Are rogue DHCP servers a serious network risk?

Rogue DHCP servers can cause everything from a network outage to an outright interception of network traffic. In this SearchSecurity.com Q&A, network security expert Mike Chapple explains the seriousness of the threat and reveals which tools can detect rogue servers.

Mike Chapple, University of Notre Dame

What risk does a rogue DHCP server pose to a network? Is it a security issue or a nuisance?

Rogue Dynamic Host Configuration Protocol ( DHCP) servers are definitely a security issue. Networks use DHCP servers to provide systems with network configuration information. For example, a host might contact a DHCP server to obtain an IP address, default gateway and domain name system (DNS) server information.

Suppose an individual were able to introduce a malicious DHCP server into your environment. That server could then...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

wreak all sorts of havoc on your network. In the best case, it could simply offer every client an identical IP address, resulting in a network outage when all hosts believe they were leased the same address. In the worst case, the rogue server could set the default gateway to be the IP address of an attacker's proxy server. In such a scenario, an attacker could intercept all traffic leaving the host.

For this reason, it's important to ensure that you don't have rogue DHCP servers on your network. Microsoft's DHCP Server Location Utility is a great tool that allows you to search your network for active DHCP servers. You can also provide it with a list of authorized DHCP servers and configure it to alert you immediately if a rogue server is detected. Due to the risks described above, you should take action to immediately disconnect any rogue servers on your network.

More information:

In this new Intrusion Defense School lesson, Tom Bowers explains how SIMs can increase your network visibility.
Learn other ways to detect a rogue DHCP server.

This was last published in April 2007

Security Think Tank: How to use SDN, containers and encryption – and some warnings

rogue employee

rogue IT

Out of the shadows: Rogue IT is becoming CIO business as usual

Guide to cloud security management and best practices

The 8 best cloud security certifications for IT pros in 2021

What is CIEM and why should CISOs care?

Get started with network penetration testing for beginners

Advice on how to learn network penetration testing skills

Open RAN architecture gives operators options, challenges

Texas power outage flags need to revisit business continuity

4 ways to measure digital experience to drive tech optimization

Calculating cloud migration costs: What CIOs need to consider

Microsoft to add a text prediction feature to Word

Microsoft announces Office 2021, Office LTSC

Microsoft crowdsources notifications for Edge

Compare Azure DevOps vs. GitHub for CI/CD pipelines

Build a cloud resiliency strategy with these best practices

How providers' industry-specific cloud offerings impact IT

Palantir once more in sights of civil libertarians over NHS Covid data store

Huawei opens developer lab in Singapore

NCSC Cyber Action Plan emphasises SME security