Fletcher E Kittredge
fkittred at gwi.net
Mon Jul 26 13:11:22 UTC 1999
> After having experienced a rather malicious attack on our corporate network by
> someone running a rogue DHCP server, I'm wondering if there's any way to
> prevent this from happening again? The perpetrator basically managed to
> renumber most of an entire subnet (into an entirely different IP block) of our
> network, causing a major denail of service. I've read the RFC's and checked
> all the network reference books I can find, and none of them indicate any way
> to prevent this from happening again. Am I missing something here, or is it
> time to start writing RFC's? Thanks in advance.
In a cable modem environment, we make use of packet filtering to
prevent any cable modem user from responding to DHCP requests.
Customer cable modems can act as a clients for such requests, but not
In other environments, we essentially use the same tactic; we
partition the network so that valid servers are on controlled
segments, and only allow DHCP servers on those segments.
Right now, it seems we have the tools to authenticate and authorize
DHCP with current RFCs. I would be very interested in hearing about
potential attacks we have missed.
More information about the NANOG