How to thwart rogue DHCP server malware

How to thwart rogue DHCP server malware

Tags:   DHCP security  Spyware, adware and trojans  Viruses, worms and other malware

By Sherri Davidoff | Jul 3, 2009

Recently there have been reports of "rogue DHCP server" malware -- trojans that automatically install their own DHCP servers on your network and compete with your legitimate server. Using rogue DHCP servers, attackers can intercept and redirect traffic from any device that uses the Dynamic Host Configuration Protocol (DHCP) -- workstations, printers, laptops, copiers and more.

The Dynamic Host Configuration Protocol was developed in the early 1990s to ease network maintenance and setup, and it has always had fundamental security vulnerabilities. Fortunately, there are time-tested solutions you can use to detect and defend against rogue DHCP server malware.

When a DHCP-enabled client (for example, a laptop) connects to the network, it sends out a broadcast message searching for the DHCP server. The local DHCP server responds with a proposed IP address assignment for your laptop, and eventually other local configuration information, such as the DNS server IP address and gateway IP address. Once the negotiation is complete, the laptop can configure itself and talk to others on the IP network.

Thanks to DHCP, a mobile device can go from a wireless hotspot to a home network to a corporate network, all without ever having to manually change its IP address settings. Large enterprises can deploy and redeploy hundreds or thousands of servers without ever manually changing individual network configuration settings.

DHCP security concerns
DHCP, however, had known security issues since it was invented. The original DHCP specification, dating back to 1993, has a section called "Security Considerations," which reads:

"...DHCP in its current form is quite insecure. Unauthorized DHCP servers may be easily set up. Such servers can then send false and potentially disruptive information to clients such as incorrect or duplicate IP addresses, incorrect routing information (including spoof routers, etc.), incorrect domain nameserver addresses (such as spoof nameservers), and so on."

 
 
123

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <img /> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>
  • Lines and paragraphs break automatically.
  • Use <!--pagebreak--> to create page breaks.

More information about formatting options

 

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Today's top security priorities
Attacks based on vulnerabilities in websites are skyrocketing, and not many solutions are available to protect organizations against them. How do you deal with this and other key security issues today?
Taking a holistic business-centric approach to security
Today’s CIOs face multiple challenges, including the need to innovate in an extremely competitive business climate, address highly dynamic regulatory and compliance challenges, speed ROI to counter shrinking IT budgets, and secure their organizations against a wide barrage of sophisticated threats.
 
 
 
UTM product offers Logansport Savings Bank superior protection
Astaro Security Gateway’s IPS was able to block attacks that other intrusion prevention systems (IPS) missed at Logansport Savings Bank.
Hong Leong Financial opts for Juniper Networks at new Malaysia head office, data center
Hong Leong Financial Group Berhad builds complete and seamless data center and office network infrastructure with Juniper switches, security devices and Junos software.
 
 
 

Recent popular content

Most Read
Using Scapy to test Snort IDS
Top 10 tips for protecting sensitive data from malicious insiders
Cybercriminals target healthcare records
PCI tokenization on the rise
Virtual patching makes an impact on RSA conference

Site map
Search Security Asia
About Us
Print/Digital Subscription
Sales
Feedback
Security Tips
Expert Opinions
Research
White Papers
Case Studies

Blogs
Topics
Application security
Disaster recovery and business continuity
Identity management and access control
Information security careers, training and certifications
Topics
Network and Internet Security
Security best practices
Security threats
Surveillance and facilities management
Media
Videos
Podcasts
Webcasts
News
RSS