DHCP
What is DHCP?
DHCPA UDP-based protocol (RFC 2131, ports 67/68) that automatically assigns IP addresses and network configuration parameters to clients joining a network.
The Dynamic Host Configuration Protocol, specified in RFC 2131 for IPv4 and RFC 8415 for IPv6 (DHCPv6), automates IP address assignment and the distribution of network parameters such as subnet mask, default gateway, DNS servers, NTP servers, and PXE boot options. The classic exchange is DORA: Discover, Offer, Request, Acknowledge, carried over UDP ports 67 (server) and 68 (client). Because the original protocol has no authentication, hostile DHCP servers on a LAN can hand out attacker-controlled gateway or DNS values - a rogue DHCP attack. Mitigations include DHCP snooping on switches, port-security, IP source guard, dynamic ARP inspection, and 802.1X-based admission control.
● Examples
- 01
A laptop joining Wi-Fi receives 192.168.1.45/24, gateway 192.168.1.1, and DNS 1.1.1.1 from the access point.
- 02
An attacker connects a rogue DHCP server that points victims at a malicious DNS resolver.
● Frequently asked questions
What is DHCP?
A UDP-based protocol (RFC 2131, ports 67/68) that automatically assigns IP addresses and network configuration parameters to clients joining a network. It belongs to the Network Security category of cybersecurity.
What does DHCP mean?
A UDP-based protocol (RFC 2131, ports 67/68) that automatically assigns IP addresses and network configuration parameters to clients joining a network.
How does DHCP work?
The Dynamic Host Configuration Protocol, specified in RFC 2131 for IPv4 and RFC 8415 for IPv6 (DHCPv6), automates IP address assignment and the distribution of network parameters such as subnet mask, default gateway, DNS servers, NTP servers, and PXE boot options. The classic exchange is DORA: Discover, Offer, Request, Acknowledge, carried over UDP ports 67 (server) and 68 (client). Because the original protocol has no authentication, hostile DHCP servers on a LAN can hand out attacker-controlled gateway or DNS values - a rogue DHCP attack. Mitigations include DHCP snooping on switches, port-security, IP source guard, dynamic ARP inspection, and 802.1X-based admission control.
How do you defend against DHCP?
Defences for DHCP typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for DHCP?
Common alternative names include: Dynamic Host Configuration Protocol.
● Related terms
- network-security№ 553
IP Address
A numeric identifier assigned to a network interface for routing across IP networks: 32 bits in IPv4 (RFC 791) or 128 bits in IPv6 (RFC 8200).
- network-security№ 1113
Subnet
A contiguous range of IP addresses that share a common prefix, defining a single broadcast domain and routing boundary on a network.
- network-security№ 1188
UDP
A connectionless transport protocol (RFC 768) that delivers individual datagrams between ports with minimal overhead but no reliability or ordering guarantees.
- network-security№ 061
ARP
A link-layer protocol (RFC 826) that maps an IPv4 address to the MAC address of a host on the same broadcast domain so that frames can be delivered.
- network-security№ 1206
VLAN
A virtual LAN (IEEE 802.1Q) groups switch ports into separate broadcast domains by tagging Ethernet frames with a 12-bit VLAN ID.
- attacks№ 343
DNS Spoofing
An attack that injects falsified DNS responses to redirect victims from a legitimate domain to an attacker-controlled IP address.