Dhcp Server Offers Information To Client Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

The Dynamic Host Configuration Protocol provides configuration parameters to Internet hosts. DHCP consists of two components: a protocol for delivering host-specific configuration parameters from a DHCP server to a host and a mechanism for allocation of network addresses to hosts [5].

DHCP is based on its predecessor Bootstrap Protocol(BOOTP), but adds automatic allocation of reusable network addresses and additional configuration options.

When the router is configured as a DHCP server, it allocates IP addresses and other IP configuration parameters to clients (hosts), when the client requests them. This lets you configure your IP network without manually configuring every client. Note that each client must also be configured to receive its IP address automatically [1]. A host should not act as a DHCP server unless explicitly configured to do so by a system administrator [5].

DHCP supports three mechanisms for IP address allocation. In "automatic allocation", DHCP assigns a permanent IP address to a client. In "dynamic allocation", DHCP assigns an IP address to a client for a limited period of time (or until the client explicitly relinquishes the address). In "manual allocation", a client's IP address is assigned by the network administrator, and DHCP is used simply to convey the assigned address to the client. [5].

2 DHCP client/server interaction

The interaction between Dynamic Host Configuration Protocol (DHCP) clients and servers enables a client to obtain its IP address and corresponding configuration information from a DHCP server.

This process occurs through a series of steps, illustrated in the following figure.

Figure1. DHCP client-server interaction

Client requests DHCP information: DHCPDISCOVER

First, the client sends out a DHCPDISCOVER message requesting an IP address. The message might also contain other requests, such as requested options (for example, subnet mask, domain name server, domain name, or static route). The message is sent out as a broadcast. If the network contains routers, those routers can be configured to forward DHCPDISCOVER packets to DHCP servers on attached networks.

DHCP server offers information to client: DHCPOFFER

Any DHCP server that receives the DHCPDISCOVER message might send a DHCPOFFER message in response. The DHCP server might not send a DHCPOFFER message back to the client for multiple reasons.

Client accepts DHCP server offer: DHCPREQUEST

The client receives DHCPOFFER messages from the DHCP servers that responded to the DHCPDISCOVER messages. The client compares the offers with the settings that it requested, and then selects the server that it wants to use.

DHCP server acknowledges the client and leases the IP address: DHCPACK

If a server receives a DHCPREQUEST message, the server marks the address as leased. Servers that are not selected will return offered addresses to their available pool.

Client attempts to renew the lease: DHCPREQUEST, DHCPACK

The client starts to renew a lease when half of the lease time has passed. The client requests the renewal by sending a DHCPREQUEST message to the server. If the server accepts the request, it will send a DHCPACK message back to the client.

Client ends the lease: DHCPRELEASE

The client ends the lease by sending a DHCPRELEASE message to the DHCP server. The server will then return the client's IP address to the available address pool [3].

DHCP client support

You can use a DHCP server to manage each client in your network individually, rather than managing all of the clients as a large group (subnet). This DHCP setup method allows only the clients identified by the DHCP server to receive IP address and configuration information. People often think about using DHCP to distribute IP addresses from an address pool to a subnet of clients. When you use subnets, any client that requests DHCP information from the network might receive an IP address from the address pool, unless they are explicitly excluded by the DHCP administrator. However, the DHCP server can also limit DHCP service to only specific clients.

The DHCP server can limit service at the individual client level or by the type of client (Bootstrap protocol (BOOTP) or DHCP). On a broader level, the DHCP server can limit service to a client based on the type of client (BOOTP or DHCP).


The Bootstrap Protocol (BOOTP) is a host configuration protocol that was used before the Dynamic Host Configuration Protocol (DHCP) was developed. BOOTP support is a subset of DHCP. In BOOTP, clients are identified by their MAC addresses and are assigned a specific IP address [3].

Using DHCP for your remote clients

If you have any remote clients that connect to your network using PPP, you can set up DHCP to dynamically assign an IP address to those remote clients when they connect to the network.

Configuring or viewing the DHCP server

You can use the DHCP server configuration function to create a new DHCP configuration or view the existing DHCP configuration.

About this task

To access the DHCP server configuration, follow these steps:

1. In System i Navigator, expand your system → Network → Servers → TCP/IP → DHCP.

2. Right-click DHCP, and then select Configuration.


If you are creating a new DHCP configuration, you will use a wizard that helps you set up the DHCP server. This wizard asks you some of the basic configuration questions and steps you through the process of creating a subnet. After you have completed the wizard, you can change and improve the configuration to your network's needs.

If your DHCP server is already configured, the DHCP server configuration function will display the current configuration, including all of the subnets and clients that can be managed from the DHCP server and the configuration information that will be sent to the clients.

Starting or stopping the DHCP server

After the DHCP server is configured, follow these steps to start or stop the DHCP server.

1. In System i Navigator, expand your system → Network → Servers → TCP/IP → DHCP.

2. Right - click DHCP, and then select Start or Stop.

Accessing the DHCP server monitor

The Dynamic Host Configuration Protocol (DHCP) server monitor is provided to monitor active lease information for an IBM® System i DHCP server. You can use this graphical interface to view which IP addresses are leased, how long they have been leased, and when they will be available to lease again.

About this task

To access the DHCP server monitor, follow these steps:

1. In System i Navigator, expand your system → Network → Servers → TCP/IP → DHCP.

2. Right-click DHCP, and then select Monitor.

Configuring clients to use DHCP

After the Dynamic Host Configuration Protocol (DHCP) server is configured, clients must be configured as well to request their configuration information from the DHCP server.

About this task

The following information describes the steps to configure your Windows clients to request their configuration information from the DHCP server. In addition, it describes how the clients can view their own DHCP lease information.

Enabling DHCP for Windows Me clients

The Dynamic Host Configuration Protocol (DHCP) function for Windows Me clients can be enabled or disabled from a graphical interface that the Windows Me operating system provides.

About this task

To enable DHCP, follow these steps:

1. On the Start Menu, click Settings → Control Panel.

2. Double-click Network, and then select the Protocols tab.

3. Select TCP/IP Protocol, and then click Properties.

4. On the IP Address tab, click Obtain an IP address from a DHCP server, and Click OK [3].


Wireshark analysis capture files for DHCP with explanation on the protocols.



The above wireshark files contain the communication between the DHCP client and the server. Frame numbers 26-29 contains the packets which are exchanged between the client and the server.

1. 4 types of DHCP messages are exchanged - DHCP Discover, DHCP Offer, DHCP Request, DHCP Ack.

2. The DHCP client would be able to use the IP address received after the receipt of DHCP Ack message.

3.1 Demonstration of different types of messages exchanged by DHCP protocol and their functionality with wireshark packet capture files -

DHCP Discover

This message is sent from the client to the server. This is displayed in frame 26 in the DHCP wireshark capture. This packet initiates the start of DHCP communication. This is sent as a broadcast packet.

DHCP Offer

This message is sent by a DHCP server to the DHCP client. This is sent in response to the DHCP Discover message. The message contains information related to the offered IP address and other configurations. This is shown in frame 27 in the DHCP wireshark capture. This is sent as a broadcast packet


This message is sent from the client to the server in response to DHCP Offer message. On a network, there can be more than one DHCP Server. The client can receive multiple DHCP Offers from different servers. In the DHCPREQUEST message, the client would inform the DHCP server whose offer it has accepted as well as the IP address which was provided by the selected DHCP Server. This message is sent as broadcast. The other DHCP servers would receive the message and would know that their offers were rejected. The IP address which was provided by the other DHCP servers would now be put back into their respective DHCP Pool. This message is displayed in frame 28 in the DHCP wireshark capture.


This message is sent from the server to the client in response to a DHCPREQUEST. The message is a confirmation which the server acknowledges for the information which it has sent to the client like IP address and other configurations as requested by the client. This is shown in frame 29 in the DHCP wireshark capture.

Security issues in DHCP

DHCP packets are not authenticated. The destination IP address of the DHCP Discover packet is This means that the DHCP client is not sending the request to a specific DHCP server since it is unknown. In this case, if two DHCP servers are available on the network, the DHCP client would not know about the same. The DHCP servers would respond when the DHCP Discover packet is received. Due to this if an attacker places a rogue DHCP server on the network, the client would not know it is rogue, since there is no authentication.

3.2 Rogue DHCP Servers

In this attack, the attacker would configure and deploy a rogue DHCP server. Steps which the attacker follows -

1. The attacker would configure a DHCP server on the network.

2. The attacker would provide incorrect IP address information in the DHCP scope.

3. The attacker would connect the network card of the DHCP server to the switch port.

4. When clients, request an IP address, the first DHCP server which receives the packet would provide an IP address. In the scenario, there is a rogue and valid DHCP server. If the rogue server receives the request, it would respond to the client with the incorrect IP address.

5. Since the IP address information is incorrect, the client would not be able to communicate on the network creating a DOS attack.

3.3 Rogue DHCP Client

In this attack, the attacker would impersonate a valid client to obtain the information about the network. Steps which the attacker follows :

1. The attacker connects the system to the network port.

2. The attacker issues a DHCP request and receives a valid IP address from the DHCP server.

3. The attacker observes the other parameters which are provided along with the IP address. These would include subnet mask, default gateway, DNS server IP address etc.

4. The attacker would use the obtained information to map the network and generate different types of attacks on these components.

5. For example, the attacker can perform a port-scan on the default gateway and analyze which ports are open. Based on this information, attacks can be triggered for the specific application.

6. Fingerprinting is the method by which the type of operating system is analyzed by using appropriate tools. This method can be used on the DNS server to find out the operating system and then exploit the vulnerabilities which are existing on the platform [6].

4 Defense for attacks

The Problem

If a person with malicious intent were to turn up a DHCP server, they could theoretically hand out IP addresses to devices on the same subnet. Those devices would then trust the information they receive from that DHCP server, mainly what their default gateway is and where their DNS servers are located. If the malicious individual pointed devices to their very own laptop as the default gateway, they could inspect every bit of traffic, then send it to the real default gateway to be routed for real. Alternatively, they could simply act as a DNS server and feed the wrong IP addresses for any remote system users try to access, intercepting all traffic.  That should get the attention of most engineers who don't want to be fired for a security breach.

How to break DHCP

So, how does an attacker use DHCP to get private data? Simple - they fire up a DHCP server on a local subnet and start handing out IP addresses. To ensure this works, the following steps can be used individually or combined: 

Spoof a bunch of mac addresses and exhaust the available dhcp addresses 

Respond faster than the real dhcp server.

The fact is, if a host sends out a DHCP request (broadcast) and there are more than one DHCP server on the subnet, both servers will respond. Whichever reply packet reaches the host first wins (with some exceptions if the host is configured with additional settings, but we'll assume the host is dumb and takes the first packet). This means that if an attacker drops a Linksys router on a local network and enables the dhcp server, it could answer faster than a production dhcp server that is configured in the helper-address.

4.1 What is DHCP Snooping?

DHCP Snooping is a technology on Cisco Switches that blocks systems connected to unauthorized ports from answering DHCP requests. It is that simple. You specify globally that all ports are not to answer DHCP requests, then you specify individual ports that are allowed to answer. 

This is nothing new either, it has been around since the Catalyst OS days. What's funny is a lot of the networks I've worked on don't have this simple feature enabled. If you are reading this and don't have DHCP snooping enabled on your network, you definitely aren't alone!

4.2 How to configure DHCP Snooping

To enabled DHCP Snooping globally on a switch, simply type [4]:

Switch(config)# ip dhcp snooping

This will block all DHCP traffic on all ports on the switch (not necessarily good). In order to trust a real DHCP server, you have to trust the switchports where the production server is connected (or the trunks that lead to the production server) using the following interface command: 

Switch(config-if)# ip dhcp snooping trust

Configure this on the actually switchports the server is connected to as well as trunks on the switch DHCP Snooping is enabled.

If you want to enable snooping on specific vlans and not globally, use the following syntax:

Switch(config) # ip dhcp snooping vlan [number-range]

One more option, if you want the switch to remember DHCP data after it is rebooted, you can store it's snooping database by using this command:

Switch(config)# ip dhcp snooping database tftp://server/file

To verify your configuration, use the following show commands

Show ip dhcp snooping

Show ip dhcp snooping binding [address]

Enable DHCP-Snooping

DHCP-Snooping is to be configured and enabled on the switch. Typically the feature is configured on a specific VLAN.

Enable ports as trusted

Once DHCP-Snooping is enabled on a specific VLAN, the port should be configured as trusted. The port here refers to the port on which the valid DHCP-Server is connected. Once the above two steps are completed, DHCP-Snooping comes into effect.

When DHCP-Snooping is configured, rogue DHCP-Servers cannot be configured. Take an example where, the attacker setups the DHCP-Server and now attempts to connect to a network port. Since DHCP-Snooping feature is configured, the port on which the valid DHCP Server is deployed is configured as trusted.

All the other ports would be untrusted. Since the attacker has connected the rogue DHCP server packet to a network port which is not trusted, all DHCP messages on that specific port would be dropped. So when a client request an IP address, and the rogue DHCP-Server respond, DHCP messages from the rogue server would be dropped and would not be received by the client. In this way, the rogue server setup by the attacker would be unable to provide IP addresses to valid clients.

4.3 Overview of DHCP Snooping

DHCP snooping is a security feature that acts like a firewall between untrusted hosts and trusted DHCP servers. The DHCP snooping feature performs the following activities:

• Validates DHCP messages received from untrusted sources and filters out invalid messages.

• Rate-limits DHCP traffic from trusted and untrusted sources.

• Builds and maintains the DHCP snooping binding database, which contains information about untrusted hosts with leased IP addresses.

• Utilizes the DHCP snooping binding database to validate subsequent requests from untrusted hosts [7].

5 Rogue DHCP Server Detection Tool

Network administrators looking to guarantee that the components of their server infrastructure are running under normal parameters and under their control can now access a new tool from to sniff out rogue DHCP servers. With the rogue detection solution, admins have a tool complete with graphical user interface at their disposal, which can be deployed in an IT environment and used to detect rogue DHCP servers in the local subnet. The tool will make no difference between erroneously configured rogue and malicious DHCP servers. "Rogue DHCP servers are those DHCP servers that are misconfigured or unauthorized unknowingly or those that are configured with a malicious intent for network attacks.

The rogue DHCP server detection tool can be used in order to manually scan an environment, while also offering administrators the possibility of scheduling scans. In addition the solution "can be run on a specified interface by selecting one of the discovered interfaces. Retrieves all the authorized DHCP servers in the forest and displays them. Ability to validate a DHCP server which is not rogue and persist this information."Minimizing the tool virtually makes it invisible. Still, admins will be able to access it via a tray icon that will provide updates on the solution's status. Among the first signs of trouble associated with a rogue DHCP server is the fact that client computers in the environment start experiencing network access problems. The issues are related to the incorrect process of leasing IP addresses and erroneous options to the client, by the rogue DHCP server. Security threats are caused when malicious users with rogue DHCP server can spread bad network parameters and thereby sniff the traffic sent by the clients. There are also certain Trojans like DNS-changing that use a compromised machine in the network to pollute the network by installing rogue DHCP servers on the machine [2].