Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Method for Detecting Unauthorized PXE Servers on an Enterprise Network

IP.com Disclosure Number: IPCOM000015879D
Original Publication Date: 2002-May-08
Included in the Prior Art Database: 2003-Jun-21
Document File: 1 page(s) / 45K

Publishing Venue

IBM

Abstract

Disclosed is a method for detecting unauthorized PXE servers on a network. PXE is inherently insecure. It is very easy to install a rogue PXE server on a network (could be a client system or notebook). BIS attempts to reduce this risk, but there are very few systems today which are BIS enabled. If the IT organization wants to prohibit PXE from managing a client system, all that is needed is for the adapter or system BIOS to be PXE disabled. However in organizations which do implement PXE based management servers, this is not acceptable. Using a network monitor (for example at the valid PXE server) is not a reliable way to detect a rogue PXE server either, since in a switched network environment the PXE server responses are typically unicast to the PXE client and therefore not visible across the entire network. However, PXE servers follow a known protocol. Therefore it is possible to create a management application which searches for PXE servers that are not at an authorized IP address. This application could forward an alert to an Administrator (via SNMP or some other management protocol) or actually disable the rogue server's network port (ie: shut off the switch port). The basic overview of the design follows: Send out PXE requests on a predefined periodic basis. Note that the application can broadcast the PXE DHCPDISCOVER message under the OS Listen for responses from all PXE servers. Determine if each response matches a server in the Authorized PXE Server IP Address List If the response is from an authorized IP address, ignore the response If the response is not from an authorized IP address, then either forward alert to an Admin (or console) and/or shutdown the rogue network port

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 60% of the total text.

Page 1 of 1

Method for Detecting Unauthorized PXE Servers on an Enterprise Network

Disclosed is a method for detecting unauthorized PXE servers on a network. PXE is inherently insecure. It is very easy to install a rogue PXE server on a network (could be a client system or notebook). BIS attempts to reduce this risk, but there are very few systems today which are BIS enabled. If the IT organization wants to prohibit PXE from managing a client system, all that is needed is for the adapter or system BIOS to be PXE disabled. However in organizations which do implement PXE based management servers, this is not acceptable.

Using a network monitor (for example at the valid PXE server) is not a reliable way to detect a rogue PXE server either, since in a switched network environment the PXE server responses are typically unicast to the PXE client and therefore not visible across the entire network. However, PXE servers follow a known protocol. Therefore it is possible to create a management application which searches for PXE servers that are not at an authorized IP address. This application could forward an alert to an Administrator (via SNMP or some other management protocol) or actually disable the rogue server's network port (ie: shut off the switch port).

The basic overview of the design follows:

Send out PXE requests on a predefined periodic basis. Note that the application can broadcast the PXE DHCPDISCOVER message under the OS Listen for responses from all PXE servers. Deter...