WAS IST DHCP?
The Dynamic Host Configuration Protocol enables the assignment of the network configuration to clients by one or more servers. DHCP enables automatic connection of a PC into an existing network without manual installation. In the normal case, only automatic assignment of the IP address must be carried out at the client. When the computer is started at the network, it can obtain the network mask, the IP address, the DNS server, and the gateway from a DHCP server. Without DHCP, several configurations are required, depending on the network to which the PC is to be connected. DHCP is an improvement of the BOOTP (Bootstrap protocol), with which workstations can be created, which at the beginning obtain an address from the BOOTP server. They then pull an operating system from the network and start up. DHCP is fully compatible with BOOTP and can also cooperate with BOOTP clients and servers without any limitations. The Dynamic Host Configuration Protocol was developed for two areas of application:
- Many networks with quickly changing topology
- users who want to create a simple network connection and do not want to get involved in network configuration.
With networks, DHCP also has the advantage that it is not necessary to manually reconfigure all stations manually, but that the administrator changes the configuration file of the DHCP server just once. The sensitive configuration is also no longer required for PCs like notebooks with changing location. This is often also called Plug ‘n Play.
The DHCP Server
Like all services, it is started as a background process and waits for client enquiries. Its configuration file contains data concerning the address pool, as well as further information concerning parameters like the local DNS domain, the subnet mask, or the used gateway. It is also possible to include several BOOTP servers or the location of the used boot image. There are three different operation modes of a DHCP server:
In this mode, the IP addresses are allocated to unique MAC addresses at the DHCP, and this is for an unlimited time. The disadvantage is that no further clients can connect to the network, as the addresses are distributed accurately. This can be desirable for security reasons. Manual allocation is used when the DHCP client for example offers server services publicly and thus must be accessible under a specified IP address.
With this allocation, a range of IP addresses is specified at the DHCP. Once an address from this range has been allocated to a DHCP client, it belongs to the client for an undetermined time. Once the address range has been allocated completely, no further clients can log on to the network. This is impossible even when the computers are not active, as the IP addresses are stored in the cache of the server. Only safe deletion of the cache makes it possible to use addresses allocated to inactive computers.
This allocation is very similar to the automatic allocation, but here the DHCP has a listing in its configuration, how long a specific IP address may be allocated to a client, before the user has to log in again to the server. If it does not log in, the address becomes free again and can be allocated to a different PC. This time granted by the administrator is called the lease time. Some servers also distribute IP addresses depending on the MAC address. With this, a client again receives the same IP address as before, even after a long absence and expiration of the lease time.
Security of DHCP
DHCP can be switched and manipulated easily, as clients accept any server. Unwanted start of a DHCP server by connection of a simple router in the delivery state can disturb a network severely. This often answers faster than the real DHCP server and thus can distribute invalid configurations. An attacker can reserve all addresses and so prevent an answer to several enquiries and then present itself as the only DHCP server. Now he can create a rogue DHCP spoofing by forwarding to other servers which link to computers controlling the communication. The uniqueness of a MAC address must not be used as a criterion of safety. Spoofing of MAC addresses can be done very quickly. Nearly all operating systems allow single users to edit the MAC address easily in configuration masks or with simple utility programs like ip link or ifconfig. The specific allocation of IP addresses only to unlocked MAC addresses via DHCP or RARP thus does not exclude access to the network by illegal users, as this requires use of a safe authentication program like IEEE 802.1X. A parody of the efforts is Peg DHCP for avoiding these complications. Existing MAC addresses in a level 2 network can be detected by listening to the traffic. This just requires physical access to the network