DoS attack on DHCP
Bruce Hudson
Bruce.Hudson at Dal.Ca
Fri Oct 9 12:41:03 UTC 2009
> 1. is there any best pratice guide on DHCPd protection, esp. ip
> address exhausting attack?
The most common way to do this is to put each customer in a billing
class based on some facet of your network infrastructure (such as the
circuit-id of the access server or switch the client connects to) that
is outside the clients control and limit the number of leases in each
class. Look for spawning classes in the DHCPD.CONF man page.
> 2. is there any way to forbid ip address lease to special MAC address?
Create a host entry for the MAC and add "ignore booting".
> 3. is there any way to detect attacks early ? esp. is there any freeware
> available ?
Just last week David Hankins posted a one-liner AWK script to count
the number of leases in each state. It should be trivial to use that to
alarm on the number of "free" leases dropping below some threshold.
--
Bruce A. Hudson | Bruce.Hudson at Dal.CA
ITS, Networks and Systems |
Dalhousie University |
Halifax, Nova Scotia, Canada | (902) 494-3405
More information about the dhcp-users
mailing list