Vol 2 Part 2.5: DHCP

Question 1

Dynamic Host Configuration Protocol (DHCP) assigns host network settings based on configuration at the what?

Answer 1

DHCP Server

Question 2

What are the 3 main functions of DHCP?

Answer 2

1. Reduces workload of manual IP configuration
2. Assigns DNS IP addresses
3. Recovers no longer used IP addresses

Question 3

What are the two primary critical IP addresses when using DHCP, and why are they critical?

Answer 3

0. 0.0.0- The IP of a host that does not yet have an IP

255. 255.255.255- The local broadcast IP used to locally contact the DHCP server

Question 4

What are the four critical messages sent between the client and server when using DHCP?

Answer 4

DORA

1. Discover- sent by DHCP client to find a willing DHCP server
2. Offer- sent by the DHCP server, offering a lease of an IP and other parameters
3. Request- sent by the DHCP client, asking the server to lease the IPv4 address listed in the offer
4. Acknowledge- sent by the DHCP server, assigns the address and lists the mask, default router, and DNS IP addresses

Question 5

Routers do not forward broadcasts. Subnets sending discover messages to the 255.255.255.255 broadcast address while a DHCP server is located elsewhere will get no response means that another method must be used for a device on a subnet to hit a DHCP server on a different subnet. What is this method called?

Answer 5

DHCP relay. The router that acts as a middle man.

Question 6

What command is used to set up the DHCP relay?

Answer 6

ip helper-address SERVER IP

Question 7

What 4 items does a host need in order to work with DHCP correctly?

Answer 7

1. The DNS Server IP for name resolution
2. The default gateway IP
3. The device’s own IP
4. The devices own subnet mask

Question 8

What interface should the ip dhcp helper-address command go on a router for the subnet that requires network settings from a DHCP server?

Answer 8

The inbound interface from the local network

Question 9

The MacOS uses what command in order to access the IP configuration commands?

Answer 9

Ifconfig

Question 10

What IP address does a host use as the source address when sending out a discover message to a DHCP server?

Answer 10

0.0.0.0

Question 11

DHCP Snooping on a switch acts like a what?

Answer 11

A firewall

Question 12

What does DHCP snooping do?

Answer 12

It analyzes incoming messages on a specific subset of ports in a VLAN. It filters the DHCP server messages (offer and acknowledge), preventing another device from offering and acknowledging IP network settings from a spurious or rogue DHCP server.

Question 13

With DHCP snooping, all ports are in what state by default?

Answer 13

untrusted

Question 14

What are the 3 DHCP snooping rules?

Answer 14

1. Discards DHCP messages received on an untrusted port if they are server based DHCP messages
2. DHCP messages received on an untrusted port as normally sent by a DHCP client (discover and request) may be filtered if they might be part of an attack
3. DHCP messages received on a trusted port will be forwarded. Trusted ports do NOT filer any DHCP messages.

Question 15

Explain the DHCP Release and DHCP decline messages

Answer 15

DHCP Release- client message telling the server they no longer need the IP address
DHCP Decline- client message turning down an IP offer

Question 16

DHCP snooping checks the client’s MAC Address and their hardware address known as the what?

Answer 16

the chaddr

Question 17

What must be trust about the chaddr and the source MAC of the received frame on the switch interface that is using DHCP snooping?

Answer 17

They must be the same

Question 18

How could an attacker utilize the chaddr in order to use up all of the IP addresses in a DHCP scope/range? What would this attack be called?

Answer 18

The attacker could try to use a pseudo MAC while changing the chaddr to something different for each request. This would be a DHCP starvation attack.

Question 19

What does a switch use with DHCP snooping in order to build an entry for all DHCP flows? What does this do for the switch?

Answer 19

A DHCP Snooping Binding Table. This allows the switch to keep a list of important facts about legitimate DHCP flows, and can be used along with Dynamic ARP Inspection (DAI) to make decisions.

Question 20

DHCP Snooping must be enabled how in order to work?

Answer 20

Globally, listing the VLANs to be used, and with ports configured as trusted for the necessary network devices and servers.

Question 21

No IP DHCP Snooping Information Option is used to do what?

Answer 21

Disable new fields in DHCP requests

Question 22

What uses the new fields with respect to DHCP?

Answer 22

DHCP relay agents

Question 23

What are these new fields defined as?

Answer 23

Option 82 DHCP Header Fields per RFC 3046.

Question 24

If a switch is not working as a DHCP relay, and you want to make DHCP snooping work, what must you do and why?

Answer 24

Disable option 82. A switch working as a DHCP relay needs option 82 enabled so that it can create the option 82 header fields to forward frames to the DHCP server. A switch that is not acting as a relay needs option 82 disabled so that it doesn’t add these new fields and cause the frame to be filtered.

Question 25

DHCP Snooping uses the general purpose CPU on a switch. Attackers can try to generate large volumes of DHCP messages to overload the CPU, resulting in DHCP messages no getting examined and allowing the attacker to breach the system. What can we do to combat this and what is the command that is used?

Answer 25

Rate limiting

Command- Ip dhcp snooping limit number of messages per second that can be received

Question 26

What does Dynamic ARP Inspection (DAI) do?

Answer 26

Examines ARP requests on an untrusted port for potential attacks by comparing the DHCP Snooping Binding Table and any ARP ACLs configured.

Question 27

There are times when a host might want everyone on the subnet to know its MAC address. In this situation. what kind of ARP reply is sent out?

Answer 27

Gratuitous ARP. It is sent without having first received an ARP request and is sent to an Ethernet destination broadcast address so that all hosts in the subnet receive the message.

Question 28

What global command enables DHCP Snooping?

Answer 28

ip dhcp snooping