DHCP (Dynamic Host Configuration Protocol) - Zero Omission Audit

DHCP (Dynamic Host Configuration Protocol)

🆔 Automatic Identity Assignment

One-line definition: DHCP is the server that automatically assigns an IP address (and other settings) to any device that joins the network.

Why it exists: Imagine walking into an office and having to manually type a unique IP address, Subnet Mask, and Gateway into your phone settings before you could get Wi-Fi. It would be a nightmare.

Break into components:

The Server: The "boss" (usually your Router). It holds a pool of available addresses.
The Client: Your phone/laptop. It joins the network with nothing.
The Lease: You don't own the IP; you rent it for a set time (e.g., 24 hours).

When your computer connects to Wi-Fi, it runs a 4-step conversation called DORA. Memorize this acronym!

4b-i. Discover (Shouting for help)

Action: Your computer wakes up with no IP. It shouts to the entire network (Broadcast): "Is there a DHCP server here? I need an IP!"

Technical: UDP Packet sent to 255.255.255.255.

4b-ii. Offer (Server proposes)

Action: The DHCP Server hears the shout, checks its list of free numbers, and replies: "Hi! I can offer you 192.168.1.100. Do you want it?"

4b-iii. Request (Client accepts)

Action: Your computer accepts the offer and shouts back: "Yes, I would like to take 192.168.1.100 from that specific server, please!"

4b-iv. Acknowledge (Deal sealed)

Action: The Server marks the IP as "taken" and sends a final confirmation: "Okay, 192.168.1.100 is yours for 24 hours. Here is the Gateway and DNS info too."

How it works (D.O.R.A.):

Discover: Your device yells, "Is there a DHCP server here? I need an IP!"
Offer: The router says, "I have 192.168.1.50 available for you."
Request: Your device says, "I'll take it! Lock that in for me."
Acknowledge: The router says, "Done. Here is your IP, Subnet Mask, and DNS info."

                    🏠 Analogy: The Apartment Rental
                    Discover: You walk into a rental agency and yell, "I need an
                                apartment!"
Offer: The agent says, "I have Unit 4B available for $1000."
Request: You fill out the form: "I will take Unit 4B."
Acknowledge: Agent hands you the keys and the lease contract. "It's
                                yours for 1 year."

                

DHCP is convenient, but like ARP, it is unauthenticated.

4c-i. Lease Time & Renewal

Your IP isn't yours forever. When half the time is up (e.g., 12 hours), your computer politely asks the server, "Can I keep this?" (Renewal).

If the server says no or disappears, you lose the connection and must start DORA again.

4c-ii. Rogue DHCP Servers (The Attack)

Definition: A hacker sets up a fake DHCP server on the network. Why? Because clients listen to whoever replies first.

⚠️ Security: Rogue DHCP Server

A hacker can plug in their own router. If their router replies faster than the real one, employees will get "poisoned" IP settings and all their traffic will flow through the hacker.

⚠️ Security: DHCP Starvation

A hacker can send thousands of DHCP requests with "fake" MAC addresses, exhausting the entire pool of IPs. Now, legitimate users can't get online.

4c-iii. DHCP Starvation

The Attack: A hacker writes a script to send thousands of "Discover" requests with fake MAC addresses.

The Goal: Force the real server to run out of IPs. The server crashes or stops working, forcing users to connect to the Rogue DHCP server instead.

💡 Real Examples:

Example 1 (Basic): Open terminal and type ipconfig /all (Windows) or nmcli (Linux). Look for "DHCP Server" and "Lease Obtained/Expires" to see who gave you your IP.
Example 2 (Cybersecurity - Starvation): A pentester uses Yersinia to launch a starvation attack. Within 60 seconds, the router pool is empty. Employees can't connect, so the pentester starts their own Rogue server to capture new sessions.

🛑 DHCP Wrap-Up

Process: Automates configuration using DORA (Discover, Offer, Request, Acknowledge).
Leases: IPs are rented, not owned; require periodic renewal.
Spoofing: Rogue servers hijack traffic by being faster than a real router.
Starvation: Exhausts the IP pool to cause a Denial of Service.

Practical Uses: ipconfig /release and ipconfig /renew to fix Wi-Fi issues.

📚 Sources & References

RFC 2131: The official DHCP standard.
MITRE ATT&CK: T1557 (Adversary-in-the-Middle).
Cisco Security: DHCP Snooping (Mechanism to block unauthorized DHCP offers).

Wholly formed old latter future but way she. Day her likewise smallest expenses judgment building man carriage. Considered introduced themselves mr to discretion at. Means among saw hopes for.

So feel been kept be at gate. Be september it extensive oh concluded of certainty. In read most gate at body held it ever no. Talking justice welcome message inquiry in started of am me. Led own hearted highest visited lasting sir through compass his.

Do play they miss give so up. Words to up style of since world. We leaf to snug on no need. Way own uncommonly travelling now acceptance bed compliment solicitude. Dissimilar admiration so terminated no in contrasted it.

📚 Networking Course