Dynamic Host Configuration Protocol (DHCP)
IPV4 addresses are usually not attributed to a host manually. We use a Dynamic Host Configuration Protocol (DHCP) server instead.
ποΈ Ports:
- 67 (UDP): to receive messages
- 68 (UDP): to send messages
β‘οΈ See DHCPv6 for IPV6.
If a new device with no address IP is connecting to the network
- DHCP Discover: the device sends a request to retrieve an IP
- DHCP Offer: if there is a DHCP server, it answers with an IP
- DHCP Request: the device confirms that it wants the IP address
- DHCP ACK: the DHCP server confirms that the device was assigned the given IP address
β‘οΈ DNS server can also store network information such as default gateways, other DNS servers addresses...
DHCP vulnerabilities
- Rogue DHCP server attacks
π An attacker set up a fake DHCP providing fake IP addresses to clients π₯ IP conflicts, MITM β‘οΈ See DHCP snooping and dynamic ARP inspection (DAI).
- DHCP snooping attacks
π An attacker intercept DHCP traffic to monitor it, and potentially prepare an attack. β‘οΈ See DHCPv6.
π» To-do π»
Stuff that I found, but never read/used yet.
- DHCP, hacker answer before DHCP server