Today in this article i am going to discuss about DHCP SNOOPING attacks by hackers.Here in this article i will show you how DHCP SNOOPING Occurs and how to stop such attacks.But before you learn how to stop dhcp snooping attacks i will love to brief about DHCP SNOOPING ATTACK.
It is a type of hacking attack in which ip address will be provided to client machine by any unkown DHCP Server or Unauthenticated DHCP machine.
The unknown DHCP server can be run by any hacker or any intruders(company employee).If it happens your machines in the network will have ip address provided by some unknown person and he/she can easily know the details of your client PC using this and this can turn in to a disaster.
The most frequent affect of DHCP SNOOPING is that your all machine say computers can’t communicate with each other,because few gets ip from original dhcp server and few from hackers server who is using a different network.
I have created a scenario to make you understanding what actually dhcp snooping do.In below diagram you can see there are two DHCP SERVER, one is Router which is original DHCP Server having an ip 1.0.0.1 and other is a Dedicated server 192.168.1.1 which is a hacker machine.
So just think what will happen if person sitting on PC0 PC1 Pc2 and PC3 will ask for an ip through DHCP.
Which DHCP server will respond first?
What will happen if two pc got ip from ROUTER which is our original DHCP SERVER and other two pc got ip from hacker DHCP Machine?
How to stop such attacks?
In this article you will get the answer of all these questions.
STEP-1:First assign ip address on router and configur DHCP Server on Router.
Router>enable
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#host DHCP
DHCP(config)#int fa0/0
DHCP(config-if)#ip add 1.0.0.1 255.0.0.0
DHCP(config-if)#no shut
DHCP(config-if)#
DHCP(config-if)#exit
DHCP(config)#ip dhcp pool satish
DHCP(dhcp-config)#network 1.0.0.0 255.0.0.0
DHCP(dhcp-config)#default-router 1.0.0.1
DHCP(dhcp-config)#exit
DHCP(config)#
Now our our Router is ready to work as a DHCP Server and it will smoothly provides ip to all machines.
But the problem occurs when we see another SERVER connected to this switch and Which is also working as a FAKE DHCP SERVER.Using this Fake DHCP server hacker will provide ip to client PC and get there information easily.
Now you can see hackers DHCP Machine is also providing ip address to PC.
STEP-2:Now to protect the client PC from DHCP SNOOPING attack we will configure our switch such that it will take ip only from a trusted port. And here we are going to tell our switch to take ip from router only and not from the hacker dhcp machine.
Switch>enable
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#ip dhcp snooping
onfig)#int fa0/3
Switch(config-if)#ip dhcp snooping trust
Switch(config-if)#exit
Verify the configuration:
Switch(config)#do show ip dhcp snooping
Switch DHCP snooping is enabled
DHCP snooping is configured on following VLANs:
none
Insertion of option 82 is enabled
Option 82 on untrusted port is not allowed
Verification of hwaddr field is enabled
Interface Trusted Rate limit (pps)
———————– ——- —————-
FastEthernet0/3 yes unlimited
Switch(config)#exit
Switch#show ip dhcp snooping database
Agent URL :
Write delay Timer : 300 seconds
Abort Timer :
Agent Running : No
Delay Timer Expiry : Not Running
Abort Timer Expiry : Not Running
Last Succeded Time : None
Last Failed Time : None
Last Failed Reason : No failure recorded.
Total Attempts : 0 Startup Failures : 0
Successful Transfers : 0 Failed Transfers : 0
Successful Reads : 0 Failed Reads : 0
Successful Writes : 0 Failed Writes : 0
Media Failures : 0
Switch#
Switch#show ip dhcp snooping binding
MacAddress IpAddress Lease(sec) Type VLAN Interface
—————— ————— ———- ————- —- —————–
Total number of bindings: 0
Switch#
Now if any pc ask for ip from dhcp it will get ip only from original DHCP server which is configured on Router in this LAB.
I hope this article will help you to understand DHCP Snooping attack and helps you to protect your network from such attacks.If anyone of you have any other method to stop such attack i love to listen from you in comment section or through mail.
Learn Linux CCNA CEH IPv6 Cyber-Security Online 