DHCP Security Analysis

DHCP Security Analysis
Dallas Holmes / Matt MacClary
ECE 478 Project
Spring 2003
What is DHCP?
Dynamic Host Configuration Protocol
UDP protocol for IP
Discovery Based
Ratified by the IETF in 1997
Used on most networks
OSU utilizes DHCP heavily
Why use DHCP?
Simple host configuration
“Plug and Surf”
Centralized address accounting
Distribution of vital host information
– Hostname, DNS, WINS, Gateway, etc.
3 Significant Problems
1. Discovery based
Any host can respond to query
2. No server authentication
client trusts any server that responds
3. No client authentication
server may assign an address to any client
Problem 1: Anybody can answer
An attacker could place a “rouge” server
Authoritative (legitimate) server.
Who will the client listen to?
Logically “closest” server
fastest CPU, fastest network, lowest load
Server with free leases
Changing “logically closest”
• Load the authoritative DHCP server
• Take all the leases away
• Load the network segment
How much does it take?
Problem 2: Server Authentication
• Client must trust what the server sends
• Server can send fake DNS servers
– client may be shown a misleading resource
– client may be denied access to a resource
• Server can send invalid gateway address
– Attacker could redirect switched traffic
– Loss of privacy
Which is Real?
Real Login Screen
Fake Login Screen
Problem 3: Host Authentication
• Any client may join network
– Simply plug in and server assigns address
– Some networks configure network trust (MAC)
• Client may gain access to network shares
• Client may abuse network
– Start a rouge DHCP server
– Generate heavy traffic or attack other networks
• SSL Style Public 3rd Party Certificate Authority
– Two-way authentication
• Server Certificate
• Client Certificate
– Requires changes to DHCP server and client
• Slow to implement and gain acceptance
• Expensive
– Certificates cost money
– Changing server configurations costs money
Related flashcards
Computer security

25 Cards

Spyware removal

22 Cards

Fictional hackers

61 Cards

Create flashcards