There is no authentication mechanism between the DHCP Server and the DHCP Client. If you add a DHCP server to the network, you may assign IP addresses to the clients. If the DHCP server assigns the wrong IP address and corresponding parameters to the user, it will cause great harm to the network.
The DHCP client sends a Discover message in the form of broadcast, regardless of whether it is a legitimate DHCP server or not, it can receive the message.\
If the fake DHCP Server responds to the DHCP Client information at this time, it sends a fake message, such as a wrong gateway address, a wrong DNS server, and a wrong IP. DHCP Client will cause legitimate clients to be unable to access the network normally or information security will be seriously threatened.
To prevent false DHCP Server attacks, you can configure the device interface to be in “trust/untrust” mode. Connect a legitimate DHCP server directly or indirectly to the trust interface, and set the other interfaces to untrust. After that, all DHCP response packets received on the Untrusted interface will be directly discarded, which can effectively prevent attacks from the fake DHCP Server.
Configure to prevent fake DHCP Server attacks:
dhcp snooping server record
//The DHCP snooping function of the DHCP server is enabled in the system view. By default, this function is not enabled.
Get 100% accurate CCIE/ CCNP/CCNA/HCIE dumps in IELAB .
Please follow us if you like our articles.
visit us: http://ielab.network
Facebook : https://www.facebook.com/ielab.network/