1 / 11

DHCP Security Analysis

DHCP Security Analysis. Dallas Holmes / Matt MacClary ECE 478 Project Spring 2003. What is DHCP?. Dynamic Host Configuration Protocol UDP protocol for IP Discovery Based Ratified by the IETF in 1997 Used on most networks OSU utilizes DHCP heavily. Why use DHCP?.

gale
Download Presentation

DHCP Security Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. DHCP Security Analysis Dallas Holmes / Matt MacClary ECE 478 Project Spring 2003

  2. What is DHCP? • Dynamic Host Configuration Protocol • UDP protocol for IP • Discovery Based • Ratified by the IETF in 1997 • Used on most networks • OSU utilizes DHCP heavily

  3. Why use DHCP? • Simple host configuration • “Plug and Surf” • Centralized address accounting • Distribution of vital host information • Hostname, DNS, WINS, Gateway, etc.

  4. 3 Significant Problems • Discovery based • Any host can respond to query • No server authentication • client trusts any server that responds 3. No client authentication • server may assign an address to any client

  5. Problem 1: Anybody can answer • Anybody? • An attacker could place a “rouge” server • Authoritative (legitimate) server. • Who will the client listen to? • Logically “closest” server • fastest CPU, fastest network, lowest load • Server with free leases

  6. Changing “logically closest” • Load the authoritative DHCP server • Take all the leases away • Load the network segment

  7. How much does it take?

  8. Problem 2: Server Authentication • Client must trust what the server sends • Server can send fake DNS servers • client may be shown a misleading resource • client may be denied access to a resource • Server can send invalid gateway address • Attacker could redirect switched traffic • Loss of privacy

  9. Which is Real? Real Login Screen Fake Login Screen

  10. Problem 3: Host Authentication • Any client may join network • Simply plug in and server assigns address • Some networks configure network trust (MAC) • Client may gain access to network shares • Client may abuse network • Start a rouge DHCP server • Generate heavy traffic or attack other networks

  11. Solution • SSL Style Public 3rd Party Certificate Authority • Two-way authentication • Server Certificate • Client Certificate • Requires changes to DHCP server and client • Slow to implement and gain acceptance • Expensive • Certificates cost money • Changing server configurations costs money

More Related