Ask the Expert

Regarding authenticated DHCP (RFC 3118), what vulnerability is documented for this RFC?

Regarding authenticated DHCP (RFC 3118), what vulnerability is documented for this RFC?

    Requires Free Membership to View

RFC 3118 defines an IETF standard option for authentication of DHCP (Dynamic Host Configuration Protocol) messages. This RFC identifies the following vulnerabilities:
  • The configuration token method is vulnerable to interception, and
  • The delayed authentication mechanism is vulnerable to DDoS floods.

For example, DHCP_Gobbler is a proof of concept tool that attacks RFC 3118 by grabbing all available DHCP addresses, preventing allocation to legitimate new machines.

To learn more about DHCP improvements related to security and more, visit the IETF's DHC working group page -- for example, see Internet Drafts regarding DHCP authentication with IPv6 and DHCP Relay.

Note that DHCP can be used by any kind of IP network, including wireless LANs. Wireless LANs are inherently more vulnerable to interception and flooding than privately-operated Ethernet LANs. Link encryption (WPA/WPA2) can be used to prevent DHCP request interception on a wireless LAN. Preventing flooding is trickier, since you can't really prevent wireless stations from transmitting. However, you CAN stop transmitted packets from reaching your DHCP server -- for example, by using 802.1X port access control.

This was first published in February 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: