No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Feature Description - Security 01

This is NE40E V800R010C10SPC500 Feature Description - Security
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
DHCP DoS Attack by Changing CHADDR

DHCP DoS Attack by Changing CHADDR

  • Mechanism

    Attackers apply to a Dynamic Host Configuration Protocol (DHCP) server for IP addresses by sending a large number of DHCP request packets with varied media access control (MAC) addresses in the client hardware address (CHADDR) fields. As a result, IP addresses in the address pool are exhausted, and authorized clients cannot obtain IP addresses. Figure 5-15 shows the format of a DHCP request packet.

    Figure 5-15 DHCP packet format
  • Solution

    To protect against DHCP DoS attacks, you can configure DHCP snooping on the device to check the CHADDR field in DHCP request packets. After DHCP snooping is enabled, the device checks whether the MAC address in the CHADDR field matches that in the frame header. If they match, the device considers the packet valid and forwards it. If they do not match, the device considers the packet an attack packet and discards it. Therefore, authorized clients can obtain IP addresses.

Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055047

Views: 12708

Downloads: 31

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next