Open In App

DHCP Snooping

Last Updated : 12 Jul, 2022
Like Article

Prerequisite – Dynamic Host Configuration Protocol (DHCP) Every protocol that we learn in Computer Network have some rules, these rules govern working of protocols. These rules sometimes provide way for attackers to take advantage of network. Attackers can also use working of DHCP to compromise our network. In this article we’ll learn how our network can be compromised and how we can prevent them. DHCP based Attack : Consider scenario given below. Attacker has connected his laptop to network and act as fake DHCP Server. As we know that initial DHCP’s DORA messages exchange between DHCP client and server uses broadcast address. Attacker listen to that broadcast and lease its own address, mask and default router to client. Now client will forward all its traffic to attacker. This creates Man-in-the-middle attack, violating Integrity component of security. Figure – DHCP based attack
DHCP snooping : DHCP snooping is done on switches that connects end devices to prevent DHCP based attack. Basically DHCP snooping divides interfaces of switch into two parts

  1. Trusted Ports – All the ports which connects management controlled devices like switches, routers, servers etc are made trusted ports.
  2. Untrusted Ports – All the ports that connect end devices like PC, Laptops, Access points etc are made untrusted port.

We know that DHCP address leasing is done after exchange of DORA messages between DHCP client and server. Two messages Discover and Request comes from client side and two messages Offer and Acknowledgement comes from server side. Using these information, DHCP snooping works in following manner

  • If trusted port receive Offer and Acknowledgement messages, then do nothing just let them pass.
  • If untrusted ports receive Offer and Acknowledgement messages, then messages are blocked as they are message from DHCP server. Untrusted port are port that should be connected to DHCP server.

Figure – Trusted and Untrusted ports
The logic of DHCP untrusted port can be bit more confusing. All real user population connects to untrusted port. A network administrator can’t know which are legitimate user and which are attackers. DHCP snooping function keeps record of leased address to user in DHCP Binding Table. This table contains record of interface, VLAN, MAC-address to which IP address is leased. This checks problem of identity theft in LAN. DHCP snooping can also be configured to limit number of request arriving any interface. This helps in preventing DOS attacks that can consume entire address space or overload DHCP server. Figure – DHCP Binding Table

Previous Article
Next Article

Similar Reads

Snooping TCP
In this article, we will discuss the overview of Snooping TCP, and its working, and then will discuss the advantages and disadvantages of Snooping TCP. Let's discuss it one by one. Overview :Snooping TCP is one of the classical TCP improvement approaches. This approach is designed to solve the end-to-end semantics loss in I-TCP. The basic concept i
3 min read
DHCP Relay Agent in Computer Network
Prerequisite - Dynamic Host Configuration Protocol (DHCP), How DHCP server dynamically assigns IP address to a host? To assign an IP address to the host dynamically, the DHCP client exchanges DHCP messages with the DHCP server in the DORA process. In the DORA process, the discover and request message is broadcast, the offer and the acknowledgement
6 min read
Difference between DNS and DHCP
Domain Name System (DNS): In DNS, with the help of DNS server, domain names are translated into IP addresses and IP addresses are translated into domain names. The architecture of DNS is given below: Dynamic Host Configuration Protocol (DHCP): Like DNS server, it does not map domain names into IP addresses or IP addresses into domain names, DHCP se
1 min read
Difference between BOOTP and DHCP
BOOTP stands for Bootstrap Protocol and DHCP stands for Dynamic host configuration protocol. These protocols square measure used for getting the information science address of the host alongside the bootstrap info. The operating of each protocol is totally different in some manner. Dynamic host configuration protocol is also the extended version of
1 min read
DHCP Full Form
DHCP stands for Dynamic Host Configuration Protocol. It is the critical feature on which the users of an enterprise network communicate. DHCP helps the enterprises to smoothly manage the allocation of IP addresses to the end-user clients' devices such as desktops, laptops, cellphones, etc. History DHCP was used for the first time in 1993. It was bu
3 min read
How to Configure DHCP Server on a Cisco Router?
In this article, we will discuss the overview of DHCP and will focus to implement How to Configure DHCP Server on a Cisco Router step by step. Let's discuss it one by one. Overview :DHCP (Dynamic Host Configuration Protocol) configuration is performed on routers to assign an IP address, subnet mask, gateway address ad DNS server address to the host
3 min read
Setting IP Address Using DHCP Server
Every computer on the network has to have an IP address for communication purposes. An IP address is an identifier for a computer or device on a network. The IP address can be assigned in two ways i.e. Static IP or Dynamic IP. Static IP: A static IP is where a user assigns an IP address manually. It has certain drawbacks for example you have 100 co
5 min read
Dynamic Host Configuration Protocol (DHCP)
Dynamic Host Configuration Protocol, is a network protocol used to automate the process of assigning IP addresses and other network configuration parameters to devices (such as computers, smartphones, and printers) on a network. What is DHCP?DHCP stands for Dynamic Host Configuration Protocol. It is the critical feature on which the users of an ent
14 min read
Article Tags :