Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
QID:BCM439
#3
Could it not rather be the application of
ip dhcp snooping limit rate x
to untrusted ports? Like this, the limited rate of possible DHCP requests from the attacker would mitigate the exhaustion of IP addresses on the DHCP server.

DHCP snooping on trusted ports says, that only this port is allowed to reply to DHCP requests, but it is not mentionned, that it would limit the number of DHCP replies in any way. Of course, the port with the DHCP server must be declared trusted, but with this attack, no untrusted port will ever send DHCP replies, so DHCP snooping will not see it.

Not sure I got it right ... :-)
Reply


Messages In This Thread
QID:BCM439 - by ourproject - 08-03-2009, 04:34 PM
Re: QID:BCM439 - by hrtbrkd - 12-04-2009, 04:42 PM
Re: QID:BCM439 - by res_ryf - 03-17-2010, 01:42 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)