论文总字数：15870字

摘 要

随着世界科技的发展，电脑已经普及。各大公司更是进入了无纸化办公的时代。随着日益增多的计算机。人们的工作、学习和生活与网络联系越来越紧密，搭建了许多不同的网络，如企业网、校园网和城区网等等。不过，分配ip太繁琐成为了最突出的问题。如何才能够不费力气的，给每台主机分配到一个唯一的ip地址呢？我们在这儿谈到的问题，可以运用DHCP服务器来解决。因为DHCP技术，管理网络的人工作量减少了很多，一个大型的网络可以在更短的时间里搭建出来，修改配置等工作量也变少了。但是对于客户端和服务器来说，DHCP本身没有权限控制机制，恶意用户便可以很容易地获得IP访问内部或外部网络，存在着很大的安全隐患^[1]。DHCP在设计上自身就不具备防御恶意攻击的性能，因此DHCP极易遭受各种各样的威胁。DHCP服务器的威胁可以是一个非法客户端伪装成一个合法客户端申请IP地址和网络参数，轻易的使用外部和内部网络资源从而导致信息的泄密；也可以是流氓DHCP服务器应答合法的客户端，当客户端申请IP地址和网络参数时，它故意提供错误的配置信息，流氓服务器可以在地址池，排除域，保留地址，子网掩码，DNS服务器地址，默认网关地址等错误的配置。DHCP技术在防御网络攻击能力方面真的非常薄弱，因此研究安全技术变得十分迫切。

关键词：DHCP；安全；研究；IP地址

Research and implementation of DHCP attack prevention technology in two layer LAN

Abstract

With the development of world science and technology, computer has become popular. The company is entering the era of paperless office. Along with the increasing of the computer.People"s work, study and life are more and more closely linked with the network, and set up a number of different networks, such as enterprise network, campus network and urban network, and so on.But,the IP distribution is too complicated to become the most prominent problem. How can it be effortless, to each host is assigned to a unique IP address? Here we talked about the problem, can use the DHCP server to resolve. Because of the DHCP technology of artificial quantity management network to reduce a lot, a large network can be built up in a shorter period of time, such as modifying the configuration workload is less. But for the client and server, DHCP itself is not right The control mechanism, a malicious user can easily get IP access to the internal or external network, there are security risks.DHCP great defense does not have any malicious host in the design of function, so DHCP is very vulnerable to various threats.DHCP server threats can be an illegal client masquerading as a legitimate client application the network parameters and IP address easily using external and internal cyber source resulting in information disclosure; can also be a rogue DHCP server response legitimate client, when the client application IP address and network parameters, it deliberately provides configuration information error That rogue server can exclude the domain address pool, reserved address, subnet mask, DNS server address, configuration.DHCP default gateway address error in network attack defense ability is really very weak, so the study of security technology has become very urgent.

Key words: DHCP; security; research; IP address

目录

第一章 引 言 1

1.1 课题背景 1

1.2 课题意义 1

1.2.1 研究DHCP技术的重要性 1

1.2.2 讨论DHCP安全的重要性 2

1.2.3 二层网络中的攻击 2

1.3 论文研究安排 2

第二章 DHCP协议基础 3

2.1 DHCP协议简介 3

2.1.1 DHCP的概念 3

2.1.2 DHCP的作用 3

2.1.3 DHCP的功能 3

2.1.4 DHCP的分配方式 3

2.2 DHCP报文 4

2.2.1 DHCP的报文种类 4

2.2.2 DHCP的报文格式 5

2.3 DHCP的工作流程 6

第三章 DHCP中存在的安全隐患 9

3.1 DHCP的缺陷 9

3.2 DHCP的安全问题 9

第四章 解决DHCP的安全问题 10

4.1 消除DHCP安全问题的技术 10

4.2 减少DHCP威胁的方法 10

4.3 DHCP的攻击 10

4.4 DHCP的防御 11

4.5 总结 12

致 谢 13

参考文献 14

附录 15

剩余内容已隐藏，请支付后下载全文，论文总字数：15870字