Mechanism
An authorized DHCP client that has obtained an IP address sends a DHCP Request message or Release message to extend the lease time or to release the IP address. If an attacker continuously sends DHCP Request messages to the DHCP server to extend the lease time, the IP address cannot be reclaimed or obtained by authorized users. If an attacker sends forged DHCP Release messages to the DHCP server, the authorized user may be disconnected.
Solution
To prevent bogus DHCP message attacks, use the DHCP snooping binding table. The device checks DHCP Request messages and Release messages against binding entries to determine whether the messages are valid. Specifically, the device checks whether the VLAN IDs, IP addresses, MAC addresses, and interface IDs in DHCP messages match binding entries. If a message matches a binding entry, the device forwards the message. Otherwise, the device discards the message.