A proactive cyber-defensive capability using Procedural Dynamic IP assignation

Ernesto Eduardo Dobarganes
3 min readNov 12, 2021

--

This article explores the idea of using Procedural Dynamic IP assignation to mitigate security risks in a given network.

Elements at play:

DHCP ServiceThe Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client–server architecture.

DHCP Lease time — Computers that are configured to automatically obtain IP addresses from a DHCP (Dynamic Host Configuration Protocol) server receive an IP address not for permanent use, but for a fixed period of time. This time period is called the DHCP Lease Time. Upon expiration of the lease, this IP address is considered free and can be assigned to another device in the network.

After half (1/2) of the lease time of the IP address has passed, the client tries to extend the lease of the given IP address on the DHCP server. In order to do this, the client sends a DHCPREQUEST request to the server. If the DHCP server can extend the IP address lease, it sends a DHCPACK message with the new lease time and TCP/IP configuration parameters. After receiving confirmation, the DHCP client updates its network configuration. If renewing the IP address lease fails, the DHCP client will try to do it again.

After 87.5% (7/8) of the lease time will expire, the client will send a broadcast DHCPREQUEST packet to communicate with any available DHCP server in the network.

When the lease expires or a DHCPNACK message is received, the DHCP client should immediately release this IP address. After that, he can resume the lease process to obtain a new IP address.

By default, the DHCP server on Windows Server uses a lease time — 8 days. In most cases, this is the optimal value. However, if there are few free addresses in your IP subnet, you can decrease the Lease Time value so that unused IP addresses are released faster.

Optimal values DHCP lease time for different network types:

For wired Ethernet networks — 8 days;
For wireless networks — 1 day;
For guest Wi-Fi networks — 2–8 hours;

The Concept : Procedural Dynamic IP Assignation (PDIPA)

* There are a couple of repeated IPs in this image.

- A Network with (AD) amount of Authorized Devices uses a local DHCP service to assign a Given IP (g-ip) to each device in the form of AD(g-ip) for a given Lease_Time (LT)

- An application running on Authorized Devices and the DHCP server, has previously generated a procedure for each authorized device to change their IPs to a new IP according to the procedure established at the higher-level application.

This condition could be, for example, time-based, let’s say 60 seconds.

Then:

A Non-Authorized device (ND), would have to know the ‘Dynamic IP assignation theme’ in order to keep a ‘continued connection’ with a given device .

This could be a security measure that limits the maximum time that an ND would be able to keep a connection session alive… limiting then the potential maximum of information or damage that could be done given the limited amount of time available for an attacker.

Thanks.

--

--

Ernesto Eduardo Dobarganes
Ernesto Eduardo Dobarganes

Written by Ernesto Eduardo Dobarganes

Self-taught Polymath. Trying to beat Einstein while staying humble. Invented fastest Engine & Vehicle ever (~299,972 km/s).

No responses yet