- The configuration token method is vulnerable to interception, and
- The delayed authentication mechanism is vulnerable to DDoS floods.
For example, DHCP_Gobbler is a proof of concept tool that attacks RFC 3118 by grabbing all available DHCP addresses,...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
preventing allocation to legitimate new machines.
To learn more about DHCP improvements related to security and more, visit the IETF's DHC working group page -- for example, see Internet Drafts regarding DHCP authentication with IPv6 and DHCP Relay.
Note that DHCP can be used by any kind of IP network, including wireless LANs. Wireless LANs are inherently more vulnerable to interception and flooding than privately-operated Ethernet LANs. Link encryption (WPA/WPA2) can be used to prevent DHCP request interception on a wireless LAN. Preventing flooding is trickier, since you can't really prevent wireless stations from transmitting. However, you CAN stop transmitted packets from reaching your DHCP server -- for example, by using 802.1X port access control.
Dig Deeper on WLAN Standards
Related Q&A from Lisa Phifer
Whether you need a basic open source mobile device management tool for your company's Apple or Android devices, or something more customized, you ...continue reading
Advancements in 4G LTE networks improved the security of cellular data transmission, but it still varies wildly from network to network.continue reading
The enterprise mobility management market for wearable devices is in its infancy, but IT can still use existing EMM tools to manage wearables.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.