Encrypting DHCP requests and traffic

DHCP security
DHCP server
Is it possible to encrypt DHCP requests and traffic?

Answer Wiki

Thanks. We'll let you know when a new response is added.

Short answer: No, and why would you need to?

Discuss This Question: 5  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • TomLiotta
    I think I'm not understanding the problem. Tunneling/encapsulation of DHCP is possible, but it's hard to see how it could work at all if it was encrypted. It's hard for me to come up with any reason for DHCP encryption since almost everything it results in necessarily becomes a part of just about every packet that gets sent from clients after receiving DHCP payload. What aspect of DHCP would you want to encrypt? What business problem would be solved? Maybe an alternative is possible (assuming DHCP encryption isn't meaningful). Tom
    125,585 pointsBadges:
  • saturno
    Hello, This question also attracted my attention. I also would like to know what are your expectations on encrypting DHCP traffic. Do you only want to deliver answers (from DHCP server) to known, trusted clients? If this is the problem you're trying to solve, there are options to do this. One thing is granted: if you encrypt / tunnel DHCP traffic, your clients requiring an IP address won't be able to get one...
    4,585 pointsBadges:
  • missRob
    If I want to encrypt the payload of the DHCP offer, in order to obfuscate the receiving IP address. What should stop me from doing so? both client and server hold a secret decipher key.
    I assume ssl or other (low OSi-level) encryption mechanism will not work in this case due to authentication issues?
    10 pointsBadges:
  • Kevin Beaver
    Why would you want to do this? Are you concerned about malware or someone spying? There are certainly other things you can - and should - spend your time on to address any threats.
    27,550 pointsBadges:
  • TheRealRaven
    It makes no sense as far as I can tell to encrypt DHCP traffic. First, encryption/decryption would have to be done on both ends, client and server. Second, in order for the client request to be "encrypted" with any meaningful intent at all, practically the entirety of the packets would need to be encrypted; and that almost means that networking devices wouldn't know what to do with them as they traveled along. Additional complications would seem to make it even more troublesome.

    And beyond any of that, there's simply nothing useful that encryption would hide. Results of DHCP transactions are needed to be known to the network in order for the network to function. The tunneling suggestion seems plausible enough, but even that wouldn't normally be done in order to 'hide' anything but rather for routing.

    With others, I too would like to hear why DHCP encryption could be helpful.
    36,880 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: