Dynamic Host Configuration Protocol (DHCP)


IPV4 addresses are usually not attributed to a host manually. We use a Dynamic Host Configuration Protocol (DHCP) server instead.

🐊️ Ports:

  • 67 (UDP): to receive messages
  • 68 (UDP): to send messages

➑️ See DHCPv6 for IPV6.

If a new device with no address IP is connecting to the network

  1. DHCP Discover: the device sends a request to retrieve an IP
  2. DHCP Offer: if there is a DHCP server, it answers with an IP
  3. DHCP Request: the device confirms that it wants the IP address
  4. DHCP ACK: the DHCP server confirms that the device was assigned the given IP address

➑️ DNS server can also store network information such as default gateways, other DNS servers addresses...

DHCP vulnerabilities

  • Rogue DHCP server attacks

πŸ‘‰ An attacker set up a fake DHCP providing fake IP addresses to clients πŸ’₯ IP conflicts, MITM ➑️ See DHCP snooping and dynamic ARP inspection (DAI).

  • DHCP snooping attacks

πŸ‘‰ An attacker intercept DHCP traffic to monitor it, and potentially prepare an attack. ➑️ See DHCPv6.

πŸ‘» To-do πŸ‘»

Stuff that I found, but never read/used yet.

  • DHCP, hacker answer before DHCP server