A Dynamic Host Configuration Protocol Computer Science Essay

Published:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

The Dynamic Host Configuration Protocol provides configuration parameters to Internet hosts. DHCP consists of two components: a protocol for delivering host-specific configuration parameters from a DHCP server to a host and a mechanism for allocation of network addresses to hosts [5].

DHCP is based on its predecessor Bootstrap Protocol(BOOTP), but adds automatic allocation of reusable network addresses and additional configuration options.

When the router is configured as a DHCP server, it allocates IP addresses and other IP configuration parameters to clients (hosts), when the client requests them. This lets you configure your IP network without manually configuring every client. Note that each client must also be configured to receive its IP address automatically [1]. A host should not act as a DHCP server unless explicitly configured to do so by a system administrator [5].

DHCP supports three mechanisms for IP address allocation. In "automatic allocation", DHCP assigns a permanent IP address to a client. In "dynamic allocation", DHCP assigns an IP address to a client for a limited period of time (or until the client explicitly relinquishes the address). In "manual allocation", a client's IP address is assigned by the network administrator, and DHCP is used simply to convey the assigned address to the client. [5].

2 DHCP client/server interaction

The interaction between Dynamic Host Configuration Protocol (DHCP) clients and servers enables a client to obtain its IP address and corresponding configuration information from a DHCP server.

This process occurs through a series of steps, illustrated in the following figure.

Figure1. DHCP client-server interaction

DHCPDISCOVER

First, the client sends out a DHCPDISCOVER message requesting an IP address. The message might also contain other requests, such as requested options (for example, subnet mask, domain name server, domain name, or static route). The message is sent out as a broadcast. If the network contains routers, those routers can be configured to forward DHCPDISCOVER packets to DHCP servers on attached networks.

DHCPOFFER

Any DHCP server that receives the DHCPDISCOVER message might send a DHCPOFFER message in response. The DHCP server might not send a DHCPOFFER message back to the client for multiple reasons.

DHCPREQUEST

The client receives DHCPOFFER messages from the DHCP servers that responded to the DHCPDISCOVER messages. The client compares the offers with the settings that it requested, and then selects the server that it wants to use.

DHCPACK

If a server receives a DHCPREQUEST message, the server marks the address as leased. Servers that are not selected will return offered addresses to their available pool.

DHCPREQUEST, DHCPACK

The client starts to renew a lease when half of the lease time has passed. The client requests the renewal by sending a DHCPREQUEST message to the server. If the server accepts the request, it will send a DHCPACK message back to the client.

DHCPRELEASE

The client ends the lease by sending a DHCPRELEASE message to the DHCP server. The server will then return the client's IP address to the available address pool [3].

DHCP client support

You can use a DHCP server to manage each client in your network individually, rather than managing all of the clients as a large group (subnet). This DHCP setup method allows only the clients identified by the DHCP server to receive IP address and configuration information. People often think about using DHCP to distribute IP addresses from an address pool to a subnet of clients. When you use subnets, any client that requests DHCP information from the network might receive an IP address from the address pool, unless they are explicitly excluded by the DHCP administrator. However, the DHCP server can also limit DHCP service to only specific clients.

The DHCP server can limit service at the individual client level or by the type of client (Bootstrap protocol (BOOTP) or DHCP). On a broader level, the DHCP server can limit service to a client based on the type of client (BOOTP or DHCP).

BOOTP

The Bootstrap Protocol (BOOTP) is a host configuration protocol that was used before the Dynamic Host Configuration Protocol (DHCP) was developed. BOOTP support is a subset of DHCP. In BOOTP, clients are identified by their MAC addresses and are assigned a specific IP address [3].

Using DHCP for your remote clients

If you have any remote clients that connect to your network, you can set up DHCP to dynamically assign an IP address to those remote clients when they connect to the network.

Configuring or viewing the DHCP server

You can use the DHCP server configuration function to create a new DHCP configuration or view the existing DHCP configuration.

To access the DHCP server configuration, follow these steps:

1. In System i Navigator, expand your system → Network → Servers → TCP/IP → DHCP.

2. Right-click DHCP, and then select Configuration.

Results

If you are creating a new DHCP configuration, you will use a wizard that helps you set up the DHCP server. This wizard asks you some of the basic configuration questions and steps you through the process of creating a subnet. After you have completed the wizard, you can change and improve the configuration to your network's needs.

If your DHCP server is already configured, the DHCP server configuration function will display the current configuration, including all of the subnets and clients that can be managed from the DHCP server and the configuration information that will be sent to the clients.

Starting or stopping the DHCP server

After the DHCP server is configured, follow these steps to start or stop the DHCP server.

1. In System i Navigator, expand your system → Network → Servers → TCP/IP → DHCP.

2. Right - click DHCP, and then select Start or Stop.

Accessing the DHCP server monitor

The Dynamic Host Configuration Protocol (DHCP) server monitor is provided to monitor active lease information for a DHCP server. You can use this graphical interface to view which IP addresses are leased, how long they have been leased, and when they will be available to lease again.

About this task

To access the DHCP server monitor, follow these steps:

1. In System i Navigator, expand your system → Network → Servers → TCP/IP → DHCP.

2. Right-click DHCP, and then select Monitor.

Configuring clients to use DHCP

After the Dynamic Host Configuration Protocol (DHCP) server is configured, clients must be configured as well to request their configuration information from the DHCP server.

Enabling DHCP for Windows Me clients

The Dynamic Host Configuration Protocol (DHCP) function for Windows Me clients can be enabled or disabled from a graphical interface that the Windows Me operating system provides.

About this task

To enable DHCP, follow these steps:

1. On the Start Menu, click Settings → Control Panel.

2. Double-click Network, and then select the Protocols tab.

3. Select TCP/IP Protocol, and then click Properties.

4. On the IP Address tab, click Obtain an IP address from a DHCP server, and Click OK [3].

3 ROGUE DHCP SERVER PREVENTION

3.1 Wireshark analysis capture files for DHCP with explanation on the protocols.

DHCP

C:\Users\Chinna\Desktop\Untitled.png

The above wireshark files contain the communication between the DHCP client and the server. Frame numbers 26-29 contains the packets which are exchanged between the client and the server.

1. 4 types of DHCP messages are exchanged - DHCP Discover, DHCP Offer, DHCP Request, DHCP Ack.

2. The DHCP client would be able to use the IP address received after the receipt of DHCP Ack message.

Security issues in DHCP

DHCP packets are not authenticated. The destination IP address of the DHCP Discover packet is 255.255.255.255. This means that the DHCP client is not sending the request to a specific DHCP server since it is unknown. In this case, if two DHCP servers are available on the network, the DHCP client would not know about the same. The DHCP servers would respond when the DHCP Discover packet is received. Due to this if an attacker places a rogue DHCP server on the network, the client would not know it is rogue, since there is no authentication.

3.2 Rogue DHCP Servers

In this attack, the attacker would configure and deploy a rogue DHCP server. Steps which the attacker follows -

1. The attacker would configure a DHCP server on the network.

2. The attacker would provide incorrect IP address information in the DHCP scope.

3. The attacker would connect the network card of the DHCP server to the switch port.

4. When clients, request an IP address, the first DHCP server which receives the packet would provide an IP address. In the scenario, there is a rogue and valid DHCP server. If the rogue server receives the request, it would respond to the client with the incorrect IP address.

5. Since the IP address information is incorrect, the client would not be able to communicate on the network creating a DOS attack.

3.3 Rogue DHCP Client

In this attack, the attacker would impersonate a valid client to obtain the information about the network. Steps which the attacker follows :

1. The attacker connects the system to the network port.

2. The attacker issues a DHCP request and receives a valid IP address from the DHCP server.

3. The attacker observes the other parameters which are provided along with the IP address. These would include subnet mask, default gateway, DNS server IP address etc.

4. The attacker would use the obtained information to map the network and generate different types of attacks on these components.

5. For example, the attacker can perform a port-scan on the default gateway and analyze which ports are open. Based on this information, attacks can be triggered for the specific application.

6. Fingerprinting is the method by which the type of operating system is analyzed by using appropriate tools. This method can be used on the DNS server to find out the operating system and then exploit the vulnerabilities which are existing on the platform [6].

4 Defense for attacks

The Problem

If a person with malicious intent were to turn up a DHCP server, they could theoretically hand out IP addresses to devices on the same subnet. Those devices would then trust the information they receive from that DHCP server, mainly what their default gateway is and where their DNS servers are located. If the malicious individual pointed devices to their very own laptop as the default gateway, they could inspect every bit of traffic, then send it to the real default gateway to be routed for real. Alternatively, they could simply act as a DNS server and feed the wrong IP addresses for any remote system users try to access, intercepting all traffic.  That should get the attention of most engineers who don't want to be fired for a security breach.

How to break DHCP

To ensure this works, the following steps can be used individually or combined: 

Spoof a bunch of mac addresses and exhaust the available dhcp addresses 

Respond faster than the real dhcp server.

The fact is, if a host sends out a DHCP request (broadcast) and there are more than one DHCP server on the subnet, both servers will respond. Whichever reply packet reaches the host first wins (with some exceptions if the host is configured with additional settings, but we'll assume the host is dumb and takes the first packet). This means that if an attacker drops a Linksys router on a local network and enables the dhcp server, it could answer faster than a production dhcp server that is configured in the helper-address.

4.1 What is DHCP Snooping?

DHCP Snooping is a technology on Cisco Switches that blocks systems connected to unauthorized ports from answering DHCP requests. It is that simple. You specify globally that all ports are not to answer DHCP requests, then you specify individual ports that are allowed to answer. 

4.2 How to configure DHCP Snooping

To enabled DHCP Snooping globally on a switch, simply type [4]:

Switch(config)# ip dhcp snooping

This will block all DHCP traffic on all ports on the switch (not necessarily good). In order to trust a real DHCP server, you have to trust the switchports where the production server is connected (or the trunks that lead to the production server) using the following interface command: 

Switch(config-if)# ip dhcp snooping trust

Configure this on the actually switchports the server is connected to as well as trunks on the switch DHCP Snooping is enabled.

If you want to enable snooping on specific vlans and not globally, use the following syntax:

Switch(config) # ip dhcp snooping vlan [number-range]

One more option, if you want the switch to remember DHCP data after it is rebooted, you can store it's snooping database by using this command:

Switch(config)# ip dhcp snooping database tftp://server/file

To verify your configuration, use the following show commands

Show ip dhcp snooping

Show ip dhcp snooping binding [address]

Enable DHCP-Snooping

DHCP-Snooping is to be configured and enabled on the switch. Typically the feature is configured on a specific VLAN.

Enable ports as trusted

Once DHCP-Snooping is enabled on a specific VLAN, the port should be configured as trusted. The port here refers to the port on which the valid DHCP-Server is connected. Once the above two steps are completed, DHCP-Snooping comes into effect.

When DHCP-Snooping is configured, rogue DHCP-Servers cannot be configured. Take an example where, the attacker setups the DHCP-Server and now attempts to connect to a network port. Since DHCP-Snooping feature is configured, the port on which the valid DHCP Server is deployed is configured as trusted.

All the other ports would be untrusted. Since the attacker has connected the rogue DHCP server packet to a network port which is not trusted, all DHCP messages on that specific port would be dropped. So when a client request an IP address, and the rogue DHCP-Server respond, DHCP messages from the rogue server would be dropped and would not be received by the client. In this way, the rogue server setup by the attacker would be unable to provide IP addresses to valid clients.

4.3 Overview of DHCP Snooping

DHCP snooping is a security feature that acts like a firewall between untrusted hosts and trusted DHCP servers. The DHCP snooping feature performs the following activities:

• Validates DHCP messages received from untrusted sources and filters out invalid messages.

• Rate-limits DHCP traffic from trusted and untrusted sources.

• Builds and maintains the DHCP snooping binding database, which contains information about untrusted hosts with leased IP addresses.

• Utilizes the DHCP snooping binding database to validate subsequent requests from untrusted hosts [7].

5 Rogue DHCP Server Detection Tool

Network administrators looking to guarantee that the components of their server infrastructure are running under normal parameters and under their control can now access a new tool from to sniff out rogue DHCP servers. With the rogue detection solution, admins have a tool complete with graphical user interface at their disposal, which can be deployed in an IT environment and used to detect rogue DHCP servers in the local subnet. The tool will make no difference between erroneously configured rogue and malicious DHCP servers. "Rogue DHCP servers are those DHCP servers that are misconfigured or unauthorized unknowingly or those that are configured with a malicious intent for network attacks.

The rogue DHCP server detection tool can be used in order to manually scan an environment, while also offering administrators the possibility of scheduling scans. In addition the solution "can be run on a specified interface by selecting one of the discovered interfaces. Retrieves all the authorized DHCP servers in the forest and displays them. Ability to validate a DHCP server which is not rogue and persist this information."Minimizing the tool virtually makes it invisible. Still, admins will be able to access it via a tray icon that will provide updates on the solution's status. Among the first signs of trouble associated with a rogue DHCP server is the fact that client computers in the environment start experiencing network access problems. The issues are related to the incorrect process of leasing IP addresses and erroneous options to the client, by the rogue DHCP server. Security threats are caused when malicious users with rogue DHCP server can spread bad network parameters and thereby sniff the traffic sent by the clients. There are also certain Trojans like DNS-changing that use a compromised machine in the network to pollute the network by installing rogue DHCP servers on the machine [2].

Writing Services

Essay Writing
Service

Find out how the very best essay writing service can help you accomplish more and achieve higher marks today.

Assignment Writing Service

From complicated assignments to tricky tasks, our experts can tackle virtually any question thrown at them.

Dissertation Writing Service

A dissertation (also known as a thesis or research project) is probably the most important piece of work for any student! From full dissertations to individual chapters, we’re on hand to support you.

Coursework Writing Service

Our expert qualified writers can help you get your coursework right first time, every time.

Dissertation Proposal Service

The first step to completing a dissertation is to create a proposal that talks about what you wish to do. Our experts can design suitable methodologies - perfect to help you get started with a dissertation.

Report Writing
Service

Reports for any audience. Perfectly structured, professionally written, and tailored to suit your exact requirements.

Essay Skeleton Answer Service

If you’re just looking for some help to get started on an essay, our outline service provides you with a perfect essay plan.

Marking & Proofreading Service

Not sure if your work is hitting the mark? Struggling to get feedback from your lecturer? Our premium marking service was created just for you - get the feedback you deserve now.

Exam Revision
Service

Exams can be one of the most stressful experiences you’ll ever have! Revision is key, and we’re here to help. With custom created revision notes and exam answers, you’ll never feel underprepared again.