2.
Hacker exhausted the IP addresses of the normal DHCP server and then pretended to
be a legal DHCP server to assign the IP addresses and the other parameters to Clients.
For example, hacker used the pretended DHCP server to assign a modified DNS server
address to users so as to induce the users to the evil financial website or electronic
trading website and cheat the users of their accounts and passwords. The following
figure illustrates the DHCP Cheating Attack implementation procedure.
Figure 14-5 DHCP Cheating Attack Implementation Procedure
DHCP Snooping feature only allows the port connected to the DHCP Server as the trusted port
to forward all types of DHCP packets and thereby ensures that users get proper IP addresses.
DHCP Snooping is to monitor the process of the Host obtaining the IP address from DHCP
server, and record the IP address, MAC address, VLAN and the connected Port number of the
Host for automatic binding. The bound entry can cooperate with the ARP Inspection, IP Source
Guard and the other security protection features. DHCP Snooping feature prevents the
network from the DHCP Server Cheating Attack by discarding the DHCP response packets on
the distrusted port, so as to enhance the network security.
340