Rogue DHCP

This test checks that a customer cannot act as DHCP server for other customers, something which would enable DHCP server spoofing attacks. To prevent such attacks, DHCP snooping should be in use to filter out DHCP messages between subscribers. Any DHCP server messages coming from a customer port should not be sent to another customer port, but only uplink.

Impact: MITM, DoS, Abuse

Test process

  • Customer sends a DHCPv4 Discover packet (= a DHCP server message).

Fail criteria

  • A DHCPv4 Discover packet arrives at Malicious.


This test conforms to SEC Access Certification ID "SEC-V4-DHCP-1" and to SAVI RFC 6959 section 3.2.1.



  • Malicious Customer: A customer interface performing malicious actions.
  • Customer: One or more customers that Malicious will affect.
  • ISP: A central node on a trusted port.
Have more questions? Submit a request


Powered by Zendesk