DHCPspoofing

DHCPSpoofing is a network attack in which a malicious device or compromised DHCP server responds to client DHCP requests with falsified network configuration information. Because DHCP is a dynamic and unauthenticated protocol, a client may accept the first valid offer it receives, allowing an attacker to supply settings such as an IP address, a gateway, and DNS servers under the attacker’s control.

In typical scenarios, a client on a local network broadcasts a DHCPDISCOVER message to obtain configuration.

Potential impacts include man-in-the-middle traffic interception, redirection of web requests to phishing or malicious sites through

Defenses focus on network controls: DHCP snooping to distinguish trusted DHCP servers from rogue ones, and