Skip to content
Vol. 1 · Ed. 2026
CyberGlossary
Entry № 348

DHCP

Reviewed byCybersecurity entrepreneur & security researcher

What is DHCP?

DHCPA UDP-based protocol (RFC 2131, ports 67/68) that automatically assigns IP addresses and network configuration parameters to clients joining a network.


The Dynamic Host Configuration Protocol, specified in RFC 2131 for IPv4 and RFC 8415 for IPv6 (DHCPv6), automates IP address assignment and the distribution of network parameters such as subnet mask, default gateway, DNS servers, NTP servers, and PXE boot options. The classic exchange is DORA — Discover, Offer, Request, Acknowledge — carried over UDP ports 67 (server) and 68 (client).

sequenceDiagram
  participant C as Client
  participant S as DHCP server
  participant R as Rogue server
  C->>S: DHCPDISCOVER (broadcast)
  R-->>C: DHCPOFFER (rogue, faster)
  S->>C: DHCPOFFER (legitimate)
  C->>R: DHCPREQUEST (accepts first/rogue)
  R-->>C: DHCPACK + attacker DNS/gateway
  Note over C,R: Victim now routes via attacker

Because the original protocol has no authentication, two attacks dominate. In a rogue DHCP attack, a hostile server races the legitimate one to answer DISCOVER messages and hands out attacker-controlled gateway or DNS values, enabling on-path interception. In DHCP starvation, a tool such as Yersinia floods DISCOVERs with spoofed MAC addresses to exhaust the address pool, often as a setup for the rogue server. RFC 3118 defined message authentication but is essentially undeployed. Practical mitigations live on the switch: DHCP snooping marks trusted uplink ports and builds a binding table of legitimate IP/MAC/port tuples; that table then feeds Dynamic ARP Inspection and IP Source Guard. Combine these with port security to cap MAC addresses per port and 802.1X-based admission control.

Examples

  1. 01

    A laptop joining Wi-Fi receives 192.168.1.45/24, gateway 192.168.1.1, and DNS 1.1.1.1 from the access point.

  2. 02

    An attacker connects a rogue DHCP server that points victims at a malicious DNS resolver.

Frequently asked questions

What is DHCP?

A UDP-based protocol (RFC 2131, ports 67/68) that automatically assigns IP addresses and network configuration parameters to clients joining a network. It belongs to the Network Security category of cybersecurity.

What does DHCP mean?

A UDP-based protocol (RFC 2131, ports 67/68) that automatically assigns IP addresses and network configuration parameters to clients joining a network.

How do you defend against DHCP?

Defences for DHCP typically combine technical controls and operational practices, as detailed in the full definition above.

What are other names for DHCP?

Common alternative names include: Dynamic Host Configuration Protocol.

Related terms

See also