Dynamic Host Configuration Protocol for IPv4 (DHCPv4) Threat Analysis

Document Type Expired Internet-Draft (dhc WG)
Author Richard Hibbs 
Last updated 2006-06-15
Stream Internent Engineering Task Force (IETF)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


DHCPv4 (RFC 2131) is a stable, widely used protocol for configuration of host systems in a TCP/IPv4 network. It did not provide for authentication of clients and servers, nor did it provide for data confidentiality. This is reflected in the original "Security Considerations" section of RFC 2131, which identifies a few threats and leaves development of any defenses against those threats to future work. In about 1995, DHCP security began to attract attention from the Internet community, eventually resulting in the publication of RFC 3118 in 2001. Although RFC 3118 was a mandatory prerequisite for the DHCPv4 Reconfigure Extension, RFC 3203, it has had no known usage by any commercial or private implementation since its adoption. The DHC Working Group adopted a work item for 2003 to review and modify or replace RFC 3118 to afford a workable, easily deployed security mechanism for DHCPv4. This memo provides a threat analysis of the Dynamic Host Configuration Protocol for Ipv4 (DHCPv4) for use both as RFC 2131 advances from Draft Standard to Full Standard and to support our chartered work improving the acceptance and deployment of RFC 3118.


Richard Hibbs (rbhibbs@pacbell.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)