DHCP SNOOPING ATTACKS PREVENTION METHOD WITH LAB

Posted: December 1, 2015 in Network Security
Tags: , , ,

Today in this article i am going to discuss about DHCP SNOOPING attacks by hackers.Here in this article i will show you how DHCP SNOOPING Occurs and how to stop such attacks.But before you learn how to stop dhcp snooping attacks i will love to brief about DHCP SNOOPING ATTACK.

It is a type of  hacking attack in which ip address will be provided to client machine by any unkown DHCP Server or Unauthenticated DHCP machine.

The unknown DHCP server can be run by any hacker or any intruders(company employee).If it happens your machines in the network will have ip address provided by some unknown person and he/she can easily know the details of your client PC using this and this can turn in to a disaster.

The most frequent affect of DHCP SNOOPING is that your all machine say computers can’t communicate with each other,because few gets ip from original dhcp server and few from hackers server who is using a different network.

I have created a scenario to make you understanding what actually dhcp snooping do.In below diagram you can see there are two DHCP SERVER, one is Router which is original DHCP Server having an ip 1.0.0.1 and other is a Dedicated server 192.168.1.1 which is a hacker machine.

So  just think what will happen if person sitting on PC0 PC1 Pc2 and PC3 will ask for an ip through DHCP.

Which DHCP server will respond first?

What will happen if two pc got ip from ROUTER which is our original DHCP SERVER and other two pc got ip from hacker DHCP Machine?

How to stop such attacks?

In this article you will get the answer of all these questions.

dhcp snoping attack

STEP-1:First assign ip address on router and configur DHCP Server on Router.

 

Router>enable

Router#config t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#host DHCP

DHCP(config)#int fa0/0

DHCP(config-if)#ip add 1.0.0.1 255.0.0.0

DHCP(config-if)#no shut

DHCP(config-if)#

 

DHCP(config-if)#exit

DHCP(config)#ip dhcp pool satish

DHCP(dhcp-config)#network 1.0.0.0 255.0.0.0

DHCP(dhcp-config)#default-router 1.0.0.1

DHCP(dhcp-config)#exit

DHCP(config)#

 

Now our our Router is ready to work as a DHCP Server and it will smoothly provides ip to all machines.

But the problem occurs when we see another SERVER connected to this switch and Which is also working as a FAKE DHCP SERVER.Using this Fake DHCP server hacker will provide ip to client PC and get there information easily.

dhcp snooping attack

Now you can see hackers DHCP Machine is also providing ip address to PC.

hackers dhcp server

STEP-2:Now to protect the client PC from DHCP SNOOPING attack we will configure our switch such that it will take ip only from a trusted port. And here we are going to tell our switch to take ip from router only and not from the hacker dhcp machine.

Switch>enable

Switch#config t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#ip dhcp snooping

onfig)#int fa0/3

Switch(config-if)#ip dhcp snooping trust

Switch(config-if)#exit

 

Verify the configuration:

 

Switch(config)#do show ip dhcp snooping

Switch DHCP snooping is enabled

DHCP snooping is configured on following VLANs:

none

Insertion of option 82 is enabled

Option 82 on untrusted port is not allowed

Verification of hwaddr field is enabled

Interface Trusted Rate limit (pps)

———————– ——- —————-

FastEthernet0/3 yes unlimited

Switch(config)#exit

 

Switch#show ip dhcp snooping database

Agent URL :

Write delay Timer : 300 seconds

Abort Timer :

Agent Running : No

Delay Timer Expiry : Not Running

Abort Timer Expiry : Not Running

Last Succeded Time : None

Last Failed Time : None

Last Failed Reason : No failure recorded.

Total Attempts : 0 Startup Failures : 0

Successful Transfers : 0 Failed Transfers : 0

Successful Reads : 0 Failed Reads : 0

Successful Writes : 0 Failed Writes : 0

Media Failures : 0

Switch#

Switch#show ip dhcp snooping binding

MacAddress IpAddress Lease(sec) Type VLAN Interface

—————— ————— ———- ————- —- —————–

Total number of bindings: 0

Switch#

Now if any pc ask for ip from dhcp it will get ip only from original DHCP server which is configured on Router in this LAB.

I hope this article will help you to understand DHCP Snooping attack and helps you to protect your network from such attacks.If anyone of you have any other method to stop such attack i love to listen from you in comment section or through mail.

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s