Attacker Target Our DHCP Servers


In general we have three types of IP addressing Manual, (APIPA) Automatic Private IP addressing and (DHCP) Dynamic host configuration protocol, Where DHCP assign IP in our Network devices automatically means you're not assigning it Manually. Client or computers sending ARP request for asking Internet protocol addresses. When DHCP receive that request it responses or acknowledgement with DHCP/IP 

For example; Our DHCP Pool is 192.168.1.1 to 192.168.1.254, and we have 200 client in this topology 
we  have 54 free DHCP request if any client connect to our WiFi connection can receive DHCP/IP connection, Now what the Attacker to they join to our network and send more than 100 ARP request 
in our network trying to deny the services by sending more 100 ARP request, Our DHCP Server get stack and stop or does not have more DCHP/IP for our client to provide. New client will start suffering because he or she is not able to connect to internet using our internet connection. All DHCP/IP has been reserved First deny. second deny is Hacker put their computer in the middle, and all client get the Hacker DHCP/IP mean your all request goes to Hacker computer then to internet. 


Solution,
Try to use 
Port Security 
Purchase Layer Three Switch 
use trusted and untrusted Ports feature with MLS or DCHP Snooping or Spoofing 


Comments