DoS attack on DHCP
sj_hznm at yahoo.com.cn
Fri Oct 9 05:13:20 UTC 2009
we use DHCPd on our service network.
the structure looks like
dhcpd --- access_server --- customer
access_server relay dhcp requests to dhcpd, and there are switches between access_server and customers.
from last week , we saw a lot of DHCP requests from customer access networks, the ip address pool is exhausted quickly while customers could not get IP address . But, the ip address pool should be enough as its size is calculated according to number of customers.
Should anybody help with the following questions:
1. is there any best pratice guide on DHCPd protection, esp. ip address exhausting attack?
2. is there any way to forbid ip address lease to special MAC address ?
3. is there any way to detect attacks early ? esp. is there any freeware available ?
each word will be highly appreciated.
More information about the dhcp-users