18.104.22.168 DHCP Servers
Dynamic Host Configuration Protocol (DHCP) servers are used to assign and distribute host configuration information to clients who request it. Each DHCP server is configured by the organization with data including ranges of addresses it can hand out (possibly including some static IP addresses that are always assigned when a host with a particular MAC address makes a request), and configuration information such as the gateway out of the network, the DNS server, etc.
Since DHCP servers dont require authentication of either client or server, they are vulnerable to exploits by attackers. For example, any client can request a network address if enough spurious requests are aimed at a DHCP server, its pool of available addresses can be exhausted, depriving legitimate users of access to the network. Therefore, it is recommended that your DHCP server be configured to hand out addresses only to those hosts that are known to you (for example, those hosts whose MAC addresses appear in a file on your DHCP server).
On the other side, anyone can run their own DHCP server on a network, and if that server is faster at responding to DHCP queries than the real, authorized server, clients will accept the data from the rogue DHCP server. Among the problems this can lead to is the rogue DHCP server providing incorrect DNS nameserver addresses, which might allow the attacker to redirect traffic originating at that client, and destined for legitimate sites, to other sites, by faking bogus DNS information for the legitimate site. Therefore, it is recommended that DNS information be configured statically on each client rather than provided by the DHCP server.
On the bright side, attacks against DHCP servers tend to be limited to the local network, because DHCP requests are made as network broadcasts which typically do not get passed out of a subnet. If your DHCP server is on a different subnet from the hosts, you must configure your router to use the BOOTP relay protocol378 (via UDP port 67) to allow the DHCP requests to cross the subnet boundary. When doing this, exercise care so that you do not allow more clients access to the DHCP server, than is absolutely required.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.