CN113038472A - Method for prohibiting wireless router DHCP from acquiring address in campus network of colleges and universities - Google Patents
Method for prohibiting wireless router DHCP from acquiring address in campus network of colleges and universities Download PDFInfo
- Publication number
- CN113038472A CN113038472A CN202110275013.XA CN202110275013A CN113038472A CN 113038472 A CN113038472 A CN 113038472A CN 202110275013 A CN202110275013 A CN 202110275013A CN 113038472 A CN113038472 A CN 113038472A
- Authority
- CN
- China
- Prior art keywords
- address
- dhcp
- dhcp server
- wireless router
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 12
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 abstract 1
- 238000012550 audit Methods 0.000 description 6
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/5014—Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for prohibiting a wireless router DHCP from acquiring an address in a campus network of a college, which comprises the following steps: a DHCP server, which is the "start" phase of the session between the DHCP client and the DHCP server; the second stage of the session is that the DHCP server returns a DHCPOffer message to the mobile device, and after reserving an IP address for a client, the DHCP server sends a DHCPOffer message, which includes: the MAC address, the IP address and the lease of the Client and the IP address of a DHCP server for sending the message; in the third stage, the mobile terminal returns a DHCPRequest message to the DHCP server to indicate that the IP address is received; in the last phase, the DHCP server sends a DHCP acknowledge message, which includes: the invention has scientific and reasonable structure and safe and convenient use, can not automatically acquire the address of the wireless router of the controller in the traditional mode, and can forbid the acquisition of the address through the dhcp server option.
Description
Technical Field
The invention relates to the technical field of prohibiting a wireless router DHCP from acquiring an address in a campus network of colleges, in particular to a method for prohibiting the wireless router DHCP from acquiring an address in the campus network of colleges.
Background
The wireless router can be regarded as a transponder, the broadband network signal that connects out on the home wall is forwarded to the wireless network apparatus nearby through the aerial, the popular wireless router in the market supports four kinds of access ways of private line xdsl/cable, dynamic xdsl, pptp generally, it also has some other network administrative functions, such as the function of dhcp service, nat firewall, mac address filtering, dynamic domain name, etc.;
the phenomenon of private wireless router connection in campus networks of colleges and universities is relatively serious, and with the requirement of security audit, once a problem occurs in the private wireless router, the private wireless router brings challenges to the security audit, only the corresponding wireless router can be located, and specific personnel cannot be accurately located; secondly, after the campus wireless network construction of the whole school is completed, the dense wireless routers bring radio frequency interference to the campus wireless network, and the campus wireless network advantages are not brought into play.
Disclosure of Invention
The invention provides a method for forbidding a wireless router DHCP in a campus network of a college to acquire an address, which can effectively solve the problems that the phenomenon that a private wireless router in the campus network of the college exists and is relatively serious in the background technology, and the private wireless router is challenged to security audit once a problem occurs along with the requirement of the security audit, only a corresponding wireless router can be positioned, and specific personnel cannot be accurately positioned; secondly, after the campus wireless network construction of the whole school is completed, the dense wireless routers bring radio frequency interference to the campus wireless network, and the campus wireless network is not favorable for exerting the advantages of the campus wireless network.
In order to achieve the purpose, the invention provides the following technical scheme: a method for prohibiting a wireless router DHCP from acquiring an address in a campus network of a college comprises the following steps:
a DHCP server, which is the "start" phase of the session between the DHCP client and the DHCP server;
the second stage of the session is that the DHCP server returns a DHCPOffer message to the mobile device, and after reserving an IP address for a client, the DHCP server sends a DHCPOffer message, which includes: the MAC address, the IP address and the lease of the Client and the IP address of a DHCP server for sending the message;
in the third stage, the mobile terminal returns a DHCPRequest message to the DHCP server to indicate that the IP address is received;
in the last phase, the DHCP server sends a DHCP acknowledge message, which includes: lease and other information requested by the mobile terminal.
According to the above technical solution, the DHCPDiscover or DHCPrequest message sent by the DHCP client may include a plurality of dhcpoptions, and the DHCP server may detect these options, and for each different operating system, the sequence of the dhcpoptions sent by the DHCP server is different.
According to the technical scheme, the DHCPOption55 acquisition work steps of the wireless router are as follows:
the wireless router sets an wan interface to automatically acquire an address for the dhcp;
the PC starts the wireshark packet capturing software and is connected with a wired network port of the computer and an wan interface of the wireless router;
and after packet capturing, checking an Option55 field request parameter list in the DHCPdiscovery.
Compared with the prior art, the invention has the beneficial effects that: the invention has scientific and reasonable structure and safe and convenient use, after the DHCP server carrying the DHCP option55 is deployed based on the linux server, the wireless router can not acquire the address, the user automatically closes the wireless router, the security audit work can trace to the terminal user, and the radio frequency of the campus wireless network is further improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention.
In the drawings:
FIG. 1 is a schematic diagram of the process of the present invention.
Detailed Description
The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it will be understood that they are described herein for the purpose of illustration and explanation and not limitation.
Example (b): as shown in fig. 1, the present invention provides a technical solution, a method for prohibiting a wireless router DHCP from acquiring an address in a campus network of a college, comprising the following steps:
a DHCP server, which is the "start" phase of the session between the DHCP client and the DHCP server;
the second stage of the session is that the DHCP server returns a DHCPOffer message to the mobile device, and after reserving an IP address for a client, the DHCP server sends a DHCPOffer message, which includes: the MAC address, the IP address and the lease of the Client and the IP address of a DHCP server for sending the message;
in the third stage, the mobile terminal returns a DHCPRequest message to the DHCP server to indicate that the IP address is received;
in the last phase, the DHCP server sends a DHCP acknowledge message, which includes: lease and other information requested by the mobile terminal.
According to the technical scheme, a DHCPdiscover or DHCPrequest message sent by one DHCP client side comprises a plurality of DHCPoptions, the DHCP server detects the options, and the sequence of the DHCPoptions sent by each different operating system is different.
According to the technical scheme, the DHCPOption55 acquisition work steps of the wireless router are as follows:
the wireless router sets an wan interface to automatically acquire an address for the dhcp;
the PC starts the wireshark packet capturing software and is connected with a wired network port of the computer and an wan interface of the wireless router;
and after packet capturing, checking an Option55 field request parameter list in the DHCPdiscovery.
Compared with the prior art, the invention has the beneficial effects that: the invention has scientific and reasonable structure and safe and convenient use, after the DHCP server carrying the DHCP option55 is deployed based on the linux server, the wireless router can not acquire the address, the user automatically closes the wireless router, the security audit work can trace to the terminal user, and the radio frequency of the campus wireless network is further improved.
Finally, it should be noted that: although the present invention has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that changes may be made in the embodiments and/or equivalents thereof without departing from the spirit and scope of the invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (3)
1. A method for prohibiting a wireless router DHCP from acquiring an address in a campus network of a college is characterized in that: the method comprises the following steps:
a DHCP server, which is the "start" phase of the session between the DHCP client and the DHCP server;
the second stage of the session is that the DHCP server returns a DHCPOffer message to the mobile device, and after reserving an IP address for a client, the DHCP server sends a DHCPOffer message, which includes: the MAC address, the IP address and the lease of the Client and the IP address of a DHCP server for sending the message;
in the third stage, the mobile terminal returns a DHCPRequest message to the DHCP server to indicate that the IP address is received;
in the last phase, the DHCP server sends a DHCP acknowledge message, which includes: lease and other information requested by the mobile terminal.
2. The method as claimed in claim 1, wherein the DHCPDiscover or DHCPrequest message sent by the DHCP client includes dhcpoptions, the DHCP server detects the dhcpoptions, and the sequence of the dhcpoptions sent by the DHCP server is different for each different operating system.
3. The method for prohibiting the wireless router DHCP from obtaining address of campus network of colleges and universities of claim 1, wherein the DHCPOption55 of said wireless router collects the working steps of:
the wireless router sets an wan interface to automatically acquire an address for the dhcp;
the PC starts the wireshark packet capturing software and is connected with a wired network port of the computer and an wan interface of the wireless router;
and after packet capturing, checking an Option55 field request parameter list in the DHCPdiscovery.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110275013.XA CN113038472A (en) | 2021-03-15 | 2021-03-15 | Method for prohibiting wireless router DHCP from acquiring address in campus network of colleges and universities |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110275013.XA CN113038472A (en) | 2021-03-15 | 2021-03-15 | Method for prohibiting wireless router DHCP from acquiring address in campus network of colleges and universities |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113038472A true CN113038472A (en) | 2021-06-25 |
Family
ID=76469168
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110275013.XA Pending CN113038472A (en) | 2021-03-15 | 2021-03-15 | Method for prohibiting wireless router DHCP from acquiring address in campus network of colleges and universities |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113038472A (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2007274329A (en) * | 2006-03-31 | 2007-10-18 | Kddi Corp | Address management method in plurality of dhcp servers, dhcp server, and program |
WO2016192608A2 (en) * | 2015-06-04 | 2016-12-08 | 华为技术有限公司 | Authentication method, authentication system and associated device |
CN109862043A (en) * | 2019-03-28 | 2019-06-07 | 新华三技术有限公司 | A kind of method and device of terminal authentication |
US20200145370A1 (en) * | 2017-04-27 | 2020-05-07 | Huawei Technologies Co., Ltd. | Data service implementation method and apparatus, and terminal |
-
2021
- 2021-03-15 CN CN202110275013.XA patent/CN113038472A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2007274329A (en) * | 2006-03-31 | 2007-10-18 | Kddi Corp | Address management method in plurality of dhcp servers, dhcp server, and program |
WO2016192608A2 (en) * | 2015-06-04 | 2016-12-08 | 华为技术有限公司 | Authentication method, authentication system and associated device |
US20200145370A1 (en) * | 2017-04-27 | 2020-05-07 | Huawei Technologies Co., Ltd. | Data service implementation method and apparatus, and terminal |
CN109862043A (en) * | 2019-03-28 | 2019-06-07 | 新华三技术有限公司 | A kind of method and device of terminal authentication |
Non-Patent Citations (1)
Title |
---|
史寿乐: "基于QinQ协议的校园网扁平化改造设计", CNKI, no. 3, pages 48 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2919444B1 (en) | Method, relay device, and system for acquiring internet protocol address in network | |
US8189567B2 (en) | Method and nodes for registering a terminal | |
RU2556468C2 (en) | Terminal access authentication method and customer premise equipment | |
EP2843910B1 (en) | Address allocation method, device, and system | |
US6189102B1 (en) | Method for authentication of network devices in a data-over cable system | |
US9973399B2 (en) | IPV6 address tracing method, apparatus, and system | |
EP2346217B1 (en) | Method, device and system for identifying an IPv6 session | |
EP2204962A1 (en) | A method, a system and a device for access prompt information processing | |
KR101670344B1 (en) | Access control method and system, and access point | |
CN114422473B (en) | IP address allocation method and device | |
US20130290561A1 (en) | Method and device for providing user information to cgn device | |
EP2615788A1 (en) | Method for dual stack user management and broadband access server | |
EP2838242B1 (en) | Method and apparatus for preventing network-side media access control address from being counterfeited | |
WO2014028614A2 (en) | Ip address allocation | |
CN111245682B (en) | Double-stack DHCPV6 and PPPOEV6 access test platform | |
CN101184099B (en) | Second IP address assignment method based on dynamic host machine configuration protocol access authentication | |
Bernardos et al. | Wi-Fi internet connectivity and privacy: Hiding your tracks on the wireless Internet | |
CN101621433B (en) | Method, device and system for configuring access equipment | |
EP2677716A1 (en) | Access control method, access device and system | |
CN102904902B (en) | A kind of based on DHCP method for blocking bypass by | |
CN102957759A (en) | Distribution method and system for IPv6 (internet protocol version 6) address prefixes | |
WO2013071803A1 (en) | Vendor information of wireless network devices | |
CN103581350A (en) | Method, terminals, equipment and system for publishing Internet services across NAT | |
CN105591848A (en) | Authentication method and device of IPv6 stateless automatic configuration | |
CN100461693C (en) | Network system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |