Systems and methods for denying rogue DHCP services

US 20060212560A1
Filed: 03/18/2005
Published: 09/21/2006
Est. Priority Date: 03/18/2005
Status: Active Grant

First Claim

Patent Images

1. A method of controlling dynamic host control protocol (DHCP) communication on a network comprising:

receiving a data frame on a network switch; and

if the data frame is a DHCP offer frame that is not received from an authorized DHCP server port, dropping the data frame.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods of controlling dynamic host control protocol (DHCP) communication on a network are presented including: receiving a data frame on a network switch; and if the data frame is a DHCP offer frame that is not received from an authorized DHCP server port, dropping the data frame. In some embodiments, methods further include if the data frame is not the DHCP offer frame, forwarding the data frame. In some embodiments, methods further include if the data frame is the DHCP offer frame that is received from the authorized DHCP server port, forwarding the data frame.

11 Citations

View as Search Results

30 Claims

1. A method of controlling dynamic host control protocol (DHCP) communication on a network comprising:
- receiving a data frame on a network switch; and
  
  if the data frame is a DHCP offer frame that is not received from an authorized DHCP server port, dropping the data frame.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising:
    - if the data frame is not the DHCP offer frame, forwarding the data frame.
  - 3. The method of claim 1 further comprising:
    - if the data frame is the DHCP offer frame that is received from the authorized DHCP server port, forwarding the data frame.
  - 4. The method of claim 1 further comprising:
    - logging an event in response to the dropping the data frame.
  - 5. The method of claim 1 further comprising:
    - generating an alert in response to the dropping the data frame.
  - 6. The method of claim 4 wherein the logging the event comprises:
    - storing a flag type entry;
      
      storing a rogue DHCP port entry; and
      
      storing a timestamp entry for the event.
  - 7. The method of claim 1 wherein the network switch is packet switching enabled.

8. A method of disabling a rogue dynamic host control protocol (DHCP) server processes on a DHCP enabled network comprising:
- receiving a client frame on a DHCP enabled network switch; and
  
  if the client frame is a DHCP offer frame that is received from the rogue DHCP server, dropping the client frame thereby disabling rogue DHCP server processes on the DHCP enabled network.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8 further comprising:
    - if the client frame is not the DHCP offer frame, forwarding the client frame.
  - 10. The method of claim 8 further comprising:
    - if the client frame is the DHCP offer frame that is not received from the rogue DHCP server port, forwarding the client frame.
  - 11. The method of claim 8 further comprising:
    - logging an event in response to the dropping the client frame.
  - 12. The method of claim 8 further comprising:
    - generating an alert in response to the dropping the client frame.
  - 13. The method of claim 11 wherein the logging the event comprises:
    - storing a flag type entry;
      
      storing a designated port entry; and
      
      storing a timestamp entry for the event.

14. A rogue dynamic host control protocol (DHCP) server filter for use on a DHCP enabled network comprising:
- a client frame receiving component for receiving a client frame on a DHCP enabled network switch; and
  
  a DHCP server identification component for determining whether the client frame is a DCHP offer frame that is received from a rogue DHCP server.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The rogue DHCP server filter of claim 14 further comprising:
    - a data forwarding component for forwarding the client frame if the DHCP server identification component determines that the client frame is the DHCP offer frame that is not received from the rogue DHCP server.
  - 16. The rogue DHCP server filter of claim 14 further comprising:
    - a logging component configured to log an event in response to determining that the client frame is the DCHP offer frame that is received from the rogue DHCP server.
  - 17. The rogue DHCP server filter of claim 14 further comprising:
    - a notification component configured to notify a user in response to determining that the client frame is the DHCP offer frame that is received from the rogue DHCP server.
  - 18. The rogue DHCP server filter of claim 16 wherein the event comprises:
    - a flag type entry;
      
      a designated port entry; and
      
      a timestamp entry.

19. A security enhanced network switch for controlling DHCP servers for use on a DHCP enabled network comprising:
- a client frame receiving component for receiving a client frame on the security enhanced network switch; and
  
  a DHCP server identification component for determining whether the client frame is a DCHP offer frame that is received from a rogue DHCP server.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The security enhanced network switch of claim 19 further comprising:
    - a data forwarding component for forwarding the client frame if the DHCP server identification component determines that the client frame is not the DHCP offer frame.
  - 21. The security enhanced network switch of claim 19 further comprising:
    - a logging component configured to log an event in response to determining that the client frame is the DCHP offer frame that is received from the rogue DHCP server.
  - 22. The security enhanced network switch of claim 19 further comprising:
    - a notification component configured to notify a user in response to determining that the client frame is the DHCP offer frame that is received from the rogue DHCP server.
  - 23. The security enhanced network switch of claim 21 wherein the event comprises:
    - a flag type entry;
      
      a designated port entry; and
      
      a timestamp entry.
  - 24. The security enhanced network switch of claim 19 wherein the security enhanced network switch is packet switching enabled.

25. A computer program product for use in conjunction with a computer system for disabling a rogue dynamic host control protocol (DHCP) server processes on a DHCP enabled network, the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism comprising:
- instructions for receiving a client frame on a DHCP enabled network switch; and
  
  if the client frame is a DHCP offer frame that is received from the rogue DHCP server, instructions for dropping the client frame thereby disabling rogue DHCP server processes on the DHCP enabled network.
- View Dependent Claims (26, 27, 28, 29, 30)
- - 26. The method of claim 25 further comprising:
    - if the client frame is not the DHCP offer frame, forwarding the client frame.
  - 27. The method of claim 25 further comprising:
    - if the client frame is the DHCP offer frame that is not received from the rogue DHCP server port, forwarding the client frame.
  - 28. The method of claim 25 further comprising:
    - instructions for logging an event in response to the dropping the client frame.
  - 29. The method of claim 25 further comprising:
    - instructions for generating an alert in response to the dropping the client frame.
  - 30. The method of claim 28 wherein the instructions for logging the event comprises:
    - instructions for storing a flag type entry;
      
      instructions for storing a designated port entry; and
      
      instructions for storing a timestamp entry for the event.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Purser, Jimmy Ray

Granted Patent

US 7,756,976 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/223
CPC Class Codes

H04L 61/5014 using dynamic host configur...

H04L 61/5046 Resolving address allocatio...

Systems and methods for denying rogue DHCP services

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

11 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for denying rogue DHCP services

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links