Threats to local IP subnet configuration and address resolution

Threat analyses require been done for both DHCP and Neighbor Discovery. No threat analysis has been done for ARP inasmuch as ARP was developed before security became each important concern. At that time, the Internet consisted of a weak number of terminals, and Internet admission was restricted to academics conducting inquiry.

RFC 3118 (RFC 3118, 2001) briey describes a denunciation analysis for DHCP as a preliminarystep to de?ning the seal protocol for DHCP, which we devise examine later in the chapter. The RFC describes four specic threats:

The assaulter establishes a rogue DHCP server that has the closely fixed to spoof the client with delusive or incorrect conguration information, for the purposes of launching controverting-of-service attack or man-in-the-central part attack.

Related to the above is one inadvertent attack caused by a mistakenly commit to memory?gured servIn this case, the make a run at is not intentional but the practical effect on users is similar.

An frail client masquerades as a valid henchman to steal IP service or in other respects circumvent auditing.

A denial-of-employment attack in which the attacker exhausts claimable pecuniary means such as addresses by continually requesting them.

Specic diminution measures recommended by RFC 3118 are the following:

Network access control lters out clients that get no authorization for network access, mitigating some threat from invalid clients. In hotspot networks, which do not support network access have charge of, this threat remains.

All protocols actual presentation the denial-of-service threat, and RFC 3118 recommends redundancy for example the primary mitigation measure.

The residual threats to DHCP come from picaroon and miscongured DHCP servers. These threats are possible even in tightly controlled enterprise networks.

RFC 3756 (RFC 3756, 2004) provides a extensive analysis of threats for IPv6

Neighbor Discovery. The RFC separates threats into three divers classes based on the functionality if by the Neighbor Discovery Protocol and place:

Threats against the basic address decision and address autoconguration functions of Neighbor Discovery. These functions carry into practice not involve routers, and any attacks be necessitated to be launched locally because routing of Neighbor Discovery packets is restricted to the local link.

Threats against the router bidding and advertisement functions of Neighbor Dis- covery. Attacks up~ these functions must be launched locally as antidote to the same reason is in the bullet subject-matter.

Threats involving replay attacks or attacks that be able to be launched remotely. In general, these are considered to subsist more serious since discovering and disabling the assailer is often more difcult if the make a run at is not conned to the topical link. We discuss each class in the following subsections.