Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

The Method for preventing unauthorized network access by occupying idle IP addresses

IP.com Disclosure Number: IPCOM000015961D
Original Publication Date: 2002-Nov-01
Included in the Prior Art Database: 2003-Jun-21
Document File: 4 page(s) / 92K

Publishing Venue

IBM

Abstract

Idea of disclosure 1. Describe your invention, stating problem solved (if appropriate), and indicating the advantages of using the invention. The Resouce X manages idle IP addresses in a IP sub network. Resource X registers all IP adresses which are not assigned by DHCP servers or network administrator, to its Network interfaces. This prevents to access by unauthorized users, because all IP addresses are occupied. User should register his MAC address of NetWork Interface Card(NIC) on List of acceptable MAC addresses using IP addresses, before user begins to use new IP address. Resource X release one IP address and assign it to user. If user has non-registered MAC address, user cannot use IP address, because there is no idle IP address in a sub network. It prevents to use network resources by unauthorized users. Administrator does not care idle IP addresses in general. Router can block to access over sub network by its configuration, but router cannot block to access in its sub network. Any user can set idle IP address to his NIC manually, can easily use network resources in its sub network. It is easy to crack network resources. It is needed to countermeasure against unauthorized access.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 39% of the total text.

Page 1 of 4

  The Method for preventing unauthorized network access by occupying idle IP addresses

Idea of disclosure
1. Describe your invention, stating problem solved (if appropriate), and indicating the advantages of using the invention.

The Resouce X manages idle IP addresses in a IP sub network. Resource X registers all IP adresses which are not assigned by DHCP servers or network administrator, to its Network interfaces. This prevents to access by unauthorized users, because all IP addresses are occupied. User should register his MAC address of NetWork Interface Card(NIC) on List of acceptable MAC addresses using IP addresses, before user begins to use new IP address. Resource X release one IP address and assign it to user. If user has non-registered MAC address, user cannot use IP address, because there is no idle IP address in a sub network. It prevents to use network resources by unauthorized users.

Administrator does not care idle IP addresses in general. Router can block to access over sub network by its configuration, but router cannot block to access in its sub network. Any user can set idle IP address to his NIC manually, can easily use network resources in its sub network. It is easy to crack network resources. It is needed to countermeasure against unauthorized access.

This invention solves to create a status that all IP addresses are in use, which were idle temporary or everlastingly. It assigns IP address not in use to a special Resource X. No idle IP address exists in a sub network.

Usefull pointes:
1. Fair accounting - unauthorized use is prevented.
2. In Apartments ;
1. Prevents to access by unauthorized users which uses idle IP addresses.
2. Prevents to scan address and port to check absence or not.
3. Can detect an indiscriminate attack in a sub network. Switching device is used for network connection generally, so that special device is needed to monitor communication between 2 users. Using this method, unauthorized access is detected easily, by establishment of reserved address / size of address space.

2. How does the invention solve the problem or achieve an advantage, (a description of "the invention", including figures inline as appropriate)?

Methods: Configuration of invetion
i. Basic configuration Figure 1 is Class C sub network, 192.168.0.0/24, which constitutes a part of intranet.

1

Page 2 of 4

DHCPリレー エージェント

ワークグルー

プサーバー

IP Sub Network(Class C:192.168.0/24)

リソース R2

リソース R3

192.168.0.101 192.168.0.102

リソー

スR1

リソー

スR4

ルーターR

IP address space
192.168.0.1 - 192.168.0.254 (254)

Fixed Address space
192.168.0.1 - 192.168.0.100 DHCP Address space
192.168.0.101 - 192.168.0.254

ルールーター

192.168.0.1

192.168.0.2

192.168.0.3

Enterprise service

 DNS Service

Server S2

 DHCP Relay Agent (RA)

ResourceIP NetworkR2

Resource R1

Resource R3

Router R

List of registered M AC addresses

192.168.0.2

192.168.0.101 192.168.0.102

Resource R4

Work Group Serve...