more convenience for system maintenance.