Biblio

Dynamic Host Control Protocol (DHCP) is a protocol which provides IP addresses and network configuration parameters to the hosts present in the network. This protocol is deployed in small, medium, and large size organizations which removes the burden from network administrator to manually assign network parameters to every host in the network for establishing communication. Every vendor who plans to incorporate DHCP service in its device follows the working flow defined in Request for Comments (RFC). DHCP Starvation and DHCP Flooding attack are Denial of Service (DoS) attacks to prevents provision of IP addresses by DHCP. Port Security and DHCP snooping are built-in security features which prevents these DoS attacks. However, novel techniques have been devised to bypass these security features which uses ARP and ICMP protocol to perform the attack. The purpose of this research is to analyze implementation of DHCP in multiple devices to verify the involvement of both ARP and ICMP in the address acquisition process of DHCP as per RFC and to validate the results of prior research which assumes ARP or ICMP are used by default in all of devices.

With the advancement of network technology, more electronic devices have begun to connect to the Internet. The era of IoE (Internet of Everything) is coming. However, the number of serious incidents of cyberattacks on important facilities has gradually increased at the same time. Security becomes an important issue when setting up plenty of network devices in an environment. Thus, we propose an innovative mechanism of the Moving Target Defense (MTD) to solve the problems happening to other MTD mechanisms in the past. This method applies Dynamic Host Configuration Protocol (DHCP) to dynamically change the IPv4 address of information equipment in the medical environment. In other words, each of the nodes performs IP-Hopping and effectively avoids malicious attacks. Communication between devices relies on DNS lookup. The mechanism avoids problems such as time synchronization and IP conflict. Also, it greatly reduces the costs of large-scale deployment. All of these problems are encountered by other MTD mechanisms in the past. Not only can the mechanism be applied to the medical and information equipment, it can also be applied to various devices connected to the Internet, including Industrial Control System (ICS). The mechanism is implemented in existing technologies and prevents other problems, which makes it easy to build a system.

Current State of the art technologies for detecting and neutralizing rogue DHCP servers are tediously complex and prone to error. Network operators can spend hours (even days) before realizing that a rogue server is affecting their network. Additionally, once network operators suspect that a rogue server is active on their network, even more hours can be spent finding the server's MAC address and preventing it from affecting other clients. Not only are such methods slow to eliminate rogue servers, they are also likely to affect other clients as network operators shutdown services while attempting to locate the server. In this paper, we present Network Flow Guard (NFG), a simple security application that utilizes the software defined networking (SDN) paradigm of programmable networks to detect and disable rogue servers before they are able to affect network clients. Consequently, the key contributions of NFG are its modular approach and its automated detection/prevention of rogue DHCP servers, which is accomplished with little impact to network architecture, protocols, and network operators.