Information Gathering / DHCP Server Detection

Description

DHCP servers are responsible for dynamically assigning IP addresses and network configuration information to devices on a network. While DHCP is a critical service for efficient network management, detecting unauthorized or rogue DHCP servers is essential to prevent network disruptions and security risks.

Risk

Rogue DHCP servers may assign conflicting IP addresses, leading to network connectivity issues and disruptions.
Malicious DHCP servers can be used to launch man-in-the-middle attacks, intercepting and modifying network traffic.
Unauthorized DHCP servers may provide malicious DNS server addresses, leading to DNS spoofing and potential security threats.
An attacker could use a rogue DHCP server to capture network traffic, allowing them to analyze or manipulate sensitive information.

Solution

Implement port security measures on network switches to restrict the number of MAC addresses allowed on a particular port. This helps prevent unauthorized devices, including rogue DHCP servers, from connecting to the network.
Enable DHCP snooping on network switches. DHCP snooping is a security feature that monitors and controls DHCP messages, preventing unauthorized DHCP servers from operating on the network.
Segment the network and use VLANs (Virtual LANs) to isolate critical infrastructure from less secure parts of the network. This limits the scope of potential DHCP server detection risks.