Sunday, June 10, 2007

DHCP Attacks

DHCP attacks centre on two methods
  1. Denial of service
  2. DHCP impersonation
Denial of Service Attacks
  • Address starvation with MAC flooding
Attack
  1. DHCP servers have a limited number of addresses that they can give out.
  2. DHCP scopes commonly have less than 200 addresses that they give out to hosts (the rest of the space is often reserved for static IP devices, such as servers, printers, etc).
  3. An attacker has to do is send DHCP requests using random MAC addresses.
  4. It keeps sending requests until the DHCP server stops responding. Of course, the DHCP has no idea what's going on, so it keeps responding to all the requests it sees coming in.
Mitigation
  1. Mitigation of this attack is very simple with a Cisco switch.
  2. Using a feature called port security.
  3. Port security does is limit the number of MAC addresses a client machine can use.
  4. Port security is supported on Cisco 2950's and above. The switch clears the MAC address associated with a port when the link goes down
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)