DHCP Ack from server to client (DHCP_Ack)

About this signature or vulnerability

IBM Security Host Protection for Servers (Windows), RealSecure Server Sensor, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, Proventia Network IPS, IBM Security Host Protection for Desktops, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware, IBM Security Network Protection, IBM Security Host Protection for Servers (Unix):

This security event is categorized as an audit event. It is not necessarily indicative of an attack or threat to your network.

This signature detects DHCP (Dynamic Host Configuration Protocol) Ack packets originating from a DHCP server.

This security event is categorized as an audit event. It is not necessarily indicative of an attack or threat to your network.

This signature detects DHCP (Dynamic Host Configuration Protocol) Ack packets originating from a DHCP server.


Default risk level

Low risk vulnerability  Low

Sensors that have this signature

IBM Security Host Protection for Servers (Windows): 2.1.14.2400, IBM Security Host Protection for Servers (Windows): 1.0.914.0, RealSecure Server Sensor: 6.5, RealSecure Server Sensor: 7.0, Proventia Network MFS: 1.0, Proventia-G 1.1 and earlier: G Series, Proventia Network IDS: A Series, Proventia Network IPS: 2.0, IBM Security Host Protection for Desktops: 8.0.614.1, Proventia Server IPS for Linux technology: 1.0, Virtual Server Protection for Vmware: 1.0, IBM Security Network Protection: 5.1, IBM Security Host Protection for Servers (Unix): 2.2.2

Systems affected

Microsoft Windows, Unix Unix

Type

Protocol Signature

Vulnerability description

Dynamic Host Configuration Protocol (DHCP) aids in the administration of IP networks by providing individual client computers their respective configurations. Clients send DHCP Requests to the DHCP server. In turn, the DHCP server replies with an acknowledgement (Ack) message that contains configuration parameters, including the committed network address.

How to remove this vulnerability

This issue does not directly indicate any type of vulnerability. Monitor DHCP server log files for suspicious activity.

References

Request for Comment document RFC 2131
Dynamic Host Configuration Protocol
http://sunsite.dk/RFC/

ISS X-Force
DHCP Ack from server to client
http://www.iss.net/security_center/static/7131.php