DHCP Ack from server to client (DHCP_Ack)

About this signature or vulnerability

IBM Security Network Protection, Proventia-G 1.1 and earlier, BlackICE Agent for Server, Proventia Network MFS, RealSecure Server Sensor, Proventia Network IDS, Proventia Server IPS for Linux technology, IBM Security Host Protection for Servers (Windows), IBM Security Host Protection for Desktops, Proventia Network IPS, IBM Security Host Protection for Servers (Unix), Virtual Server Protection for Vmware:

This security event is categorized as an audit event. It is not necessarily indicative of an attack or threat to your network.

This signature detects DHCP (Dynamic Host Configuration Protocol) Ack packets originating from a DHCP server.

This security event is categorized as an audit event. It is not necessarily indicative of an attack or threat to your network.

This signature detects DHCP (Dynamic Host Configuration Protocol) Ack packets originating from a DHCP server.


Default risk level

Low risk vulnerability  Low

Sensors that have this signature

IBM Security Network Protection: 5.1, Proventia-G 1.1 and earlier: G Series, BlackICE Agent for Server: 3.6, Proventia Network MFS: 1.0, RealSecure Server Sensor: 7.0, RealSecure Server Sensor: 6.5, Proventia Network IDS: A Series, Proventia Server IPS for Linux technology: 1.0, IBM Security Host Protection for Servers (Windows): 1.0.914.0, IBM Security Host Protection for Desktops: 8.0.614.1, Proventia Network IPS: 2.0, IBM Security Host Protection for Servers (Unix): 2.2.2, Virtual Server Protection for Vmware: 1.0, IBM Security Host Protection for Servers (Windows): 2.1.14.2400

Systems affected

Microsoft Windows, Unix Unix

Type

Protocol Signature

Vulnerability description

Dynamic Host Configuration Protocol (DHCP) aids in the administration of IP networks by providing individual client computers their respective configurations. Clients send DHCP Requests to the DHCP server. In turn, the DHCP server replies with an acknowledgement (Ack) message that contains configuration parameters, including the committed network address.

How to remove this vulnerability

This issue does not directly indicate any type of vulnerability. Monitor DHCP server log files for suspicious activity.

References

Request for Comment document RFC 2131
Dynamic Host Configuration Protocol
http://sunsite.dk/RFC/

ISS X-Force
DHCP Ack from server to client
http://www.iss.net/security_center/static/7131.php