Chapter 17: Implementing Security for DHCP Servers

Previous page
Table of content
Next page

Chapter 17

Implementing Security for DHCP Servers

Dynamic Host Configuration Protocol (DHCP) eases the deployment of IPaddresses to TCP/IP-based network hosts, including client computers and network devices such as TCP/IP-based print servers. A DHCP client acquires an IP address and related TCP/IP configuration information from a DHCP server.

When you implement DHCP on your network, DHCP clients send out broadcast information to User Datagram Protocol (UDP) port 67, requesting TCP/IP configuration information. DHCP servers listen for the DHCP requests and respond with DHCP configuration information. Technically, four packets are exchanged between the DHCP server and the DHCP client during the DHCP lease process:

  1. The DHCP client sends a DHCPDISCOVER message that contains the requesting host s Media Access Control (MAC) address and, if the client is a computer, the client computer s name.

  2. All DHCP servers that receive the DHCPDISCOVER message and have available addresses for the subnet where the DHCP request was initiated respond with a DHCPOFFER message. The message contains the client s MAC address, an offered IP address and subnet mask, the length of the DHCP lease, and the IP address of the offering DHCP server.

  3. The DHCP client responds to the first offer it receives by broadcasting a DHCPREQUEST message. This message includes the IP address of the DHCP server whose offer is accepted so that other DHCP servers will withdraw their offers and return the IP addresses to the available pool of DHCP IP addresses.

  4. The DHCP server issues the address information to the requesting client in a DHCPACK message. The message contains the final lease period for the address, along with other TCP/IP configuration information.

A typical attack against DHCP involves an attempt to prevent an authorized DHCP server from responding to a DHCPDISCOVER message, or it involves modifying a DHCP server to assign incorrect TCP/IP configuration information. This chapter looks at the configuration measures you can take to prevent attacks against DHCP servers.


Previous page
Table of content
Next page
Microsoft Windows Security Resource Kit
Microsoft Windows Security Resource Kit
ISBN: 0735621748
EAN: 2147483647
Year: 2003
Pages: 189
Authors: Ben Smith, Brian Komar
BUY ON AMAZON
Network Security Architectures
Microsoft VBScript Professional Projects
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
The Oracle Hackers Handbook: Hacking and Defending Oracle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy