Dynamic Host Configuration Protocol (DHCP): 67, 68

Security Weaknesses:

• Lack of authentication makes it vulnerable to spoofing attacks.

• Susceptible to DHCP starvation attacks using rogue DHCP servers.

• Potential to be exploited for man-in-the-middle (MITM) attacks.

• Can be used to distribute malicious configurations to clients.

Security Defense and Mitigation Measures:

• Implement DHCP Snooping to filter untrusted messages.

• Use network segmentation and VLANs to isolate DHCP traffic.

• Enable port security to limit the number of MAC addresses per port.

• Monitor and configure authorized DHCP servers.

Indicators of Compromise or Attack:

• Multiple DHCP Discover messages from a single MAC address (starvation).

• Unexpected or rogue DHCP servers appearing on the network.

• Unusual or suspicious IP configurations on clients.