• Howdy! Welcome to our community of more than 130.000 members devoted to web hosting. This is a great place to get special offers from web hosts and post your own requests or ads. To start posting sign up here. Cheers! /Peo, FreeWebSpace.net
managed wordpress hosting

DHCP Does it make a network less secure?

sarmth

sarmth

Active Member
In my opinion, yes it does. As the DHCP server issues an IP Address to anyone connected to the network from the IP Pool, unless correct filter settings are configured on DHCP, in my honest opinion, it makes for a lovely network vulnerability due to the simple plug and play attributes.

I personally have DHCP disabled, so people attempting to hack my network receive no information about any IP Addresses within the network it's self, with out the right router IP address, they can't access anything on the network.
With this, my network it's self has not got direct access to the internet, I have 2 networks and 1 server setup. A router / gateway runs the network that has direct access to the internet, a gateway server governs the connection between network 1 and network 2, so computers cannot communicate with each other, but do have internet access. This being said, my network is firewalled twice over, then add the firewall on the gateway server, 3 times over.

Anyone else on here have some crazy LAN setup ? Or wish to pass comments on DHCP as a security flaw when not setup correctly?
:evilb::evilb::evilb::evilb::evilb::evilb:
 
Mine is sad and almost entirely insecure, its one of the advantages of living out in the middle of no where, I cant see a point to fully secure my wifi when someone would have to drive up here, down the driveway and sit in a car/bush with a laptop hacking it to get access to my internet and computers, who would???

Like I said, its the advantage of living in the middle of no where, that in itsself makes me secure.
If anyone wanted to sit in a bush and hack me then they deserve to get in anyway for showing so much dedication haha.
 
I honestly think it doesn't matter .. 99.999999999% of hackers couldn't get past your router anyway, never mind the firewall on your PC. And 99.9999999% of the ones that could would have no purpose in targeting you anyway.
 
sarah[foxlass];1107225 said:
In my opinion, yes it does. As the DHCP server issues an IP Address to anyone connected to the network from the IP Pool, unless correct filter settings are configured on DHCP, in my honest opinion, it makes for a lovely network vulnerability due to the simple plug and play attributes.

I personally have DHCP disabled, so people attempting to hack my network receive no information about any IP Addresses within the network it's self, with out the right router IP address, they can't access anything on the network.
With this, my network it's self has not got direct access to the internet, I have 2 networks and 1 server setup. A router / gateway runs the network that has direct access to the internet, a gateway server governs the connection between network 1 and network 2, so computers cannot communicate with each other, but do have internet access. This being said, my network is firewalled twice over, then add the firewall on the gateway server, 3 times over.

Anyone else on here have some crazy LAN setup ? Or wish to pass comments on DHCP as a security flaw when not setup correctly?
:evilb::evilb::evilb::evilb::evilb::evilb:
Click to expand...

DHCP does not make your router un-secure. It only assigns 2 IPs, the LAN IP for the network and a WAN IP which is randomly generated. It is a user who can choose to secure the network or not. For me, I have my LAN IP displayed as a fake one, so no one can actually see my network from the outside. I have a firewall setup for protection, as well as an encrypted password needed to connect to the network. I also require MAC addresses to be allowed in the router itself, so if you don't have a known mac address, you won't be allowed to connect to the network. See how secure mine is? But wait! I have DHCP enabled. :)

By the way, I'm an IT professional.
 
DHCP is part of the application layer of the OSI and IP models, it's job is not to provide security, but to provide services. So the packets don't even reach the layer if they are stopped at lower layers due to security.

I personally have an unsecured wireless network with DHCP enabled that doesn't broadcast the SSID; the access to which is restricted by MAC address filtering.
 
sep said:
I personally have an unsecured wireless network with DHCP enabled that doesn't broadcast the SSID; the access to which is restricted by MAC address filtering.
Click to expand...

What's your home address? I'll get on 1 min after a computer disconnects. Programs can pick out SSIDs even if they are hidden and mac address filter is just a matter of spoofing it.
 
Yeah, but you don't know what MAC addresses are allowed, and there are 281,474,976,710,656 possible MAC addresses, and it takes roughly 15 seconds to connect. So it could be years before you find the correct address to spoof. Also you would need to inside my house to pick up the signal.
 
sep said:
Yeah, but you don't know what MAC addresses are allowed, and there are 281,474,976,710,656 possible MAC addresses, and it takes roughly 15 seconds to connect. So it could be years before you find the correct address to spoof. Also you would need to inside my house to pick up the signal.
Click to expand...

No, the program that picks out the SSID will also show all connected mac addresses. So when 1 disconnects your on the network.
 
sep said:
OK, so track me down. Infiltrate my house and connect to my wireless then!
Click to expand...

This is the point, it hardly matters what security you have, unless you are sending extended signal and have close neighbours.

And usally 9/10 times even if you find someones signal, you wouldn't care anyway.
I lived next to someone with a wireless network that crossed over in to my house, when I found it I did 2 things, Stopped broadcasting mine and tried to hack theres, however when I realized it was going to take effort to hack it, I gave up and just went back to my internet..
Who cares? not many people care enough to bother spending hours and hours, to days and days hacking something.
 
Last edited:
Schmarvin said:
DHCP does not make your router un-secure. It only assigns 2 IPs, the LAN IP for the network and a WAN IP which is randomly generated. It is a user who can choose to secure the network or not. For me, I have my LAN IP displayed as a fake one, so no one can actually see my network from the outside. I have a firewall setup for protection, as well as an encrypted password needed to connect to the network. I also require MAC addresses to be allowed in the router itself, so if you don't have a known mac address, you won't be allowed to connect to the network. See how secure mine is? But wait! I have DHCP enabled. :)

By the way, I'm an IT professional.
Click to expand...

Yep... An IT Professional who didn't read the entire post. :lol:
unless correct filter settings are configured on DHCP
Click to expand...
I <3 you Schmarvin :D
Darknight said:
This is the point, it hardly matters what security you have, unless you are sending extended signal and have close neighbours.

And usally 9/10 times even if you find someones signal, you wouldn't care anyway.
I lived next to someone with a wireless network that crossed over in to my house, when I found it I did 2 things, Stopped broadcasting mine and tried to hack theres, however when I realized it was going to take effort to hack it, I gave up and just went back to my internet..
Who cares? not many people care enough to bother spending hours and hours, to days and days hacking something.
Click to expand...

Thats so lazy. It took me like less then 5 minutes to gain access to my neighbors network, take full control over it, and gain free internet access for over 5 months without them knowing. (Not that I do that now-days lol)
 
Last edited:
you can use close dhcp, it will not assign ip to unknown clients, for this you have to configure your own dhcp and have to put mac adresses of your devices
 
Darknight said:
Mine is sad and almost entirely insecure, its one of the advantages of living out in the middle of no where, I cant see a point to fully secure my wifi when someone would have to drive up here, down the driveway and sit in a car/bush with a laptop hacking it to get access to my internet and computers, who would???

Like I said, its the advantage of living in the middle of no where, that in itsself makes me secure.
If anyone wanted to sit in a bush and hack me then they deserve to get in anyway for showing so much dedication haha.
Click to expand...

Perfect target!

Let me just point out that hacking a WiFi connection takes less than 3 minutes. So if a car stopped outside your house for 5 minutes and drove away would you think anything of it? Well, in that time, they could have hacked your Wifi and sent death threats to 50 hi-profile people.

Guess who's door would get smashed within a few hours ?
 
You must log in or register to reply here.
Back
Top