DoS attack on DHCP

Joe Shen sj_hznm at
Fri Oct 9 05:13:20 UTC 2009


 we use DHCPd on our service network. 

 the structure looks like 

  dhcpd --- access_server --- customer

  access_server relay dhcp requests to dhcpd, and there are switches between  access_server and customers.

  from last week , we saw a lot of DHCP  requests from customer access networks, the ip address pool is exhausted  quickly while customers could not get IP address . But, the ip address pool should be enough as its size is calculated according to number of customers.

  Should anybody help with the following questions:

  1. is there any best pratice guide on DHCPd protection, esp. ip address exhausting attack?

  2. is there any way to forbid ip address lease to special MAC address ?

  3. is there any way to detect attacks early ? esp. is there any freeware available ? 

 each word will be highly appreciated.




More information about the dhcp-users mailing list