What is DHCP Snooping
DHCP Snooping :: Set up a secure Cisco switch
A typical DHCP server is susceptible to many types of attack. An attacker can use up the server's IP pool via many DHCP discovers. Other clients then no longer receive an IP address. An attacker can report used IP addresses as free via DHCP release. For MITM or DoS attacks, an attacker can operate a DHCP server in the network himself (rogue DHCP server).
A Cisco switch can prevent these attacks using DHCP snooping.
Set up DHCP snooping
DHCP snooping is activated globally. In addition, the VLANs must be set for which DHCP snooping is to be carried out. The third command ensures (if desired) the automatic reactivation of an interface after the error disabled:ip dhcp snooping ip dhcp snooping vlan 1-100 errdisable recovery cause dhcp-rate-limit
Then the interfaces can be divided into trusted and untrusted. In addition, Cisco offers the option of setting a rate limit for each interface. The following interface commands set the FastEthernet0 / 1 interface to untrusted and allow 20 DHCP packets per second. GigabitEthernet0 / 1 is the uplink towards the DHCP server and is therefore trusted.interface FastEthernet0 / 1 description Edge Port no ip dhcp snooping trust ip dhcp snooping limit rate 20! interface GigabitEthernet0 / 1 description Uplink to the DHCP server ip dhcp snooping trust
In the log, the addressing of DHCP snooping looks something like this:02:19:11: DHCPSN: Found ingress pkt on Fa0 / 1 VLAN 1 02:19:11: DHCP_SNOOPING: exceeded rate limit 20pps on Fa0 / 1
Trojan installs rogue DHCP server
At the end of 2008, the first Trojans appeared that set up malicious DHCP servers. A variant of the DNSChanger malware installs a driver Ndisprot.sys as a DHCP server. A PC infected in this way distributes an IP configuration containing the attacker's DNS server to all stations in the LAN. For example, 184.108.40.206 and 220.127.116.11 are entered as DNS servers. These servers are in Odessa (Ukraine).
DHCP snooping is an effective way of preventing this type of attack. The infected client's switch port is deactivated immediately.
network lab recommendation
Activate DHCP snooping on all edge ports.
- Spanning Tree / BPDU Guard
- Cisco Discovery Protocol (CDP)
- Trunking DTP / ISL / dot1q
- DHCP snooping
- Dynamic ARP Inspection (DAI)
- Storm Control
- Port security
- Example configurations
- What does the Gothic genre include
- Is HubSpot CRM integrated with ClearBit
- Why does bipolar mania feel really good?
- Are we a nation without empathy
- Are Kirkland diapers similar to Huggies
- Should Andy Warhol be canonized
- What is the future for television advertising
- What are the healthiest green tea brands
- Play PUBG streamers the hacked version
- Will Israel recognize Kosovo
- Why is the fourth change required
- Can solar powered lights be used indoors?
- What is a mock epic
- Why are earthworms helpful to farmers
- Has Phuket recovered from the tsunami
- How is Riesling wine
- Are you influenced by lyrics?
- Can I smoke weed on pain relievers
- How do I record my voice?
- How is organic farming practiced
- What is the development of mobile devices
- How does Vastu Shastra affect our health?
- Who are the travelers in Great Britain
- What if Nixon became president in 1960?
- How have ocean currents influenced history?
- What is the strangest Harry Potter theory
- What kind of grammar does Haskell have
- What is it like to work at Gartner?
- Is Facebook blocked outside of Dubai
- How the ranks of the Indian Air Force rise
- Are cell phone chargers reliable
- Hackers use premium antivirus programs
- Why should we eat vegetables