DHCP snooping
DHCP snooping is a network security function that runs on layer 2 of the OSI model by filtering untrustworthy DHCP messages and building and maintaining a DHCP snooping binding database. This security feature protects against so-called DHCP spoofing, rogue DHCP servers or incorrect configurations.
It is activated on the switch to which the DHCP server is connected. DHCP snooping examines all DHCP packets and prevents falsified DHCP information from being sent. For this purpose, the switch ports are divided into trusted and untrusted ports .
An attacker could react to DHCP discover packets with his own DHCP offers. A new default gateway can be slipped into a client who accepts such a fake offer . When DHCP snooping is activated, only DHCP offers from trusted ports are forwarded by the switch. On the switch, information about hosts that have successfully completed a DHCP transaction is collected in a database, which can then be used by other security functions (DHCP-Snooping-Binding-Database).