DHCP (2024)

Table of Contents
27.1. Cheat sheet 27.2. Protocol: DHCP 27.3. Networking background: NAT 27.4. Attack 27.5. Defenses

27.1. Cheat sheet

  • Layer: 2-3 (see below)

  • Purpose: Get configurations when first connecting to a network

  • Vulnerability: On-path attackers can see requests and send spoofed malicious responses

  • Defense: Accept as a fact of life and rely on higher layers

27.2. Protocol: DHCP

DHCP (Dynamic Host Configuration Protocol) is responsible for setting up configurations when a computer first joins a local network. These settings enable communication over LANs and the Internet, so it is sometimes considered a layer 2-3 protocol. The Internet layers are defined primarily for communication, so setup protocols like DHCP don’t fit cleanly into the abstraction barriers in the layering model.

In order to connect to a network, you need a few things:

See Also
What is Layer 2 of The OSI Model: Data Link Layer?What is Layer 4 of the OSI Model? | Glossary | A10 NetworksLayer 2 vs Layer 3 Switch: Understanding the DifferencesThe Difference Between Layer 2 And Layer 3 Industrial Switches?

  • An IP address, so other people can contact you

  • The IP address of the DNS server, so you can translate a site name like www.google.com into an IP address (DNS is covered in more detail later)

  • The IP address of the router (also called the gateway), so you can contact others on the Internet

The DHCP handshake follows four steps, between you (the client) and the server (who can give you the needed IP addresses)

  1. Client Discover: The client broadcasts a request for a configuration.

  2. Server Offer: Any server able to offer IP addresses responds with some configuration settings. (In practice, usually only one server replies here.)

    See Also
    Wi-Fi and the OSI model | Control Engineering

  3. Client Request: The client broadcasts which configuration it has chosen.

  4. Server Acknowledge: The chosen server confirms that its configuration has been chosen.

The configuration information provided in step 2 (server offer) is sometimes called a DHCP lease. The offer may include a lease time. After the time expires, the client must ask to renew the lease to keep using that configuration, or else the DHCP server will free up those settings for other devices that request leases later.

Notice that both client messages are broadcast. Step 3 (client request) must be broadcast so that if multiple servers made offers in step 2, all the servers know which one has been chosen. Sanity check: why must client discover be broadcast?1

27.3. Networking background: NAT

Because there are more computers than IPv4 addresses on the modern Internet, and not all networks support IPv6 (expanded address space) yet, DHCP supports NAT (Network Address Translation), which allows multiple computers on a local network to share an IP address. When a computer requests a configuration through DHCP, the router (DHCP server) assigns that computer a placeholder IP address. This address usually comes from a reserved block of private IP addresses that are invalid on the Internet, but can be used as placeholders in the local network.

When a computer sends a packet to the Internet, the packet passes through the router first. The router stores a record mapping the internal (source) IP address to the remote (destination) IP address, for processing potential replies. Then the router replaces the placeholder IP address with a valid IP address, and sends the packet to the remote sever on the Internet. Sanity check: does this replacement happen for the source or destination IP address?2 When the router sees an incoming packet, it checks the stored mappings, converts the destination IP address back to the correct placeholder address, and forwards the message to the original computer on the local network. With NAT, the router could potentially use a single valid IP address to send packets on behalf of every computer on the local network.

27.4. Attack

The attack on DHCP is almost identical to ARP spoofing. At the server offer step, an attacker can send a forged configuration, which the client will accept if it arrives before the legitimate configuration reply. The attacker could offer its own IP address as the gateway address, which makes the attacker a man-in-the-middle. Packets intended for the network would be sent to the attacker, who can modify them before forwarding them to the real gateway. The attacker can also become a man-in-the-middle by manipulating the DNS server address, which lets the attacker supply malicious translations between human-readable host names (www.google.com) and IP addresses (6.6.6.6).

27.5. Defenses

In reality, many networks just accept DHCP spoofing as a fact of life and rely on the higher layers to defend against attackers (the general idea: if the message sent is properly encrypted, the man-in-the-middle can’t do anything anyway).

Defending against low-layer attacks like DHCP spoofing is hard, because there is no trusted party to rely on when we’re first connecting to the network.

  1. A: Before DHCP, the client has no idea where the servers are.

  2. Source, since it’s an outgoing packet.

DHCP (2024)
Top Articles
How To Make Money On Binary Options 10 Must Follow Rules - Binoption
Character Traits of a Successful Day Trader
Napa Autocare Locator
Www.politicser.com Pepperboy News
Phone Number For Walmart Automotive Department
Comforting Nectar Bee Swarm
Beds From Rent-A-Center
Crime Scene Photos West Memphis Three
Carter Joseph Hopf
Dark Souls 2 Soft Cap
Seth Juszkiewicz Obituary
Aita Autism
Craigslist Cars Nwi
6th gen chevy camaro forumCamaro ZL1 Z28 SS LT Camaro forums, news, blog, reviews, wallpapers, pricing – Camaro5.com
The Shoppes At Zion Directory
Restaurants Near Paramount Theater Cedar Rapids
Swedestats
Caledonia - a simple love song to Scotland
EASYfelt Plafondeiland
Winco Employee Handbook 2022
Ac-15 Gungeon
Www.dunkinbaskinrunsonyou.con
Chime Ssi Payment 2023
Turbo Tenant Renter Login
Cb2 South Coast Plaza
At 25 Years, Understanding The Longevity Of Craigslist
Panolian Batesville Ms Obituaries 2022
No Limit Telegram Channel
208000 Yen To Usd
Table To Formula Calculator
Weather Underground Durham
Grand Teton Pellet Stove Control Board
Craigslist Central Il
Ixl Lausd Northwest
Amici Pizza Los Alamitos
Louisville Volleyball Team Leaks
Reborn Rich Ep 12 Eng Sub
Dr Adj Redist Cadv Prin Amex Charge
The Thing About ‘Dateline’
Silive Obituary
התחבר/י או הירשם/הירשמי כדי לראות.
Exam With A Social Studies Section Crossword
Rocket Lab hiring Integration & Test Engineer I/II in Long Beach, CA | LinkedIn
Aznchikz
Used Auto Parts in Houston 77013 | LKQ Pick Your Part
15:30 Est
Rocket Bot Royale Unblocked Games 66
Coleman Funeral Home Olive Branch Ms Obituaries
Nfsd Web Portal
Buildapc Deals
라이키 유출
Lorcin 380 10 Round Clip
Latest Posts
Penny Stocks for Beginners [Infographic]
User-Driven Innovation: How Ethereum Incorporates Feedback
Article information

Author: Van Hayes

Last Updated:

Views: 6183

Rating: 4.6 / 5 (66 voted)

Reviews: 89% of readers found this page helpful

Author information

Name: Van Hayes

Birthday: 1994-06-07

Address: 2004 Kling Rapid, New Destiny, MT 64658-2367

Phone: +512425013758

Job: National Farming Director

Hobby: Reading, Polo, Genealogy, amateur radio, Scouting, Stand-up comedy, Cryptography

Introduction: My name is Van Hayes, I am a thankful, friendly, smiling, calm, powerful, fine, enthusiastic person who loves writing and wants to share my knowledge and understanding with you.