DHCP spoof attack

From Teknologisk videncenter
Jump to: navigation, search

A DHCP Spoof attack is a illegal DHCP server setup in a LAN environment which configures the clients with wrong IP information. The illegal DHCP server can configure the clients with it self as the default gateway, in which case all non-local traffic will be sent to the illegal DHCP server where the intruder can inspect or alter the packets before they are sent on to the real gateway. this is known as a man in the middle attack.

Protecting against DHCP spoof attack

On the access switches you can protect against spoofing

ip dhcp spoofing
interface GigabitEthernet0/1
 description Trunk to Distribution layer and DHCP server
 ip dhcp snooping trust

Show command

Switch# <input>show ip dhcp snooping</input>
Switch DHCP snooping is enabled
DHCP Snooping is configured on the following VLANs:
  10 30-40 100 200-220
Insertion of option 82 information is enabled
Interface            Trusted         Rate limit (pps)
---------            -------         ----------------
FastEthernet0/1      no              20
FastEthernet0/2      no              20
GigabitEthernet0/1   yes             none