03-17-2016 09:29 AM
I would like to know how I can protect against DHCP Snooping. I know that we can detect DHCP server using DDI and NETMRI. When DDI have log about DHCP ACK send this information to NETMRI. NetMRI checks if this server whcih assigne IP address to host is on his DHCP list, if not than NETMRi scan this system trying to check port of DHCP server and trying to get IO adddress from thsi system. If confirm that this system behaves as DHCP server than send commands to switch and switch block this system on switche. There is option that from NETMRI we trun on DHCP snooping on switches - probably. Is there any other option how to protect against this attack?