A New Dynamic-Auto-Static Technique for DHCPv4 IP Address ...

Proceedings of 2009 IEEE International Conference on Antennas, Propagation and Systems (INAS 2009), 3-5 Dec. 2009, Johor, Malaysia

A NEW DYNAMIC-AUTO-STATIC TECHNIQUE FOR DHCPv4 IP ADDRESS ALLOCATION Tat-Chee Wan1, Ahmed M. Manasrah2, Omar Abouabdalla2, 2

2

2

2

Imad J. Mohamad , Anas F. Bayan , Hussein A. Al bazar , Adnan A. Hanif School of Computer Sciences, Universiti Sains Malaysia, 11800 USM, Penang, Malaysia 2 National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia, 11800 USM, Penang, Malaysia [email protected], {ahmad, omar, imad, anas, hussein, adnan}@nav6.org 1

Abstract— One feature of Dynamic Host Configuration Protocol (DHCP) servers is the ability to assign static (fixed) IP Addresses for well-known clients in the Local Area Network (LAN) based on their Medium Access Control (MAC) addresses. This typically involves manual intervention by the network administrator to enter the correct MAC address and IP address information into the DHCP server configuration file, and to restart the DHCP server to apply the changes. Obviously this process tends to be time consuming and error prone, due to mistyping the MAC address or assigning duplicate IP addresses to multiple clients. This paper describes an automated technique called the Dynamic-Auto-Static (DAS) technique to automate the static (fixed) IP assignment process and minimize manual intervention by network administrators. The proposed technique automatically white-lists dynamically assigned IP addresses allocated to new clients joining the LAN for conversion into static or fixed IP address assignments after the client has exceeded a network administrator specified threshold for DHCP lease renewals. The network administrator can review the whitelist to make changes where necessary. The DAS technique comprises the following tasks: (1) Analysis of all MAC addresses and associated IP addresses within the DHCP leases file, (2) Update of the DHCP server configuration file with new whitelisted static IP address assignments, and (3) Restart of the DHCP service to implement the new IP address assignment policy. These tasks were automated using the Linux cron facility. Keywords: DHCP-v4, Automated Static IP address assignment

I.

INTRODUCTION

The task of Intranet management includes network configuration of hosts and servers, and the allocation of fixed (static) IP addresses to well-known users to simplify network troubleshooting and user traceability. Since an Intranet may involve hundreds or thousands of users, manual configuration of host IP parameters easily lead to errors, and worse, duplicated IP address assignments cause users and administrators grief as they try to track down conflicting systems. Dynamic Intranets such as university networks experience regular changes in the composition of network users and computing equipment (typically notebook PCs) as new students enroll and graduate. Consequently, Dynamic Host Configuration Protocol (DHCP) [1],[2], an extension to the BOOTP protocol [3], is an essential mechanism for automated dynamic resource allocation and configuration for such environments [4].

Figure 1. Simplified DHCP Client-Server communication model

DHCP provides configuration parameters to hosts attempting to access the Intranet and Internet, consisting of two components: a protocol for delivering host-specific configuration parameters from the DHCP server to a host and a mechanism for the allocation of hosts network addresses [1]. DHCP is built on a client-server model, where designated DHCP servers allocate network addresses and distribute configuration parameters to dynamically configured hosts. This protocol reduces system administration workload, allowing devices to be added to the network with little or no manual interference [1]. A simplified DHCP Client-Server communication model in a Local Area Network (LAN) is illustrated in Figure 1. When a DHCP-enabled client connects to a network, the DHCP client broadcasts a DHCP Request to obtain necessary configuration information from the DHCP server. On receiving a valid request, the server assigns the computer an IP address, a lease (length of time the allocation is valid), and other IP configuration parameters, such as the subnet mask, default gateway, Domain Name Server (DNS) addresses and other network specific service information. Typically DHCP servers assign a dynamically generated IP address from an administrator specified IP address pool to clients on a first-come-first serve basis via Dynamic Address Allocation for a certain duration termed a DHCP lease (See RFC 2131 [1] and RFC 2132 [2]). When clients release these dynamically assigned IP addresses or when the DHCP lease expires, the addresses can be reclaimed and reallocated to service new DHCP requests. On the other hand, static IP

978-1-4244-5373-3/09/$26.00 ©2009 IEEE 83-1

addresses are desirable for maintaining a stable and dependable network environment, especially for network troubleshooting and user tracking [7]. Automatic Address Allocation specified in [1] provides a way to assign permanent addresses to clients automatically via DHCP, but does not provide any mechanism for updating and removal of obsolete assignments. This eventually leads to address exhaustion in a dynamic Intranet environment and is therefore not recommended for use. In addition, when manually configured clients with static IP addresses connect into a DHCP enabled network, conflicts inadvertently occur if duplicate IP addresses were encountered since the DHCP server is not aware of the manually configured clients. Fortunately, most DHCP servers cater for the assignment of fixed (static) IP addresses to well-known hosts by matching the client’s Medium Access Control (MAC) address within its database to find a matching static IP address assignment via Manual Address Allocation. However, the data required for static IP addresses the DHCP database had to be entered manually by the network administrator, leading to increased workload and a high probability of error due to the lengthy MAC address information and potential for IP address conflict due to mistyped or overlooked information. Therefore, this paper proposes a Dynamic Auto-Static technique (DAS) for fixed IP address allocation via DHCP, to convert dynamically allocated IP addresses to new clients into fixed (static) IP addresses automatically, after the new client has been present in the network for a certain duration based on the number of DHCP lease renewals. This is essential in dynamic network environments such as university campuses where many visitors as well as new students make use of the network facilities. Visitors would be allocated dynamic IP addresses only, while new students would eventually be allocated fixed IP addresses automatically after they have been using the campus network for a given duration. Statistics can be kept for clients such that clients who do not connect to the network for a long period of time will eventually be flagged for removal from the static address allocation database. This reduces system administration workload, while avoiding misconfiguration and IP address conflict issues. The DAS technique was implemented using a Linux DHCP server environment and verified via actual usage in the NAV6 subnet within the university’s campus network. The rest of the paper is organized as follows: Section II briefly describes some of the DHCP related work, Section III gives the overview of the DAS technique design while Implementation and Configuration Requirements are detailed in Section IV. The conclusion and future work is given in section V. II.

RELATED WORK

A way to monitor unused IP addresses for use by honeypot devices (devices that expose fake server services for network security monitoring) was proposed in [5] by exploiting the characteristics of network segments managed by DHCP. The network composition of segments managed by DHCP is usually dynamic, with hosts using a particular IP address being connected for a limited amount of time. This behavior makes the monitoring of such segments challenging, but the

problem could be overcome by accessing state information maintained by DHCP servers. The DHCP server state information was utilized in [5] to assign unused IP addresses momentarily to honeypot devices dynamically to monitor associated incoming network probe traffic (darknet traffic). The effect of increasing lease times on DHCP traffic, lease expiration, and address space utilization was investigated in [6]: the study of DHCP usage patterns on a campus-wide network with a peak usage of more than 2,500 users and 1,000 access points concluded that dynamic lease time adjustment strategies can significantly reduce the amount of DHCP traffic and premature client session expirations without prohibitively increasing peak address space utilization. A method to detect abnormal host behavior for DHCPv4 and DHCPv6 was proposed in [7] to trace abnormalities in the client’s IP or MAC addresses by comparing the contents of the ARP table and DHCP binding table. Based on differences between these two tables, abnormal or illegal traffic was detected and this information was transmitted to relevant routers or switching devices via the DHCP server to block illegal users from accessing network resources. Since DHCP itself does not have an access control, illegitimate users inside a network segment can easily abuse inside or outside the network. Therefore, user authentication and access control for DHCP was proposed in [8], where security was enforced using a user authentication and access control scheme based on the MAC address of the client. The MAC address of the computer must be registered with the DHCP server before accessing the network. When an IP address is requested, the server authenticates the request based on the machine’s MAC address as well as authenticates the user using an identifier (ID) and matching password to prevent illegitimate use of IP addresses from unregistered computers. The approaches proposed and used by the cited papers are: (1) monitoring of unused IP addresses, (2) implementing dynamic lease times for DHCP to reduce management overheads and network control traffic, (3) blocking of specific IP addresses used by client with abnormal traffic behavior, and (4) authenticating clients to control the access of network. This paper focuses on approaches (2) and (3), by proposing enhancements to the DHCP server to blacklist unauthorized users, increase the automation of fixed IP address assignment to well-known users, as well as prevention of IP address conflicts by monitoring the DHCP leases to periodically update the configuration files automatically.

III.

DYNAMIC-AUTO-STATIC (DAS) DESIGN

The proposed Dynamic-Auto-Static (DAS) technique is illustrated in Figure 2. The steps in the processing flow are identified via yellow numbered circles and explained in this section.

978-1-4244-5373-3/09/$26.00 ©2009 IEEE 83-2

lease release and renewals and saved into a Unique IP & MAC Table. 5) Difference List Generator: The difference between the Existing IP & MAC Table and the entries in the Unique IP & MAC Table is determined, and the list of newly detected MAC entries are placed in a DAS candidate IP & MAC list for further processing. Optional review of the candidate list by the network administrator may also be implemented. 6) Generate new host number: A standardized host naming convention is adopted for all clients, where the next available number is determined to name hosts according to the following format: pc0123 7) For each candidate host: Each candidate host in the list will be processed in turn. 8) MAC Whitelist and Blacklist Verification: Only MAC addresses in the MAC Address Whitelist will be added to the DHCPD.conf file as static (fixed) address entries. The MAC Address Whitelist and Blacklist are maintained by a real time network monitoring subsystem to identify regular users suitable for conversion from Dynamic Address allocation to static (fixed) Address allocation based on the usage pattern, as well as detect abnormal traffic patterns. The pseudocode is given in Figure 3. 9) Add Whitelisted MAC & IP to DHCPD.conf: Only Whitelisted MAC entries will be appended to the DHCPD.conf according to the format in Figure 4. In addition, the entry will also be added to the Existing IP & MAC Table. If a static address entry exists in DHCPD.conf but not in the MAC Whitelist, then it would be flagged for removal by the network administrator. 10) Increment Host Number: The next available host number is then determined for use for processing the new candidate host.

Start

1

MAC Authentication during DHCP Unauthorized Request Request User Accepted (in Blacklist)

Reject DHCP Request

2

DHCPD.leases

Leases Tokenizer ( retrieve only IP & MAC) “Update usage counter” 3 MAC Address Normalizer 4

5

Difference List Generator & Optional Review

Retrieve

Updating

Next host number

Retrieve existing IP & MAC

Generate new host number

7 For each candidate host Whitelist Of MAC addresses Blacklist of MAC addresses

Authorized User (Including first time access)

can access the network (Dynamic IP DHCP)

Redundancy Filter for IP & MAC

6 Real Time Monitoring SubSystem

Activated Periodicaly via cron

IP&MAC

Save

Unique IP & MAC Table

Yes

No

Timer

Exit

MAC in DHCPD.conf

Existing IP & MAC Table

8 MAC Whitelist and Blacklist Verification

Searching

Convert to Static IP Config

9

DHCPD .conf

Add whitelisted MAC & IP to DHCPD.conf “Flag obsolete Static IP entries”

IP & MAC

10

Increment host number

Assign static IP

can access the network (Static IP DHCP)

Figure 2. Dynamic-Auto-Static (DAS) Technique Flowchart

1) MAC Authentication during DHCP Request: If the client’s MAC address is in the Blacklist, then the DHCP request will be rejected using firewall filtering rules on the DHCP server. Otherwise the request will be accepted and processed by the DHCPD daemon. The client will be assigned either a fixed (static) IP address if the client has an entry in the DHCPD.conf file, or else a Dynamic IP address for first time users or visitors. 2) Leases Tokenizer: The Leases Tokenizer is executed periodically using the Linux cron facility to filter DHCPD.leases data, to retrieve active IP and MAC addresses for storage in a table. The Usage_counter for a given MAC address will also be updated. 3) Mac Address Normalizer: The MAC Address Normalizer is then used to convert extracted MAC addresses to a common uppercase hexadecimal format that is required by DHCPD.config. 4) Redundancy Filter for IP & MAC: Redundancy filtering is necessary to eliminate multiple IP address assignments that were given to a single client due to multiple

For each identified MAC/IP // White/Black list MACs updated by real time // monitoring subsystem according to usage patterns IF MAC is not in Blacklist IF Usage_counter >= Minimum_usage_threshold Then Add MAC to Whitelist ElseIF MAC is in Whitelist && No_activity_threshold exceeded Remove MAC from Whitelist EndIF EndIF IF MAC has abnormal usage or unusual activity Remove MAC from Whitelist (if present) Add MAC to Blacklist EndIF Figure 3. Real Time Monitoring Subsystem Pseudocode

A sample DHCP configuration file is given in Figure 5. It includes the declaration of hosts, subnets range, netmask, domain name and other parameters which are necessary for specifying network services for the DHCP clients. In addition, the file also specifies the binding of static IP to individual hosts.

978-1-4244-5373-3/09/$26.00 ©2009 IEEE 83-3

TABLE I.

host pc01 { hardware ethernet 00:13:72:75:86:8C; fixed-address 10.107.160.201; }

DHCPv4

IP Address Conflicts due to Duplicate entries, or misconfiguration due to operator error Removal of obsolete Static IP entries require manual intervention by network administrator Circular buffer used by DHCPD.leases file lead to loss of Dynamic IP Address assignment history

V.

IMPLEMENTATION AND TESTING

The DAS Technique was implemented using C++ for a Linux server environment running the DHCPD daemon. The processing is invoked periodically via cron. The implementation took less than one second to process 280 entries using a Pentium IV server with 2.8 GHz and 1G RAM, while involves processing the DHCPD.leases entries, filtering redundant entries, as well as deciding whether to add the new MAC address entries to the DHCPD.conf file.

Automatic tracking of IP address usage patterns, obsolete Static IP entries may be purged after the no_activity_threshold is exceeded Better tracking of Dynamic IP Address assignment history due to use of Leases Tokenizer to update Usage_counter

CONCLUSION AND FUTURE WORK

REFERENCES [1]

[3] [4]

IV.

Static IP Addresses are added automatically based on Whitelist No conflicts because DHCPD.conf entries are added dynamically

The proposed DAS technique was implemented and tested in LAN with around 250 users. Each new user of the network will be assigned a dynamic IP address by the DHCP server, while regular network users will be allocated a static IP address automatically using the DAS technique, and stored in the DHCP configuration file for future static IP address assignment. Future work includes the fine tuning of the realtime monitoring algorithm as well as the adaptation and extension of the DAS technique for DHCPv6 usage.

[2] Figure 5. Sample of DHCP configuration file

DAS

Manual configuration of Static IP Addresses

Figure 4. DHCPD.conf static (fixed) IP Address Entry

#DHCP Server Configuration file. #configuration starts for 10.107.160.0/24 network #range from 10.107.160.200 - 10.107.160.255 will #reserved for fixed IP. #range from 10.107.161.1 - 10.107.160.254 will reserved for dynamic #allocation. subnet 10.107.160.0 netmask 255.255.254.0 { range 10.107.161.1 10.107.161.254; option subnet-mask 255.255.254.0; option broadcast-address 10.107.161.255; option domain-name "xxx.usm.my;" option domain-name-servers 102.188.1.5, 102.188.0.136; option routers 10.107.160.1; default-lease-time 604800; max-lease-time 604800; } #Binding IP to individual hosts so that they get fixed IP host pc01 { option host-name "Joun;" hardware ethernet 00:50:8D:D3:46:D9; fixed-address 10.107.160.200; } host pc02 { option host-name "LoongJu;" hardware ethernet 00:C0:4C:A0:13:F9; fixed-address 10.107.160.201; } host pc03 { option host-name "Lim;" hardware ethernet 00:C0:4C:A0:13:8A; fixed-address 10.107.160.202; }

COMPARISION BETWEEN DHCPV4 AND DAS

[5]

[6]

[7]

[8]

The advantages of the DAS technique compared with standard DHCPv4 is highlighted in TABLE I.

978-1-4244-5373-3/09/$26.00 ©2009 IEEE 83-4

R. Droms, “Dynamic Host Configuration Protocol,” RFC 2131, IETF, March 1997. S. Alexander and R. Droms, “DHCP Options and BOOTP Vendor Extensions,” RFC 2132, IETF, March 1997. W. Wimer, “Clarifications and Extensions for the BootstrapProtocol,” RFC 1542, IETF, October 1993. Jenq-Haur Wang and Tzao-Lin Lee, “Enhanced Intranet Management in a DHCP-enabled Environment,” IEEE COMPSA’02, 2002. Seiichiro Mizoguchi, Yoshiaki Hori, and Kouichi Sakurai, “Monitoring Unused IP Addresses on Segments Managed by DHCP,” computer society, Fourth International Conference on Networked Computing and Advanced Information Management, 2008 IEEE. Manas Khadilkar, Nick Feamster, Matt Sanders, and Russ Clark, “Usage-Based DHCP Lease Time Optimization,” IMC’07, October 2426, 2007, San Diego, California, USA. Jiang-Whai Dai and Ling-Feng Chiang, “A new method to detect abnormal IP address on DHCP,” Proceedings of TENCON 2007 - 2007 IEEE Region 10 Conference. Komori, T. and Saito, T., “The secure DHCP system with user authentication,” Proceedings of 27th Annual IEEE Conference on Local Computer Networks (LCN), 2002.