With the increasing complication of the network, most client terminals access the network by dynamically allocating IP addresses via a DHCP (dynamic host configuration protocol). The DHCP includes a DHCP server and a client terminal. When the DHCP server and the client terminal are not in the same network segment, a DHCP relay device (such as a switch or a router) may be deployed to relay a DHCP request of the client terminal, transmit the DHCP request of the client terminal to the DHCP server, and transmit the reply of the DHCP server to the client terminal. The use of the DHCP relay device may manage IP addresses more centrally and effectively.
However, the DHCP adopts a simple trust mode, namely any client terminal transmitting an IP address application request is defaulted to be secure, with the result that the DHCP server is highly subject to attacks. For example, an attacker controls a client terminal to spoof a large number of MAC addresses and transmit a large number of IP address application request packets, with the result that the IP addresses in the address pool of the DHCP server are quickly exhausted. When a normal client terminal requests for allocating an IP address, the DHCP server would have no allocable IP address, so the IP address application request of the normal client terminal would be denied, thus the normal client terminal cannot acquire an IP address and cannot access the network.