DHCP snooping

DHCP snooping

In computer networking DHCP snooping is a series of techniques applied to ensure the security of an existing DHCP infrastructure.

When DHCP servers are allocating IP addresses to the clients on the LAN, DHCP snooping can be configured on LAN switches to harden the security on the LAN to allow only clients with specific IP/MAC addresses to have access to the network.



DHCP snooping is a series of layer 2 techniques that ensures IP integrity on a Layer 2 switched domain. It works with information from a DHCP server to:

  • Track the physical location of hosts.
  • Ensure that hosts only use the IP addresses assigned to them.
  • Ensure that only authorized DHCP servers are accessible.

With DHCP snooping, only a whitelist of IP addresses may access the network. The whitelist is configured at the switch port level, and the DHCP server manages the access control. Only specific IP addresses with specific MAC addresses on specific ports may access the IP network.

DHCP snooping also can prevent attackers from adding their own DHCP servers to the network. An attacker-controlled DHCP server could cause malfunction of the network or even control it.

DHCP snooping is an important component in the defense against ARP spoofing. ARP security checks the IP address in the Source Protocol Address field of ARP packets. If that IP address is not an address that DHCP snooping has recorded as being in use by a host connected to the ingress port of the ARP, then the ARP packet is dropped.


An open source solution is ArpON, a portable handler daemon that helps secure the ARP protocol in order to prevent a Man In The Middle (MITM) attack through ARP Spoofing, ARP Cache Poisoning, and ARP Poison Routing (APR) attacks. It blocks also the derived attacks by it, which Sniffing, Hijacking, Injection, Filtering & co attacks for more complex derived attacks, as: DNS Spoofing, WEB Spoofing, Session Hijacking and SSL/TLS Hijacking & co attacks.


External links

Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Rogue DHCP — Ein rogue DHCP Server stört den Betrieb eines mittels DHCP verwalteten lokalen Netzwerks. Er agiert als eigenständiger Server, der neben dem im Netzwerk vorgesehen Server existiert. Ein rogue DHCP Server kann für Angriffe auf ein Netzwerk… …   Deutsch Wikipedia

  • IGMP Snooping — IGMP dans un réseau local : les hôtes indiquent au routeur requérant les groupes multicast auxquels ils souscrivent. Le commutateur observe le trafic IGMP. Pile de protocoles …   Wikipédia en Français

  • Dynamic Host Configuration Protocol — DHCP redirects here. For other uses, see DHCP (disambiguation). A DHCP Server settings tab The Dynamic Host Configuration Protocol (DHCP) is a network configuration protocol for hosts on Internet Protocol (IP) networks. Computers that are… …   Wikipedia

  • MAC-Forced Forwarding — (MACFF) is used to control unwanted broadcast traffic and host to host communication. This is achieved by directing network traffic from hosts located on the same subnet but at different locations to an upstream gateway device. This provides… …   Wikipedia

  • Dell M1000e — The Dell blade server solutions are built around their new M1000e enclosure that can hold their complete range of server blades and an extensive range of I/O modules like ethernet switches, fibre channel switches etc. The M1000e fits in a 19… …   Wikipedia

  • ARP spoofing — Address Resolution Protocol (ARP) spoofing, also known as ARP poisoning or ARP Poison Routing (APR), is a technique used to attack an Ethernet wired or wireless network which may allow an attacker to sniff data frames on a local area network… …   Wikipedia

  • ARP Spoofing — Una típica trama Ethernet. Una trama modificada podría tener una dirección MAC de origen falsa para engañar a los dispositivos que estén en la red. El ARP Spoofing, también conocido como ARP Poisoning o ARP Poison Routing, es una técnica usada… …   Wikipedia Español

  • Avaya ERS 5500 — Avaya Ethernet Routing Switch 5500 Series ERS 5510 48T/5510 24T Rack mountable: 19 inch standard rack ERS 55 …   Wikipedia

  • Cisco's 3 Layered Model — Over years of building network equipment, Cisco Systems has developed a three layered model. Starting with the basics, the Cisco network is traditionally defined as a three tier hierarchical model comprising the core, distribution, and access… …   Wikipedia

  • Internet Group Management Protocol — IGMP dans un réseau local : les hôtes indiquent au routeur requérant les groupes multicast auxquels ils souscrivent. Pile de protocoles …   Wikipédia en Français

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”