【 Weak current College 】 prevent IP theft protection network uptime

IP theft refers to misappropriation, unauthorized use of IP to configure computers on the Internet. Current IP usage behavior is very common, many "criminals" usage of the address of behavior to avoid tracking, hide their identity. IP piracy acts infringing the rights of normal users to network, and to network security, network uptime brings significant negative impact. IP piracy methods are diverse, its main common methods include the following:

1, static, modify the IP

For any IP TCP/IP implementation, is the user configuration is required. If the user in configuring TCP/IP or modify the TCP/IP configuration, you are not using the authority assigned IP addresses are formed IP theft. Since IP is a logical address is a user-set value, therefore does not restrict the user to modify the static IP address, unless you use the DHCP server allocate an IP address, but also brings other management issues.

2. modify IP-MAC address pairs

For a static IP address of modified, now many use static routing technology to solve them. For static routing technologies, IP theft technology has made new developments that modify IP-MAC address pairs. MAC address of the device's hardware address, for our common Ethernet, which is commonly known as computer network card address. Each network card MAC address on all Ethernet device must be unique, it is assigned by the IEEE, curing on NIC, General cannot change. However, some compatible network card now, its MAC address, you can use the adapter to modify the configuration program. If you set the computer's IP address and MAC address is changed to another legitimate host's IP address and MAC address of the static routing technology can do about it. Additionally, for those MAC addresses cannot directly modify the network card, the user can also use software to modify MAC address, i.e. by modifying the underlying network software to spoof the upper network software.

3, dynamically modify the IP address

For some hacker master, direct write programs and receive packets on the network, bypassing the upper network software, dynamically modify the own IP address (or addresses on IP-MAC), reached the IP spoofing is not a very difficult thing.

Finds the IP address of the usage of the more commonly-used method is to regularly scan the network to the router's ARP (addressresolutionprotocol) table, get the current IP address is being used and the relation between IP-MAC controlled, and legitimate IP address table, the table control, if IP-MAC inconsistencies in the illegal access behavior occurs. In addition, the report from the user's fault (misappropriation is using the IP address appears on the MAC address of hint conflicts) or you can find the IP address of misappropriation. On this basis, the common defense mechanisms: IP-MAC bundling technique, proxy server technology, authentication and authorization as well as transparent IP-MAC-USER gateway technology.

These mechanisms have certain limitations, such as IP-MAC bundled technology user management very difficult; transparent gateway technology requires specialized machines for data forwarding, the machine can easily become a bottleneck. More importantly, these mechanisms are not fundamentally prevent IP address misappropriation of harm, merely prevent address misappropriation to directly access the external network resources. In fact, due to IP address theft are still has the IP subnet and completely free, so on the one hand, this behavior may interfere with the lawful use of the user: on the other hand may be undesirable to attempt to attack the subnet and other machines and network devices. If the subnet has a proxy server, piracy can also access through various means of network resources.