DHCP: Dynamic Host Configuration Protocol

Scenario

IP addresses for a given host are of two types: static and dynamic. Static IP address means that the host machine uses only the fixed IP as its address. This is discouraged since it would be very easy to map the IP address to the host machine with preliminary sniffing and analysis. The alternative is to use a dynamic IP address, ie., one that changes regularly. Most people access the internet from within a private network with only one or two public addresses. The previous statement requires some explanation. The IPv4 address uses 32 bits (ipv6 is still a few years away from widespread use, so let’c concentrate on IPv4 for now). Hence that only gives us 2^32 (about 4.2 billion) possible addresses, as we know considering the total number of devices, that number is certainly not enough. Hence we define some address as private address, i.e. addresses that are to be used only within private networks, hence two disjoint private networks can have the devices with the same private networks, but it wouldn’t matter anyway since the two networks are disjoint anyway. The private networks would be assigned one or two public IP addresses, through which all the communication to outside IP addresses are routed, hence increasing the number of devices that can be connected to the internet. The private IPv4 ranges are: 10.0.0.0 – 10.255.255.255, 172.16.0.0 – 172.31.255.255 and 192.168.0.0 – 192.168.255.255.

DHCP:Use

Now back to the matter at hand, now assuming that you have a host (PC) that uses dynamic IP and since you are most probably a part of a private network, an entity is needed to dynamically assign IP address to all the hosts and to  make sure no two hosts have the same IP addresses. The client/server protocol that does this is DHCP (Dynamic Host Configuration Protocol). A daemon (the client part) runs on the hosts, and connects to the DHCP server which responds with the IP address and other required information such as the default gateway and the subnet mask and so on. The question that would arise from the other information is this, how does the DHCP server know which IP is assigned to which host? (The need for this is obvious, if all outgoing communication is through one address, some mechanism is needed to multiplex the in coming message to the correct host) This is done using an identifier that is unique to all devices called MAC address (Media Access Control). No two devices have the same burned in (default/normal/true) MAC address. Hence when a host contacts the DHCP server, the internal data structure can be thought of as a dictionary or hash map where the key would be the MAC address and the value IPv4 address or vice-versa.

DOS-ing DHCP: DHCP Consumption Attack

Since we know that a request to a DHCP server from an un-encountered MAC i.e. an MAC address that has not already been assigned an IP address, is graced with an IP address, all we have to do to execute a Denial of Service Attack on the DHCP service is to occupy all the IP address to block legitimate users. To do this if MAC were a foolproof system we would have to have a large number of devices, but since at packet level all we need to do is manipulate the network adapter to produce packets with different MAC addresses requesting an IP. This can be done using the MACCHANGER tool that temporarily changes the MAC address of the host. Mitigation techniques include trusted port filtering, preventing ARP poisoning etc.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s