Attack from the Pseudo DHCP Server
DHCP DISCOVER packets are sent in broadcast mode, so the pseudo DHCP server can listen to the DHCP DISCOVER packets. The pseudo DHCP server then replies incorrect packets with the incorrect IP address of the gateway, incorrect DNS server, and incorrect IP address to the DHCP client. This causes the Denial of Service (DoS).
Figure 1 DHCP client sending DHCP DISCOVER packets

Figure 2 Attack from the pseudo DHCP server

To prevent the attack from the pseudo DHCP server, use the trusted/untrusted working mode of DHCP snooping.
You can configure a physical interface as a trusted or an untrusted interface. DHCP REPLAY packets (DHCP OFFER, DHCP ACK, or DHCP NAK packets) received from an untrusted interface are directly discarded so that the attack from the pseudo DHCP server attack can be prevented, as shown inFigure 3.
Figure 3 Trusted/untrusted working mode


