摘要
为了减少因采用DHCP技术给网络带来的不安全性,分析了网络中威胁DHCP的因素——流氓服务器的建立,非法用户的访问,拒绝服务攻击。接着针对以上不同威胁的发生原因,结合网络安全的关键技术,提出了3种减少威胁的方法,分别为检测流氓服务器、检测MAC地址和DHCP消息认证机制。最后分析前两种方法的局限性,得出采用消息认证机制,DHCP服务器和客户主机不仅能对DHCP消息内容进行认证,而且可以进行实体认证,避免了流氓服务器和非法用户的威胁。
To reduce the threats aroused by DHCP in network, the DHCP threats in network——the establishment of rogue server, the access of invalid clients, the attack of denial of service were analyzed. On the basis of the reasons that different threats generated and key technology of network security, the methods to reduce or lighten them was respectively brought forth, checking rogue server, checking the address of MAC and the mechanism of DHCP message authentication. At last, it is showed the shortcomings of the former two methods and it is summarized that DHCP servers and clients not only can authenticate the content of DHCP massage but also do entity by using the mechanism of DHCP massage authentication which eliminates the threats of rogue servers and invalid clients.
出处
《计算机工程与设计》
CSCD
北大核心
2006年第1期109-111,共3页
Computer Engineering and Design
关键词
DHCP
流氓服务器
MAC地址
拒绝服务
延时认证
重放检测
dynamic host configuration protocol
rogue server
address of medium access control layer
denial of service
delayed authentication
replay detection
