What is DHCP Snooping? What is Man in the Middle attack? How to configure DHCP Snooping security?

DHCP (Dynamic Host Configuration Protocol) servers are providing all the essential information that the client wants to operate on the network like DNS address, Default Gateway, IP addresses, and subnet. masks and many more.

Imagine a bad guy (attacker) comes up and brings a fake DHCP server machine and runs the exact same subnet as other PC on the network running. now what will happen? the PC broadcast for DHCP request and our attacker servers maybe send DHCP reply from its fake DHCP machine with its own IP address to pretend as the default gateway.

Now when our client receives the reply from the attacker machine. client using the spoofed gateway address and our packets going through the attacker machine first. Yes, maybe the attacker forwards our packets to the correct destination but in the meantime, the attacker examines all our packets and now this scenario becomes a man-in-a-middle attack and our innocent client does not even realize it.

Cisco switches use the DHCP snooping feature to prevent these types of attacks. when the DHCP server is connected to the switch. switch ports our switch has the option trusted or untrusted. the legal reliable DHCP server can be found on a trusted port and the rest of the ports are untrusted for the DHCP server. when the DHCP server request comes from the untrusted port our switch prevents all the DHCP requests before they flood the VLAN and discard the request and also puts that untrusted port in to err disable state automatically. DHCP snooping keeps the track of the complete DHCP binding.

let’s see the configuration of the DHCP snooping attack and how to prevent it from attacking.

Topology: -https://www.internetworks.in/2021/10/what-is-dhcp-snooping-what-is-man-in.html