1
00:00:00,006 --> 00:00:02,008
- [Instructor] Dynamic Host Configuration Protocol

2
00:00:02,008 --> 00:00:05,008
is the defacto system for automatically assigning

3
00:00:05,008 --> 00:00:07,008
an IP address to a host.

4
00:00:07,008 --> 00:00:10,002
When a client wants to request an IP,

5
00:00:10,002 --> 00:00:14,003
it broadcasts a discovery packet to UDP port 67.

6
00:00:14,003 --> 00:00:18,005
When a DHCP server responds to the DHCP discovery packet,

7
00:00:18,005 --> 00:00:21,004
it will send the client a DHCP offer message

8
00:00:21,004 --> 00:00:23,001
to the client's MAC address,

9
00:00:23,001 --> 00:00:26,007
containing the IP offer to the client, subnet mask,

10
00:00:26,007 --> 00:00:30,008
lease duration, and the IP address of the DHCP server.

11
00:00:30,008 --> 00:00:35,003
Server responses are directed to the client on UDP port 68.

12
00:00:35,003 --> 00:00:38,007
The client will now respond with a DHCP request message

13
00:00:38,007 --> 00:00:40,009
requesting the offered address.

14
00:00:40,009 --> 00:00:44,002
Last, the server will send a DHCP ACK message

15
00:00:44,002 --> 00:00:45,005
back to the client.

16
00:00:45,005 --> 00:00:47,006
The packet will include the lease duration

17
00:00:47,006 --> 00:00:49,006
and any requested information.

18
00:00:49,006 --> 00:00:51,007
The process is now complete.

19
00:00:51,007 --> 00:00:54,000
The DHCP server will be configured

20
00:00:54,000 --> 00:00:57,001
with a pool for each different segment of the network.

21
00:00:57,001 --> 00:01:00,006
A pool is a range of IP addresses to assign to users.

22
00:01:00,006 --> 00:01:03,005
A DHCP server can also assign each segment

23
00:01:03,005 --> 00:01:06,005
its own default gateway, DNS servers,

24
00:01:06,005 --> 00:01:08,005
and possibly other options.

25
00:01:08,005 --> 00:01:12,003
A DHCP server need not be directly connected to a segment.

26
00:01:12,003 --> 00:01:15,005
Routers can be configured with a DHCP relay feature

27
00:01:15,005 --> 00:01:17,007
whereby the request will be forwarded

28
00:01:17,007 --> 00:01:21,002
over to a centralized DHCP server for processing.

29
00:01:21,002 --> 00:01:23,009
This is frequently used in a Windows domain.

30
00:01:23,009 --> 00:01:27,007
An unauthorized DHCP server can cause havoc on a network.

31
00:01:27,007 --> 00:01:31,001
These are known as rogue DHCP servers.

32
00:01:31,001 --> 00:01:34,000
They often result from users plugging wireless routers

33
00:01:34,000 --> 00:01:35,007
into the network backwards.

34
00:01:35,007 --> 00:01:38,001
They then start handing out addresses on the network,

35
00:01:38,001 --> 00:01:40,000
providing a false path to the gateway

36
00:01:40,000 --> 00:01:42,008
and ultimately orphaning clients.

37
00:01:42,008 --> 00:01:46,000
DHCP is, in essence, a foot race.

38
00:01:46,000 --> 00:01:48,007
Generally, whichever server answers first wins,

39
00:01:48,007 --> 00:01:51,002
so an admin can never quite predict

40
00:01:51,002 --> 00:01:53,000
which clients will be affected.

41
00:01:53,000 --> 00:01:56,006
A malicious user can also introduce a rogue DHCP server

42
00:01:56,006 --> 00:01:59,008
on a network to perform man-in-the-middle attacks.

43
00:01:59,008 --> 00:02:02,004
This can be mitigated via a couple of methods.

44
00:02:02,004 --> 00:02:05,009
Many switches support a feature known as DHCP snooping.

45
00:02:05,009 --> 00:02:07,005
Depending on manufacturer,

46
00:02:07,005 --> 00:02:11,005
only designated ports are allowed to act as a DHCP server.

47
00:02:11,005 --> 00:02:14,006
It generally builds a table of users' MACs and IPs

48
00:02:14,006 --> 00:02:16,009
which are requested on a user's port.

49
00:02:16,009 --> 00:02:19,004
Another method is to filter user ports

50
00:02:19,004 --> 00:02:23,003
from being able to send packets to destination UDP port 68.

51
00:02:23,003 --> 00:02:26,009
It's not the most elegant method, but it is effective.

52
00:02:26,009 --> 00:02:30,003
DHCP starvation attacks are also possible.

53
00:02:30,003 --> 00:02:34,001
DHCP pools have a finite amount of addresses available.

54
00:02:34,001 --> 00:02:38,002
If a single client connects, requests, accepts an IP,

55
00:02:38,002 --> 00:02:40,005
then changes MAC addresses and repeats,

56
00:02:40,005 --> 00:02:44,000
it will eventually exhaust all available addresses.

57
00:02:44,000 --> 00:02:47,004
Any new clients that attempt to connect will be denied an IP

58
00:02:47,004 --> 00:02:49,006
and thus fail to join the network.

59
00:02:49,006 --> 00:02:53,004
To mitigate this, the concept of port security is employed.

60
00:02:53,004 --> 00:02:56,003
This allows you to set a finite amount of MAC addresses

61
00:02:56,003 --> 00:02:58,006
that can appear on a single port.

62
00:02:58,006 --> 00:03:01,003
This number is usually set somewhere around 10,

63
00:03:01,003 --> 00:03:04,005
which is more than enough for common configurations.

64
00:03:04,005 --> 00:03:07,007
DHCP is a protocol you will encounter daily.

65
00:03:07,007 --> 00:03:09,002
Now you can better understand

66
00:03:09,002 --> 00:03:12,000
and protect your DHCP configurations.