In the process of managing and maintaining the LAN, network administrators often assume the assignment of the IP address of the ordinary workstation, and the normal workstation can be considered as a legitimate workstation only by registering correctly. In the local area network working environment, any common workstation uses the IP address which is not specially authorized, will be used as the illegal IP address in the LAN network. However, in the Windows operating system environment, ordinary workstation users can often according to their own wishes to modify the local workstation IP address parameters, as a result of LAN network is prone to frequent IP address conflict phenomenon, this phenomenon will "disturb" the stable operation of the local area network, It can even make a serious impact on the day-to-day office efficiency. So as a network administrator, we should take what measures, do not let the IP address conflict "interference" LAN network of normal and efficient operation? Now this article for your friends to put forward some effective measures to help you skillfully manage their own units of the local area network, Ensure the efficiency of LAN network is not affected by IP address conflict phenomenon of "interference"!
The motivations for creating IP address conflicts
The phenomenon of IP address conflict fault occurred in
LAN is not only a simple technical problem, but also a management problem that a network administrator must face seriously. Only if the network administrator finds out the reason for the malfunction, and tries to eliminate the foundation of the fault phenomenon, it is possible to eliminate the phenomenon of IP address conflict fault from the source. Summary of a variety of IP address conflict phenomenon, we can not be difficult to analyze the cause of the conflict of the production of IP address the main reasons for the following: one is the ordinary workstation after a long period of time, due to frequent installation, uninstall a variety of applications or anti-virus software, or even because the operator himself accidentally wrong operation Cause the local workstation system crash phenomenon, the last workstation users reinstall the operating system, and set the workstation at random network parameters, and eventually inadvertently caused the IP address conflict phenomenon, this situation is more common, network administrators as long as the good management, It can effectively avoid the phenomenon of IP address conflict caused by this situation; Secondly, some illegal attackers in LAN or even Internet network attempt to destroy or disturb the stable operation of important network equipments in local LAN, and finally achieve the goal of interfering with the stable operation of LAN. For example, illegal attackers try to create IP address conflict fault phenomenon, in order to destroy the local area network servers or switches, such as the stable operation of important equipment, ultimately resulting in the entire LAN will not work; third, some people with ulterior motives want to have the various special access rights that the IP addresses that are illegally used The most common is to gain access to the Internet.
those illegally embezzled IP address in the LAN network running, there may be the following kinds of effects: one is not connected to the legitimate workstations in the local area network, the use of legitimate workstations using the IP address for network connection operations, and ultimately to steal legitimate workstations to access the various rights of the purpose; Second, the legitimate workstation has been connected to the local area network, unauthorized use of legitimate workstation IP address, will cause the legitimate workstation IP address occurrence of resource conflict, resulting in a legitimate workstation can not normally access the network; Thirdly, after the IP address of the legitimate workstation is stolen, This IP address can be used to perform various malicious damage activities in the LAN network.
The method of manufacturing IP address conflict
to avoid the occurrence of IP address conflict, we should naturally first understand the method of manufacturing IP address conflict, only in this way can we prescribe the right remedy, take targeted measures to deny the IP address conflict "interference" LAN normal operation.
generally speaking, when the LAN is put into operation, the network administrator will assign a suitable IP address for all workstations in the LAN. However, after a long run of LAN workstation, it is likely that system paralysis or some other symptoms, resulting in the workstation's network parameters have been lost, at this point the workstation users will probably do their own, into the local workstation system TCP/IP property Settings window, In which the local workstation is randomly assigned an IP address, because the IP address is not a prior division of the network administrator of the IP address, which naturally formed an IP address conflict phenomenon. Therefore, in a LAN working environment with a static IP address, a normal workstation user can easily open the TCP/IP Properties Settings window on the local system so that the IP address used by the local workstation can be changed arbitrarily.
In order to protect the local workstation's IP address from unauthorized misuse, some friends familiar with the network will often take the approach of address binding, the network administrator assigned to the local workstation's IP address in advance to the corresponding workstation network card device, so that even if the illegal user embezzled the local workstation IP address, It does not interfere with the normal internet access of the local workstation. For the IP address that has taken the binding measure, the illegal user also found the embezzlement method, that is simultaneously steals the legitimate workstation the IP address and the network card device MAC address, then risks using the legitimate host the identity to carry on the malicious destruction. For example, when an illegal user steals the IP address of a legitimate workstation, after discovering that the stolen IP address is not connected to the LAN network properly, they will think that the IP address is likely to be bound, so they will try to use the MAC address scanner and other work to view, steal the legitimate Workstation network card MAC address, After stealing the network card MAC address of the legitimate workstation, the illegal user will modify the IP address of his workstation to the legal MAC address. The way to modify the MAC address of the NIC is simple, the user clicks the "Start"/"Settings"/"Network Connections" command in the local workstation system desktop, and in the Pop-up Network Connections List window, right-click the local connection icon and execute the Properties command from the pop-up shortcut menu. Open the Local Area Connection Properties Settings dialog box, click the General tab in the dialog box, click the Configure button on the corresponding Options settings page to go to the local workstation's target Network Card Property Settings dialog box, and then click the Advanced tab in the Settings dialog box to open the Advanced Options Settings page shown in Figure 1. Select the network Address option in the Properties list box on the left side of the Settings page and set the value of this option to a stolen network card Mac, and then click OK to complete the change task for the physical address of the network card.
In addition, for some illegal users who are familiar with attack technology, they often use IP address spoofing technology to forge the IP address of a workstation, but this electronic spoofing technique usually needs to be implemented by means of programming. For example, an illegal attacker can use socket programming to send a traffic packet with a false source IP address to the LAN network to achieve a deceptive attack.
to prevent IP address conflicts
understand several ways to create IP address conflicts, we can use different methods of blocking for different manufacturing approaches.
In the LAN working environment with static IP address, the network administrator can use the Ip-mac address binding method, that is, using the static routing technology to prevent ordinary workstation users from randomly entering the TCP/IP property Settings window and arbitrarily modifying the IP address of the local system. Considering that in the same LAN segment, the network of ordinary workstation is not based on the host's IP address, but according to the host's physical address, the communication between different network segments will be based on the IP address of the host network to search the path, Therefore, as a LAN gateway router device usually has a ip-mac dynamic corresponding table, which is automatically generated and maintained by the ARP communication protocol. We can enter the LAN router's background management interface, from which to configure the ARP table settings options, the static ARP routing table personalization, the future LAN router device will automatically follow the static ARP table to check the communication packets, if it can not correspond, then no data forwarding operations. With this approach, network administrators can easily prevent illegal attackers from using legitimate workstation IP addresses for illegal network access without modifying the MAC address of the network card device.
in order to prevent illegal users by modifying the MAC address of the network card to create IP address conflict phenomenon, we can use the port binding function of LAN switch to effectively resolve the problem that illegal users modify the MAC address of the network card to adapt to the static ARP table. As you know, the common managed switches support port binding, and we can use the port address filtering mode provided by this feature to prevent IP address conflicts because the switch's port address filtering mode often allows each switch connection port to allow only workstations with legitimate MAC addresses to access the network, Any workstation with an illegal MAC address will be denied access to the network by the switch.
in the large-scale work environment of the network, we can also prevent the occurrence of IP address conflict by dividing the virtual subnet. In a strict sense, the division of virtual work subnet is not a technical measure, but a combination of management measures and technical measures. The IP addresses that have the same access behavior are uniformly divided into the same virtual work subnet, and the relevant routing policies are properly set up, so that we can effectively deny the illegal attackers the ability to steal other work subnet IP address phenomena.
In addition, in the process of managing and maintaining the local area network, as far as possible with those directly targeted at IP address management mode, but should be integrated use of encryption, password, VPN connection or other identity authentication mechanism, the establishment of a multi-level strict security system, which can effectively reduce the IP address conflict brought about by the security threat.
To prevent IP address conflict management
before, this article also mentioned the occurrence of IP address conflict Fault in LAN, not only a simple technical problem, but also a network administrator must seriously face the management problem. For this reason, we should pay more attention to the network management problem of LAN in the use of various technical measures to prevent the occurrence of IP address conflict.
first should increase publicity efforts, so that ordinary workstation users are aware of arbitrary changes in the IP address of the harm and punishment measures, should be developed appropriate IP address management system, and require every local area network users must strictly abide by, For example, the establishment of IP address management system can include: IP address application allocation system, IP address change system, IP address temporary allocation system, workstation network card MAC address registration management system, illegal change of IP address punishment system.
second, comprehensive operation of a variety of technical measures, those who often foul the LAN Internet users strict restrictions. Because of illegal misappropriation of IP addresses, it is always the behavior of a very small number of illegal users in the LAN network. Therefore, for the LAN network has been put into use, network administrators must carefully screen the existing problems, and then targeted to adopt a variety of technical means to those who frequently violate the IP address management system of the few illegal users to focus on prevention.
third, when dividing a virtual work subnet for a larger LAN network, we must consider both the simplicity and manageability of the network access. As far as possible not to increase the network construction cost and management cost, under the premise of you should be good at using the means to partition virtual work subnets to divide those workstations that are closer to the network access to the same work subnet, thus weakening the security threat posed by illegal misappropriation of IP addresses as much as possible.
Four, we should pay attention to the deployment of LAN management system. The use of professional network management tools, can easily implement static ARP routing table binding initialization operations, can reduce the network administrator a large number of repetitive operations, so as to enhance the efficiency of LAN management. Good at using all kinds of professional network management tools logging functions and daily monitoring functions, network administrators can be effective in the first time to discover the local area network IP address, network card MAC address and important network port and other abnormal changes, this is conducive to improving network administrator to find and solve network failure efficiency.
Small Hint
for ordinary workstation users, what should they do to prevent their IP address from being arbitrarily modified by illegal users? In fact, ordinary workstation users can have a variety of options to effectively protect the local system IP address will not be modified by illegal users; This article for your friends to contribute a few protection methods:
First you can modify the local system Group Policy to prevent illegal users from randomly accessing network connection properties. When you use this method to protect an IP address, we can click on the "Start", "Run" command, the pop-up system run box to execute the "gpedit.msc" command, open the Group Policy editing interface, click on the left side of the interface in the display area of "User Configuration", "Administrative Templates", "Network", " Network Connections node option, and then double-click the "Prohibit access to properties of LAN connection components" Group Policy option under the Node option, open the Properties Settings window for target Group Policy (as shown in Figure 2), select the Enabled option, and then click OK. In this way, illegal users will not be able to open the TCP/IP property Settings window at random to modify the local Workstation network card IP address.
The second can "appease" the system services, to skillfully hide the local connection icon, so that illegal users can not easily enter the TCP/IP property Settings window to change the IP address. When using this method to protect the IP address of the local system, we can click on the "Start"/"Run" command, in the pop-up system run text box, enter the "services.msc" string command, click the ENTER key to open the system's Services List window, find "Plug and Play" Service options, double-click the Service option, open the Properties Settings window for the service, click the Stop button on the General tab page of the Settings window, and then set its startup type to disabled so that the local connection icon for the local workstation system is hidden. In the future, if an illegal attacker cannot find the local connection icon, they will not be able to get into the TCP/IP Properties Settings window, so they are abandoning the idea of modifying the local workstation IP address.
However, the above method can only prevent some of the primary LAN users, and some advanced users will easily break them. In fact, we can also use the Reverse Registration Network connection icon method to achieve the purpose of hiding the local connection icon, this hidden method is usually a certain concealment. When using this method to protect IP addresses, we can click the "Start", "Run" command in the system desktop in turn, and in the pop-up system run text box, enter the "regsvr32 netcfgx.dll/u" string command, and then the "OK" button; regsvr32 netman.dll/u "," regsvr32 netshell.dll/u "string command, and finally restart the local workstation system, so that the local connection icon will be automatically hidden, The illegal user naturally also has no way to enter the network parameter setting window, carries on the random change IP address operation.