How should we address and prevent IP address theft in the lan?

1. Modify the IP address

For any TCP/IP implementation, IP addresses are required for user configuration. If you are not using the IP address assigned by the authorized authority when configuring TCP/IP or modifying the TCP/IP configuration, the IP address is stolen.

. Because the I P address is a logical address and a value that needs to be set by the user, you cannot restrict static modification to the IP address unless you use the DHCP server to assign an IP address, however, it may cause other management problems.

2. Modify the IP-MAC address in pairs

Currently, many organizations use static routing to solve the problem of static IP address modification. For Static Routing Technology, IP address theft technology has a new development, that is, to modify the IP-MAC address in pairs. MAC address is the hardware address of the device, which is commonly known as the computer NIC address for Ethernet. The MAC address of each Nic must be unique among all Ethernet devices. It is allocated by IEEE and solidified on the NIC. However, the MAC address of some compatible NICs can be modified using the NIC configuration program. If you change the IP address and MAC address of a computer to the IP address and MAC address of another valid host, the static routing technology is powerless.

In addition, for NICs whose MAC addresses cannot be directly modified, you can use software to modify the MAC address, that is, by modifying the underlying network software, you can fool the upper-layer network software.

3. dynamically modify IP addresses

For some hackers, directly write programs to send and receive packets on the network, bypass the upper-layer network software, dynamic modification of their own IP address (or IP-MAC address pair ), it is not very difficult to achieve IP spoofing.

Defense Technology Research

Network experts have adopted various defense technologies to address IP address theft. Currently, the most common defense technology is based on the layer structure of TCP/IP, different methods are used at different levels to prevent IP address theft.

1. Switch Control

The most thorough solution to IP addresses is to use vswitches for control, that is, to control the second layer of TCP/IP: use the single address mode of the port provided by the vswitch, that is, each port of the vswitch allows only one host to access the network through this port. Access to the host with any other address is denied. However, the biggest disadvantage of this solution is that it requires all vswitches on the network to provide user access. This is not a widely used solution today when vswitches are relatively expensive.

2. Router isolation

The main reason for using vro isolation is that the MAC address cannot be changed globally as the IP address of the Ethernet card. The implementation method is to periodically scan the ARP tables of the routers on the campus network through the SNMP protocol to obtain the contrast between the current IP address and the MAC address, and compare it with the previous valid IP address and the MAC address, if not, illegal access. There are several ways to stop unauthorized access, such:

A. Use the correct IP address and MAC address ing to overwrite invalid IP-MAC table items;

B. Send an ICMP unattainable spoofing packet to the host with illegal access to interfere with data transmission;

C. Modify the access control list of the vro to prohibit unauthorized access.

Another Implementation Method of vroarp isolation is to use static ARP tables, that is, the ing between IP addresses and MAC addresses in vrouters is not obtained through ARP, but static settings are used. In this way, when the IP address for illegal access is inconsistent with the MAC address, the router will not reach the illegal host based on the correct static settings.

Router isolation technology can better solve the problem of IP address theft, but if the illegal user for its theoretical basis for destruction, modify the IP-MAC address in pairs, such as IP address theft it will be powerless.

3. Firewall and Proxy Server

The combination of the firewall and the proxy server can also better solve the IP address theft problem: the firewall is used to isolate the internal network and external network, and the user accesses the external network through the proxy server. The solution is to put the IP address anti-theft at the application layer, and change the IP address management to user identity and password management, because the user's use of the network is ultimately to use the network application. The advantage of this solution is that IP address theft can only be used within the subnet, without the significance of IP address theft. Valid users can select any IP host for use and access external network resources through the proxy server, you do not have the permission to use an external network even if you steal an IP address.

The disadvantages of using firewalls and proxy servers are also obvious. Because the use of proxy servers to access external networks is not transparent to users, user operations are troublesome. In addition, user management is also a problem for a large number of user groups (such as college students.