Changeoption82

2009InfosysTechnologiesLimitedSANOGXIV2009InfosysTechnologiesLimitedSANOGXIVTacklingSpoofingAttacksinBroadbandAccessNetworksBharatJoshi(bharat_joshi@infosys.
com)PavanKurapati(pavan_kurapati@infosys.
com)RamakrishnaRaoDTV(ramakrishnadtv@infosys.
com)2009InfosysTechnologiesLimitedSANOGXIVAgendaSpoofing–What,WhyandHowTypesofuserconnectionsinBroadbandAccessConcentratorsTypesofspoofingHowtocollectdatatodoAnti-spoofinginAccessNetworkAnti-spoofingHowtorecoveranti-spoofingdataafterBACcrash/reboot2009InfosysTechnologiesLimitedSANOGXIVWhatisSpoofiingSpoofingisaprocesswherebyoneentitymasqueradesasanotherentityWhyisspoofingdoneSpoofingAbyBisdoneforvariouspurposesBseekstheprivilegesofABintendstohideitstracksAsanattackonAHowisspoofingdoneWeshallseeincomingslides2009InfosysTechnologiesLimitedSANOGXIVTheultimategoalofspoofingUnauthorizedServiceGetserviceonsomeoneelse'sexpenseLossofServiceonTargetMakesurethatthetargetdoesnotgetanyserviceDifficulttotracetheattackerMakesurethatpeoplecannotfindwhoattackedthem.
UnnecessarypacketscloggingthenetworkMakesurethatnobodygetsagoodservice.
SecondaryvictimPrimarytargetrespondstospoofpacketandoverwhelmthesourcewhichbecomessecondaryvictim.
2009InfosysTechnologiesLimitedSANOGXIVTypesofuserconnectionsforanIPbasedDSLAMBridgedIPRoutingRFC2684basedbridgedencapsulationbetweenEndUserandDSLAMDSLAMinroutingmodewithroutedVLANsconfiguredonuplinki/fDynamicIPallocationusingDHCPPPPoE/APPPterminationinDSLAMIPallocationfromlocalpoolDSLAMinroutingmodewithroutedVLANsconfiguredonuplinki/fIPoARFC2684basedroutedencapsulationbetweenEndUserandDSLAMDSLAMinroutingmodewithroutedVLANsconfiguredonuplinki/fDynamicIPallocationusingDHCPL3DSLAMxDSLHomeHubxDSLHomeHubMPLSCloudPEPRouterPRouterBRASL3n/wDataCenterL3DSLAMInternetservices2009InfosysTechnologiesLimitedSANOGXIV6DSLAML3AxDSLHomeHubL3n/wDHCP2UnicastDISCOVER+Option82populatedwithRemote-ID/Circuit-ID1BroadcastDHCPDISCOVERUnicastDHCPOFFERwithoption82echoed3SendDHCPOFFERtothehostafterremovingoption8246UnicastREQUEST+Option82populatedwithRemote-ID/Circuit-ID5BroadcastDHCPREQUESTUnicastDHCPACKtotheclientwithoption827SendDHCPACKtothehostafterremovingoption828AddressallocationmechanismsforIPDSLAM–DHCP2009InfosysTechnologiesLimitedSANOGXIVTypesofuserconnectionsforaLayer2DSLAM1:1VLANsMapeveryuserconnectiontooneunique802.
1qbasedVLANNoneedofanyMAClearningofindividualhostsDownstreamtrafficmappingdonebasedonVLANsQinQorStackedVLANsAnouterServiceVLANidentifyingaspecificserviceisaddedDownstreammappingdonebasedoncombinationofCVLANandSVLANN:1TransparentBridgedVLANsMultipleusersmappedtoacommonVLANDownstreammappingdonebasedonVLANandDstMACcombinationMAClearningisrequiredforoperationL2DSLAMxDSLHomeHubxDSLHomeHubMPLSCloudPEPRouterPRouterBRASAccessAggregationDataCenterL2DSLAMInternetservices2009InfosysTechnologiesLimitedSANOGXIV8DSLAML2RAxDSLHomeHubBRASL3RAMetroDHCP2BroadcastDISCOVER+Option82populatedwithRemote-ID/Circuit-ID1BroadcastDHCPDISCOVER3UnicastDISCOVERwith'giaddr'populatedUnicastDHCPOFFERwithoption82echoed45BroadcastDHCPOFFERwithoption82andwithout'giaddr'SendDHCPOFFERtothehostafterremovingoption8268BroadcastREQUEST+Option82populatedwithRemote-ID/Circuit-ID7BroadcastDHCPREQUEST9UnicastREQUESTwith'giaddr'populatedUnicastDHCPACKtotheclientwithoption8210SendDHCPACKtothehostafterremovingoption8211AddressallocationmechanismsforL2DSLAM–DHCP2009InfosysTechnologiesLimitedSANOGXIV9DSLAML2RAxDSLHomeHubBRASL3RAMetroDHCPRADIUSPortEnabled1EAPOLStart2IdentityRequest3IdentityResponse4IdentityDetails5EAPMD5Challenge6MD5ChallengeResponse7AuthSuccess8AuthSuccess9DHCPAuthentication&AddressallocationmechanismsforL2DSLAM–DHCP+802.
1x2009InfosysTechnologiesLimitedSANOGXIV10DSLAMxDSLHomeHubBRASMetroRADIUS2PADI+IntermediateAgentpopulatedwithRemote-ID/Circuit-ID1PADIPADO+IntermediateAgentechoed35PADR6PADR+IntermediateAgentpopulatedwithRemote-ID/Circuit-IDPADS+IntermediateAgentechoed79PPPNegotiationsAuthentication&AddressallocationmechanismsforL2DSLAM-PPPoEPADOafterremovingagentinformationoption4PADSafterremovingagentinformationoption82009InfosysTechnologiesLimitedSANOGXIVTypeofSpoofingMACSpoofingIPSpoofingARPSpoofingControlprotocolinternalheaderspoofingPPPoEsession-idspoofingDHCPchaddr,ciaddr,relay-agent-informationoptionspoofing2009InfosysTechnologiesLimitedSANOGXIV12DSLAMAttackerChangeSrcMACaddressandfloodtrafficSimulates1000sofMACaddressatfasterratexDSLMACTablemaximumlimitreachedLegitimatetrafficdroppedduetoMACtableexhaustionChangingSourceMACaddresstoanillegitimateaddressAttackerxDSLMACI/FB2A2FloodtrafficwithbothMACAandMACBMACBLegitimatetrafficblockedMACAMACspoofing2009InfosysTechnologiesLimitedSANOGXIVIPspoofingChangingSourceIPaddresstoanillegitimateaddressAttackerxDSLIPBDoSattackonIPAIPASendtrafficwithIPAandMACBRepliesfloodedtoIPA12PingofDeathServiceProvider'sNetwork2009InfosysTechnologiesLimitedSANOGXIVARPspoofingRespond/sendARPResponsewithillegitimateIPaddressABCDARP:WhoisIPB1ARPReply:IamIPB:MACA2IPMACAABATrafficflowingtohostAARPTableABCDGratuitousARP:IamIPB:MACA1IPMACAABATrafficflowingtohostAARPTableServiceProvider'sNetworkServiceProvider'sNetwork2009InfosysTechnologiesLimitedSANOGXIVDHCPHeaderDHCPHeaderspoofingOp(1)Htype(1)Hlen(1)Hops(1)Xid(4)Secs(2)Flags(2)Ciaddr(4)Yiaddr(4)Siaddr(4)Giaddr(4)Chaddr(16)Sname(64)File(128)Options(Variable)ClientIdenrtifierRelayAgentOptionDSLAMAttackerxDSLL2RAL3RADHCPServerABDHCPRelease:MACB:SrcIP:BChaddr:A2Spoof'chaddr'fieldDHCPRelease:MACB:SrcIP:BClientId:A3Spoof'ClientIdentifier'fieldDHCPRelease:MACB:SrcIP:BOption82RemoteId:A4SpoofOption82fieldChangingInternalfieldswithinDHCPheaderDHCPRelease:MACB:SrcIP:BCiaddr:A1Spoof'ciaddr'field2009InfosysTechnologiesLimitedSANOGXIVSimilarlyPPPoESession-IDfieldidentifiesauniquesession.
SpoofingthiscanalsocauseservicedisruptionPPPoEHeaderPPPoEHeaderspoofingVERTYPECODESESSION_IDLENGTHPAYLOADChangingSESSION_IDfieldinPPPoEHeaderAttackerxDSLIPBIPAPPPoEIABRAS1PADT:SESSION_ID:ASessionDisconnectedServiceProvider'sNetwork2009InfosysTechnologiesLimitedSANOGXIVAnti-spoofingWhatisanti-spoofingMechanismtoidentifyspoofingandstoppingit.
Howanti-spoofingisdoneBydroppingthespoofedpacketsHowtoidentifythespoofedpacketsByverifyingIPAddressofthereceivedpacket.
ByverifyingMACaddressofthereceivedpacket.
ByverifyingthecombinationofIPandMACaddressforagiveninterfaceByverifyingtheIPaddress,MACaddressandothersessionbasedidentificationintheprotocolheader.
2009InfosysTechnologiesLimitedSANOGXIVDatarequiredforAnti-spoofingForeachuserconnectionListofValidIPaddressesassignedListofValidMACaddressesandifpossiblethecombinationofMACandIPaddresses,TimeforwhicheachIPaddressisvalid.
2009InfosysTechnologiesLimitedSANOGXIVWhyanti-spoofinginBroadbandAccessConcentrator(BAC)BACisattherightplace:Itknowsalltherequiredinformationtodoanti-spoofing.
Anti-spoofingbecomesdifficultandlesseffectiveifitisnotdoneasnearthesourceaspossible.
Itisnotonlyimportanttodropspoofedpackets,itisimportanttodropthemasearlyaspossible.
2009InfosysTechnologiesLimitedSANOGXIVDatacollectionforAntispoofinginBAC-PPPoE1xDSLHomeHubBRASL3RAMetroRADIUS2PADIPADO34PADRPADSBACObtainSession-IDfromPADSIPMACSession-IDI/FAA1011BB1022PPPLCPPPPIPCPBACObtainIPinformationfromIPCP567PADTBACDeletethespoofingentry2009InfosysTechnologiesLimitedSANOGXIVDatacollectionforAntispoofinginBAC-DHCPxDSLHomeHubBRASL3RAMetroDHCPIPMACLeaseI/FAA2001BB120212DHCPDISCOVERDHCPOFFER34DHCPREQUESTDHCPACKBACObtainIP/MAC/LeasetimefromDHCPACKMessage6DHCPRELEASEBACRemovetheentryfromtableLeaseEXPIREBACRemovetheentryfromtable2009InfosysTechnologiesLimitedSANOGXIVDatacollectionforAntispoofinginBAC–802.
1x+DHCP1xDSLHomeHubBRASL3RAMetroDHCP2InitialEAPNegotiationsEAPAuthSuccess34DHCPMessageexchangeDHCPACKBACObtaintheMACaddressfromEAPAuthSuccessmessageIPMACLeaseI/FAA2001BB1202RADIUSBACObtainIP&LeasetimefromDHCPACKMessage2009InfosysTechnologiesLimitedSANOGXIVMACAntispoofingDSLAMAttackerAttackerxDSLMACI/FB2A1FloodtrafficwithbothMACAandMACBMACBNoImpactonAMACAMACBIPMACLeaseI/FBB1202Floodtrafficwith1000'sofSrcMACsinadditiontoMACBCompareAntispooftableanddiscardnonmatchingentriesNoMACtableExhaustion!
MACI/FB2MACTableAntiSpoofTableIPMACLeaseI/FAA2001BB1202CompareAntispooftableanddiscardnonmatchingentriesNospoofingofNeighbor'sMAC!
2009InfosysTechnologiesLimitedSANOGXIVIPAntispoofingAttackerxDSLIPBNoImpactonAIPASendtrafficwithIPAandMACB1IPMACLeaseI/FAA2001BB1202CompareIPagainstthei/finAntispooftableMetro2009InfosysTechnologiesLimitedSANOGXIVARPAntispoofingABCDARP:WhoisIPB1ARPReply:IamIPB:MACA2IPMACAABBARPTableABCDGratuitousARP:IamIPB:MACA1IPMACAABBARPTableIPMACLeaseI/FAA2001BB1202CompareIP/MACagainstthei/finAntispooftableIPMACLeaseI/FAA2001BB1202ServiceProviderN/wServiceProviderN/w2009InfosysTechnologiesLimitedSANOGXIVDHCPHeaderAntispoofingDSLAMAttackerxDSLL2RAL3RADHCPServerABDHCPRelease:MACB:SrcIP:BChaddr:A1AntiSpooffilterdiscardDHCPRelease:MACB:SrcIP:BOption82RemoteId:A3Option82fromuntrustedentity.
DiscardIPMACLeaseI/FAA2001BB1202InspectDHCPHeader&comparechaddr&ClientIDwithantispooftableAcceptDHCPwithoption82onlyifitiscomingfromtrustedentityDHCPRelease:MACB:SrcIP:BCiaddr:A2AntiSpooffilterdiscard2009InfosysTechnologiesLimitedSANOGXIVPPPoEHeaderAntispoofingAttackerxDSLIPBIPAPPPoEIABRAS1PADT:SESSION_ID:101IPMACSession-IDI/FAA1011BB1022SessionIDdoesnotmatchNoImpactonAMetro2009InfosysTechnologiesLimitedSANOGXIVLosingdatacollectedforanti-spoofingDatausedinAntispoofingcanbelostduetovariousreasonsPlannedrebootSoftwarecrashPowerfailureReplacementofsystemSoftwareupgrade2009InfosysTechnologiesLimitedSANOGXIVHowtorecoverlostdataStaticconfigurationRequiredDataisavailableintheconfiguration.
PPPoEForPPPoE,thekeep-alivetimersareconfiguredandthesessionisre-initiatediftherearenorepliestothekeep-alivemessagesDHCPDHCPdoesnothavekeepalivemechanisminplace.
DHCPhasa'leasetime'whichisusuallyinorderof'days'.
Howtorecoverfromthissituation2009InfosysTechnologiesLimitedSANOGXIVRecoveringLeaseinformationforDHCPStableStorage:NotveryusefulasnotmanyBACssupportstablestorage.
LimitederasecyclesisalsoabottleneckinthisapproachBroadcastARPs:NeedtowaitfordownstreamtraffictoarriveandinitiateARPrequests.
Willincreasethedelay.
Cannotgetthecompleteinformationinonerequest.
PronetospoofingattacksifamalicioususerrepliestotheARPrequest.
RedundantcontrollersBACcanhaveredundantcontrollersandupononecontrollercrash,theothercontrollercantakeoverwithpre-synchedleasedata.
Notsuitableforpowerfailurescenariosorforupgrades.
Havingredundantcontrollersalsoaddtohardwarecosts2009InfosysTechnologiesLimitedSANOGXIVRecoveringLeaseinformationforDHCPQuerythroughSNMP/LDAPCurrentlynostandardMIBsareavailableforDHCPleaseinformation.
BACstypicallydonotsupportSNMPclientinterfacesQueryleaseinformationfromDHCPserverSolvesmostoftheproblemsstatedabove2009InfosysTechnologiesLimitedSANOGXIVLeasequeryforDHCP(RFC4388)RFC4388introducedanewDHCPrequestLeasequerywhichaBACcanusetoqueryDHCPservertoobtainleaseinformation.
ThreetypesofqueriesaresupportedQuerybyIPaddressOnlyIPaddressispopulatedinthequerymessage.
QuerybyMACaddressOnlyMACaddressispopulatedinthequerymessage.
Ifmorethanoneleaseisavailable,thencorrespondingIPaddressesarereturnedinassociated-ipoption.
BACthengetsadditionaldatabygeneratingquerybyIPaddress.
QuerybyClientidentifierOnlyclientidentifieroptionispopulatedinthequerymessage.
Ifmorethanoneleaseisavailable,thencorrespondingIPaddressesarereturnedinassociated-ipoption.
BACthengetstheadditionaldatabyqueryingbyIPaddress.
2009InfosysTechnologiesLimitedSANOGXIVLeasequeryforDHCP(RFC4388)Threetypesofreplymessagetypesareintroduced:DHCPLEASEACTIVEWhenDHCPserverknowsaboutthequeryidentifier.
DHCPLEASEUNKNOWN:WhenDHCPserverdoesnotknowaboutthequeryidentifier.
AnAccessConcentratorcachethisinformationsothatthiscanbeusedtoavoidgeneratingLeaseQueryforthequeryidentifier.
ThisisknownasNegativeCaching.
DHCPLEASEUNASSIGNED:WhenDHCPserverdoesmanagethequeryidentifierbutnoleaseisyetassigned.
NegativeCachingisdoneforthisresponseaswell.
2009InfosysTechnologiesLimitedSANOGXIVRFC4388basedleasequery–DataDriven34DSLAMLayer3RelayAgentxDSLHomeHubServiceProviderNetworkDHCPServerM1192.
168.
1.
2T1I1M2192.
168.
1.
8T2I1MACIPLeaseI/fM1192.
168.
1.
2T1I1AntiSpoofTable123I12009InfosysTechnologiesLimitedSANOGXIVRFC4388basedleasequery–DataDriven35DSLAMLayer3RelayAgentxDSLHomeHubServiceProviderNetworkDHCPServerCRASHMACIPLeaseI/fAntiSpoofTable123I12009InfosysTechnologiesLimitedSANOGXIVRFC4388basedleasequery–DataDriven36DSLAMLayer3RelayAgentxDSLHomeHubServiceProviderNetworkDHCPServer1DataTrafficfrom192.
168.
1.
22LeaseQuerybyIPAddress3LeaseActiveM1,T1,I1MACIPLeaseI/fM1192.
168.
1.
2T1I1AntiSpoofTable4DataTrafficfrom192.
168.
1.
25123I12009InfosysTechnologiesLimitedSANOGXIVRFC4388basedleasequery–NegativeCaching37xDSLHomeHubServiceProviderNetworkDHCPServerCRASH123I12009InfosysTechnologiesLimitedSANOGXIVRFC4388basedleasequery–NegativeCaching381DataTrafficfrom192.
168.
1.
102LeaseQuerybyIPAddressNegativeCachingxDSLHomeHubServiceProviderNetworkDHCPServer123MACIPThresholdI/fM1192.
168.
1.
10T1I13LeaseUNKNOWN182.
168.
1.
10,M14I12009InfosysTechnologiesLimitedSANOGXIVRFC4388basedleasequery–NegativeCaching392DataTrafficfrom192.
168.
1.
103LeaseQuerybyIPAddressNegativeCachingxDSLHomeHubServiceProviderNetworkDHCPServer123MACIPThresholdI/fM1192.
168.
1.
10T1I14LeaseUNKNOWN182.
168.
1.
10,M1Thresholdexpired1I12009InfosysTechnologiesLimitedSANOGXIVIssueswithRFC4388basedleasequeryExistingLeasequerymechanismisdatadriven:LeasequeryisinitiatedonlywhenAccessConcentratorsreceivesdataExistingmethodsuggeststheuseofnegativecaching.
NegativeCachingconsumeslotofresourcesunderspoofattacks.
Resultsinincreasedoutagetimefortheclients.
2009InfosysTechnologiesLimitedSANOGXIVIssueswithRFC4388basedleasequery(contd.
.
)Gettingconsolidatedleaseinformationperconnectionisnotpossible:Existingmechanismdoesn'thaveanymethodstogetconsolidatedleaseinformationforalltheclientsbelongingtoaconnection/circuitMultipleclientscanresideforagivenconnection/circuit.
IfAccessconcentratorhasleaseinformationofalltheclientsforagivenconnection/circuit,anti-spoofingcanbedoneindataplane(fastpath)2009InfosysTechnologiesLimitedSANOGXIVQuerybyremote-idRemote-IDsuboptionidentifyiesaconnection/circuituniquely.
ThisisgloballyuniqueidentifierRemote-IDcanbetrustedastheyarecreatedbyRelayAgent.
AccessConcentratorneednotwaitforthetraffictoarriveandcangenerateLeaseQueryassoonasitcomesupafterareboot.
DHCPServercanprovideconsolidatedLeaseInformationforaspecificconnection/circuit.
Oncealltheleaseinformationforagivenconnection/circuitisobtained,anti-spoofingcanbedoneindataplane(fastpath).
NoneedforNegativeCaching.
2009InfosysTechnologiesLimitedSANOGXIVLeaseQuerybyRemoteId43xDSLHomeHubServiceProviderNetworkDHCPServer123M1192.
168.
1.
2T1I1M2192.
168.
1.
8T2I1M3192.
168.
1.
10T3I1MACIPLeaseI/fAntiSpoofTableI12009InfosysTechnologiesLimitedSANOGXIVLeaseQuerybyRemoteId44xDSLHomeHubServiceProviderNetworkDHCPServerCRASH123MACIPLeaseI/fAntiSpoofTableI12009InfosysTechnologiesLimitedSANOGXIVLeaseQuerybyRemoteId451LeaseQuerybyRemoteIdforI12LeaseActiveofallthreeleases*3DataTrafficfrom192.
168.
1.
8xDSLHomeHubServiceProviderNetworkDHCPServer123M1192.
168.
1.
2T1I1M2192.
168.
1.
8T2I1M3192.
168.
1.
10T3I1MACIPLeaseI/fAntiSpoofTable4DataTrafficfrom192.
168.
1.
8BACdoesnotneedtowaitforthetraffictoinitiateLQLeasequerybyremote-idresultsinobtainingcompleteinformationonagiveninterface.
NoneedofinitiatingsubsequentqueriesI1*Leaseactiveforoneleaseisreturnedfollowedbyassociated-IPoption.
ThisresultsinsubsequentquerybyIPforremainingleases2009InfosysTechnologiesLimitedSANOGXIVProtocolDetails:ServeridentifiesaLeasequerybyremote-idwhentheleasequerymessagehas:Chaddr,siaddr,Ciaddr,htype,hlenandchaddriszeroandClientidentifieroptionisnotpresentandOption82withonlyRemote-Idsub-optionispresent.
SendsaLEASEACTIVEpopulatingtheciaddrwiththeIPaddressthatwasmostrecentlyaccessedbytheclient.
AllotherIPaddressesarereturnedinAssociated-IPoption.
RelayagentthensendsaLeasequerywith"QuerybyIPAddress"foralltheadditionalIPaddressesreturnedinAssociated-ipoption.
2009InfosysTechnologiesLimitedSANOGXIVProtocolDetails:ServermayreturnaLEASEUNASSIGNEDifitknowsitmanagestheleasefortheconnectionidentifiedbyRemote-Idsub-optionbutnoleaseisassignedyet.
ServermayreturnLEASEUNKNOWNifitdoesnotknowthecorrespondingRemote-idsub-option.
2009InfosysTechnologiesLimitedSANOGXIVWhyBulkLeasequeryTraditionalleasequery(Both4388)andleasequerybyremote-idworksontheprincipleofretrievingoneleaseatatimeWhilequerybyremote-idsolvesalltheproblemsassociatedwithRFC4388basedleasequerymechanism,itstillinvolvesgeneratinghugenumberofleasequeriestogetallthepossibledataBulkleasequeryworksontheprincipleofestablishingTCPconnectionbetweenRAandServerandretrievinginformationinbulk2009InfosysTechnologiesLimitedSANOGXIVBulkLeaseQuery49DSLAMLayer3RelayAgentxDSLHomeHubServiceProviderNetworkDHCPServerMACIPAddressLeaseTimeInterfaceM1192.
168.
1.
2T1I1M2192.
168.
1.
8T2I2M3192.
168.
1.
3T2I3I1I2I32009InfosysTechnologiesLimitedSANOGXIVBulkLeaseQuery50DSLAMLayer3RelayAgentxDSLHomeHubServiceProviderNetworkDHCPServerCRASHI1I2I3MACIPLeaseI/f2009InfosysTechnologiesLimitedSANOGXIVBulkLeaseQuery51DSLAMLayer3RelayAgentxDSLHomeHubServiceProviderNetworkDHCPServerMACIPAddressLeaseTimeInterfaceM1192.
168.
1.
2T1I1M2192.
168.
1.
8T2I2M3192.
168.
1.
3T2I33DataTrafficfrom192.
168.
1.
81BulkLeaseQueryinaTCPSession2LeaseActiveofallleases4DataTrafficfrom192.
168.
1.
8LeaseinformationofallinterfacesobtainedininonequeryI1I2I32009InfosysTechnologiesLimitedSANOGXIVProtocolDetails:DSLAMLayer3RelayAgentxDSLHomeHubServiceProviderNetworkDHCPServer1TCPSession2BulkLeaseQuerywithXID23LEASEQUERYACTIVEforXID24LEASEQUERYACTIVEforXID25LEASEQUERYACTIVEforXID26LEASEQUERYDONEforXID27TCPsessionclose2009InfosysTechnologiesLimitedSANOGXIVProtocolDetails:AQuerier(TypicallyaRelayAgent)establishesaTCPconnectionwiththeserveronport67.
Twonewquerytypesareadded"QuerybyRelay-ID"whererelay-idisauniqueRelayagentIdentifier.
AllleasesallocatedthroughaspecificRelayAgent.
"QueryforallconfiguredIPs"whereallIPaddressheldbyDHCPServerirrespectiveofstateisreturned.
Inthiscase,unassignedIPaddressesarereturnedwithUNASSIGNEDstate.
Newfiltersareadded:StartandEndtimefiltercanbepassedtoretrieveleasesforwhichstatehaschangedwithinthespecifiedtime.
Otherquerytypes(QuerybyIPAddress,MACaddress,Client-IDandremote-id)arealsosupported.
2009InfosysTechnologiesLimitedSANOGXIVProtocolDetails:UponreceivingaBULKLEASEQUERY,DHCPservergeneratesastreamofLEASEACTIVEforeachleasethatfulfilsthequery.
EndofleaseforagivenqueryisindicatedbytheLEASEQUERYDONEmessage.
MultipleBulkLeasequerycanbeinitiatedoverasingleTCPconnection.
Transactionid(XID)isusedtodistinguishbetweentherepliesformultiplequeries.
2009InfosysTechnologiesLimitedSANOGXIVStandardizationandImplementationeffortsStandardizationefforts:Querybyremote-idandBulkLeaseQuerydraftisbeingstandardizedinDHCworkinggroupofIETF.
Implementationefforts:WehavecreatedaProof-Of-Conceptimplementationof'QuerybyRemote-Id'and'BulkLeaseQuery'byenhancingISCDHCPserver.
2009InfosysTechnologiesLimitedSANOGXIVReferences:S.
Bellovin,"SecurityproblemsintheTCP/IPprotocolsuite,"SIGCOMMComputerCommunicationReview,vol.
19,no.
2,pp.
32–48,1989.
R.
BeverlyandS.
Bauer,"Thespooferproject:inferringtheextentofsourceaddressfilteringontheinternet,"inSRUTI'05:Proc.
oftheStepstoReducingUnwantedTrafficontheInternet,2005.
IETFStandards:RFC2131,DynamicHostConfigurationProtocolLayer2RelayAgenthttp://www.
ietf.
org/id/draft-ietf-dhc-l2ra-04.
txthttp://www.
ietf.
org/id/draft-ietf-dhc-l2ra-extensions-01.
txtQuerybyremote-idhttp://www.
ietf.
org/id/draft-ietf-dhc-leasequery-by-remote-id-02.
txtBulkleasequeryhttp://www.
ietf.
org/id/draft-ietf-dhc-dhcpv4-bulk-leasequery-00.
txtTR-101fromBroadbandForumhttp://www.
broadband-forum.
org/technical/download/TR-101.
pdf2009InfosysTechnologiesLimitedSANOGXIV2009InfosysTechnologiesLimitedSANOGXIVThankYou