Security Portal: ISC DHCPDNov 30, 2000, 07:46 (0 Talkback[s])
(Other stories by Kurt Seifried)
"It's interesting to see the number of articles written on ISC's DNS server BIND, compared with the total lack of coverage of one of their other products that is just as important - DHCP. DHCP stands for Dynamic Host Control Protocol and does exactly what it claims. There is practically no information available online regarding DHCP security. This is odd, considering the ubiquity of DHCP servers on most networks. Unlike BIND, the ISC DHCP server does not have command line options to chroot the server or run it as a non-root user. This means that most DHCP servers are running non-chrooted and as root, increasing the chances that any security flaws found will be quite serious."
"Clients that rely on a DHCP server for information typically get their IP address, subnet, default route and DNS information as a minimum, as well as netbios node type and other Windows-related network information, meaning that an attacker can do a lot of damage. First I'll discuss securing the DHCP server and possible attacks against it, then the DHCP clients and attacks you can execute against them. An important distinction in this article: dhcpd is the DHCP server, and dhcpcd is the client-side daemon. They are quite different and easily confused if you aren't paying attention."