CN101247396B - Method, device and system for distributing IP address - Google Patents

Method, device and system for distributing IP address Download PDF

Info

Publication number
CN101247396B
CN101247396B CN 200810057912 CN200810057912A CN101247396B CN 101247396 B CN101247396 B CN 101247396B CN 200810057912 CN200810057912 CN 200810057912 CN 200810057912 A CN200810057912 A CN 200810057912A CN 101247396 B CN101247396 B CN 101247396B
Authority
CN
China
Prior art keywords
terminal
ip address
network
unit
information
Prior art date
Application number
CN 200810057912
Other languages
Chinese (zh)
Other versions
CN101247396A (en
Inventor
周平
董洪洋
钟海涛
Original Assignee
北京北大方正宽带网络科技有限公司
北大方正集团有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京北大方正宽带网络科技有限公司, 北大方正集团有限公司 filed Critical 北京北大方正宽带网络科技有限公司
Priority to CN 200810057912 priority Critical patent/CN101247396B/en
Publication of CN101247396A publication Critical patent/CN101247396A/en
Application granted granted Critical
Publication of CN101247396B publication Critical patent/CN101247396B/en

Links

Abstract

The present invention discloses method, device and system for distributing IP address to terminal, after the server receives IP address solicited message from terminal send, executing the following steps: judging terminal whether or not access network according to saving terminal recording, if terminal accesses network, then the IP address used by terminal is distributed to terminal, otherwise, IP address is distributed by dynamic modus to terminal. Using method of the invention embodiment can distribute IP address to terminal neatly, and is easy to locating terminal and ensuring network safe.

Description

一种分配IP地址的方法、装置及系统 A method for assigning IP addresses, device and system

技术领域 FIELD

[0001] 本发明涉及计算机技术领域,特别地涉及一种分配IP地址的方法、装置及系统。 [0001] The present invention relates to computer technologies, and particularly relates to a method of allocating an IP address, device and system. 背景技术 Background technique

[0002] 目前对于基于TCP/IP (Transmite Control Protocol,传输控制协议/Internet Protocol,网际协议)的网络,IP地址的分配方式主要有静态分配方式和动态分配方式两种。 [0002] For the present, based on TCP / IP (Transmite Control Protocol, Transmission Control Protocol / Internet Protocol, Internet Protocol) network, IP address allocation mainly static allocation and dynamic allocation of two ways.

[0003] 静态分配IP地址方式是指给每一台计算机都分配一个固定的IP地址,动态分配IP地址方式是指仅当用户计算机需要连入网络工作时,系统才在所掌握的可分配IP地址空间中,随机挑选一个IP地址给用户使用的分配方式。 [0003] The static IP address assignment system refers to each computer is assigned a fixed IP address, dynamically assigned IP address mode refers to the computer only when the user needs to work when connected to the network, the system was in the hands assignable IP address space, pick a random IP address assigned to the user's way. 对于临时用户较多但可以使用的IP地址数量有限的网络,如果不要求用户通过身份认证后才能访问网络,那么采用动态分配IP地址的策略是一种十分方便的管理方式。 For more casual users, but the number of IP addresses that can be used a limited network to access the Internet if the user is not required to pass the identity authentication, dynamic IP address assignment strategy is a very convenient way of management. IP地址的动态分配是通过TCP/IP的DHCP (Dynamic HostConfiguration Protocol,动态主机配置协议)进行的,DHCP服务允许工作站连接到网络并且自动获取一个IP地址。 Dynamic IP address allocation is performed by a TCP / IP DHCP (Dynamic HostConfiguration Protocol, Dynamic Host Configuration Protocol), DHCP service allows workstation connected to a network and automatically obtain an IP address.

[0004] 使用静态的IP地址分配方案,优点是便于管理,特别是在根据IP地址限制网络流量的局域网中,以固定的IP地址或IP地址分组产生的流量为依据管理。 [0004] The use of static IP address allocation scheme, the advantage of ease of administration, particularly in the flow limit network traffic based on IP addresses in the LAN, a fixed IP address or IP address of the packet generated based management. 静态分配IP 地址的弱点是合法用户分配的地址可能被非法盗用,不仅对网络的正常使用造成影响,同时由于被盗用的地址往往具有较高的权限,因而也容易给合法用户造成损失和潜在的安全隐患。 Statically assigned IP address is the address of a legitimate user of weakness may be assigned unlawful appropriation, not only affect the normal use of the network, and thus are likely to cause damage to the legitimate users and potential due to the theft of address tend to have a higher authority, the Security risks. 有些管理人员为了能够限制用户使用IP地址,在交换机上将用户的IP、MAC(Media Access Control,介质访问控制)地址、交换机端口进行绑定,这种方法的优点是能够保证正常用户的使用,不会被其他恶意用户所干扰,缺点也很明显,就是对交换机的性能有 Some administrators can also restrict access to the IP address, the user switches on the IP, MAC (Media Access Control, media access control) address, switch port binding, advantage of this method is the ability to ensure the normal use of the user, will not be disturbed by other malicious users, disadvantages are also obvious, it is to switch performance has

[0005] 较高要求,并且绑定工作较为烦琐,如果网络发生改变或人员发生变化或位置发生变化时都需要同时修改,灵活性不够。 [0005] higher, more cumbersome and binding work, all you have to modify if the network changes or personnel changes or position changes, lack of flexibility.

[0006] 使用动态的IP地址分配的方案,优点是没有过多的配置问题,只要在二层网络中启动DHCP服务器就可以进行动态的地址分配,配置简单;缺点是由于用户的地址分配是随机的,通过IP地址无法准确的进行用户定位,同时如果网络中有未经授权即非法的DHCP服务,用户将无法获取正确的网络地址,导致用户无法正常访问网络。 [0006] uses a dynamic IP address allocation scheme, the advantage of the configuration is not too much problem, after the DHCP server is a Layer 2 network can perform dynamic address allocation, configuration is simple; disadvantage is the user address allocation is random can not be accurately positioned by the user IP address, and if the network has unauthorized illegal DHCP service, users will be unable to obtain the correct network address, the customer can not access the network.

[0007] 综上所述,现有技术中,静态的IP地址分配方案安全性或配置灵活性不够,动态的IP地址分配的方案不易定位同户并且难以防范非法DHCP服务。 [0007] In summary, the prior art, a static IP address allocation scheme is not enough security or configuration flexibility, dynamic IP address assignment plan is not easy to locate the same household and are difficult to prevent illegal DHCP service.

发明内容 SUMMARY

[0008] 针对现有技术中安全性或配置灵活性不够以及不易定位同户并且难以防范恶意DHCP服务的问题,本发明实施例提供一种网络地址分配的方法及装置和一种检测及阻止非法DHCP服务的方法及装置,能够兼顾IP地址分配的安全性和灵活性,并能防范非法DHCP 服务的存在。 [0008] For the prior art configuration is not enough security or flexibility, and easy positioning of the same family and it is difficult to prevent a malicious DHCP service, embodiments of the present invention provides a method for network address allocation and device for detecting and preventing illegal and method and apparatus for DHCP services, enabling both safety and flexibility of IP address allocation, and to prevent the existence of illegal DHCP services.

[0009] 本发明实施例提供如下技术方案:[0010] 一种给终端分配IP地址的方法,当服务器收到终端发送的IP地址请求信息之后, 进行如下步骤: [0009] Example embodiments of the present invention provide the following technical solutions: [0010] A method for assigning an IP address to the terminal, when the server receives the IP address request sent by the terminal information, the steps of:

[0011] 根据保存的终端记录判断终端是否曾经接入网络,若是,则将终端曾经接入网络时使用的IP地址分配给终端,若否,则以动态方式依照DHCP协议给终端分配IP地址,其中,所述终端记录包括终端的IP地址和介质访问控制MAC地址,且以动态方式依照DHCP协议给终端分配的IP地址在未列入终端记录的IP地址中选取; [0011] recording based on the stored terminal determines whether the terminal has access to the network, the IP address used when and if yes, the terminal has the access network assigned to the terminal, if not, places dynamically assigned IP address to the terminal in accordance with the DHCP protocol, wherein said terminal comprises an IP address and a recording medium access control (MAC) address of the terminal, and in accordance with the DHCP protocol dynamically assigned IP address to the terminal in the terminal are not included in the recorded selected IP address;

[0012] 在终端进入网络之后,将终端的IP地址和MAC地址进行静态的绑定,并在终端退出网络之后,解除终端的IP地址和MAC地址的绑定。 [0012] After the terminal enters the network, the IP address and MAC address of the terminal static binding, and after the terminal exits the network, IP address of the terminal unbind and the MAC address.

[0013] 一种给终端分配IP地址的系统,包括客户端单元和网络侧装置,其中, [0013] An IP address assigned to the terminal system, comprising a client unit and the network side device, wherein,

[0014] 所述客户端单元,用于向所述网络侧装置发送为终端分配IP地址的请求信息,请求信息中包含终端MAC地址信息; [0014] The client unit, for sending a request message to the IP address assigned to the network-side terminal apparatus, request information including the terminal MAC address information;

[0015] 所述网络侧装置,用于根据所述请求信息和终端记录判断终端是否曾经接入网络,其中,所述终端记录包括终端的IP地址和介质访问控制MAC地址; [0015] The network-side apparatus, according to the request for recording the terminal information and determines whether the terminal has the access network, wherein the terminal records the IP address and the terminal comprises a media access control (MAC) address;

[0016] 还用于在所述终端曾经接入网络时,将终端曾经接入过网络时使用的IP地址分配给终端,在所述终端未曾接入过网络时,以动态方式依照DHCP协议给终端分配IP地址, 还用于在终端进入网络之后,将终端的IP地址和MAC地址进行静态的绑定,并在终端退出网络之后,解除终端的IP地址和MAC地址的绑定,其中,以动态方式依照DHCP协议给终端分配的IP地址在未列入终端记录的IP地址中选取。 [0016] When the terminal is further configured to have an access network, the terminal has accessed the network using the IP address assigned to the terminal, when the terminal has not accessed the network in a dynamic manner in accordance with a DHCP protocol terminal is assigned an IP address, after the terminal is further configured to enter the network, the IP address and MAC address of the terminal static binding, and after the terminal exits the network, IP address of the terminal unbind and the MAC address, wherein, in order to dynamically by DHCP protocol to select the IP address assigned to the terminal is not included in the IP address of the terminal recorded.

[0017] 使用本发明实施例中的方法可以灵活地给终端分配IP地址并且易于定位终端和保障网络安全。 [0017] using the method in the embodiments may be flexibly assigned IP address to the terminal and easy positioning terminal and network security according to the present invention.

附图说明 BRIEF DESCRIPTION

[0018] 图1为网络管理平台、网关、客户端之间的关系示意图; [0018] FIG. 1 is a diagram illustrating the relationship between the network management platform, the gateway, the client;

[0019] 图2为IP地址分配方法示意图; [0019] FIG. 2 is a schematic IP address assignment method;

[0020] 图3为IP地址分配方法流程图; [0020] FIG. 3 is a flowchart illustrating IP address allocation method;

[0021] 图4为IP地址分配系统示意图; [0021] FIG. 4 is a schematic diagram of an IP address assignment system;

[0022] 图5为检测和阻止非法DHCP服务的流程图; [0022] FIG. 5 is a flowchart to detect and prevent illegal DHCP services;

[0023] 图6为检测和阻止非法DHCP服务的装置示意图。 [0023] FIG. 6 is a schematic view of apparatus to detect and prevent illegal DHCP service.

具体实施方式 Detailed ways

[0024] 在现有技术下IP地址分配的方案存在着安全性或配置灵活性不够以及不易定位终端并且难以防范恶意DHCP服务的问题,所以有必要实现一种兼顾安全性和灵活性,且对恶意DHCP服务有所防范的方案。 [0024] IP address allocation scheme there is not enough security or configuration flexibility and easy positioning terminal and difficult to prevent the problem of malicious DHCP services, it is necessary to realize a balance between security and flexibility, and to the state of the art malicious DHCP service be prevention program. 对此,本发明实施例给出一种IP地址分配的方法,通过网络管理平台、网关、客户端三部分的协作,完成终端的地址分配。 In this regard, examples are given of an IP address allocation method of the present invention, the network management platform, the gateway, the client collaboration of three parts, a terminal address assignment. 网络管理平台、网关、客户端之间的关系如图1所示,网络管理平台101管理若干个网关102,每个网关102连接有若干终端103,在每个终端103上设置有客户端104。 The relationship between the network management platform, the gateway, the client 1, the network management platform 101 manages a plurality of gateway 102, gateway 102 is connected to each of the plurality of terminals 103, 103 are provided on each end with a client 104.

[0025] 本发明实施例给出一种IP地址分配的方法,将动态的分配IP地址的方法与静态的分配IP地址的方法结合。 Examples are given of the method of allocating an IP address Embodiment [0025] the present invention, the dynamic allocation of an IP address is combined with the static method of assigning IP addresses. 如图2所示,当服务器收到终端发送的IP地址请求信息之后, 根据保存的终端记录判断终端是否曾经接入网络,若是,则将终端曾经接入网络时使用的 2, when the server receives the IP address request message sent by the terminal after, according to the stored recording terminal determines whether the terminal has the access network, if used, it will have a terminal access network

5IP地址分配给终端,若否,则以动态方式给终端分配IP地址。 5IP address allocated to the terminal, if not, places dynamically assign IP addresses to the terminal.

[0026] 当终端第一次接入网络,通过设置在网关的DHCP服务器获取了IP地址并使用位于终端的客户端通过客户端用户名和密码通过网络管理平台的认证之后,网络管理平台将该终端IP地址和MAC地址记录在终端记录中。 [0026] When a terminal first access network provided by the DHCP server acquires the IP address of the gateway and the terminal is located using the client through the client user name and password authentication after the network management platform, the network terminal management platform IP address and MAC address of the terminal is recorded in the record. 随着新接入网络的终端数量的增加,该终端记录中的条目也随着增多,并且条目中所列的终端与网络有时连接,有时处于断开状态。 With the increase of the number of terminals of the new access network, the terminal along with the entry in the increase, and the entries listed in the terminal and the network are sometimes connected and sometimes in an open state. 网络管理平台通过检索终端的MAC地址是否在终端记录中得知终端是否曾经接入网络。 Network management platform by retrieving the MAC address for the terminal whether the terminal has informed the access terminal in the network record.

[0027] 如图3所示,本实施例给出的方法具体步骤如下: Method [0027] 3, this embodiment gives the following steps:

[0028] 步骤301 :终端向网关发送IP地址请求信息; [0028] Step 301: the terminal sends the IP address request message to the gateway;

[0029] 步骤302 :网络管理平台检索终端记录,判断终端是否曾经接入网络,若否,进行步骤303,若是,进行步骤304 ; [0029] Step 302: the network terminal to retrieve records management platform, the network determines whether the terminal has access, if not, proceeds to step 303, if yes, perform step 304;

[0030] 步骤303 :网关依照DHCP协议给终端随机分配一个IP地址; [0030] Step 303: The gateway terminal in accordance with the DHCP protocol to a randomly assigned IP address;

[0031] 步骤304 :网络管理平台根据终端MAC地址在终端记录中查找该终端的IP地址并将该地址分配给该终端; [0031] Step 304: find the IP address of the network management platform of the terminal and the terminal address assigned to the terminal according to the MAC address of the terminal in the record;

[0032] 步骤305 :终端将MAC地址、IP地址、客户端用户名、密码提交给网关,由网关转交至网络管理平台; [0032] Step 305: The terminal MAC address, IP address, the client user name and password submitted to the gateway, transmitted from the gateway to the network management platform;

[0033] 步骤306 :网络管理平台判断终端是否合法,若否,则进行步骤307,若是,则进行步骤308 ; [0033] Step 306: the terminal determines whether a network management platform valid, if not, proceeds to step 307, if yes, perform step 308;

[0034] 步骤307 :网络管理平台收回向该终端分配的IP地址,给出提示信息; [0034] Step 307: the network management platform to recover the IP address assigned to the terminal, information prompt;

[0035] 步骤308 :网络管理平台授权终端可以接入网络,并记录终端的IP地址和MAC地址; [0035] Step 308: the network management platform authorized terminals can access the network, and records the IP address and the MAC address of the terminal;

[0036] 步骤309 :进行ARP的静态绑定。 [0036] Step 309: the static binding ARP.

[0037] 在步骤301中,终端向网关发送的数据包中含有终端的MAC地址;在步骤302中网络管理平台从网关处获取终端发送的数据包并中根据该终端的MAC地址是否在终端记录中来判断终端是否第一次接入网络。 [0037] In step 301, data packets sent by the terminal to the gateway contains the MAC address of the terminal; obtaining a data packet sent by the terminal in step the network management platform 302 from the gateway, and whether the terminal records the MAC address of the terminal the terminal determines whether the first access network. 如果终端记录中存在该终端的MAC地址,说明该终端曾经获取到一个IP地址,并且终端记录中也存在该IP地址信息,于是网络管理平台把该终端的MAC地址和IP地址发送到网关,由网关将该IP地址分配给具有该MAC地址的终端。 If the presence of the terminal in the terminal records the MAC address, indicating that the terminal has obtained an IP address, and the terminal records also the presence of the IP address, then the network management platform sends the MAC address of the terminal and the IP address of the gateway, by the the gateway IP address assigned to the terminal having the MAC address. 如果终端记录中不存在该终端的MAC地址,则说明该终端是第一次访问网络,此时以动态方式给终端分配IP地址,即依照DHCP协议进行。 If the MAC address of the terminal does not exist in the terminal records, it indicates that the terminal is a first access network, in this case an IP address dynamically allocated to the terminal, that is in accordance with the DHCP protocol. 终端在获取到IP地址之后将IP地址、自身MAC地址、客户端用户名、密码通过网关转交给网络管理平台,网络管理平台收到后对终端进行认证以判断该终端是否合法,若合法则授权终端进入网络,并且把终端的MAC地址信息和IP地址信息存放在终端记录中。 After acquiring the terminal to the IP address of the IP address, its own MAC address, client user name, password forwarded to the gateway network management platforms, network management platform upon receipt of authenticating the terminal to determine whether the terminal is legitimate, if it is legally authorized terminal enters the network, the MAC address and the IP address information of the terminal and the terminal information stored in the record.

[0038] 在终端进入网络之后,进行ARP的静态绑定,即网关将终端的IP地址和MAC地址进行静态的绑定,终端将网关的IP地址和MAC地址进行静态的绑定;在终端退出网络之后, 网关解除终端IP地址和MAC地址的绑定,终端解除网关IP地址和MAC地址的绑定。 [0038] After the terminal enters the network, ARP static binding, i.e. the IP address of the gateway terminal and the MAC address of static binding, the terminal IP address and MAC address of the gateway static binding; exit terminal after the network, the gateway unbind terminal IP address and the MAC address, the IP address of the gateway terminal and unbind MAC address.

[0039] 在本发明实施例中通过合适地配置网关设备和终端设备,使得网关能够提供的IP 地址数量不少于终端的数量。 [0039] In an embodiment of the present invention, suitably configured by the gateway device and a terminal device, such that the number of IP addresses that can be provided not less than the number of gateway terminals. 在步骤303中依照DHCP协议分配IP地址时,在未列入网络管理平台终端记录的IP地址中选取。 When the IP address assigned by DHCP protocol in step 303, select the network management platform are not included in the terminal records the IP address.

[0040] 如果终端设备发生变化,导致其MAC地址改变,则先将网络管理平台中的终端记录进行更新,解除该终端MAC地址与IP地址的绑定关系,并且在该终端下一次向网关发出获取IP请求时,通过DHCP服务将随机的IP地址分配给该终端,若其进一步通过认证接入网络,则记录其MAC地址和IP地址,重新建立二者的绑定关系。 [0040] If the terminal device is changed, resulting in change its MAC address, recording the first terminal of the network management platform is updated, unbind terminal MAC address and IP address, and sent to a gateway in the terminal acquiring request IP, DHCP service by a random IP address assigned to the terminal, if it is further authenticated by the access network, the MAC address and IP address record, re-establish a binding relationship between the two.

[0041] 本发明实施例给出的方法使用了客户端的用户名和密码提高了终端的安全性,记录终端的MAC地址和IP地址使得对终端可以方便地定位,终端的MAC地址既可以绑定也可以解除绑定,这使得IP地址的分配又有一定的灵活性。 The method of Example forth embodiment [0041] The present invention uses a user name and password for the client improve the security of the terminal, recording the MAC address and IP address of the terminal such that the terminal can be easily positioned, the MAC address of the terminal may either bind also It can be unbound, which makes the allocation of IP addresses has a certain flexibility.

[0042] 本发明实施例给出一种给终端分配IP地址的系统,如图4所示。 Embodiment [0042] embodiment of the present invention, a dispensing system is given the IP address of the terminal, as shown in FIG. 管理单元401和分配单元402是网络侧装置,客户端单元403设置在终端侧,用于发出请求给终端分配IP 地址的数据包。 Management unit 401 and dispensing unit 402 is a network-side device, the client unit 403 is provided on the terminal side makes a request for allocating an IP address to the packet data terminal. 数据包的内容依照DHCP协议的格式,包括终端MAC地址信息。 Contents of the packet format in accordance with the DHCP protocol, including the terminal MAC address. 分配单元402可以设置在网关的DHCP服务器中,接收客户端单元403发出的数据包,然后传递至管理单元401,管理单元401中的第一判断单元4011从数据包判断终端是否曾经接入网络。 Dispensing unit 402 may be provided in the gateway DHCP server, the client unit receiving the data packet sent 403, then transmitted to the management unit 401, a first management unit 401 from the packet judging unit 4011 judges whether the terminal has access to the network. 此时第一判断单元4011是通过检索管理单元401中的记录单元4012而得出,记录单元4012 中保存有终端记录,终端记录的内容包括曾经接入网络的终端的MAC地址信息和IP地址信息。 At this time, the first determining unit 4011 is derived by the management unit 401 retrieves the recording unit 4012, a recording unit 4012 records is stored in the terminal, the terminal records the contents of an access terminal includes a network has MAC address information and IP address information . 如果记录单元4012在终端记录中检索到了数据包中终端的MAC地址,则说明该终端曾经接入网络,并在记录中同时可检索到该终端曾经接入网络时得到的IP地址,即此时终端MAC地址与曾经接入网络时使用的IP地址是对应关系。 If the recording unit 4012 retrieves the MAC address of the packet in the terminal in the terminal records, it indicates that the terminal has access to the network, and the IP address can be retrieved at the same time when the terminal has obtained access to the network in the record, i.e., at this time terminal MAC address and the network have access to the use of the correspondence between the IP address. 于是第一判断单元4011将第一种提示信息发送至分配单元402,分配单元402收到后将终端曾经接入网络时使用的IP地址分配给终端。 A first judging unit 4011 then transmits the message to the first dispensing unit 402, allocation unit 402 receives an IP address used to access the network after the terminal was allocated to the terminal. 如果第一判断单元4011未能在终端记录中检索到数据包中终端的MAC地址, 则说明具有该MAC地址的终端未曾接入网络,此时第一判断单元4011将第一种提示信息发送至分配单元402,分配单元402收到后动态方式给终端分配IP地址,即依DHCP协议进行。 If the first determination unit 4011 can not retrieve the MAC address of the packet in the terminal in the terminal records, it indicates that the terminal having the MAC address has not access the network, then the first judgment unit 4011 transmits a first message to allocating unit 402, dynamically assigned IP address assigned to the terminal unit 402 receives, that is according to the DHCP protocol.

[0043] 当终端记录中的终端MAC地址和IP地址的对应关系发生改变,例如当终端设备发生改变导致其MAC地址改变时,客户端单元403中的通知单元4031向管理单元401发送通知信息,第一判断单元4011根据通知信息,向分配单元402发送第二种提示信息,即要求分配单元依DHCP协议为终端分配IP地址。 [0043] When the corresponding relationship between the terminal records the terminal MAC address and IP address change, for example when the terminal equipment changes result in its MAC address is changed, the client unit notifies 403 units 4031401 transmits notification information to the management unit, a first determination unit 4011 according to the notification message, transmitting a second message to the dispensing unit 402, which requires the assignment unit assigns an IP address to the terminal by DHCP protocol.

[0044] 在终端获得IP地址之后,还需判断终端是否合法。 [0044] After obtaining the IP address of the terminal, the terminal determines whether the legitimate needs. 此时客户端单元403中的提交单元4032向管理单元401提交终端MAC地址信息、终端IP地址信息、用户名、密码,根据这些资料,管理单元401中的第二判断单元4013根据自身存储的用户名与密码数据库来判断判断终端的合法性,若终端合法,将根据终端MAC地址信息和IP地址信息生成终端记录信息,并且发送至记录单元4012 ;若终端不合法,则断开与终端的连接,必要时可向客户端单元403传送相关的说明信息。 Issuing unit 403. At this time, the client terminal unit 4032 to submit the information to the MAC address management unit 401, a terminal IP address, user name, password, according to these data, the management unit of the second determination unit 4014013 user stored in itself database to determine the name and password to determine the legality of the terminal, the terminal if legitimate, the record information terminal according to the MAC address information and IP address information generation terminal, and transmits to the recording unit 4012; if the terminal is not valid, the terminal disconnects , necessary information may indicate to the transmission unit 403 associated with the client. 使用本发明实施例给出的系统兼顾了IP地址分配的安全性和灵活性,并能对终端进行定位。 The system of the present invention using the embodiment examples given both the security and flexibility of IP address assignment, and to locate the terminal.

[0045] 本发明实施例给出一种在动态IP地址分配的方式下防范非法DHCP服务器影响网络运行的方法。 Examples are given prevent illegal method of the DHCP server IP address assigned dynamically affect operation of the network [0045] of the present invention. 设置在网关的DHCP服务器经过网络管理平台的授权,可以为终端分配IP 地址,未经网络管理平台授权的DHCP服务器称作非法DHCP服务器,它的存在会导致网络中IP地址的冲突,通讯无法正常进行。 DHCP server settings in the gateway of authorized network management platform, the terminal can be assigned an IP address, network management platform without the authorization of the illegal DHCP server called the DHCP server, its presence will lead to conflict in the network IP address, communication can not be normal get on. 所以必须检测和阻止非法DHCP服务器的存在。 It is necessary to detect and prevent the presence of illegal DHCP server.

[0046] 本发明实施例采用如下步骤来检测和阻止非法DHCP服务器的存在,如图5所示。 Embodiment [0046] The present invention uses the following steps to detect and prevent illegal presence of the DHCP server, as shown in FIG.

[0047] 步骤501 :在网关广播DHCP请求数据包,并且位于网关的DHCP服务器不响应来自网关MAC地址的请求; [0047] Step 501: the gateway broadcasts a DHCP request packet, and not in a gateway DHCP server responds to requests from the gateway MAC address;

[0048] 步骤502 :判断网关是否收到DHCP回应,若否,则返回步骤501,若是,则进行步骤503和步骤505 ;[0049] 步骤503 :通知网络管理平台存在非法DHCP服务器; [0048] Step 502: determining whether the gateway DHCP response is received, and if not, returns to step 501, if yes, step 503 and step 505; [0049] Step 503: Notify the DHCP server there is an illegal network management platform;

[0050] 步骤504 :网络管理平台对非法DHCP服务器定位并进一步处理; [0050] Step 504: The network management platform and the positioning of the illegal DHCP server for further processing;

[0051] 步骤505 :在网关广播DHCP请求数据包,每次广播的数据包中含有若干不同MAC 地址,并且位于网关的DHCP服务器不响应来自网关发出的DHCP请求; [0051] Step 505: the gateway broadcasts a DHCP request packet, each broadcast packet contains several different MAC addresses, DHCP server and the gateway are not located in response to the DHCP request issued from the gateway;

[0052] 步骤506 :发送包含网关MAC地址的DHCP请求数据包; [0052] Step 506: the gateway MAC address transmits a DHCP request packet;

[0053] 步骤507 :判断网关是否收到DHCP回应,若是,则返回步骤505,若否,则结束流程。 [0053] Step 507: determining whether the gateway DHCP response is received, and if so, returns to step 505, if not, the process ends.

[0054] 步骤501和步骤502是检测网络中是否存在非法DHCP服务器。 [0054] Step 501 and step 502 detects whether there is an illegal network DHCP server. 在网关广播的DHCP 请求是用于检测非法DHCP服务器,此时需要阻止网关的DHCP服务器回应该请求。 In the DHCP request broadcast gateway is used to detect illegal DHCP server, and the need to prevent the gateway from the DHCP server responds to the request. 网关可以向DHCP服务器发送说明信息,令DHCP服务器不响应包含网关MAC地址的DHCP请求。 DESCRIPTION gateway may send information to the DHCP server, so that the DHCP server does not respond to the DHCP request contains the gateway MAC address. 于是此时若位于网关的DHCP服务器收到分配IP地址的回应,则可以判定是来自非法DHCP服务器,这样就检测出非法DHCP服务器的存在。 At this time, if it is located so the gateway DHCP server assigns an IP address to receive a response, it can be determined from the DHCP server illegally, thus detecting the presence of illegal DHCP server.

[0055] 步骤505中在每次广播的数据包中含有不同MAC地址,是一种虚拟的MAC地址,以满足每个MAC地址只能申请一个IP地址的规定,并且使用多个MAC地址是为了将非法DHCP 所能提供的IP地址全部占满。 [0055] Step 505 contained in each broadcast packet a different MAC address, a MAC is a virtual address, each MAC address to meet only apply for a predetermined IP address and MAC address is to use a plurality of the illegal DHCP IP address can provide fully occupied. 这时使用的MAC地址数量可以由网络管理员在检测时设定或预先设定默认值。 In this case the number of MAC addresses can be set using a default value set in advance or upon detection by the network administrator. 在检测过程中,网关可以向DHCP服务器发送说明信息,令DHCP服务器不响应包含网关广播的这些虚拟MAC地址的DHCP请求,而非法DHCP服务器收到网关广播的这种包含了多个不同MAC地址的数据包后,会向每个MAC地址分配一个IP地址,因为这些MAC地址是虚拟的,所以此时网关不能收到非法DHCP服务器的回应,所以网关需再发送一个包含自身MAC地址的DHCP请求数据包,则可以根据网关是否收到回应来检测出非法DHCP服务的IP地址是否被全部占满。 In the detection process, the gateway may send descriptive information to the DHCP server, so that the DHCP server does not respond to the DHCP gateway virtual MAC address comprises a broadcast request illegal gateway DHCP server receives this broadcast contains the MAC addresses of a plurality of different after the data packet, an IP address is assigned to each MAC address as the MAC addresses are virtual, so in this case the gateway DHCP server can not illegally receive a response, it should be subject to the gateway sends a DHCP request to the own MAC address data comprises package, you can detect illegal DHCP service IP address is occupied, according to all the gateway is to receive a response. 在非法DHCP服务的IP地址被全部占满的情况下,网关发出DHCP请求数据包后不会收到DHCP回应,这样就阻止了非法DHCP服务器在网络中的存在。 In the case of illegal DHCP service IP address is fully occupied, the gateway issue will not receive a DHCP response DHCP request packet, thus preventing the existence of illegal DHCP server in the network.

[0056] 在步骤501和步骤505中也可以由其他网元来广播数据请求包。 [0056] In step 501 and step 505, the packet may be requested by the broadcast data to other network elements. 此时需要在数据包中添加特定信息,使位于网关的DHCP服务器识别这种数据请求包是执行检测功能,从而不为数据包中的MAC地址所对应的网元分配IP地址。 At this time, you need to add identification information in the packet, so that the DHCP server is located in the gateway to identify such data request packet is to perform the detection function, which is not the MAC address of the packet corresponding to an IP address assigned NE. 在步骤506中,需要发送一个网络中实际存在的MAC地址,并使位于网关的DHCP服务器不响应来自该MAC地址的IP请求,以便使该MAC地址对应的网元能够接收非法DHCP服务器的回应,以检测出非法DHCP服务的IP 地址是否被全部占满。 In step 506, the network needs to send a MAC address actually exist, and is located in the gateway IP DHCP server does not respond to a request from the MAC address, MAC address so that the network element can receive the DHCP server to respond to illegal, whether the IP address to detect illegal DHCP services are all filled.

[0057] 使用本发明实施例给出的方法,能够在网络中分配IP地址的方式为动态分配的情况下检测到非法DHCP服务器的存在并消除它的影响,并且网络管理平台对非法DHCP服务器定位并进一步处理。 [0057] Using the method given in Example embodiments of the present invention, it is possible to assign IP addresses in the network mode is the case of dynamic allocation of detecting the presence of the DHCP server and eliminate illegal its influence, and network management platform positioned illegal DHCP server and further processing.

[0058] 如图6所示,本发明实施例给出一种检测非法DHCP服务的装置和阻止非法DHCP 服务的装置。 [0058] As shown in FIG. 6, the apparatus for detecting illegal DHCP service given embodiment and preventing illegal DHCP service apparatus of the present invention. 图中非法DHCP服务检测装置610包括发送单元611和检测单元612,非法DHCP服务阻止装置620包括发送单元621和检测单元622,这两个装置用来检测和阻止网络中的非法DHCP服务器640的存在,从而保证授权DHCP服务器630的正常工作和网络的正常运行。 FIG illegal DHCP service detection apparatus 610 includes a transmitting unit 611 and a detection unit 612, the DHCP server prevents illegal device 620 includes a transmission unit 621 and a detection unit 622, and the two blocking means for detecting illegal network DHCP server 640 is present to ensure the normal operation of authorized DHCP servers and networks to work 630.

[0059] 本发明实施例给出的装置可以位于网关,也可以设置于网络中的其他网元。 Apparatus given in the examples [0059] The present invention may be located in a gateway may be provided in the network of other network elements. 在本发明实施例给出的装置开始运行时,先由非法DHCP服务检测装置610检测非法DHCP服务器640的存在。 In the apparatus embodiment of the present invention are given embodiment starts running, first detecting means illegal DHCP server 610 detects the presence of the DHCP server 640 illegally. 此时发送单元611广播DHCP请求数据包,数据包中含有网关的MAC地址,这 At this time, the transmission unit 611 broadcasts a DHCP request packet, the data packet contains the MAC address of the gateway, which

8种数据包会被授权DHCP服务器630和非法DHCP服务器640收到。 Eight kinds of packets are authorized DHCP server 630 and receive 640 illegal DHCP server. 与此同时发送单元611 还需向授权的DHCP服务器630发送说明信息,以使得授权DHCP服务器630不去响应这种数据包。 At the same time authorizing transmission unit 611 needs to send a DHCP server 630 described information, so that the DHCP server 630 not authorized to respond to such data packet. 说明信息的内容可以是令授权的DHCP服务器630不响应含有发送单元所在网元的MAC地址的DHCP请求数据包。 Help content information may be authorized to make a response to the DHCP server 630 does not contain the transmission unit is located DHCP NE MAC address request packet. 然后检测单元612开始检测,若收到DHCP回应则判定是来自非法DHCP服务器640,这就确认了非法DHCP服务器640的存在。 Then detection unit 612 starts to detect, if it is determined that the DHCP response is received from illegal DHCP server 640, which confirmed the existence of 640 illegal DHCP server. 在确认非法DHCP服务器640存在的情况下,检测单元612还可以向网络中的有关管理装置发送相关信息,以进一步处理网络中存在的非法DHCP服务器。 In the case where the DHCP server 640 to confirm the presence of illegal, the detection unit 612 may also send related information to the relevant network management device, further processing of illegal DHCP server present in the network.

[0060] 接下来,由非法DHCP服务阻止装置620对非法DHCP服务器640的非法服务进行阻止,此时发送单元621先广播DHCP请求数据包,每次广播的数据包中含有若干不同MAC地址,同时还需向这时授权的DHCP服务器630发送说明信息,以使得授权DHCP服务器630不去响应此数据包。 [0060] Next, the DHCP server prevents illegal device 620 illegal DHCP server 640 is performed to prevent illegal service, when the first transmission unit 621 broadcasts a DHCP request packet, each multicast packet contains a number of different MAC addresses, while Description 630 transmits information needed to time the authorized DHCP server, the DHCP server 630 to authorize that do not respond to this packet. 而非法DHCP服务器640依旧会对这些MAC地址分配IP地址。 640 illegal DHCP server will assign an IP address is still the MAC address. 因为此时广播的数据包中的MAC地址并不对应网络中实际的网元,也无从接收非法DHCP服务器640 对这些MAC地址的回应,所以接下来为了检测出非法DHCP服务器640所能提供的IP地址是否被占满,需要再发送一个带有网络中实际MAC地址的DHCP请求数据包,可以是检测单元622所在网元的MAC地址,此时若检测单元622收到DHCP回应,则说明非法DHCP服务还未被阻止,其原因是非法DHCP服务器640所能提供的IP地址还未被占满,所以重复前面的步骤,即发送单元621广播DHCP请求数据包和带有网络中实际MAC地址的DHCP请求数据包,直到检测单元622不再收到DHCP回应为止,此时可以判定非法DHCP服务已被阻止。 Because the MAC address of the broadcast packet does not correspond to the actual network element in the network, and no illegal DHCP server 640 receives the response to these MAC addresses, so the next IP to the DHCP server 640 can provide the illegal detected if the address is filled, with a need to send a DHCP network real MAC address request packet, the detection unit 622 may be the MAC address of the network element where, if at this time the detection unit 622 receives the DHCP response, then the DHCP illicit service has not been blocked, the reason is illegal IP address the DHCP server 640 can provide not been filled, the previous steps are repeated, i.e., the transmission unit 621 broadcasts a DHCP request with a DHCP packet and the real MAC address of the network request packet, the detection unit 622 until a far longer receive the DHCP response, can be determined case illegal DHCP service has been blocked.

[0061] 使用本发明实施例给出的装置,能够在网络中分配IP地址的方式为动态分配的情况下检测到非法DHCP服务器的存在并阻止它的服务。 [0061] Use of the device according to embodiments of the present invention are given, it is possible to assign IP addresses in the network mode is the case of dynamic allocation of detecting the presence of the DHCP server and prevent illegal its services.

[0062] 显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。 [0062] Obviously, those skilled in the art can make various modifications and variations to the invention without departing from the spirit and scope of the invention. 这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。 Thus, if these modifications and variations of the present invention fall within the claims of the invention and the scope of equivalents thereof, the present invention intends to include these modifications and variations.

Claims (8)

1. 一种给终端分配IP地址的方法,其特征在于,当服务器收到终端发送的IP地址请求信息之后,进行如下步骤:根据保存的终端记录判断终端是否曾经接入网络,若是,则将终端曾经接入网络时使用的IP地址分配给终端,若否,则以动态方式依照DHCP协议给终端分配IP地址,其中,所述终端记录包括终端的IP地址和介质访问控制MAC地址,且以动态方式依照DHCP协议给终端分配的IP地址在未列入终端记录的IP地址中选取;在终端进入网络之后,将终端的IP地址和MAC地址进行静态的绑定,并在终端退出网络之后,解除终端的IP地址和MAC地址的绑定。 CLAIMS 1. A method for a terminal to assign IP addresses, wherein, when the server receives the IP address request message sent by the terminal performs the steps of: determining whether the record stored in accordance with the access network was the terminal of the terminal, if yes, when the terminal IP address assigned to the terminal has access to the network, if not, places dynamically allocated IP addresses by DHCP protocol to the terminal, wherein the terminal records the IP address and the terminal comprises a media access control (MAC) address, and with dynamically allocated to the terminal according to the IP address of the DHCP protocol is not included in the IP address of the terminal records selected; after the terminal enters the network, the IP address and MAC address of the terminal static binding, and after the terminal exits the network, unbind IP address and MAC address of the terminal.
2.如权利要求1所述的方法,其特征在于,所述终端记录通过如下方式保存:判断所述终端是否合法,若是则将所述终端介质访问控制MAC地址信息和IP地址信息写入所述终端记录。 2. The method according to claim 1, characterized in that the terminal records saved by: determining whether the terminal is valid, then if the terminal media access control MAC address information and IP address information is written as said terminal records.
3.如权利要求2所述的方法,其特征在于,所述判断所述终端是否合法是通过验证终端提交的终端MAC地址信息、终端IP地址信息、用户名、密码是否正确来完成。 The method according to claim 2, wherein the terminal determines whether the terminal is submitted valid by verifying the MAC address information of the terminal, the terminal information of the IP address, user name, whether the correct password to complete.
4.如权利要求2所述的方法,其特征在于,若所述终端记录中的终端MAC地址信息改变,则不进行所述判断而是直接以所述动态方式给所述终端分配IP地址。 4. The method according to claim 2, wherein, if the terminal records the MAC address of the terminal information changes, the determination is not carried out but in the dynamically assigned IP addresses directly to the terminal.
5. 一种给终端分配IP地址的系统,其特征在于,包括客户端单元和网络侧装置,其中,所述客户端单元,用于向所述网络侧装置发送为终端分配IP地址的请求信息,请求信息中包含终端MAC地址信息;所述网络侧装置,用于根据所述请求信息和终端记录判断终端是否曾经接入网络,其中,所述终端记录包括终端的IP地址和介质访问控制MAC地址;还用于在所述终端曾经接入网络时,将终端曾经接入过网络时使用的IP地址分配给终端,在所述终端未曾接入过网络时,以动态方式依照DHCP协议给终端分配IP地址,还用于在终端进入网络之后,将终端的IP地址和MAC地址进行静态的绑定,并在终端退出网络之后,解除终端的IP地址和MAC 地址的绑定,其中,以动态方式依照DHCP协议给终端分配的IP地址在未列入终端记录的IP 地址中选取。 A dispensing system IP address to the terminal, wherein the unit and the network includes a client-side device, wherein the client unit, for transmitting to said network-side apparatus information request terminal is assigned an IP address , request information including the terminal MAC address information; means the network side, according to the request for recording the terminal information and determines whether the terminal has the access network, wherein the terminal comprises an IP address and a recording medium access control (MAC) terminal address; the IP address is also used when the terminal has the access network, the terminal has accessed the network terminal assigned to use, when the terminal has not accessed the network in a dynamic manner in accordance with the DHCP protocol to the terminal assign an IP address, after the terminal is further configured to enter the network, the IP address and MAC address of the terminal static binding, and after the terminal exits the network, IP address of the terminal unbind and the MAC address, wherein the dynamic manner in accordance with the DHCP protocol IP address assigned to the terminal is not included in the terminal records the IP address selected.
6.根据权利要求5所述的系统,其特征在于,所述网络侧装置包括:管理单元和分配单元,其中,所述管理单元,包括记录单元和第一判断单元,其中,所述记录单元,用于保存终端记录;所述第一判断单元,用于根据所述请求信息和终端记录判断终端是否曾经接入网络, 若是,则向所述分配单元发送第一种提示信息,若否,则向所述分配单元发送第二种提示信息;所述分配单元,用于收到第一种提示信息时将终端曾经接入网络时使用的IP地址分配给终端,收到第二种提示信息时以动态方式给终端分配IP地址。 6. A system as claimed in claim 5, wherein said network-side apparatus comprising: a managing unit and a dispensing unit, wherein the management unit includes a recording unit and a first judging unit, wherein the recording unit for storing recording terminal; the first determining unit, according to the request for recording the terminal information and determines whether the terminal has access to the network, if yes, sending a first message to said dispensing means, if not, the second unit transmits to the message distribution; the distribution unit, IP addresses used when a first message is received for the terminal assigned to the terminal has the access network, the second message is received when the terminal IP address is assigned in a dynamic manner.
7.如权利要求6所述的系统,其特征在于,所述管理单元还包括:第二判断单元,用于判断所述终端是否合法,在确定终端合法时,根据所述终端MAC地址信息和IP地址信息生成终端记录信息,并且将所述终端记录信息发送至所述记录单元保存。 7. The system according to claim 6, wherein said managing unit further comprises: a second determination unit configured to determine the legality of the terminal, the terminal in determining the method, the terminal according to the MAC address information and IP address information generation record information terminal, and the terminal records information to the recording means.
8.如权利要求7所述的系统,其特征在于,所述客户端单元还包括:通知单元,用于当终端MAC地址发生改变时,向所述网络侧装置发送通知信息,提示第一判断单元向所述分配单元发送第二种提示信息。 8. The system according to claim 7, wherein said client unit further comprises: a notification means for, when the MAC address of the terminal changes, the network side sending a notification to the device information, the first judgment prompted unit to send a second message to the dispensing.
CN 200810057912 2008-02-20 2008-02-20 Method, device and system for distributing IP address CN101247396B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200810057912 CN101247396B (en) 2008-02-20 2008-02-20 Method, device and system for distributing IP address

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200810057912 CN101247396B (en) 2008-02-20 2008-02-20 Method, device and system for distributing IP address

Publications (2)

Publication Number Publication Date
CN101247396A CN101247396A (en) 2008-08-20
CN101247396B true CN101247396B (en) 2011-06-15

Family

ID=39947595

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200810057912 CN101247396B (en) 2008-02-20 2008-02-20 Method, device and system for distributing IP address

Country Status (1)

Country Link
CN (1) CN101247396B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102238239A (en) * 2010-04-21 2011-11-09 电信科学技术研究院 IP address allocation method and device
CN101888389B (en) * 2010-07-19 2013-04-17 中国电信股份有限公司 Method and system for realizing uniform authentication of ICP union
CN102571511A (en) * 2010-12-29 2012-07-11 中国移动通信集团山东有限公司 Local area network access control system and method, and server
EP2774446B1 (en) * 2011-10-31 2018-05-23 Nokia Technologies Oy Location privacy in communication networks
CN102710810B (en) * 2012-06-11 2015-08-05 浙江宇视科技有限公司 A method for automatically dispensing and ip address A relay apparatus
JP5549710B2 (en) * 2012-07-04 2014-07-16 横河電機株式会社 Radio communication system and information providing method
CN103731816B (en) * 2012-10-16 2016-12-21 普天信息技术研究院有限公司 A user device address management method
CN105208137A (en) * 2014-06-16 2015-12-30 中兴通讯股份有限公司 Internet Protocol (IP) address allocation methods, device, server and terminal
CN105703931A (en) * 2014-11-26 2016-06-22 中兴通讯股份有限公司 Identification network redundancy backup method and device
CN107172103A (en) * 2017-07-14 2017-09-15 迈普通信技术股份有限公司 ARP authentication method, device and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1612537A (en) 2003-10-29 2005-05-04 华为技术有限公司 Method for preventing main computer from being counterfeited in IP ethernet
CN1713629A (en) 2004-06-25 2005-12-28 杭州华为三康技术有限公司 Realization of user login name and IP address binding
CN1855926A (en) 2005-04-29 2006-11-01 华为技术有限公司 Method and system for contributing DHCP addresses safely

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1612537A (en) 2003-10-29 2005-05-04 华为技术有限公司 Method for preventing main computer from being counterfeited in IP ethernet
CN1713629A (en) 2004-06-25 2005-12-28 杭州华为三康技术有限公司 Realization of user login name and IP address binding
CN1855926A (en) 2005-04-29 2006-11-01 华为技术有限公司 Method and system for contributing DHCP addresses safely

Also Published As

Publication number Publication date
CN101247396A (en) 2008-08-20

Similar Documents

Publication Publication Date Title
US7882549B2 (en) Systems for authenticating a user's credentials against multiple sets of credentials
US5349643A (en) System and method for secure initial program load for diskless workstations
US7792993B1 (en) Apparatus and methods for allocating addresses in a network
US7895665B2 (en) System and method for detecting and reporting cable network devices with duplicate media access control addresses
Jung et al. Caller identification system in the internet environment
US20120030737A1 (en) System and method for authorizing a portable communication device
CN105072096B (en) May be configured to provide access to a private computer network
US7996537B2 (en) Method and arrangement for preventing illegitimate use of IP addresses
US6199113B1 (en) Apparatus and method for providing trusted network security
US8402559B2 (en) IP based security applications using location, port and/or device identifier information
US7844814B2 (en) Methods and apparatus for protecting against IP address assignments based on a false MAC address
US20030217148A1 (en) Method and apparatus for LAN authentication on switch
CN1682516B (en) Method and apparatus for preventing spoofing of network addresses
JP4200061B2 (en) Identifier assigning device, method, and program
CN101032147B (en) Method for updating a table of correspondence between a logical address and an identification number
US7272846B2 (en) System and method for detecting and reporting cable modems with duplicate media access control addresses
CN100388739C (en) Method and system for contributing DHCP addresses safely
JP4311637B2 (en) Storage controller
JP4173866B2 (en) Communication device
CN1846421B (en) Network security system and method for preventing unauthorized access to computerized network resources
JP4512179B2 (en) Storage apparatus and method access management
CN100539501C (en) Domainname-based unified identification mark and authentication method
CN1650598A (en) A DDNS server, a DDNS client terminal and a DDNS system, and a web server terminal, its network system and an access control method
CN1466341A (en) Method for preventing IP address deceit in dynamic address distribution
CN1248447C (en) Broadband network access method

Legal Events

Date Code Title Description
C06 Publication
C10 Request of examination as to substance
C14 Granted
C41 Transfer of the right of patent application or the patent right
ASS Succession or assignment of patent right

Owner name: BEIJING PKU FOUNDER BROADBAND NETWORK TECHNOLOGY C

Free format text: FORMER OWNER: BEIDA FANGZHENG GROUP CO. LTD.

Effective date: 20110817

Free format text: FORMER OWNER: BEIJING PKU FOUNDER BROADBAND NETWORK TECHNOLOGY CO., LTD.

C56 Change in the name or address of the patentee

Owner name: FOUNDER BROADBAND NETWORK SERVICE CO., LTD.

Free format text: FORMER NAME: BEIJING PKU FOUNDER BROADBAND NETWORK TECHNOLOGY CO., LTD.

C56 Change in the name or address of the patentee