Ask the Expert

Dynamic Host Configuration Protocol and security

What security considerations should I take into account when using Dynamic Host Configuration Protocol (DHCP) in a wide area network and local area network? Are there tools for securing DHCP?

    Requires Free Membership to View

There are two primary security concerns with DHCP. The first is in regard to who is allowed to obtain an IP address from your DHCP server. The second is protecting the DHCP server itself.

Most companies have taken the approach of simply trying to physically protect the access points to their network. If an intruder could physically connect to the network, he could get an IP address from the DHCP server. This becomes even more of an issue if you are using wireless access.

Others have attempted to solve this problem by using DHCP software that allows them to specify the Media Access Control address of the adapters allowed to obtain an IP address. This can be a high-maintenance solution if there is a lot of turnover in the equipment used on your network.

The DHCP server must be protected as well. It should not be accessible from the Internet. Some of the primary attacks against the DHCP servers have been denial-of-service (DoS) attacks. The DoS attacks can use up all the available IP addresses that the server can allocate, thus denying legitimate hosts the opportunity to get an IP address.

A decent paper written by Lasse Sundstrom on DHCP and related security problems can be found at

This was first published in July 2001

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: