Systems and methods for denying rogue DHCP services
First Claim
Patent Images
1. A method of controlling dynamic host control protocol (DHCP) communication on a network comprising a plurality of DHCP servers, the method comprising:
- configuring each of the plurality of DHCP servers to hold in memory all DHCP offers made by the DHCP server and lacking a response from a network switch, wherein the network switch includes at least one physical port designated as a port authorized to send DHCP offer frames and at least one physical port designated as a port unauthorized to send DHCP offer frames;
receiving a data frame at a physical port on the network switch;
if the data frame is a DHCP offer frame, determining whether the physical port of the network switch receiving the data frame is an authorized physical port to send DHCP offer frames based on whether the physical port comprises the at least one physical port designated as a port authorized to send DHCP offer frames;
in response to determining that the physical port is an authorized physical port to send DHCP offer frames, forwarding the received DHCP offer frame; and
in response to determining that the physical port is not an authorized physical port to send DHCP offer frames, dropping the received DHCP offer frame.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods of controlling dynamic host control protocol (DHCP) communication on a network are presented including: receiving a data frame on a network switch; and if the data frame is a DHCP offer frame that is not received from an authorized DHCP server port, dropping the data frame. In some embodiments, methods further include if the data frame is not the DHCP offer frame, forwarding the data frame. In some embodiments, methods further include if the data frame is the DHCP offer frame that is received from the authorized DHCP server port, forwarding the data frame.
5 Citations
24 Claims
-
1. A method of controlling dynamic host control protocol (DHCP) communication on a network comprising a plurality of DHCP servers, the method comprising:
-
configuring each of the plurality of DHCP servers to hold in memory all DHCP offers made by the DHCP server and lacking a response from a network switch, wherein the network switch includes at least one physical port designated as a port authorized to send DHCP offer frames and at least one physical port designated as a port unauthorized to send DHCP offer frames; receiving a data frame at a physical port on the network switch; if the data frame is a DHCP offer frame, determining whether the physical port of the network switch receiving the data frame is an authorized physical port to send DHCP offer frames based on whether the physical port comprises the at least one physical port designated as a port authorized to send DHCP offer frames; in response to determining that the physical port is an authorized physical port to send DHCP offer frames, forwarding the received DHCP offer frame; and in response to determining that the physical port is not an authorized physical port to send DHCP offer frames, dropping the received DHCP offer frame. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of disabling a rogue dynamic host control protocol (DHCP) server processes on a DHCP enabled network comprising a plurality of DHCP servers, the method comprising:
-
configuring each of the plurality of DHCP servers to hold in memory all DHCP offers made by the DHCP server and lacking a response from a DHCP enabled network switch, wherein the DHCP enabled network switch includes at least one physical port designated as a port authorized to send DHCP offer frames and at least one physical port designated as a port unauthorized to send DHCP offer frames; receiving a client frame at a physical port on the DHCP enabled network switch; if the client frame is a DHCP offer frame, determining whether the physical port of the DHCP enabled network switch receiving the data frame is an authorized physical port to send DHCP offer frames based on whether the physical port comprises the at least one physical port designated as a port authorized to send DHCP offer frames; and in response to determining that the physical port is an authorized physical port to send DHCP offer frames, forwarding the received DHCP offer frame, wherein the network switch drops the received DHCP offer frame in response to determining that the physical port is not an authorized physical port to send DHCP offer frames. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A DHCP enabled network comprising:
-
a plurality of DHCP servers each configured to hold in memory all DHCP offers made by the DHCP server and lacking a response from a DHCP enabled network switch, wherein the DHCP enabled network switch includes at least one physical port designated as a port authorized to send DHCP offer frames and at least one physical port designated as a port unauthorized to send DHCP offer frames; and the DHCP enabled network switch comprising; a client frame receiving component for receiving a client frame at a physical port on the DHCP enabled network switch; and a DHCP server identification component for determining whether the client frame is a DCHP offer frame and, if the client frame is a DHCP offer frame, determining whether the physical port of the DHCP enabled network switch receiving the data frame is an authorized port to send DHCP offer frames based on whether the physical port comprises the at least one physical port designated as a port authorized to send DHCP offer frames, wherein the DHCP enabled network switch is configured to drop the received DHCP offer frame in response to determining that the physical port is not an authorized physical port to send DHCP offer frames. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A computer program product for use in conjunction with a computer system for disabling a rogue dynamic host control protocol (DHCP) server processes on a DHCP enabled network comprising a plurality of DHCP servers, the computer program product comprising a computer readable storage device and a computer program mechanism embedded therein, the computer program mechanism comprising:
-
instructions for configuring each of the plurality of DHCP servers to hold in memory all DHCP offers made by the DHCP server and lacking a response from a DHCP enabled network switch, wherein the DHCP enabled network switch includes at least one physical port designated as a port authorized to send DHCP offer frames and at least one physical port designated as a port unauthorized to send DHCP offer frames; instructions for receiving a client frame at a physical port on the DHCP enabled network switch; if the client frame is a DHCP offer frame, instructions for determining whether the physical port of the DHCP enabled network switch receiving the data frame is an authorized physical port to send DHCP offer frames based on whether the physical port comprises the at least one physical port designated as a port authorized to send DHCP offer frames; and in response to determining that the physical port is not an authorized physical port to send DHCP offer frames, instructions for dropping the client frame thereby disabling rogue DHCP server processes on the DHCP enabled network. - View Dependent Claims (20, 21, 22, 23, 24)
-
Specification