DHCP snooping

In computer networking DHCP snooping is a series of techniques applied to ensure the security of an existing DHCP infrastructure.

When DHCP servers are allocating IP addresses to the clients on the LAN, DHCP snooping can be configured on LAN switches to harden the security on the LAN to allow only clients with specific IP/MAC addresses to have access to the network.

Contents

Description

DHCP snooping is a series of layer 2 techniques that ensures IP integrity on a Layer 2 switched domain. It works with information from a DHCP server to:

With DHCP snooping, only a whitelist of IP addresses may access the network. The whitelist is configured at the switch port level, and the DHCP server manages the access control. Only specific IP addresses with specific MAC addresses on specific ports may access the IP network.

DHCP snooping also can prevent attackers from adding their own DHCP servers to the network. An attacker-controlled DHCP server could cause malfunction of the network or even control it.

DHCP snooping is an important component in the defense against ARP spoofing. ARP security checks the IP address in the Source Protocol Address field of ARP packets. If that IP address is not an address that DHCP snooping has recorded as being in use by a host connected to the ingress port of the ARP, then the ARP packet is dropped.

Implementations

An open source solution is ArpON, a portable handler daemon that helps secure the ARP protocol in order to prevent a Man In The Middle (MITM) attack through ARP Spoofing, ARP Cache Poisoning, and ARP Poison Routing (APR) attacks. It blocks also the derived attacks by it, which Sniffing, Hijacking, Injection, Filtering & co attacks for more complex derived attacks, as: DNS Spoofing, WEB Spoofing, Session Hijacking and SSL/TLS Hijacking & co attacks.

References

External links