WO2014090022A1 - Method and apparatus for recognizing dhcp server - Google Patents

Method and apparatus for recognizing dhcp server Download PDF

Info

Publication number
WO2014090022A1
WO2014090022A1 PCT/CN2013/084535 CN2013084535W WO2014090022A1 WO 2014090022 A1 WO2014090022 A1 WO 2014090022A1 CN 2013084535 W CN2013084535 W CN 2013084535W WO 2014090022 A1 WO2014090022 A1 WO 2014090022A1
Authority
WO
WIPO (PCT)
Prior art keywords
dhcp server
dhcp
address information
server
address
Prior art date
Application number
PCT/CN2013/084535
Other languages
French (fr)
Chinese (zh)
Inventor
闫立俊
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2014090022A1 publication Critical patent/WO2014090022A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • H04L61/5014Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]

Definitions

  • the present invention relates to the field of communications, and in particular, to a method and apparatus for identifying a dynamic host configuration protocol DHCP server. Background technique
  • DHCP Dynamic Host Configuration Protocol
  • the DHCP service facilitates network management.
  • the basic DHCP protocol is a broadcast protocol, the security is relatively low.
  • Some fake DHCP servers can respond to the client's IP address allocation request and allocate it after receiving the broadcast message.
  • DNS Domain Name System
  • the physical switch is configured with a DHCP snooping function, and the port corresponding to the DHCP server is set as a trusted port, and the other ports are set as untrusted ports, and only the trusted port is allowed to respond through DHCP.
  • the prior art can solve the problem of DHCP server identification in a physical machine environment.
  • the embodiment of the invention provides a method and a device for identifying a DHCP server to implement identification of a DHCP server in a virtualized environment.
  • an embodiment of the present invention provides a method for identifying a DHCP server, where the method includes:
  • the DHCP security module broadcasts a DHCP Di scover message to the virtual machine subnet, where the virtual machine subnet includes multiple virtual machines and one virtual switch, and the multiple virtual machines are configured by one main message, and the virtual machine subnet
  • the method further includes at least one legal DHCP server providing an IP address for the virtual machine;
  • the DHCP Offer message is sent after the first DHCP server in the virtual machine subnet receives the DHCP Di s cover message, and the DHCP Offer message includes address information of the first DHCP server. ;
  • the method further includes: performing alarm processing on the illegal first DHCP server if the first DHCP server is an illegal DHCP server.
  • the determining, according to the address information of the first DHCP server, whether the first DHCP server is an illegal DHCP server includes: Comparing the address information of the first DHCP server with the address information of the preset legal DHCP server. If the address information of the first DHCP server is different from the address information of the preset legal DHCP server, Identifying that the first DHCP server is an illegal DHCP server.
  • the method further includes: pre-setting a DHCP server list, where the DHCP server list includes address information of a legal DHCP server.
  • the address information is an IP address and a MAC address
  • the performing the alarm processing on the illegal first DHCP server includes: obtaining, according to the IP address of the illegal first DHCP server, the illegal first DHCP server The host name is used to perform alarm processing on the host name of the illegal first DHCP server.
  • the address information is an IP address
  • the MAC address further includes: disabling an IP address or a MAC address of the illegal first DHCP server in the virtual machine subnet.
  • the receiving the first DHCP After the DHCP Offer message returned by the server the method further includes: sending a DHCP request message to the first DHCP server, where the DHCP request message carries an invalid DHCP server address information, and is used to end the DHCP session.
  • the embodiment of the present invention further provides a device for identifying a DHCP server, where the device includes:
  • a sending unit configured to broadcast a DHCP D i scover message to the virtual machine subnet, where the virtual machine subnet includes multiple virtual machines and one virtual switch, where the multiple virtual machines are configured by physical resources on one host
  • the virtual machine is configured to communicate with each other by using the virtual switch, and the virtual machine subnet further includes at least one legal DHCP server to provide an IP address for the virtual machine.
  • a receiving unit configured to receive a DHCP Offer message, where the DHCP Offer message is sent after the first DHCP server in the virtual machine subnet receives the DHCP Di scover message, where the DHCP Offer message includes the first DHCP Address information of the server, transmitting the DHCP Offer message to the processing unit;
  • a processing unit configured to receive the DHCP Offer message sent by the receiving unit, obtain address information of the first DHCP server, and identify, according to the address information of the first DHCP server, whether the first DHCP server is Illegal DHCP server.
  • the processing unit is further configured to: perform alarm processing on the illegal first DHCP server if the first DHCP server is an illegal DHCP server.
  • the processing unit is specifically configured to: compare address information of the first DHCP server with address information of a preset legal DHCP server, if If the address information of the first DHCP server is inconsistent with the address information of the preset legal DHCP server, the first DHCP server is identified as an illegal DHCP server.
  • the device further includes: a preset unit, configured to preset a DHCP server list, where the DHCP server list includes the The address information of a legitimate DHCP server.
  • the address information is an IP address and a MAC address
  • the processing unit is specifically configured to: according to the illegal first DHCP The IP address of the server is obtained, and the host name corresponding to the illegal first DHCP server is obtained, and the host name of the illegal first DHCP server is alarmed.
  • the address information is an IP address
  • the processing unit is further configured to: disable an IP address or a MAC address of the illegal first DHCP server in the virtual machine subnet.
  • the sending unit is further used And sending a DHCP request message to the first DHCP server, where the DHCP request message carries an invalid DHCP server address information, used to end the DHCP session.
  • the DHCP security module broadcasts a DHCP Di scover message to the virtual machine subnet, where the virtual machine subnet includes multiple virtual machines and one virtual switch, The virtual machine is created by a physical resource on a host, and includes at least one legal DHCP server to provide an IP address for the virtual machine; receiving DHCP The Offer message, the DHCP Offer message is sent after the first DHCP server in the virtual machine subnet receives the DHCP Di s cover message, and the DHCP Offer message includes address information of the first DHCP server; The address information of the first DHCP server is used to identify whether the first DHCP server is an illegal DHCP server according to the address information of the first DHCP server.
  • the identification device of the DHCP server and the DHCP server can be run in the operating system of the virtual machine. Therefore, the embodiment of the present invention can identify an illegal DHCP server in the virtualized environment, and perform alarm processing on the identified illegal DHCP server, thereby improving Network security.
  • FIG. 1 is a schematic diagram of an application scenario of a method for identifying a DHCP server according to an embodiment of the present disclosure
  • FIG. 2 is a flowchart of a method for identifying a DHCP server according to an embodiment of the present invention
  • FIG. 3 is a schematic diagram of information interaction of a method for identifying a DHCP server according to an embodiment of the present invention
  • FIG. 4 is a schematic diagram of a device for identifying a DHCP server according to an embodiment of the present invention
  • FIG. 5 is a schematic diagram of another apparatus for identifying a DHCP server according to an embodiment of the present invention.
  • FIG. 1 is a schematic diagram of an application scenario of a method for identifying a DHCP server according to an embodiment of the present invention.
  • the method and device for identifying a DHCP server provided by the embodiment of the present invention can be applied to a plurality of virtual machines and multiple virtual machines in a physical host/server as a new identification method.
  • the virtual machine forms at least one virtual machine subnet, and each virtual machine subnet internally includes a virtual switch scenario.
  • there are multiple virtual machines in the physical host namely virtual machine 1, virtual machine 2, and virtual machine n.
  • Each virtual machine is built on the virtualization platform inside the host.
  • the virtualization platform is each.
  • the host provides processor resources, hard disk resources, memory resources, and network card resources.
  • the network card of the virtual machine is connected to the network card of the host through the network card driver in the management module.
  • the host also includes a hardware platform including a processor, a hard disk, a memory, and a network card.
  • the IP address can be configured via DHCP before the physical host interacts.
  • the present invention also provides a DHCP security module, which may be located in a virtual machine of the host, or may be located in the host.
  • the management module can also be located in other hosts.
  • the DHCP security module broadcasts a DHCP Di scover (DHCP Discovery) message in a subnet formed by multiple virtual machines, and determines whether the DHCP server that sends the DHCP message is determined by the IP address carried in the received DHCP Offer message. Is an illegal DHCP server. Therefore, the method for identifying a DHCP server provided by the embodiment of the present invention implements identification of an illegal DHCP server in a virtualized environment, thereby improving network security.
  • DHCP Di scover DHCP Discovery
  • FIG. 2 is a flowchart of a method for identifying a DHCP server according to an embodiment of the present invention.
  • the execution entity of the embodiment is a DHCP security module
  • the application scenario is a virtual machine subnet.
  • the virtual machine subnet includes multiple virtual machines and one virtual switch, and the multiple virtual machines are created by physical resources on one host. Include at least one legitimate DHCP server to provide an IP address for the virtual machine.
  • the embodiment includes the following steps:
  • Step 201 The DHCP security module broadcasts a DHCP Di scover message to the virtual machine subnet. Specifically, the DHCP security module may periodically broadcast a DHCP Di s cover message in the virtual machine subnet to enable the DHCP server of the DHCP Di scover message in the subnet to respond to the DHCP Di scover message.
  • the format of the packet of the DHCP Di scover message is the same as the format of the packet specified in the DHCP protocol, and is not mentioned here.
  • Step 202 Receive a DHCP Of fer message, where the DHCP Of fer message is sent after the first DHCP server in the virtual machine subnet receives the DHCP D is cover message, where the DHCP Of fer message includes the The address information of a DHCP server.
  • the DHCP server that receives the DHCP D i s cever message can send a DHCP Of fer message to the DHCP security module, where the message carries the address information of the DHCP server, and the address information includes the IP address and the MAC address.
  • Step 203 Obtain the address information of the first DHCP server, and identify, according to the address information of the first DHCP server, whether the first DHCP server is an illegal DHCP server.
  • a DHCP server should be configured in a virtual machine subnet. If the DHCP security module receives multiple DHCP Of fer messages, it indicates that there may be an illegal DHCP server. 0 The DHCP security module receives the DHCP Of the first DHCP server. After the fer message, the IP address and MAC address information of the first DHCP server may be first extracted from the message, and the DHCP server is identified as an illegal DHCP server according to the address information. The address information of the first DHCP server may be compared with the address information of the preset legal DHCP server. If the address information of the first DHCP server is different from the address information of the preset legal DHCP server, Then identifying that the first DHCP server is an illegal DHCP server.
  • a DHCP server list may be preset in the DHCP security module.
  • the list includes a preset DHCP server and its address information.
  • the DHCP server list may also be set in the network server without being set in the DNCP security module.
  • the DHCP module can access the DHCP server list in the network server.
  • the DHCP server list can be set by the user according to the actual networking situation.
  • the DHCP security module receives the DHCP Of fer message sent by the DHCP server, if only one DHCP Server sends a DHCP Of fer message, the address information of the DHCP server is compared with the address information in the DHCP server list. If they are consistent, the DHCP server is a valid DHCP server. Otherwise, the DHCP server that sends the DHCP Of message is an illegal DHCP server. If the DHCP security module receives multiple DHCP Servers After multiple DHCP Offer messages are sent, the address information corresponding to the multiple DHCP servers is compared with the address information in the DHCP server list one by one.
  • DHCP Server is configured in one virtual machine subnet, so the normal maximum is Only one DHCP server has the same address information as the address information in the list.
  • the DHCP server with the same address information is a valid DHCP server.
  • the DHCP server whose address information is inconsistent is an illegal DHCP server.
  • the DHCP security module can perform alarm processing.
  • the alarm name of the DHCP server is displayed on the display interface for users to view. That is, the DHCP server is displayed on the display interface of the DHCP security module.
  • the DHCP Of fer message can carry the address information such as the IP address and the MAC address. Therefore, the host name can be obtained through the IP address information. For example, the host name corresponding to the IP address is obtained by using the P ing-a i p command.
  • the information about the DHCP server that sends the DHCP Offer information can be displayed on the display interface of the DHCP security module, the user can manually identify the DHCP Offer through the displayed information, and perform alarm processing on the server that is identified as the illegal DHCP server. .
  • the DHCP module may also disable the IP address or MAC address of the first DHCP server in the virtual machine subnet, so that when receiving the DHCP response message sent by the IP address or the MAC address later, Causes the virtual switch to refuse to forward the packet from the IP address or MAC address.
  • the DHCP security module may also record the address information of the DHCP server, or may also send a DHCP Reques (DHCP Request) message to the DHCP server, and the message is It carries an invalid DHCP server address information to terminate the DHCP session process.
  • DHCP Request DHCP Reques
  • the DHCP security module broadcasts a DHCP Di s cover message to the virtual machine subnet, where the virtual machine subnet includes multiple virtual machines and one virtual switch, and the multiple virtual machines are supported by one host.
  • the physical resources are created, and the multiple virtual machines communicate with each other through the virtual switch, and the virtual subnet further includes at least one legal DHCP server.
  • the virtual machine provides an IP address, and receives a DHCP Offer message, where the DHCP Offer message is sent after the first DHCP server in the virtual machine subnet receives the DHCP Di scover message, and the DHCP Offer message includes the Obtaining address information of a DHCP server; obtaining address information of the first DHCP server, and identifying, according to the address information of the first DHCP server, whether the first DHCP server is an illegal DHCP server.
  • the identification device of the DHCP server and the DHCP server can be run in the operating system of the virtual machine. Therefore, the embodiment of the present invention can identify an illegal DHCP server in the virtualized environment, and perform alarm processing on the identified illegal DHCP server, thereby improving Network security.
  • the above embodiment introduces the DHCP server identification process by using the DHCP security module as the execution subject.
  • the following describes the information exchange process between the DHCP security module and the DHCP server during the process of identifying the DHCP server.
  • FIG. 3 is a schematic diagram of information interaction of a DHCP server identification method according to an embodiment of the present invention. As shown in FIG. 3, this embodiment includes the following steps:
  • Step 301 The DHCP security module sends a DHCP Di scover message to the DHCP server.
  • the application scenario of the method is a virtual machine subnet, where the virtual machine subnet includes multiple virtual machines and one virtual switch, and the multiple virtual machines are created by physical resources on one host, and multiple virtual machines are used. Communicating through the virtual switch, the virtual machine subnet further includes at least one legal DHCP server providing an IP address for the virtual machine.
  • the DHCP security module may periodically broadcast a DHCP D i scover message in the virtual machine subnet to enable a legitimate or illegal DHCP server of the DHCP D i scover message in the subnet to respond to the DHCP D i scover message.
  • Step 302 The DHCP server sends a DHCP Offer message to the DHCP security module.
  • the DHCP server can send a DHCP Offer message to the DHCP security module.
  • the message carries the address information of the DHCP server, and the address information includes the IP address and the MAC address.
  • Step 303 The DHCP security module identifies the DHCP according to the IP address of the DHCP server. Whether the server is an illegal DHCP server.
  • the method for identifying the DHCP server is: comparing the address information of the preset DHCP server with the address information of the DHCP server, and if not, identifying the DHCP server as an illegal DHCP server.
  • the DHCP security module can perform alarm processing, for example,
  • the host name of the DHCP server is displayed as an alarm. It is displayed on the display interface for the user to view.
  • the DHCP server displays the prompt message of the DHCP server as an illegal DHCP server.
  • the DHCP Of fer message can carry the address information such as the IP address and the MAC address. Therefore, the host name can be obtained through the IP address information. For example, the host name corresponding to the IP address is obtained by using the P ng-a i p command.
  • the information about the DHCP server that sends the DHCP Offer information can be displayed on the display interface of the DHCP security module, the user can manually identify the DHCP Offer through the displayed information, and perform alarm processing on the server that is identified as the illegal DHCP server. .
  • the DHCP module may also disable the IP address or MAC address of the first DHCP server in the virtual machine subnet, so that when receiving the DHCP response message sent by the IP address or the MAC address later, Causes the virtual switch to refuse to forward the packet from the IP address or MAC address.
  • Step 304 The DHCP security module determines whether all DHCP Offer messages are received, and generally sets a preset time. After the timeout, the DHCP session process may be terminated.
  • the DHCP session can be terminated by sending a DHCP Reques t message to the DHCP server and carrying an invalid DHCP Server address information.
  • step 304 can also be performed before step 303 and after step 302.
  • the embodiment of the present invention can identify an illegal DHCP server in a virtualized environment, and perform alarm processing on the identified illegal DHCP server, thereby improving network security.
  • an embodiment of the present invention further provides an identifier for a DHCP server.
  • Figure 4 is the basis A schematic diagram of an identification device of a DHCP server provided by an embodiment of the invention. As shown in FIG. 4, this embodiment includes the following units:
  • the sending unit 401 is configured to broadcast and send a DHCP D i scover message to the virtual machine subnet, where the virtual machine subnet includes multiple virtual machines and one virtual switch, where the multiple virtual machines are physics on one host
  • the virtual machine is configured to communicate with each other, and the virtual machine subnet further includes at least one legal DHCP server to provide an IP address for the virtual machine.
  • the sending unit 401 can periodically broadcast the DHCP Di scover message in the virtual machine subnet, and can also broadcast and send the DHCP Di scover message after receiving the user's request message.
  • the sending unit 402 After receiving the DHCP Offer message sent by the DHCP server, the sending unit 402 is further configured to send a DHCP request message to the first DHCP server, where the DHCP request message carries an invalid DHCP server address information, and is used to end the DHCP session.
  • the receiving unit 402 is configured to receive a DHCP Offer message, where the DHCP Of fer message is sent after the first DHCP server in the virtual machine subnet receives the DHCP Di s cover message, where the DHCP Offer message includes the The address information of the first DHCP server transmits the DHCP Offer message to the processing unit.
  • the processing unit 403 is configured to receive the DHCP Offer message sent by the receiving unit, obtain address information of the first DHCP server, and identify, according to the address information of the first DHCP server, whether the first DHCP server is Is an illegal DHCP server.
  • the processing unit 403 is specifically configured to: compare the address information of the first DHCP server with the address information of a preset legal DHCP server, if the address information of the first DHCP server and the preset legal DHCP If the address information of the server is inconsistent, it is identified that the first DHCP server is an illegal DHCP server.
  • the processing unit 403 is further configured to: perform alarm processing on the illegal first DHCP server if the first DHCP server is an illegal DHCP server.
  • the address information carried in the DHCP Offer message is an IP address and a MAC address.
  • An illegal DHCP server, the processing unit 403 is specifically configured to: obtain, according to the IP address of the illegal first DHCP server, a host name corresponding to the illegal first DHCP server, and a host name of the illegal first DHCP server Perform alarm processing.
  • the DHCP security module can perform alarm processing.
  • the alarm name of the DHCP server is displayed on the display interface for users to view. That is, the DHCP server is displayed on the display interface of the DHCP security module.
  • the DHCP Of fer message can carry the address information such as the IP address and the MAC address. Therefore, the host name can be obtained through the IP address information. For example, the host name corresponding to the IP address is obtained by using the P ng-a i p command.
  • the information about the DHCP server that sends the DHCP Offer information can be displayed on the display interface of the DHCP security module, the user can manually identify the DHCP Offer through the displayed information, and perform alarm processing on the server that is identified as the illegal DHCP server. .
  • the processing unit 403 is further configured to: disable an IP address or a MAC address of the illegal first DHCP server in the virtual machine subnet.
  • the DHCP module may also disable the IP address or MAC address of the first DHCP server in the virtual machine subnet, so that when receiving the DHCP response message sent by the IP address or the MAC address later, Causes the virtual switch to refuse to forward the packet from the IP address or MAC address.
  • the embodiment further includes: a preset unit 404, configured to preset a DHCP server list, where the DHCP server list includes address information of the legal DHCP server.
  • a preset unit 404 configured to preset a DHCP server list, where the DHCP server list includes address information of the legal DHCP server.
  • the embodiment of the present invention can identify an illegal DHCP server in a virtualized environment, and perform alarm processing on the identified illegal DHCP server, thereby improving network security.
  • FIG. 5 is a schematic diagram of another DHCP server identification apparatus according to an embodiment of the present invention.
  • the DHCP server identification apparatus includes: a processor 501, a memory 502, a system bus 503, and a communication interface 504.
  • the processor 501, the memory 502, and the communication interface 504 are connected by the system bus 503 and complete communication with each other.
  • the processor 501 may be a single core or multi-core central processing unit (Cen ra l Proces s ing Uni t ,
  • the CPU is either a specific integrated circuit (ASIC) or one or more integrated circuits configured to implement embodiments of the present invention.
  • the memory 502 may be a high speed RAM memory or a non-volatile memory such as at least one disk memory.
  • Memory 502 is used to store program 505.
  • the program code may be included in the program 505, and the program code includes a computer execution instruction.
  • the processor 501 runs the program 505 to execute the following instructions:
  • a legitimate DHCP server provides an IP address for the virtual machine; receiving a DHCP Offer message, where the DHCP Offer message is sent after the first DHCP server in the virtual machine subnet receives the DHCP Di scover message,
  • the DHCP Offer message includes address information of the first DHCP server;
  • a DHCP server should be configured in a virtual machine subnet. If the DHCP security module receives multiple DHCP Offer messages, it indicates that there may be an illegal DHCP server. 0 The DHCP security module receives the DHCP Offer message sent by the first DHCP server. After that, the IP address and MAC address information of the first DHCP server may be first extracted from the message, and the DHCP server is identified as an illegal DHCP server according to the address information. The address information of the first DHCP server may be compared with the address information of the preset legal DHCP server. If the address information of the first DHCP server is different from the address information of the preset legal DHCP server, Then identifying that the first DHCP server is an illegal DHCP server.
  • the processor 501 performs to identify whether the first DHCP server is an illegal DHCP. After the instruction of the server, according to the program 505, the following instruction is executed: If the recognition result is that the first DHCP server is an illegal DHCP server, the illegal first DHCP server is subjected to alarm processing.
  • the process of the processor 501 identifying whether the first DHCP server is an illegal DHCP server according to the address information of the first DHCP server specifically includes: setting address information of the first DHCP server with a preset legal The address information of the DHCP server is compared. If the address information of the first DHCP server is different from the address information of the preset legal DHCP server, the first DHCP server is identified as an illegal DHCP server.
  • the processor 501 can also preset a DHCP server list, where the DHCP server list includes address information of a legitimate DHCP server.
  • the list of DHCP servers can be stored in memory 502, or in a network server, accessed by processor 501 as needed.
  • the address information of the DHCP server includes an IP address and a MAC address
  • the process of the alarm processing by the processor 501 to the illegal first DHCP server includes: acquiring the information according to the IP address of the illegal first DHCP server.
  • the host name corresponding to the illegal first DHCP server is used to perform alarm processing on the host name of the illegal first DHCP server.
  • the DHCP security module can perform alarm processing.
  • the alarm name of the DHCP server is displayed on the display interface for users to view. That is, the DHCP server is displayed on the display interface of the DHCP security module.
  • the DHCP Of fer message can carry the address information such as the IP address and the MAC address. Therefore, the host name can be obtained through the IP address information, for example, the host name corresponding to the IP address is obtained by using the P ng-a i ⁇ command.
  • the information about the DHCP server that sends the DHCP Offer information can be displayed on the display interface of the DHCP security module, the user can manually identify the DHCP Offer through the displayed information, and perform alarm processing on the server that is identified as the illegal DHCP server. .
  • the processor 501 may also disable the IP address and the MAC address of the illegal first DHCP server in the virtual machine subnet.
  • the DHCP module may also disable the IP address or MAC address of the first DHCP server in the virtual machine subnet, so that when receiving the DHCP response message sent by the IP address or the MAC address later, Causes the virtual switch to refuse to forward the packet from the IP address or MAC address.
  • the processor 501 accesses the program 505 in the memory 502
  • the processor may further send a DHCP request message to the first DHCP server, where the DHCP request message is sent. It carries an invalid DHCP server address information to end the DHCP session.
  • RAM random access memory
  • ROM read-only memory
  • EEPROM electrically programmable ROM
  • EEPROM electrically erasable programmable ROM
  • registers hard disk, removable disk, CD-ROM, or technical field Any other form of storage medium known.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Small-Scale Networks (AREA)

Abstract

The present invention relates to a method and an apparatus for recognizing a dynamic host configuration protocol (DHCP) server. The method comprises: broadcasting a DHCP Discover message in a virtual machine subnetwork, where the virtual machine subnetwork comprises a plurality of virtual machines and one virtual switch, the plurality of virtual machines is created from physical resources on a host, and the virtual machine subnetwork further comprises at least one valid DHCP server for providing the virtual machine with an IP address; receiving a DHCP Offer message, where the DHCP Offer message comprises address information of a first DHCP server; and acquiring the address information of the first DHCP server, and according to the address information of the first DHCP server, and recognizing whether the first DHCP server is an invalid DHCP server. The embodiments of the present invention implement recognition of a DHCP Server in a physical machine environment and virtualized environment.

Description

动态主机配置协议服务器的识别方法和装置 技术领域  Dynamic host configuration protocol server identification method and device
本发明涉及通信领域,尤其涉及一种动态主机配置协议 DHCP服务器的识 别方法和装置。 背景技术  The present invention relates to the field of communications, and in particular, to a method and apparatus for identifying a dynamic host configuration protocol DHCP server. Background technique
在通信领域, 连接到互联网上的计算机在与其他计算机进行通信时必须 具有自己的 IP地址, 但是由于 IP地址资源有限, 不能给每台连接到互联网 上的主机配置一个固定的 IP地址,因此通常使用动态主机配置协议(Dynamic Hos t Conf igurat ion Protocol , DHCP ) 方式对连接网络的主机配置临时的 IP地址。  In the field of communication, computers connected to the Internet must have their own IP addresses when communicating with other computers. However, due to limited IP address resources, it is not possible to configure a fixed IP address for each host connected to the Internet. Configure a temporary IP address for the host connected to the network using the Dynamic Host Configuration Protocol (DHCP).
DHCP服务方便了网络管理, 但是由于基本的 DHCP协议是广播协议, 安 全性比较低, 有些假冒的 DHCP服务器端 (Server )可在收到广播消息后先 响应客户端的 IP地址分配请求并分配 ^叚的域名系统(Doma in Name Sys tem, DNS )地址, 以便使客户端用户访问恶意的网站。 在现有技术下, 物理交换机 配置了 DHCP探测 (Snoop ing )功能, 将 DHCP Server对应的端口设置为信 任端口, 其他端口设置为非信任端口, 并且只允许信任端口通过 DHCP响应。 现有技术可以解决物理机环境下的 DHCP Server识别的问题, 但是在虚拟机 环境下, 同一台物理机上的两台虚拟机进行通信时, 其中一台虚拟机安装了 DHCP Server , 虚拟机之间通过主机上的虚拟交换机进行通信, 通信过程不经 过物理交换机, 因此现有技术无法解决虚拟化环境下的 DHCP Server的识别 问题。 发明内容 本发明实施例提供了一种 DHCP服务器的识别方法和装置,以实现虚拟化 环境中 DHCP Server的识别。 The DHCP service facilitates network management. However, since the basic DHCP protocol is a broadcast protocol, the security is relatively low. Some fake DHCP servers (Servers) can respond to the client's IP address allocation request and allocate it after receiving the broadcast message. The Domain Name System (DNS) address, in order to allow client users to access malicious websites. In the prior art, the physical switch is configured with a DHCP snooping function, and the port corresponding to the DHCP server is set as a trusted port, and the other ports are set as untrusted ports, and only the trusted port is allowed to respond through DHCP. The prior art can solve the problem of DHCP server identification in a physical machine environment. However, in a virtual machine environment, when two virtual machines on the same physical machine communicate, one of the virtual machines is installed with a DHCP server, and between the virtual machines. The communication process is performed by the virtual switch on the host, and the communication process does not pass through the physical switch. Therefore, the prior art cannot solve the problem of identifying the DHCP server in the virtualized environment. Summary of the invention The embodiment of the invention provides a method and a device for identifying a DHCP server to implement identification of a DHCP server in a virtualized environment.
第一方面,本发明实施例提供了一种 DHCP服务器的识别方法, 所述方法 包括:  In a first aspect, an embodiment of the present invention provides a method for identifying a DHCP server, where the method includes:
DHCP安全模块向虚拟机子网内广播发送 DHCP Di scover消息, 其中, 所 述虚拟机子网包括多台虚拟机和一台虚拟交换机, 所述多台虚拟机由一台主 信,所述虚拟机子网中还包括至少一台合法的 DHCP服务器为所述虚拟机提供 IP地址;  The DHCP security module broadcasts a DHCP Di scover message to the virtual machine subnet, where the virtual machine subnet includes multiple virtual machines and one virtual switch, and the multiple virtual machines are configured by one main message, and the virtual machine subnet The method further includes at least one legal DHCP server providing an IP address for the virtual machine;
接收 DHCP Offer消息, 所述 DHCP Offer消息为所述虚拟机子网中的第 一 DHCP服务器接收到所述 DHCP Di s cover消息后发送的, 所述 DHCP Offer 消息包括所述第一 DHCP服务器的地址信息;  Receiving a DHCP Offer message, the DHCP Offer message is sent after the first DHCP server in the virtual machine subnet receives the DHCP Di s cover message, and the DHCP Offer message includes address information of the first DHCP server. ;
获取所述第一 DHCP服务器的地址信息, 并根据所述第一 DHCP服务器的 地址信息, 识别所述第一 DHCP服务器是否为非法 DHCP服务器。  Obtaining the address information of the first DHCP server, and identifying, according to the address information of the first DHCP server, whether the first DHCP server is an illegal DHCP server.
在第一种可能的实现方式中,所述识别所述第一 DHCP服务器是否为非法 In a first possible implementation, the identifying whether the first DHCP server is illegal
DHCP服务器之后,还包括:如果识别结果为所述第一 DHCP服务器为非法 DHCP 服务器, 则对所述非法的第一 DHCP服务器进行告警处理。 结合第一方面的第 一种可能的实现方式, 在第二种可能的实现方式中, 所述根据所述第一 DHCP 服务器的地址信息,识别所述第一 DHCP服务器是否为非法 DHCP服务器包括: 将所述第一 DHCP服务器的地址信息与预设的合法的 DHCP服务器的地址信息 进行对比, 如果所述第一 DHCP服务器的地址信息与所述预设的合法的 DHCP 服务器的地址信息不一致,则识别所述第一 DHCP服务器是非法 DHCP服务器。 After the DHCP server, the method further includes: performing alarm processing on the illegal first DHCP server if the first DHCP server is an illegal DHCP server. With reference to the first possible implementation manner of the first aspect, in a second possible implementation, the determining, according to the address information of the first DHCP server, whether the first DHCP server is an illegal DHCP server includes: Comparing the address information of the first DHCP server with the address information of the preset legal DHCP server. If the address information of the first DHCP server is different from the address information of the preset legal DHCP server, Identifying that the first DHCP server is an illegal DHCP server.
结合第一方面的第二种可能的实现方式, 在第三种可能的实现方式中, 所述方法还包括: 预先设置 DHCP服务器列表, 所述 DHCP服务器列表中包括 合法的 DHCP服务器的地址信息。  In conjunction with the second possible implementation of the first aspect, in a third possible implementation, the method further includes: pre-setting a DHCP server list, where the DHCP server list includes address information of a legal DHCP server.
结合第一方面的第一种可能的实现方式, 在第四种可能的实现方式中, 所述地址信息为 IP地址和 MAC地址, 所述对所述非法的第一 DHCP服务器进 行告警处理包括: 根据所述非法的第一 DHCP服务器的 IP地址, 获取所述非 法的第一 DHCP服务器对应的主机名称, 对所述非法的第一 DHCP服务器的主 机名称进行告警处理。 In conjunction with the first possible implementation of the first aspect, in a fourth possible implementation, The address information is an IP address and a MAC address, and the performing the alarm processing on the illegal first DHCP server includes: obtaining, according to the IP address of the illegal first DHCP server, the illegal first DHCP server The host name is used to perform alarm processing on the host name of the illegal first DHCP server.
结合第一方面,在第五种可能的实现方式中,所述地址信息为 IP地址和 With reference to the first aspect, in a fifth possible implementation, the address information is an IP address and
MAC地址, 所述方法还包括: 在所述虚拟机子网中禁止所述非法的第一 DHCP 月良务器的 IP地址或 MAC地址。 The MAC address, the method further includes: disabling an IP address or a MAC address of the illegal first DHCP server in the virtual machine subnet.
结合第一方面或者第一方面的第一种、 第二种、 第三种、 第四种、 第五 种可能的实现方式中, 在第六种可能的实现方式中, 所述接收第一 DHCP服务 器返回的 DHCP Offer消息之后还包括: 向所述第一 DHCP服务器发送 DHCP请 求消息, 所述 DHCP请求消息中携带一个无效 DHCP服务器地址信息, 用以结 束 DHCP会话。  With reference to the first aspect, or the first, second, third, fourth, and fifth possible implementation manners of the first aspect, in a sixth possible implementation manner, the receiving the first DHCP After the DHCP Offer message returned by the server, the method further includes: sending a DHCP request message to the first DHCP server, where the DHCP request message carries an invalid DHCP server address information, and is used to end the DHCP session.
第二方面, 本发明实施例还提供了一种 DHCP服务器的识别装置, 所述装 置包括:  In a second aspect, the embodiment of the present invention further provides a device for identifying a DHCP server, where the device includes:
发送单元, 用于向虚拟机子网内广播发送 DHCP D i scover消息, 其中, 所述虚拟机子网包括多台虚拟机和一台虚拟交换机, 所述多台虚拟机由一台 主机上的物理资源创建得到, 所述多台虚拟机之间通过所述虚拟交换机进行 通信,所述虚拟机子网中还包括至少一台合法的 DHCP服务器为所述虚拟机提 供 IP地址;  a sending unit, configured to broadcast a DHCP D i scover message to the virtual machine subnet, where the virtual machine subnet includes multiple virtual machines and one virtual switch, where the multiple virtual machines are configured by physical resources on one host The virtual machine is configured to communicate with each other by using the virtual switch, and the virtual machine subnet further includes at least one legal DHCP server to provide an IP address for the virtual machine.
接收单元, 用于接收 DHCP Offer消息, 所述 DHCP Offer消息为所述虚 拟机子网中的第一 DHCP服务器接收到所述 DHCP Di scover 消息后发送的, 所述 DHCP Offer 消息包括所述第一 DHCP服务器的地址信息, 将所述 DHCP Offer消息传输至处理单元;  a receiving unit, configured to receive a DHCP Offer message, where the DHCP Offer message is sent after the first DHCP server in the virtual machine subnet receives the DHCP Di scover message, where the DHCP Offer message includes the first DHCP Address information of the server, transmitting the DHCP Offer message to the processing unit;
处理单元, 用于接收所述接收单元发送的所述 DHCP Offer消息, 获取所 述第一 DHCP服务器的地址信息, 并根据所述第一 DHCP服务器的地址信息, 识别所述第一 DHCP服务器是否为非法 DHCP服务器。 在第一种可能的实现方式中, 所述处理单元还用于: 如果识别结果为所 述第一 DHCP服务器为非法 DHCP服务器, 则对所述非法的第一 DHCP服务器 进行告警处理。 a processing unit, configured to receive the DHCP Offer message sent by the receiving unit, obtain address information of the first DHCP server, and identify, according to the address information of the first DHCP server, whether the first DHCP server is Illegal DHCP server. In a first possible implementation manner, the processing unit is further configured to: perform alarm processing on the illegal first DHCP server if the first DHCP server is an illegal DHCP server.
结合第二方面, 在第二种可能的实现方式中, 所述处理单元具体用于: 将所述第一 DHCP服务器的地址信息与预设的合法的 DHCP服务器的地址信息 进行对比, 如果所述第一 DHCP服务器的地址信息与所述预设的合法的 DHCP 服务器的地址信息不一致,则识别所述第一 DHCP服务器是非法 DHCP服务器。  With reference to the second aspect, in a second possible implementation, the processing unit is specifically configured to: compare address information of the first DHCP server with address information of a preset legal DHCP server, if If the address information of the first DHCP server is inconsistent with the address information of the preset legal DHCP server, the first DHCP server is identified as an illegal DHCP server.
结合第二方面的第二种可能的实现方式, 在第三种可能的实现方式中, 所述装置还包括, 预设单元, 用于预先设置 DHCP服务器列表, 所述 DHCP服 务器列表中包括所述合法的 DHCP服务器的地址信息。  With reference to the second possible implementation of the second aspect, in a third possible implementation, the device further includes: a preset unit, configured to preset a DHCP server list, where the DHCP server list includes the The address information of a legitimate DHCP server.
结合第二方面的第一种可能的实现方式, 在第四种可能的实现方式中, 所述地址信息为 IP地址和 MAC地址, 所述处理单元具体用于: 根据所述非法 的第一 DHCP服务器的 IP地址,获取所述非法的第一 DHCP服务器对应的主机 名称, 对所述非法的第一 DHCP服务器的主机名称进行告警处理。  With the first possible implementation of the second aspect, in a fourth possible implementation, the address information is an IP address and a MAC address, and the processing unit is specifically configured to: according to the illegal first DHCP The IP address of the server is obtained, and the host name corresponding to the illegal first DHCP server is obtained, and the host name of the illegal first DHCP server is alarmed.
结合第二方面,在第五种可能的实现方式中, 所述地址信息为 IP地址和 With reference to the second aspect, in a fifth possible implementation, the address information is an IP address and
MAC 地址, 所述处理单元还用于: 在所述虚拟机子网中禁止所述非法的第一 DHCP服务器的 IP地址或 MAC地址。 The processing unit is further configured to: disable an IP address or a MAC address of the illegal first DHCP server in the virtual machine subnet.
结合第二方面或者第二方面的第一种、 第二种、 第三种、 第四种、 第五 种可能的实现方式中, 在第六种可能的实现方式中, 所述发送单元还用于, 向所述第一 DHCP服务器发送 DHCP请求消息,所述 DHCP请求消息中携带一个 无效 DHCP服务器地址信息, 用以结束 DHCP会话。  With reference to the second aspect, or the first, second, third, fourth, and fifth possible implementation manners of the second aspect, in the sixth possible implementation manner, the sending unit is further used And sending a DHCP request message to the first DHCP server, where the DHCP request message carries an invalid DHCP server address information, used to end the DHCP session.
本发明实施例提供的 DHCP服务器的识别方法和装置, DHCP安全模块向 虚拟机子网内广播发送 DHCP Di scover消息, 其中, 所述虚拟机子网包括多 台虚拟机和一台虚拟交换机, 所述多台虚拟机由一台主机上的物理资源创建 中还包括至少一台合法的 DHCP服务器为所述虚拟机提供 IP地址; 接收 DHCP Offer消息, 所述 DHCP Offer消息为所述虚拟机子网中的第一 DHCP服务器 接收到所述 DHCP Di s cover消息后发送的, 所述 DHCP Offer消息包括所述第 一 DHCP服务器的地址信息; 获取所述第一 DHCP服务器的地址信息, 并根据 所述第一 DHCP服务器的地址信息 ,识别所述第一 DHCP服务器是否为非法 DHCP 服务器。 由于该 DHCP服务器的识别装置和 DHCP服务器可以运行在虚拟机的 操作系统中, 因此本发明实施例可以识别虚拟化环境中的非法 DHCP服务器, 并对识别出的非法 DHCP服务器进行告警处理, 提高了网络的安全性。 附图说明 The method and device for identifying a DHCP server provided by the embodiment of the present invention, the DHCP security module broadcasts a DHCP Di scover message to the virtual machine subnet, where the virtual machine subnet includes multiple virtual machines and one virtual switch, The virtual machine is created by a physical resource on a host, and includes at least one legal DHCP server to provide an IP address for the virtual machine; receiving DHCP The Offer message, the DHCP Offer message is sent after the first DHCP server in the virtual machine subnet receives the DHCP Di s cover message, and the DHCP Offer message includes address information of the first DHCP server; The address information of the first DHCP server is used to identify whether the first DHCP server is an illegal DHCP server according to the address information of the first DHCP server. The identification device of the DHCP server and the DHCP server can be run in the operating system of the virtual machine. Therefore, the embodiment of the present invention can identify an illegal DHCP server in the virtualized environment, and perform alarm processing on the identified illegal DHCP server, thereby improving Network security. DRAWINGS
图 1为本发明实施例提供的 DHCP服务器的识别方法的一种应用场景示意 图;  FIG. 1 is a schematic diagram of an application scenario of a method for identifying a DHCP server according to an embodiment of the present disclosure;
图 2为本发明实施例提供的一种 DHCP服务器的识别方法流程图; 图 3为本发明实施例提供的一种 DHCP服务器的识别方法的信息交互示意 图;  2 is a flowchart of a method for identifying a DHCP server according to an embodiment of the present invention; FIG. 3 is a schematic diagram of information interaction of a method for identifying a DHCP server according to an embodiment of the present invention;
图 4为本发明实施例提供的一种 DHCP服务器的识别装置示意图; 图 5为本发明实施例提供的又一 DHCP服务器的识别装置示意图。 具体实施方式  FIG. 4 is a schematic diagram of a device for identifying a DHCP server according to an embodiment of the present invention; FIG. 5 is a schematic diagram of another apparatus for identifying a DHCP server according to an embodiment of the present invention. detailed description
以下描述中, 为了说明而不是为了限定, 提出了诸如特定系统结构、 接 口、 技术之类的具体细节, 以便透切理解本发明。 然而, 本领域的技术人员 情况中, 省略对众所周知的装置、 电路以及方法的详细说明, 以免不必要的 细节妨碍本发明的描述。  In the following description, for purposes of illustration and description, reference reference However, well-known devices, circuits, and methods are omitted in the description of the present invention in order to avoid obscuring the description of the present invention.
图 1为本发明实施例提供的 DHCP服务器的识别方法的一种应用场景示意 图。 本发明实施例提供的 DHCP服务器的识别方法和装置在实际应用时, 作为 一种新的识别方法可应用于一台物理主机 /服务器内建立了多台虚拟机,多台 虚拟机形成至少一个虚拟机子网 ,每个虚拟机子网内部包括一台虚拟交换机 场景。 如图 1所示, 该物理主机内有多台虚拟机, 即虚拟机 1、 虚拟机 2…… 虚拟机 n, 每台虚拟机建立在主机内部的虚拟化平台上, 虚拟化平台为每台 主机提供了处理器资源、 硬盘资源、 存储器资源以及网卡资源, 虚拟机的网 卡与主机的网卡通过管理模块中的网卡驱动器相连接。 当然, 该主机中还包 括硬件平台, 该硬件平台中包括处理器、 硬盘、 存储器以及网卡。 物理主机 进行交互之前, 可通过 DHCP配置 IP地址。 为了确保不使用非法 DHCP服务器 所提供的 IP地址, 即识别出非法 DHCP服务器, 本发明还提供了 DHCP安全模 块, 该 DHCP安全模块可以位于该主机的某台虚拟机中, 也可以位于主机中的 管理模块, 也可以位于其他主机中。 DHCP安全模块在多台虚拟机形成的子网 内广播发送 DHCP Di scover ( DHCP发现) 消息, 并通过接收到的 DHCP Offer ( DHCP提供) 消息中携带的 IP地址, 判断发送 DHCP消息的 DHCP服务器是 否为非法 DHCP服务器。 由此, 本发明实施例提供的 DHCP服务器的识别方法 实现了虚拟化环境中的非法 DHCP服务器的识别, 提高了网络的安全性。 FIG. 1 is a schematic diagram of an application scenario of a method for identifying a DHCP server according to an embodiment of the present invention. The method and device for identifying a DHCP server provided by the embodiment of the present invention can be applied to a plurality of virtual machines and multiple virtual machines in a physical host/server as a new identification method. The virtual machine forms at least one virtual machine subnet, and each virtual machine subnet internally includes a virtual switch scenario. As shown in Figure 1, there are multiple virtual machines in the physical host, namely virtual machine 1, virtual machine 2, and virtual machine n. Each virtual machine is built on the virtualization platform inside the host. The virtualization platform is each. The host provides processor resources, hard disk resources, memory resources, and network card resources. The network card of the virtual machine is connected to the network card of the host through the network card driver in the management module. Of course, the host also includes a hardware platform including a processor, a hard disk, a memory, and a network card. The IP address can be configured via DHCP before the physical host interacts. In order to ensure that the IP address provided by the illegal DHCP server is not used, that is, the illegal DHCP server is identified, the present invention also provides a DHCP security module, which may be located in a virtual machine of the host, or may be located in the host. The management module can also be located in other hosts. The DHCP security module broadcasts a DHCP Di scover (DHCP Discovery) message in a subnet formed by multiple virtual machines, and determines whether the DHCP server that sends the DHCP message is determined by the IP address carried in the received DHCP Offer message. Is an illegal DHCP server. Therefore, the method for identifying a DHCP server provided by the embodiment of the present invention implements identification of an illegal DHCP server in a virtualized environment, thereby improving network security.
图 2为本发明实施例提供的一种 DHCP服务器的识别方法流程图。该实施 例的执行主体是 DHCP安全模块, 应用场景是虚拟机子网, 该虚拟机子网包括 多台虚拟机和一台虚拟交换机, 所述多台虚拟机由一台主机上的物理资源创 中还包括至少一台合法的 DHCP服务器为所述虚拟机提供 IP地址。 如图 2所 示, 本实施例包括以下步骤:  FIG. 2 is a flowchart of a method for identifying a DHCP server according to an embodiment of the present invention. The execution entity of the embodiment is a DHCP security module, and the application scenario is a virtual machine subnet. The virtual machine subnet includes multiple virtual machines and one virtual switch, and the multiple virtual machines are created by physical resources on one host. Include at least one legitimate DHCP server to provide an IP address for the virtual machine. As shown in FIG. 2, the embodiment includes the following steps:
步骤 201 , DHCP安全模块向虚拟机子网内广播发送 DHCP Di scover消息。 具体地, DHCP安全模块可以周期性地在虚拟机子网内广播 DHCP Di s cover 消息, 用以使得子网内 DHCP Di scover消息的合法或非法的 DHCP Server响 应该 DHCP Di scover消息。 该 DHCP Di scover消息的报文格式与 DHCP协议中 规定的报文格式一致, 这里不再贅述。 步骤 202 , 接收 DHCP Of fer消息, 所述 DHCP Of fer消息为所述虚拟机 子网中的第一 DHCP 服务器接收到所述 DHCP D i s cover 消息后发送的, 所述 DHCP Of fer消息包括所述第一 DHCP服务器的地址信息。 Step 201: The DHCP security module broadcasts a DHCP Di scover message to the virtual machine subnet. Specifically, the DHCP security module may periodically broadcast a DHCP Di s cover message in the virtual machine subnet to enable the DHCP server of the DHCP Di scover message in the subnet to respond to the DHCP Di scover message. The format of the packet of the DHCP Di scover message is the same as the format of the packet specified in the DHCP protocol, and is not mentioned here. Step 202: Receive a DHCP Of fer message, where the DHCP Of fer message is sent after the first DHCP server in the virtual machine subnet receives the DHCP D is cover message, where the DHCP Of fer message includes the The address information of a DHCP server.
接收到 DHCP D i s cever消息的 DHCP Server可以向 DHCP 安全模块发送 DHCP Of fer消息, 该消息中携带有 DHCP Server的地址信息, 该地址信息包 括 I P地址和 MAC地址。  The DHCP server that receives the DHCP D i s cever message can send a DHCP Of fer message to the DHCP security module, where the message carries the address information of the DHCP server, and the address information includes the IP address and the MAC address.
步骤 203 ,获取所述第一 DHCP服务器的地址信息, 并根据所述第一 DHCP 服务器的地址信息, 识别所述第一 DHCP服务器是否为非法 DHCP服务器。  Step 203: Obtain the address information of the first DHCP server, and identify, according to the address information of the first DHCP server, whether the first DHCP server is an illegal DHCP server.
具体地, 一个虚拟机子网内一般应该配置一个 DHCP Server , 如果 DHCP 安全模块接收到多个 DHCP Of fer 消息, 则说明其中可能存在非法 DHCP Server 0 DHCP安全模块接收到第一 DHCP 服务器发送的 DHCP Of fer消息后, 可首先从该消息中提取该第一 DHCP服务器的 IP地址和 MAC地址信息, 根据 所述地址信息, 识别所述 DHCP服务器是否为非法 DHCP服务器。 可以将所述 第一 DHCP服务器的地址信息与预设的合法的 DHCP服务器的地址信息进行对 比, 如果所述第一 DHCP服务器的地址信息与所述预设的合法的 DHCP服务器 的地址信息不一致, 则识别所述第一 DHCP服务器是非法的 DHCP服务器。 Specifically, a DHCP server should be configured in a virtual machine subnet. If the DHCP security module receives multiple DHCP Of fer messages, it indicates that there may be an illegal DHCP server. 0 The DHCP security module receives the DHCP Of the first DHCP server. After the fer message, the IP address and MAC address information of the first DHCP server may be first extracted from the message, and the DHCP server is identified as an illegal DHCP server according to the address information. The address information of the first DHCP server may be compared with the address information of the preset legal DHCP server. If the address information of the first DHCP server is different from the address information of the preset legal DHCP server, Then identifying that the first DHCP server is an illegal DHCP server.
其中, 可以在 DHCP安全模块中可以预设一个 DHCP服务器列表, 该列表 中包括预设 DHCP服务器及其地址信息, 该 DHCP服务器列表也可以不设置在 DNCP安全模块中而设置在网络服务器中, 当 DHCP模块接收到 DHCP服务器返 回的 DHCP Of fer消息时, 可以访问网络服务器中的 DHCP服务器列表。 其中, 该 DHCP服务器列表可以由用户根据实际组网情况进行设置。  A DHCP server list may be preset in the DHCP security module. The list includes a preset DHCP server and its address information. The DHCP server list may also be set in the network server without being set in the DNCP security module. When receiving the DHCP Of fer message returned by the DHCP server, the DHCP module can access the DHCP server list in the network server. The DHCP server list can be set by the user according to the actual networking situation.
具体地, 当 DHCP安全模块接收到 DHCP Server发送的 DHCP Of fer消息 后, 如果只有一个 DHCP Server发送了 DHCP Of fer消息, 则将该 DHCP Server 的地址信息与 DHCP服务器列表中的地址信息进行对比, 如果一致, 则说明该 DHCP Server是合法的 DHCP Server , 否则说明发送 DHCP Of f er消息的 DHCP Server为非法 DHCP Server。 如果 DHCP安全模块接收到多个 DHCP Server发 送的多个 DHCP Offer消息后, 则将该多个 DHCP Server对应的地址信息逐一 与 DHCP服务器列表中的地址信息进行对比, 由于一般一个虚拟机子网中只配 置一个 DHCP Server , 因此正常情况下最多只有一个 DHCP Server 的地址信 息与列表中的地址信息一致, 地址信息一致的 DHCP Server 为合法的 DHCP Server , 地址信息不一致的 DHCP Server为非法 DHCP Server。 Specifically, after the DHCP security module receives the DHCP Of fer message sent by the DHCP server, if only one DHCP Server sends a DHCP Of fer message, the address information of the DHCP server is compared with the address information in the DHCP server list. If they are consistent, the DHCP server is a valid DHCP server. Otherwise, the DHCP server that sends the DHCP Of message is an illegal DHCP server. If the DHCP security module receives multiple DHCP Servers After multiple DHCP Offer messages are sent, the address information corresponding to the multiple DHCP servers is compared with the address information in the DHCP server list one by one. Generally, only one DHCP Server is configured in one virtual machine subnet, so the normal maximum is Only one DHCP server has the same address information as the address information in the list. The DHCP server with the same address information is a valid DHCP server. The DHCP server whose address information is inconsistent is an illegal DHCP server.
对于非法 DHCP Server , DHCP安全模块可以进行告警处理, 例如, 对该 DHCP Server 的主机名称进行告警显示, 显示在显示界面上, 供用户进行查 看,即在 DHCP安全模块的显示界面上显示该 DHCP Server为非法 DHCP Server 的提示信息。 由于 DHCP Of fer消息中可以携带 IP地址和 MAC地址等地址信 息, 因此可以通过该 IP地址信息获取对应的主机名称, 如通过 P ing-a i p命 令获取 I P地址对应的主机名称。  For an illegal DHCP server, the DHCP security module can perform alarm processing. For example, the alarm name of the DHCP server is displayed on the display interface for users to view. That is, the DHCP server is displayed on the display interface of the DHCP security module. A prompt for an illegal DHCP server. The DHCP Of fer message can carry the address information such as the IP address and the MAC address. Therefore, the host name can be obtained through the IP address information. For example, the host name corresponding to the IP address is obtained by using the P ing-a i p command.
由于 DHCP安全模块的显示界面上可以显示发送 DHCP Offer信息的 DHCP 服务器的相关信息, 因此也可由用户通过所显示的信息对 DHCP Offer进行人 工识别, 并对识别为非法 DHCP Server的服务器端进行告警处理。  Since the information about the DHCP server that sends the DHCP Offer information can be displayed on the display interface of the DHCP security module, the user can manually identify the DHCP Offer through the displayed information, and perform alarm processing on the server that is identified as the illegal DHCP server. .
对于非法的第一 DHCP服务器, DHCP模块还可以在该虚拟机子网中禁止 该第一 DHCP服务器的 IP地址或 MAC地址, 这样在以后接收到该 IP地址或 MAC地址发送的 DHCP响应消息时, 可以使虚拟交换机拒绝转发该来自该 IP 地址或 MAC地址的数据包。  For the illegal first DHCP server, the DHCP module may also disable the IP address or MAC address of the first DHCP server in the virtual machine subnet, so that when receiving the DHCP response message sent by the IP address or the MAC address later, Causes the virtual switch to refuse to forward the packet from the IP address or MAC address.
在一个优选的实施方式中, 在 DHCP安全模块接收到 DHCP Offer消息后, 还可记录该 DHCP Server的地址信息, 或者还可以向 DHCP Server发送一个 DHCP Reques t ( DHCP请求)消息, 并在该消息中携带一个无效的 DHCP Server 的地址信息, 用来终结该 DHCP会话过程。  In a preferred embodiment, after receiving the DHCP Offer message, the DHCP security module may also record the address information of the DHCP server, or may also send a DHCP Reques (DHCP Request) message to the DHCP server, and the message is It carries an invalid DHCP server address information to terminate the DHCP session process.
本发明实施例中, DHCP安全模块向虚拟机子网内广播发送 DHCP Di s cover 消息, 其中, 所述虚拟机子网包括多台虚拟机和一台虚拟交换机, 所述多台 虚拟机由一台主机上的物理资源创建得到, 所述多台虚拟机之间通过所述虚 拟交换机进行通信,所述虚拟子网中还包括至少一台合法的 DHCP服务器为所 述虚拟机提供 IP地址; 接收 DHCP Offer消息, 所述 DHCP Offer消息为所述 虚拟机子网中的第一 DHCP服务器接收到所述 DHCP Di scover消息后发送的, 所述 DHCP Offer消息包括所述第一 DHCP服务器的地址信息; 获取所述第一 DHCP服务器的地址信息, 并根据所述第一 DHCP服务器的地址信息, 识别所 述第一 DHCP服务器是否为非法 DHCP服务器。由于该 DHCP服务器的识别装置 和 DHCP服务器可以运行在虚拟机的操作系统中, 因此本发明实施例可以识别 虚拟化环境中的非法 DHCP服务器, 并对识别出的非法 DHCP服务器进行告警 处理, 提高了网络的安全性。 In the embodiment of the present invention, the DHCP security module broadcasts a DHCP Di s cover message to the virtual machine subnet, where the virtual machine subnet includes multiple virtual machines and one virtual switch, and the multiple virtual machines are supported by one host. The physical resources are created, and the multiple virtual machines communicate with each other through the virtual switch, and the virtual subnet further includes at least one legal DHCP server. The virtual machine provides an IP address, and receives a DHCP Offer message, where the DHCP Offer message is sent after the first DHCP server in the virtual machine subnet receives the DHCP Di scover message, and the DHCP Offer message includes the Obtaining address information of a DHCP server; obtaining address information of the first DHCP server, and identifying, according to the address information of the first DHCP server, whether the first DHCP server is an illegal DHCP server. The identification device of the DHCP server and the DHCP server can be run in the operating system of the virtual machine. Therefore, the embodiment of the present invention can identify an illegal DHCP server in the virtualized environment, and perform alarm processing on the identified illegal DHCP server, thereby improving Network security.
上述实施例以 DHCP安全模块为执行主体介绍了 DHCP Server的识别过程, 下面给出在识别 DHCP Server的过程中, DHCP安全模块与 DHCP Server的信 息交互过程。  The above embodiment introduces the DHCP server identification process by using the DHCP security module as the execution subject. The following describes the information exchange process between the DHCP security module and the DHCP server during the process of identifying the DHCP server.
图 3为本发明实施例提供的一种 DHCP服务器的识别方法的信息交互示意 图。 如图 3所示, 该实施例包括以下步骤:  FIG. 3 is a schematic diagram of information interaction of a DHCP server identification method according to an embodiment of the present invention. As shown in FIG. 3, this embodiment includes the following steps:
步骤 301 , DHCP安全模块向 DHCP服务器发送 DHCP Di scover消息。 其中, 该方法的应用场景时虚拟机子网, 该虚拟机子网包括多台虚拟机 和一台虚拟交换机, 所述多台虚拟机由一台主机上的物理资源创建得到, 而 多台虚拟机之间通过所述虚拟交换机进行通信, 所述虚拟机子网中还包括至 少一台合法的 DHCP服务器为所述虚拟机提供 IP地址。  Step 301: The DHCP security module sends a DHCP Di scover message to the DHCP server. The application scenario of the method is a virtual machine subnet, where the virtual machine subnet includes multiple virtual machines and one virtual switch, and the multiple virtual machines are created by physical resources on one host, and multiple virtual machines are used. Communicating through the virtual switch, the virtual machine subnet further includes at least one legal DHCP server providing an IP address for the virtual machine.
具体地, DHCP 安全模块可以周期性地在该虚拟机子网内广播 DHCP D i scover 消息, 用以使得子网内 DHCP D i scover 消息的合法或非法的 DHCP Server响应该 DHCP D i scover消息。  Specifically, the DHCP security module may periodically broadcast a DHCP D i scover message in the virtual machine subnet to enable a legitimate or illegal DHCP server of the DHCP D i scover message in the subnet to respond to the DHCP D i scover message.
步骤 302 , DHCP服务器向 DHCP安全模块发送 DHCP Offer消息。  Step 302: The DHCP server sends a DHCP Offer message to the DHCP security module.
DHCP Server接收到 DHCP Di scover消息之后, 可以向 DHCP安全模块发 送 DHCP Offer消息, 该消息中携带有 DHCP Server的地址信息, 该地址信息 包括 I P地址和 MAC地址。  After receiving the DHCP Di scover message, the DHCP server can send a DHCP Offer message to the DHCP security module. The message carries the address information of the DHCP server, and the address information includes the IP address and the MAC address.
步骤 303 , DHCP 安全模块根据该 DHCP 服务器的 IP 地址识别该 DHCP Server是否为非法 DHCP Server。 Step 303: The DHCP security module identifies the DHCP according to the IP address of the DHCP server. Whether the server is an illegal DHCP server.
对 DHCP Server进行识别的方法为: 将预设 DHCP服务器的地址信息与所 述该 DHCP服务器的地址信息进行对比, 如果不一致, 则识别所述 DHCP服务 器为非法 DHCP服务器。  The method for identifying the DHCP server is: comparing the address information of the preset DHCP server with the address information of the DHCP server, and if not, identifying the DHCP server as an illegal DHCP server.
对于非法 DHCP Server , DHCP安全模块可以进行告警处理, 例如, 对该 For an illegal DHCP server, the DHCP security module can perform alarm processing, for example,
DHCP Server 的主机名称进行告警显示, 显示在显示界面上, 供用户进行查 看,即在 DHCP安全模块的显示界面上显示该 DHCP Server为非法 DHCP Server 的提示信息。 由于 DHCP Of fer消息中可以携带 IP地址和 MAC地址等地址信 息, 因此可以通过该 I P地址信息获取对应的主机名称, 如通过 P i ng-a i p命 令获取 I P地址对应的主机名称。 The host name of the DHCP server is displayed as an alarm. It is displayed on the display interface for the user to view. The DHCP server displays the prompt message of the DHCP server as an illegal DHCP server. The DHCP Of fer message can carry the address information such as the IP address and the MAC address. Therefore, the host name can be obtained through the IP address information. For example, the host name corresponding to the IP address is obtained by using the P ng-a i p command.
由于 DHCP安全模块的显示界面上可以显示发送 DHCP Offer信息的 DHCP 服务器的相关信息, 因此也可由用户通过所显示的信息对 DHCP Offer进行人 工识别, 并对识别为非法 DHCP Server的服务器端进行告警处理。  Since the information about the DHCP server that sends the DHCP Offer information can be displayed on the display interface of the DHCP security module, the user can manually identify the DHCP Offer through the displayed information, and perform alarm processing on the server that is identified as the illegal DHCP server. .
对于非法的第一 DHCP服务器, DHCP模块还可以在该虚拟机子网中禁止该 第一 DHCP服务器的 IP地址或 MAC地址, 这样在以后接收到该 IP地址或 MAC 地址发送的 DHCP响应消息时, 可以使虚拟交换机拒绝转发该来自该 IP地址 或 MAC地址的数据包。  For the illegal first DHCP server, the DHCP module may also disable the IP address or MAC address of the first DHCP server in the virtual machine subnet, so that when receiving the DHCP response message sent by the IP address or the MAC address later, Causes the virtual switch to refuse to forward the packet from the IP address or MAC address.
步骤 304 , DHCP安全模块确定是否接收到全部的 DHCP Offer消息, 一般 设定一个预设的时间, 超时后可以终结该 DHCP会话过程。  Step 304: The DHCP security module determines whether all DHCP Offer messages are received, and generally sets a preset time. After the timeout, the DHCP session process may be terminated.
具体地, 还可以通过向 DHCP Server发送一个 DHCP Reques t消息, 并在 该消息中携带一个无效的 DHCP Server的地址信息, 用以终结该 DHCP会话过 程。  Specifically, the DHCP session can be terminated by sending a DHCP Reques t message to the DHCP server and carrying an invalid DHCP Server address information.
当然, 步骤 304也可以在步骤 303之前、 步骤 302之后执行。  Of course, step 304 can also be performed before step 303 and after step 302.
由此, 本发明实施例可以识别虚拟化环境中的非法 DHCP服务器, 并对识 别出的非法 DHCP服务器进行告警处理, 提高了网络的安全性。  Therefore, the embodiment of the present invention can identify an illegal DHCP server in a virtualized environment, and perform alarm processing on the identified illegal DHCP server, thereby improving network security.
相应地, 本发明实施例还提供了一种 DHCP服务器的识别装置。 图 4为本 发明实施例提供的一种 DHCP服务器的识别装置示意图。 如图 4所示, 本实施 例包括以下单元: Correspondingly, an embodiment of the present invention further provides an identifier for a DHCP server. Figure 4 is the basis A schematic diagram of an identification device of a DHCP server provided by an embodiment of the invention. As shown in FIG. 4, this embodiment includes the following units:
发送单元 401 , 用于向虚拟机子网内广播发送 DHCP D i scover消息, 其 中, 所述虚拟机子网包括多台虚拟机和一台虚拟交换机, 所述多台虚拟机由 一台主机上的物理资源创建得到, 所述多台虚拟机之间通过所述虚拟交换机 进行通信,所述虚拟机子网中还包括至少一台合法的 DHCP服务器为所述虚拟 机提供 IP地址。  The sending unit 401 is configured to broadcast and send a DHCP D i scover message to the virtual machine subnet, where the virtual machine subnet includes multiple virtual machines and one virtual switch, where the multiple virtual machines are physics on one host The virtual machine is configured to communicate with each other, and the virtual machine subnet further includes at least one legal DHCP server to provide an IP address for the virtual machine.
发送单元 401可以周期性地在虚拟机子网内广播 DHCP Di scover消息, 也可以在接收到用户的请求消息后广播发送 DHCP Di scover消息。  The sending unit 401 can periodically broadcast the DHCP Di scover message in the virtual machine subnet, and can also broadcast and send the DHCP Di scover message after receiving the user's request message.
接收到 DHCP Server发送的 DHCP Offer消息后, 发送单元 402还用于, 向所述第一 DHCP服务器发送 DHCP请求消息,所述 DHCP请求消息中携带一个 无效 DHCP服务器地址信息, 用以结束 DHCP会话。  After receiving the DHCP Offer message sent by the DHCP server, the sending unit 402 is further configured to send a DHCP request message to the first DHCP server, where the DHCP request message carries an invalid DHCP server address information, and is used to end the DHCP session.
接收单元 402 , 用于接收 DHCP Offer消息, 所述 DHCP Of fer消息为所 述虚拟机子网中的第一 DHCP服务器接收到所述 DHCP Di s cover 消息后发送 的,所述 DHCP Offer消息包括所述第一 DHCP服务器的地址信息,将所述 DHCP Offer消息传输至处理单元。  The receiving unit 402 is configured to receive a DHCP Offer message, where the DHCP Of fer message is sent after the first DHCP server in the virtual machine subnet receives the DHCP Di s cover message, where the DHCP Offer message includes the The address information of the first DHCP server transmits the DHCP Offer message to the processing unit.
处理单元 403 , 用于接收所述接收单元发送的所述 DHCP Offer消息, 获 取所述第一 DHCP服务器的地址信息, 并根据所述第一 DHCP服务器的地址信 息, 识别所述第一 DHCP服务器是否为非法 DHCP服务器。  The processing unit 403 is configured to receive the DHCP Offer message sent by the receiving unit, obtain address information of the first DHCP server, and identify, according to the address information of the first DHCP server, whether the first DHCP server is Is an illegal DHCP server.
处理单元 403具体用于: 将所述第一 DHCP服务器的地址信息与预设的合 法的 DHCP服务器的地址信息进行对比, 如果所述第一 DHCP服务器的地址信 息与所述预设的合法的 DHCP服务器的地址信息不一致,则识别所述第一 DHCP 服务器是非法 DHCP服务器。  The processing unit 403 is specifically configured to: compare the address information of the first DHCP server with the address information of a preset legal DHCP server, if the address information of the first DHCP server and the preset legal DHCP If the address information of the server is inconsistent, it is identified that the first DHCP server is an illegal DHCP server.
处理单元 403还用于:如果识别结果为所述第一 DHCP服务器为非法 DHCP 服务器, 则对所述非法的第一 DHCP服务器进行告警处理。  The processing unit 403 is further configured to: perform alarm processing on the illegal first DHCP server if the first DHCP server is an illegal DHCP server.
其中, DHCP Offer消息中携带的地址信息为 IP地址和 MAC地址, 对于 非法 DHCP服务器, 处理单元 403具体用于: 根据所述非法的第一 DHCP服务 器的 IP地址, 获取所述非法的第一 DHCP服务器对应的主机名称, 对所述非 法的第一 DHCP服务器的主机名称进行告警处理。 The address information carried in the DHCP Offer message is an IP address and a MAC address. An illegal DHCP server, the processing unit 403 is specifically configured to: obtain, according to the IP address of the illegal first DHCP server, a host name corresponding to the illegal first DHCP server, and a host name of the illegal first DHCP server Perform alarm processing.
对于非法 DHCP Server , DHCP安全模块可以进行告警处理, 例如, 对该 DHCP Server 的主机名称进行告警显示, 显示在显示界面上, 供用户进行查 看,即在 DHCP安全模块的显示界面上显示该 DHCP Server为非法 DHCP Server 的提示信息。 由于 DHCP Of fer消息中可以携带 IP地址和 MAC地址等地址信 息, 因此可以通过该 I P地址信息获取对应的主机名称, 如通过 P i ng-a i p命 令获取 I P地址对应的主机名称。  For an illegal DHCP server, the DHCP security module can perform alarm processing. For example, the alarm name of the DHCP server is displayed on the display interface for users to view. That is, the DHCP server is displayed on the display interface of the DHCP security module. A prompt for an illegal DHCP server. The DHCP Of fer message can carry the address information such as the IP address and the MAC address. Therefore, the host name can be obtained through the IP address information. For example, the host name corresponding to the IP address is obtained by using the P ng-a i p command.
由于 DHCP安全模块的显示界面上可以显示发送 DHCP Offer信息的 DHCP 服务器的相关信息, 因此也可由用户通过所显示的信息对 DHCP Offer进行人 工识别, 并对识别为非法 DHCP Server的服务器端进行告警处理。  Since the information about the DHCP server that sends the DHCP Offer information can be displayed on the display interface of the DHCP security module, the user can manually identify the DHCP Offer through the displayed information, and perform alarm processing on the server that is identified as the illegal DHCP server. .
处理单元 403还用于: 在所述虚拟机子网中禁止所述非法的第一 DHCP服 务器的 IP地址或 MAC地址。 对于非法的第一 DHCP服务器, DHCP模块还可以 在该虚拟机子网中禁止该第一 DHCP服务器的 IP地址或 MAC地址, 这样在以 后接收到该 IP地址或 MAC地址发送的 DHCP响应消息时, 可以使虚拟交换机 拒绝转发该来自该 IP地址或 MAC地址的数据包。  The processing unit 403 is further configured to: disable an IP address or a MAC address of the illegal first DHCP server in the virtual machine subnet. For the illegal first DHCP server, the DHCP module may also disable the IP address or MAC address of the first DHCP server in the virtual machine subnet, so that when receiving the DHCP response message sent by the IP address or the MAC address later, Causes the virtual switch to refuse to forward the packet from the IP address or MAC address.
优选地, 本实施例还包括: 预设单元 404 , 用于预先设置 DHCP服务器列 表, 所述 DHCP服务器列表中包括所述合法的 DHCP服务器的地址信息。  Preferably, the embodiment further includes: a preset unit 404, configured to preset a DHCP server list, where the DHCP server list includes address information of the legal DHCP server.
由此, 本发明实施例可以识别虚拟化环境中的非法 DHCP服务器, 并对识 别出的非法 DHCP服务器进行告警处理, 提高了网络的安全性。  Therefore, the embodiment of the present invention can identify an illegal DHCP server in a virtualized environment, and perform alarm processing on the identified illegal DHCP server, thereby improving network security.
图 5为本发明实施例提供的又一 DHCP服务器的识别装置示意图, 如图 5 所示, 该 DHCP服务器的识别装置包括: 处理器 501、 存储器 502、 系统总线 503和通信接口 504。 处理器 501、 存储器 502和通信接口 504之间通过系统 总线 503连接并完成相互间的通信。  FIG. 5 is a schematic diagram of another DHCP server identification apparatus according to an embodiment of the present invention. As shown in FIG. 5, the DHCP server identification apparatus includes: a processor 501, a memory 502, a system bus 503, and a communication interface 504. The processor 501, the memory 502, and the communication interface 504 are connected by the system bus 503 and complete communication with each other.
处理器 501可能为单核或多核中央处理单元( Cent ra l Proces s ing Uni t , CPU ) , 或者为特定集成电路 ( Appl icat ion Spec if ic Integra ted Ci rcui t , ASIC ) , 或者为被配置成实施本发明实施例的一个或多个集成电路。 The processor 501 may be a single core or multi-core central processing unit (Cen ra l Proces s ing Uni t , The CPU) is either a specific integrated circuit (ASIC) or one or more integrated circuits configured to implement embodiments of the present invention.
存储器 502 可以为高速 RAM 存储器, 也可以为非易失性存储器 ( non-volat i le memory ) , 例如至少一个磁盘存储器。  The memory 502 may be a high speed RAM memory or a non-volatile memory such as at least one disk memory.
存储器 502用于存放程序 505。 具体的, 程序 505中可以包括程序代码, 所述程序代码包括计算机执行指令。  Memory 502 is used to store program 505. Specifically, the program code may be included in the program 505, and the program code includes a computer execution instruction.
当所述 DHCP服务器的识别装置运行时, 处理器 501运行程序 505 , 以执 行以下指令:  When the identification device of the DHCP server is running, the processor 501 runs the program 505 to execute the following instructions:
向虚拟机子网内广播发送 DHCP Di scover消息, 其中, 所述虚拟机子网 包括多台虚拟机和一台虚拟交换机, 所述多台虚拟机由一台主机上的物理资 机子网中还包括至少一台合法的 DHCP服务器为所述虚拟机提供 IP地址; 接收 DHCP Offer消息, 所述 DHCP Offer消息为所述虚拟机子网中的第 一 DHCP服务器接收到所述 DHCP Di scover消息后发送的, 所述 DHCP Offer 消息包括所述第一 DHCP服务器的地址信息;  Sending a DHCP Di scover message to the virtual machine subnet, where the virtual machine subnet includes multiple virtual machines and one virtual switch, and the multiple virtual machines include at least a physical asset subnet on one host. A legitimate DHCP server provides an IP address for the virtual machine; receiving a DHCP Offer message, where the DHCP Offer message is sent after the first DHCP server in the virtual machine subnet receives the DHCP Di scover message, The DHCP Offer message includes address information of the first DHCP server;
获取所述第一 DHCP服务器的地址信息, 并根据所述第一 DHCP服务器的 地址信息, 识别所述第一 DHCP服务器是否为非法 DHCP服务器。  Obtaining the address information of the first DHCP server, and identifying, according to the address information of the first DHCP server, whether the first DHCP server is an illegal DHCP server.
具体地, 一个虚拟机子网内一般应该配置一个 DHCP Server , 如果 DHCP 安全模块接收到多个 DHCP Offer 消息, 则说明其中可能存在非法 DHCP Server 0 DHCP安全模块接收到第一 DHCP 服务器发送的 DHCP Offer消息后, 可首先从该消息中提取该第一 DHCP服务器的 IP地址和 MAC地址信息, 根据 所述地址信息, 识别所述 DHCP服务器是否为非法 DHCP服务器。 可以将所述 第一 DHCP服务器的地址信息与预设的合法的 DHCP服务器的地址信息进行对 比, 如果所述第一 DHCP服务器的地址信息与所述预设的合法的 DHCP服务器 的地址信息不一致, 则识别所述第一 DHCP服务器是非法的 DHCP服务器。 Specifically, a DHCP server should be configured in a virtual machine subnet. If the DHCP security module receives multiple DHCP Offer messages, it indicates that there may be an illegal DHCP server. 0 The DHCP security module receives the DHCP Offer message sent by the first DHCP server. After that, the IP address and MAC address information of the first DHCP server may be first extracted from the message, and the DHCP server is identified as an illegal DHCP server according to the address information. The address information of the first DHCP server may be compared with the address information of the preset legal DHCP server. If the address information of the first DHCP server is different from the address information of the preset legal DHCP server, Then identifying that the first DHCP server is an illegal DHCP server.
进一步的, 处理器 501执行识别所述第一 DHCP服务器是否为非法 DHCP 服务器的指令之后, 根据程序 505 , 将执行以下指令: 如果识别结果为所述 第一 DHCP服务器为非法 DHCP服务器, 则对所述非法的第一 DHCP服务器进 行告警处理。 Further, the processor 501 performs to identify whether the first DHCP server is an illegal DHCP. After the instruction of the server, according to the program 505, the following instruction is executed: If the recognition result is that the first DHCP server is an illegal DHCP server, the illegal first DHCP server is subjected to alarm processing.
进一步的,处理器 501根据所述第一 DHCP服务器的地址信息,识别所述 第一 DHCP服务器是否为非法 DHCP服务器的过程具体包括: 将所述第一 DHCP 服务器的地址信息与预设的合法的 DHCP服务器的地址信息进行对比,如果所 述第一 DHCP服务器的地址信息与所述预设的合法的 DHCP服务器的地址信息 不一致, 则识别所述第一 DHCP服务器是非法 DHCP服务器。  Further, the process of the processor 501 identifying whether the first DHCP server is an illegal DHCP server according to the address information of the first DHCP server specifically includes: setting address information of the first DHCP server with a preset legal The address information of the DHCP server is compared. If the address information of the first DHCP server is different from the address information of the preset legal DHCP server, the first DHCP server is identified as an illegal DHCP server.
其中, 处理器 501还可预先设置 DHCP服务器列表, 所述 DHCP服务器列 表中包括合法的 DHCP服务器的地址信息。 该 DHCP服务器列表可以保存在存 储器 502中, 或者网络服务器中, 由处理器 501在需要时进行访问。  The processor 501 can also preset a DHCP server list, where the DHCP server list includes address information of a legitimate DHCP server. The list of DHCP servers can be stored in memory 502, or in a network server, accessed by processor 501 as needed.
进一步的, DHCP服务器的地址信息包括 IP地址和 MAC地址,处理器 501 对所述非法的第一 DHCP服务器进行告警处理的过程包括:根据所述非法的第 一 DHCP服务器的 IP地址,获取所述非法的第一 DHCP服务器对应的主机名称, 对所述非法的第一 DHCP服务器的主机名称进行告警处理。  Further, the address information of the DHCP server includes an IP address and a MAC address, and the process of the alarm processing by the processor 501 to the illegal first DHCP server includes: acquiring the information according to the IP address of the illegal first DHCP server. The host name corresponding to the illegal first DHCP server is used to perform alarm processing on the host name of the illegal first DHCP server.
对于非法 DHCP Server , DHCP安全模块可以进行告警处理, 例如, 对该 DHCP Server 的主机名称进行告警显示, 显示在显示界面上, 供用户进行查 看,即在 DHCP安全模块的显示界面上显示该 DHCP Server为非法 DHCP Server 的提示信息。 由于 DHCP Of fer消息中可以携带 IP地址和 MAC地址等地址信 息, 因此可以通过该 I P地址信息获取对应的主机名称, 如通过 P i ng-a i ρ命 令获取 I P地址对应的主机名称。  For an illegal DHCP server, the DHCP security module can perform alarm processing. For example, the alarm name of the DHCP server is displayed on the display interface for users to view. That is, the DHCP server is displayed on the display interface of the DHCP security module. A prompt for an illegal DHCP server. The DHCP Of fer message can carry the address information such as the IP address and the MAC address. Therefore, the host name can be obtained through the IP address information, for example, the host name corresponding to the IP address is obtained by using the P ng-a i ρ command.
由于 DHCP安全模块的显示界面上可以显示发送 DHCP Offer信息的 DHCP 服务器的相关信息, 因此也可由用户通过所显示的信息对 DHCP Offer进行人 工识别, 并对识别为非法 DHCP Server的服务器端进行告警处理。  Since the information about the DHCP server that sends the DHCP Offer information can be displayed on the display interface of the DHCP security module, the user can manually identify the DHCP Offer through the displayed information, and perform alarm processing on the server that is identified as the illegal DHCP server. .
当识别出第一 DHCP服务器为非法 DHCP服务器时, 处理器 501还可在所 述虚拟机子网中禁止所述非法的第一 DHCP服务器的 IP地址和 MAC地址。 对于非法的第一 DHCP服务器, DHCP模块还可以在该虚拟机子网中禁止 该第一 DHCP服务器的 IP地址或 MAC地址, 这样在以后接收到该 IP地址或 MAC地址发送的 DHCP响应消息时, 可以使虚拟交换机拒绝转发该来自该 IP 地址或 MAC地址的数据包。 When it is recognized that the first DHCP server is an illegal DHCP server, the processor 501 may also disable the IP address and the MAC address of the illegal first DHCP server in the virtual machine subnet. For the illegal first DHCP server, the DHCP module may also disable the IP address or MAC address of the first DHCP server in the virtual machine subnet, so that when receiving the DHCP response message sent by the IP address or the MAC address later, Causes the virtual switch to refuse to forward the packet from the IP address or MAC address.
进一步的, 处理器 501访问存储器 502中的程序 505之后, 在执行接收 第一 DHCP服务器返回的 DHCP Offer消息的指令之后, 还可向所述第一 DHCP 服务器发送 DHCP请求消息,所述 DHCP请求消息中携带一个无效 DHCP服务器 地址信息, 用以结束 DHCP会话。  Further, after the processor 501 accesses the program 505 in the memory 502, after executing the instruction of receiving the DHCP Offer message returned by the first DHCP server, the processor may further send a DHCP request message to the first DHCP server, where the DHCP request message is sent. It carries an invalid DHCP server address information to end the DHCP session.
专业人员应该还可以进一步意识到, 结合本文中所公开的实施例描述的 各示例的单元及算法步骤, 能够以电子硬件、 计算机软件或者二者的结合来 实现, 为了清楚地说明硬件和软件的可互换性, 在上述说明中已经按照功能 一般性地描述了各示例的组成及步骤。 这些功能究竟以硬件还是软件方式来 执行, 取决于技术方案的特定应用和设计约束条件。 专业技术人员可以对每 个特定的应用来使用不同方法来实现所描述的功能, 但是这种实现不应认为 超出本发明的范围。  A person skilled in the art should further appreciate that the elements and algorithm steps of the various examples described in connection with the embodiments disclosed herein can be implemented in electronic hardware, computer software, or a combination of both, in order to clearly illustrate hardware and software. Interchangeability, the composition and steps of the various examples have been generally described in terms of function in the above description. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the solution. A person skilled in the art can use different methods for implementing the described functions for each particular application, but such implementation should not be considered to be beyond the scope of the present invention.
结合本文中所公开的实施例描述的方法或算法的步骤可以用硬件、 处理 器执行的软件模块, 或者二者的结合来实施。 软件模块可以置于随机存储器 ( RAM ) 、 内存、 只读存储器(ROM ) 、 电可编程 R0M、 电可擦除可编程 R0M、 寄存器、 硬盘、 可移动磁盘、 CD-R0M、 或技术领域内所公知的任意其它形式 的存储介质中。  The steps of a method or algorithm described in connection with the embodiments disclosed herein can be implemented in hardware, a software module executed by a processor, or a combination of both. Software modules can be placed in random access memory (RAM), memory, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM, or technical field Any other form of storage medium known.
以上所述的具体实施方式, 对本发明的目的、 技术方案和有益效果进行 了进一步详细说明, 所应理解的是, 以上所述仅为本发明的具体实施方式而 已, 并不用于限定本发明的保护范围, 凡在本发明的精神和原则之内, 所做 的任何修改、 等同替换、 改进等, 均应包含在本发明的保护范围之内。  The above described embodiments of the present invention are further described in detail, and the embodiments of the present invention are intended to be illustrative only. The scope of the protection, any modifications, equivalents, improvements, etc., made within the spirit and scope of the invention are intended to be included within the scope of the invention.

Claims

权 利 要 求 书 claims
1、 一种动态主机配置协议 DHCP服务器的识别方法, 其特征在于, 所述 方法包括: 1. A method for identifying a Dynamic Host Configuration Protocol DHCP server, characterized in that the method includes:
DHCP安全模块向虚拟机子网内广播发送 DHCP Di scover消息, 其中, 所 述虚拟机子网包括多台虚拟机和一台虚拟交换机, 所述多台虚拟机由一台主 信,所述虚拟机子网中还包括至少一台合法的 DHCP服务器为所述虚拟机提供 IP地址; The DHCP security module broadcasts and sends a DHCP Discover message to the virtual machine subnet, wherein the virtual machine subnet includes multiple virtual machines and a virtual switch, the multiple virtual machines are controlled by a master, and the virtual machine subnet It also includes at least one legal DHCP server providing an IP address for the virtual machine;
接收 DHCP Offer消息, 所述 DHCP Offer消息为所述虚拟机子网中的第 一 DHCP服务器接收到所述 DHCP Di s cover消息后发送的, 所述 DHCP Offer 消息包括所述第一 DHCP服务器的地址信息; Receive a DHCP Offer message. The DHCP Offer message is sent by the first DHCP server in the virtual machine subnet after receiving the DHCP Discover message. The DHCP Offer message includes the address information of the first DHCP server. ;
获取所述第一 DHCP服务器的地址信息, 并根据所述第一 DHCP服务器的 地址信息, 识别所述第一 DHCP服务器是否为非法 DHCP服务器。 Obtain the address information of the first DHCP server, and identify whether the first DHCP server is an illegal DHCP server based on the address information of the first DHCP server.
2、 根据权利要求 1所述的 DHCP服务器的识别方法, 其特征在于, 所述 识别所述第一 DHCP服务器是否为非法 DHCP服务器之后, 还包括: 如果识别 结果为所述第一 DHCP服务器为非法 DHCP服务器,则对所述非法的第一 DHCP 服务器进行告警处理。 2. The method for identifying a DHCP server according to claim 1, wherein after identifying whether the first DHCP server is an illegal DHCP server, the method further includes: if the identification result is that the first DHCP server is illegal DHCP server, then perform alarm processing on the illegal first DHCP server.
3、 根据权利要求 2所述的 DHCP服务器的识别方法, 其特征在于, 所述 根据所述第一 DHCP服务器的地址信息, 识别所述第一 DHCP服务器是否为非 法 DHCP服务器包括:将所述第一 DHCP服务器的地址信息与预设的合法的 DHCP 服务器的地址信息进行对比,如果所述第一 DHCP服务器的地址信息与所述预 设的合法的 DHCP服务器的地址信息不一致, 则识别所述第一 DHCP服务器是 非法 DHCP服务器。 3. The method for identifying a DHCP server according to claim 2, wherein identifying whether the first DHCP server is an illegal DHCP server according to the address information of the first DHCP server includes: The address information of a DHCP server is compared with the address information of a preset legal DHCP server. If the address information of the first DHCP server is inconsistent with the address information of the preset legal DHCP server, the first DHCP server is identified. A DHCP server is an illegal DHCP server.
4、 根据权利要求 3所述的 DHCP服务器的识别方法, 其特征在于, 所述 方法还包括: 预先设置 DHCP服务器列表, 所述 DHCP服务器列表中包括合法 的 DHCP服务器的地址信息。 4. The method for identifying a DHCP server according to claim 3, wherein the method further includes: pre-setting a DHCP server list, and the DHCP server list includes address information of legal DHCP servers.
5、 根据权利要求 2所述的 DHCP服务器的识别方法, 其特征在于, 所述 地址信息为 IP地址和 MAC地址, 所述对所述非法的第一 DHCP服务器进行告 警处理包括: 根据所述非法的第一 DHCP服务器的 IP地址, 获取所述非法的 第一 DHCP服务器对应的主机名称, 对所述非法的第一 DHCP服务器的主机名 称进行告警处理。 5. The method for identifying a DHCP server according to claim 2, wherein the address information is an IP address and a MAC address, and the alarm processing for the illegal first DHCP server includes: obtain the IP address of the first DHCP server, obtain the host name corresponding to the illegal first DHCP server, and perform alarm processing on the host name of the illegal first DHCP server.
6、 根据权利要求 1所述的 DHCP服务器的识别方法, 其特征在于, 所述 地址信息为 IP地址和 MAC地址, 所述方法还包括: 在所述虚拟机子网中禁止 所述非法的第一 DHCP服务器的 IP地址或 MAC地址。 6. The method for identifying a DHCP server according to claim 1, wherein the address information is an IP address and a MAC address, and the method further includes: prohibiting the illegal first server in the virtual machine subnet. The IP address or MAC address of the DHCP server.
7、 根据权利要求 1-6任一项所述的 DHCP服务器的识别方法, 其特征在 于, 所述接收第一 DHCP服务器返回的 DHCP Of fer消息之后还包括: 7. The method for identifying a DHCP server according to any one of claims 1 to 6, characterized in that, after receiving the DHCP Of fer message returned by the first DHCP server, the method further includes:
向所述第一 DHCP服务器发送 DHCP请求消息,所述 DHCP请求消息中携带 一个无效 DHCP服务器地址信息, 用以结束 DHCP会话。 Send a DHCP request message to the first DHCP server, where the DHCP request message carries invalid DHCP server address information to end the DHCP session.
8、 一种动态主机配置协议 DHCP服务器的识别装置, 其特征在于, 所述 装置包括: 8. A dynamic host configuration protocol DHCP server identification device, characterized in that the device includes:
发送单元, 用于向虚拟机子网内广播发送 DHCP D i scover消息, 其中, 所述虚拟机子网包括多台虚拟机和一台虚拟交换机, 所述多台虚拟机由一台 主机上的物理资源创建得到, 所述多台虚拟机之间通过所述虚拟交换机进行 通信,所述虚拟机子网中还包括至少一台合法的 DHCP服务器为所述虚拟机提 供 IP地址; A sending unit, configured to broadcast and send a DHCP Discover message to a virtual machine subnet, where the virtual machine subnet includes multiple virtual machines and a virtual switch, and the multiple virtual machines are provided by physical resources on one host. Created, the plurality of virtual machines communicate through the virtual switch, and the virtual machine subnet also includes at least one legal DHCP server to provide an IP address for the virtual machine;
接收单元, 用于接收 DHCP Offer消息, 所述 DHCP Offer消息为所述虚 拟机子网中的第一 DHCP服务器接收到所述 DHCP Di scover 消息后发送的, 所述 DHCP Offer 消息包括所述第一 DHCP服务器的地址信息, 将所述 DHCP Offer消息传输至处理单元; A receiving unit, configured to receive a DHCP Offer message. The DHCP Offer message is sent by the first DHCP server in the virtual machine subnet after receiving the DHCP Discover message. The DHCP Offer message includes the first DHCP The address information of the server, transmits the DHCP Offer message to the processing unit;
处理单元, 用于接收所述接收单元发送的所述 DHCP Of fer消息, 获取所 述第一 DHCP服务器的地址信息, 并根据所述第一 DHCP服务器的地址信息, 识别所述第一 DHCP服务器是否为非法 DHCP服务器。 A processing unit configured to receive the DHCP Of fer message sent by the receiving unit, obtain the address information of the first DHCP server, and identify whether the first DHCP server is based on the address information of the first DHCP server. It is an illegal DHCP server.
9、 根据权利要求 8所述的 DHCP服务器的识别装置, 其特征在于, 所述 处理单元还用于:如果识别结果为所述第一 DHCP服务器为非法 DHCP服务器, 则对所述非法的第一 DHCP服务器进行告警处理。 9. The device for identifying a DHCP server according to claim 8, wherein the processing unit is further configured to: if the identification result is that the first DHCP server is an illegal DHCP server, then detect the illegal first DHCP server. The DHCP server handles alarms.
10、 根据权利要求 8所述的 DHCP服务器的识别装置, 其特征在于, 所述 处理单元具体用于:将所述第一 DHCP服务器的地址信息与预设的合法的 DHCP 服务器的地址信息进行对比,如果所述第一 DHCP服务器的地址信息与所述预 设的合法的 DHCP服务器的地址信息不一致, 则识别所述第一 DHCP服务器是 非法 DHCP服务器。 10. The device for identifying a DHCP server according to claim 8, wherein the processing unit is specifically configured to compare the address information of the first DHCP server with the address information of a preset legal DHCP server. , if the address information of the first DHCP server is inconsistent with the address information of the preset legal DHCP server, the first DHCP server is identified as an illegal DHCP server.
11、 根据权利要求 10所述的 DHCP服务器的识别装置, 其特征在于, 所 述装置还包括, 预设单元, 用于预先设置 DHCP服务器列表, 所述 DHCP服务 器列表中包括所述合法的 DHCP服务器的地址信息。 11. The device for identifying a DHCP server according to claim 10, characterized in that the device further includes a preset unit for presetting a DHCP server list, and the DHCP server list includes the legal DHCP server. address information.
12、 根据权利要求 9所述的 DHCP服务器的识别装置, 其特征在于, 所述 地址信息为 IP地址和 MAC地址, 所述处理单元具体用于: 根据所述非法的第 一 DHCP服务器的 IP地址,获取所述非法的第一 DHCP服务器对应的主机名称, 对所述非法的第一 DHCP服务器的主机名称进行告警处理。 12. The device for identifying a DHCP server according to claim 9, wherein the address information is an IP address and a MAC address, and the processing unit is specifically configured to: according to the IP address of the illegal first DHCP server , obtain the host name corresponding to the illegal first DHCP server, and perform alarm processing on the host name of the illegal first DHCP server.
1 3、 根据权利要求 8所述的 DHCP服务器的识别装置, 其特征在于, 所述 地址信息为 IP地址和 MAC地址, 所述处理单元还用于: 在所述虚拟机子网中 禁止所述非法的第一 DHCP服务器的 IP地址或 MAC地址。 13. The device for identifying a DHCP server according to claim 8, wherein the address information is an IP address and a MAC address, and the processing unit is further configured to: prohibit the illegal processing in the virtual machine subnet The IP address or MAC address of the first DHCP server.
14、 根据权利要求 8-1 3任一项所述的 DHCP服务器的识别装置, 其特征在 于, 所述发送单元还用于, 向所述第一 DHCP服务器发送 DHCP请求消息, 所 述 DHCP请求消息中携带一个无效 DHCP服务器地址信息,用以结束 DHCP会话。 14. The device for identifying a DHCP server according to any one of claims 8-13, wherein the sending unit is further configured to send a DHCP request message to the first DHCP server, the DHCP request message It carries an invalid DHCP server address information to end the DHCP session.
PCT/CN2013/084535 2012-12-10 2013-09-27 Method and apparatus for recognizing dhcp server WO2014090022A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201210527988.8A CN103873431A (en) 2012-12-10 2012-12-10 Method and device for identifying dynamic host configuration protocol server
CN201210527988.8 2012-12-10

Publications (1)

Publication Number Publication Date
WO2014090022A1 true WO2014090022A1 (en) 2014-06-19

Family

ID=50911562

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/084535 WO2014090022A1 (en) 2012-12-10 2013-09-27 Method and apparatus for recognizing dhcp server

Country Status (2)

Country Link
CN (1) CN103873431A (en)
WO (1) WO2014090022A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104468574B (en) * 2014-12-05 2018-03-23 中国联合网络通信集团有限公司 A kind of method, system and device of virtual machine dynamic access IP address
CN107612741B (en) * 2017-09-30 2021-04-16 迈普通信技术股份有限公司 Information processing method, device and system
CN110166315A (en) * 2019-04-17 2019-08-23 浙江远望信息股份有限公司 With the presence or absence of the detection method that can connect the Internet lines in a kind of pair of broadcast domain
CN114615234A (en) * 2022-03-11 2022-06-10 新华三工业互联网有限公司 Address allocation method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090132696A1 (en) * 2007-11-20 2009-05-21 Alcatel Lucent Facilitating DHCP diagnostics in telecommunication networks
CN101465756A (en) * 2009-01-14 2009-06-24 杭州华三通信技术有限公司 Method and device for making automatic avoidance of illegal DHCP service and DHCP server
CN102710811A (en) * 2012-06-14 2012-10-03 杭州华三通信技术有限公司 Method for realizing security assignment of DHCP (Dynamic Host Configuration Protocol) address and switch board
CN102739814A (en) * 2011-04-15 2012-10-17 中兴通讯股份有限公司 Method and system for establishing Dynamic Host Configuration Protocol snooping binding table

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090132696A1 (en) * 2007-11-20 2009-05-21 Alcatel Lucent Facilitating DHCP diagnostics in telecommunication networks
CN101465756A (en) * 2009-01-14 2009-06-24 杭州华三通信技术有限公司 Method and device for making automatic avoidance of illegal DHCP service and DHCP server
CN102739814A (en) * 2011-04-15 2012-10-17 中兴通讯股份有限公司 Method and system for establishing Dynamic Host Configuration Protocol snooping binding table
CN102710811A (en) * 2012-06-14 2012-10-03 杭州华三通信技术有限公司 Method for realizing security assignment of DHCP (Dynamic Host Configuration Protocol) address and switch board

Also Published As

Publication number Publication date
CN103873431A (en) 2014-06-18

Similar Documents

Publication Publication Date Title
US20210385154A1 (en) Multipath data transmission method and device
EP3840444B1 (en) Method for accessing network by internet of things device, and system
ES2539259T3 (en) Method, device and system for multimedia data transmission based on a higher level server (OTT)
JP4879643B2 (en) Network access control system, terminal, address assignment device, terminal system authentication device, network access control method, and computer program
US11082398B2 (en) Method for securing a DHCP server from unauthorized client attacks in a software defined network
US20100223655A1 (en) Method, System, and Apparatus for DHCP Authentication
US9529995B2 (en) Auto discovery of virtual machines
WO2013097067A1 (en) Method, device and system for realizing communication after virtual machine migration
US10148676B2 (en) Method and device for defending DHCP attack
WO2014154040A1 (en) Access control method, device and system
JP2006191552A5 (en)
CN107872445B (en) Access authentication method, device and authentication system
WO2012003742A1 (en) Method, apparatus and system for preventing user from modifying ip address privately
WO2014090022A1 (en) Method and apparatus for recognizing dhcp server
CN101980496A (en) Message processing method and system, exchange board and access server equipment
CN111049946A (en) Portal authentication method, Portal authentication system, electronic equipment and storage medium
WO2010000157A1 (en) Configuration method, device and system for access device
JP5613915B2 (en) Method and apparatus for assigning and obtaining IP addresses
WO2014135102A1 (en) Wlan user management method, device and system
WO2010130181A1 (en) Device and method for preventing internet protocol version 6 (ipv6) address being fraudulently attacked
WO2023134557A1 (en) Processing method and apparatus based on industrial internet identifier
CN109167759B (en) Mobile phone number acquisition method and device
CN110072235B (en) Networking method and device for intelligent equipment, electronic device and storage medium
EP3407553B1 (en) Pppoe message transmission method and pppoe server
KR101491322B1 (en) Self-configuring local area network security

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13862774

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 13862774

Country of ref document: EP

Kind code of ref document: A1