In the Windows operating system environment, ordinary workstation users can often modify the local workstation's IP address parameters according to their wishes, as a result, the LAN network is prone to frequent IP address conflict, this phenomenon will "disturb" the stable operation of the local area network, It can even make a serious impact on the day-to-day office efficiency. So as a network administrator, we should take what measures, do not let the IP address conflict "interference" LAN network of normal and efficient operation? Now this article for your friends to put forward some effective measures to help you skillfully manage their own units of the local area network, Ensure the efficiency of LAN network is not affected by IP address conflict phenomenon of "interference"!
the motive for manufacturing IP address conflicts
The phenomenon of IP address conflict fault occurred in
LAN is not only a simple technical problem, but also a management problem that a network administrator must face seriously. Only if the network administrator finds out the reason for the malfunction, and tries to eliminate the foundation of the fault phenomenon, it is possible to eliminate the phenomenon of IP address conflict fault from the source.
summarizes a variety of IP address conflict failure phenomenon, we can not be difficult to analyze the cause of the conflict of the production of IP address the main reasons for the following: one is the ordinary workstation after a long period of time, due to frequent installation, unloading a variety of applications or anti-virus software, or even because the operator himself accidentally occurred the wrong operation, Cause the local workstation system crash phenomenon, the last workstation users reinstall the operating system, and set the workstation at random network parameters, and eventually inadvertently caused the IP address conflict phenomenon, this situation is more common, network administrators as long as the good management, It can effectively avoid the phenomenon of IP address conflict caused by this situation; Secondly, some illegal attackers in LAN or even Internet network attempt to destroy or disturb the stable operation of important network equipments in local LAN, and finally achieve the goal of interfering with the stable operation of LAN. For example, illegal attackers try to create IP address conflict fault phenomenon, in order to destroy the local area network servers or switches, such as the stable operation of important equipment, ultimately resulting in the entire LAN will not work; third, some people with ulterior motives want to have the various special access rights that the IP addresses that are illegally used The most common is to gain access to the Internet.
Those illegally embezzled IP address in the LAN network running, there may be the following kinds of effects: first, the legitimate workstation is not connected to the local area network, the use of legitimate workstations using the IP address for network connection operations, and ultimately to steal legitimate workstations to access the various rights of the purpose; Second, the legitimate workstation has been connected to the local area network, unauthorized use of legitimate workstation IP address, will cause the legitimate workstation IP address occurrence of resource conflict, resulting in a legitimate workstation can not normally access the network; Thirdly, after the IP address of the legitimate workstation is stolen, This IP address can be used to perform various malicious damage activities in the LAN network.
to avoid the occurrence of IP address conflict, we should naturally first understand the method of manufacturing IP address conflict, only in this way can we prescribe the right remedy, take targeted measures to deny the IP address conflict "interference" LAN normal operation.
generally speaking, when the LAN is put into operation, the network administrator will assign a suitable IP address for all workstations in the LAN. However, after a long run of LAN workstation, it is likely that system paralysis or some other symptoms, resulting in the workstation's network parameters have been lost, at this point the workstation users will probably do their own, into the local workstation system TCP/IP property Settings window, In which the local workstation is randomly assigned an IP address, because the IP address is not a prior division of the network administrator of the IP address, which naturally formed an IP address conflict phenomenon. Therefore, in a LAN working environment with a static IP address, a normal workstation user can easily open the TCP/IP Properties Settings window on the local system so that the IP address used by the local workstation can be changed arbitrarily.
In order to protect the local workstation's IP address from unauthorized misuse, some friends familiar with the network will often take the approach of address binding, the network administrator assigned to the local workstation's IP address in advance to the corresponding workstation network card device, so that even if the illegal user embezzled the local workstation IP address, It does not interfere with the normal internet access of the local workstation. For the IP address that has taken the binding measure, the illegal user also found the embezzlement method, that is simultaneously steals the legitimate workstation the IP address and the network card device MAC address, then risks using the legitimate host the identity to carry on the malicious destruction. For example, when an illegal user steals the IP address of a legitimate workstation, after discovering that the stolen IP address is not connected to the LAN network properly, they will think that the IP address is likely to be bound, so they will try to use the MAC address scanner and other work to view, steal the legitimate Workstation network card MAC address, After stealing the network card MAC address of the legitimate workstation, the illegal user will modify the IP address of his workstation to the legal MAC address. The way to modify the MAC address of the NIC is simple, the user clicks the "Start"/"Settings"/"Network Connections" command in the local workstation system desktop, and in the Pop-up Network Connections List window, right-click the local connection icon and execute the Properties command from the pop-up shortcut menu. Open the Local Area Connection Properties Settings dialog box, click the General tab in the dialog box, click the Configure button on the corresponding Options settings page to go to the local workstation's target Network Card Property Settings dialog box, and then click the Advanced tab in the Settings dialog box to open the Advanced Options Settings page shown in Figure 1. Select the network Address option in the Properties list box on the left side of the Settings page and set the value of this option to a stolen network card Mac, and then click OK to complete the change task for the physical address of the network card.
In addition, for some illegal users who are familiar with attack technology, they often use IP address spoofing technology to forge the IP address of a workstation, but this electronic spoofing technique usually needs to be implemented by means of programming. For example, an illegal attacker can use socket programming to send a traffic packet with a false source IP address to the LAN network to achieve a deceptive attack. means to prevent IP address conflicts
understand several ways to create IP address conflicts, we can use different methods of blocking for different manufacturing approaches.
In the LAN working environment with static IP address, the network administrator can use the Ip-mac address binding method, that is, using the static routing technology to prevent ordinary workstation users from randomly entering the TCP/IP property Settings window and arbitrarily modifying the IP address of the local system. Considering that in the same LAN segment, the network of ordinary workstation is not based on the host's IP address, but according to the host's physical address, the communication between different network segments will be based on the IP address of the host network to search the path, Therefore, as a LAN gateway router device usually has a ip-mac dynamic corresponding table, which is automatically generated and maintained by the ARP communication protocol. We can enter the LAN router's background management interface, from which to configure the ARP table settings options, the static ARP routing table personalization, the future LAN router device will automatically follow the static ARP table to check the communication packets, if it can not correspond, then no data forwarding operations. With this approach, network administrators can easily prevent illegal attackers from using legitimate workstation IP addresses for illegal network access without modifying the MAC address of the network card device.
in order to prevent illegal users by modifying the MAC address of the network card to create IP address conflict phenomenon, we can use the port binding function of LAN switch to effectively resolve the problem that illegal users modify the MAC address of the network card to adapt to the static ARP table. As you know, the common managed switches support port binding, and we can use the port address filtering mode provided by this feature to prevent IP address conflicts because the switch's port address filtering mode often allows each switch connection port to allow only workstations with legitimate MAC addresses to access the network, Any workstation with an illegal MAC address will be denied access to the network by the switch.
in the large-scale work environment of the network, we can also prevent the occurrence of IP address conflict by dividing the virtual subnet. In a strict sense, the division of virtual work subnet is not a technical measure, but a combination of management measures and technical measures. The IP addresses that have the same access behavior are uniformly divided into the same virtual work subnet, and the relevant routing policies are properly set up, so that we can effectively deny the illegal attackers the ability to steal other work subnet IP address phenomena.
In addition, in the process of managing and maintaining the local area network, we try to use less direct IP address authorization management mode, but should use encryption, password, VPN connection or other authentication mechanism to establish multi-level and strict security system. That would effectively reduce the security threat posed by IP address conflicts.