Protocol: DHCP

The Dynamic Host Configuration Protocol (DHCP) is a network protocol used to configure network devices to communicate on an IP network. A DHCP client uses the DHCP protocol to acquire configuration information, such as an IP address, a default route, and one or more DNS server addresses from a DHCP server. The DHCP client then uses this information to configure its host. Once the configuration process is complete, the host can communicate on that internet. The DHCP server maintains a database of available IP addresses and configuration information. When it receives a request from a client, the DHCP server determines the network to which the DHCP client is connected, and then allocates an IP address or prefix that is appropriate for the client and sends configuration information appropriate for that client.[1]

DHCP server port numbers 67,68 and the time and maintenance process are shortened. information provided by DHCP (IP addresses, Subnet mask, Domain name, DNS, Default gateway, WINS).

Operation of DHCP:

1. The joining host creates a DHCPDISCOVER message in which only the transaction- ID field is set to a random number. No other field can be set because the host has no knowledge with which to do so. This message is encapsulated in a UDP user datagram with the source port set to 68 and the destination port set to 67. We will discuss the reason for using two well-known port numbers later. The user datagram is encapsulated in an IP datagram with the source address set to 0.0.0.0 (“this host”) and the destination address set to 255.255.255.255 (broadcast address). The reason is that the joining host knows neither its own address nor the server address.
2. The DHCP server or servers (if more than one) respond with a DHCPOFFER message in which your address field defines the offered IP address for the Joining host and the server address field includes the server's IP address. The Message also includes the lease time for which the host can keep the IP address. This message is encapsulated in a user datagram with the same port numbers and reverse order. The user datagram in turn is encapsulated in a datagram with the server address as the source IP address, but the destination address is a broadcast address, in which the server allows other DHCP servers to receive the offer and give a better offer if they can.

3. The joining host receives one or more offers and selects the best of them. The joining host then sends a DHCPREQUEST message to the server that has given the best offer. The fields with known values are set. The message is encapsulated in a user datagram with port numbers as the first message. The user datagram is encapsulated in an IP datagram with the source address set to the new client address, but the destination address still is set to the broadcast address to let the other servers know that their offer was not accepted.

4. Finally, the selected server responds with a DHCPACK message to the client if the offered IP address is valid. If the server cannot keep its offer (for example, if the address is offered to another host in between), the server sends a DHCPNACK message and the client needs to repeat the process. This message is also broadcast to let other servers know that the request is accepted or rejected. [2]

Vulnerabilities:

1.Security Issues

DHCP automation can be a serious security risk if a rogue DHCP server is introduced to the network. A rogue server isn’t under the control of the network staff and can offer IP addresses to users connecting to the network. If a user connects to the rogue DHCP, information sent over that connection can be intercepted or looked at, violating user privacy and network security. This is known as a man-in-the-middle attack and can lead to serious consequences if confidential information is sent over the rogue DHCP server.

2.Failure

Another issue is that if only a single DHCP server is in place, it forms a single critical junction where failure can erupt from a single issue to a system-wide problem. If the server fails, any connected computers that don’t already have an IP address will try and fail to obtain one. Computers that already have an IP address from before the server’s failure will attempt to renew it, which will lead to the computer losing its IP address. All network access would be lost until the server is restored, leading to potential complications for those connected and needing to communicate with the network.[3]

Alternatives:

BOOTP (Bootstrap Protocol)

is a protocol that lets a network user be automatically configured (receive an IP address) and have an operating system booted (initiated) without user involvement. The BOOTP server, managed by a network administrator, automatically assigns the IP address from a pool of addresses for a certain duration of time.

BOOTP is the basis for a more advanced network management protocol, the Dynamic Host Configuration Protocol (DHCP).[4]

References:

[1] computer networks -ii-Atria |e-learning

[2] book Data communications and networking / Behrouz A. Forouzan. — 5th ed

[3] Techwalla DHCP

[4]TechTarget BOOTP