How DHCP works and the security implications of high DHCP churn

How DHCP works and the security implications of high DHCP churn

What is DHCP churn, and what are the possible security implications of having high DHCP churn within a network?

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Ask the expert!

Have questions about enterprise network security? Ask expert Mike Chapple! (All question submissions are anonymous.)

The Dynamic Host Configuration Protocol (DHCP) is a network management protocol commonly used for (among other things) assigning dynamic IP addresses to network clients.  The primary benefit of using this technology is you can take a finite amount of IP address space and partition it out to transient users as it is needed, reclaiming addresses no longer in use.  The use of DHCP also saves end users and desktop administrators from manually assigning IP addresses to systems. Let’s look at how DHCP works.

When configuring DHCP, the network administrator sets a value known as the DHCP lease.  This is the amount of time a system may retain an IP address without contacting the DHCP server.  When the time expires, the system must reach out to the server and request a renewal of the DHCP lease. Generally speaking, DHCP leases are set to a long period of time (measured in days) on stable networks where the same systems are generally present from day-to-day.  On the other hand, networks with many transient users (such as public hotspots) typically have short lease times to allow the efficient reuse of addresses.

DHCP churn is a term used to describe the fact that different systems may obtain the same IP address from a DHCP server when the first system’s lease expires.  This really isn’t a problem, except in two special cases:

  1. You’re trying to track systems for some purpose and don’t have access to the DHCP logs.  For example, if you’re maintaining a spam blacklist and a spamming system shows up on your blacklist with a DHCP-provided address, you may inadvertently block future users of that address from sending mail.
  2. You’re a researcher measuring the prevalence of some phenomenon across the Internet and use IP addresses to track systems. If a single system exhibits your target behavior, but has many different dynamically assigned addresses, it might skew your results.

The bottom line is, unless you’re in one of those two very special cases, DHCP churn isn’t a big deal.  You should set your DHCP lease lifetime based upon your expected users needs and not worry about this issue.

This was first published in November 2011

Back to top