DHCP Snooping & Dynamic ARP Inspection
As we know that DHCP server provides all the basic information to the clients i.e. IP address,
subnet mask, Default gateway and DNS server. DHCP snooping is a layer 2 security technology
usually used on the access layer switches in layer 2 switched networks.
If an attacker connects a rogue DHCP server on a machine in same subnet as client machine then
all packets from client machine can go to the rogue server if the DHCP offer from the rogue server
reaches the client before the offer is received from legitimate DHCP server
DHCP snooping works by tracking the communications between the end-user device and the
DHCP server. Any responses from untrusted DHCP servers are dropped.
Sources of DHCP information are defined as either Trusted or Untrusted. This is done on port
level. A port where DHCP replies should be seen, such as the uplink to a server switch or access
port connected to the DHCP should be marked as Trusted. All user access ports should be marked
as untrusted.
Because the default trust state of all interfaces is untrusted, all trusted ports must be manually
configured.