1. Technical Field
The present invention relates to computer networks, and in particular to a method and system in an Internet Protocol (IP) network for detecting and neutralizing one or a plurality of unauthorized Dynamic Host Configuration Protocol (DHCP) servers.
2. Description of the Related Art
Internet
The Internet is a global network of computers and computers networks (the “Net”). The Internet connects computers that use a variety of different operating systems of languages, including UNIX, DOS, Windows, Macintosh, and others. To facilitate and allow the communication among these various systems and languages, the Internet uses a language referred to as TCP/IP (“Transmission Control Protocol/Internet Protocol”). TCP/IP protocol supports three basic applications on the Internet.
(1) transmitting and receiving electronic mail,
(2) logging into remote computers (the “Telnet”), and
(3) transferring files and programs from one computer to another (“FTP” or “File Transfer Protocol”).
IP Addresses
Routers are utilized to interconnect two networks by forwarding packets from one network to the other. The term “IP router” is also used because the routing function is part of the IP network layer of the TCP/IP protocol.
IP addresses are utilized by the IP protocol to uniquely identify a host on the Internet. Strictly speaking, an IP address identifies an interface that is capable of sending and receiving IP datagrams, and one system can have more than one of such interfaces. However, both hosts and routers must have at least one IP address, so this simplified definition is acceptable. IP datagrams (data packets exchanged between hosts) are transmitted by a physical network attached to the host, wherein each IP datagram contains a source IP address and a destination IP address.
IP addresses are represented by a 32-bit unsigned binary value which is usually expressed in a dotted decimal format. For example, 9.167.5.8 is a valid Internet address. This numeric form is utilized by the IP software. The mapping between the IP address and an easier-to-read symbolic name, for example myhost.ibm.com, is performed by a Domain Name System (DNS).
IP Subnets
Due to the explosive growth of the Internet, assigning IP addresses is not flexible enough to allow efficiently facilitate changes in local network configurations. Such changes might occur when a new type of physical network is installed at a location. A growing number of hosts within a local network may also precipitate such configuration changes by requiring that the local network split into two or more separate networks. In addition, growing intranetwork distances require to divide a network into smaller networks separated by gateways.
The concept of subnets has been introduced to avoid the need to request additional IP network addresses in these cases. Subnets can be assigned locally, since the original single network still appears as one IP network with respect to the larger IP internetwork context. To designate a subnet, the host number within an IP address header is subdivided into a network number and a host number. This second network is termed “subnetwork” or “subnet”. The original network now includes multiple subnets, and an IP address associated therewith is interpreted as: