The DHCP Snooping and DHCP Alert Method in Securing DHCP Server from DHCP Rogue Attack

Abstract

DHCP Server as part of the network infrastructure in charge of distributing host configurations to all devices has the potential to be controlled. If the DHCP Server is successfully controlled, all network devices connected to the server can potentially be controlled. From the observations made at PT. Rekayasa Engineering found a vulnerability in the DHCP Server that has the potential to experience DHCP Rogue or DHCP Spoofing, where the client will fail to communicate with the authorized DHCP Server, as well as open the door for attackers to enter the network. For this reason, DHCP Snooping and DHCP Alert methods are implemented. DHCP Snooping will ensure that every data traffic has been filtered and directed to the registered interface. Meanwhile, the use of DHCP Alert is required in monitoring data traffic during the Discover, Offer, Request, and Acknowledge (DORA) process. In the tests performed, DHCP Snooping and DHCP Alert managed to anticipate attacks that tried to placed DHCP Rogue on the network infrastructure. DHCP Alert, configured on the proxy router, ensures that the DORA process can only occur between an authorized DHCP server and a client. DHCP Snooping test also shows that communication from clients can only be replied to by Trusted DHCP Server. The existence of DHCP Snooping and DHCP Alert makes the host configuration fully controlled by the authorized DHCP Server.