Techie Weblog

Web Hosting & Network Security Guide

How to Protect from DHCP Attack

If you like the post, Please Share

Facebooktwittergoogle_pluspinterestlinkedin

How to Protect from DHCP Attack

How to Protect from DHCP Attack

What is DHCP.

How to Protect from DHCP Attack

How to Protect from DHCP Attack

DHCP Stands for Dynamic Host Control Protocol. Microsoft Says “Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that automatically provides an Internet Protocol (IP) host with its IP address and other related configuration information such as the subnet mask and default gateway.” In this protocol, every new workstation that connects a network gets IP Address automatically by DHCP Server.

What is DHCP Attack

A DHCP attack is done by the hackers by broadcasting DHCP requests with spoofed MAC addresses using a sophisticated tool know as “the gobbler”. If too many requests are sent, the network exhausted the address space available to the DHCP servers for a period of time. This is a similar attack like a synchronization (SYN) flood attack.

How to Protect from DHCP Attack

The attack can be handled by the following ways:

1. DHCP Snooping

It is a security feature of DHCP mechanism that provides network security by filtering untrusted DHCP messages and by building and maintaining a DHCP snooping binding database. This is also referred to as a DHCP snooping binding table. In DHCP snooping, which is a Cisco Catalyst switch feature, determines which ports are trusted and untrusted. Trusted ports can source all DHCP messages and untrusted ports can source requests only. When a switch receives a packet on an untrusted interface, the switch then compares the source MAC address and the DHCP client hardware address. Then it adopts a simple algorithm, if addresses match (the default), the switch forwards the packet. If the addresses do not match, the switch drops the packet from the network.

2. Port Security

DHCP attack can be mitigate by limiting the number of MAC addresses allowed on a port. Port security feature can restrict input to an interface by limiting and identifying the MAC addresses of the stations allowed to access the port. If secure MAC addresses is assign to a secure port, the port does not forward packets with source addresses outside the group of defined addresses. Besides, it allows you to specify MAC addresses for each port or to permit a limited number of MAC addresses. When a MAC address of a device attached to the port differs from the list of secure addresses, the port shuts down permanently or drops incoming packets from the insecure host. Thus it reduce the vulnerability of the network security.

 

***How to Protect from DHCP Attack***

The Author

Sukanta Dutta

The author is writing technical blog for last few years. He shares his knowledge on Computer Networks, Database Technologies, Security Aspects of Network and Database etc. He also likes to hear from the reader of this blog to learn more, so he welcomes guest writing for this blog.

1 Comment

Add a Comment
  1. very good post.. its help Us secure our Data
    first time know this concept

Leave a Reply

Your email address will not be published. Required fields are marked *

Techie Weblog © 2015-2016 Frontier Theme