This test checks that a customer cannot overload the CPU of the access switch using spoofed DHCP packets. This is done by Malicious flooding the access switch with DHCP messages while Customer attempts to get an available address from the DHCP server.
Impact: DoS
Test process
- Malicious sends spoofed DHCP Request messages at a high rate during 30 seconds.
- After 15 seconds, Customer sends a DHCP Discover.
Fail criteria
- Customer does not get a DHCP Offer from a DHCP server within 10 seconds.
References
This test conforms to SEC Access Certification ID "SEC-CM-CP-1" and to SAVI RFC 6959 section 3.1.2.
Parameters
General
- Malicious Customer: A customer interface performing malicious actions.
- Customer: One or more customers that Malicious will affect.
- ISP: A central node on a trusted port.
Comments