DHCP Ack from server to client (DHCP_Ack)

About this signature or vulnerability

Proventia Network MFS, RealSecure Server Sensor, IBM Security Host Protection for Servers (Windows), Proventia Network IPS, IBM Security Host Protection for Desktops, Proventia Network IDS, Proventia-G 1.1 and earlier, IBM Security Host Protection for Servers (Unix), IBM Security Network Protection, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:

This security event is categorized as an audit event. It is not necessarily indicative of an attack or threat to your network.

This signature detects DHCP (Dynamic Host Configuration Protocol) Ack packets originating from a DHCP server.

This security event is categorized as an audit event. It is not necessarily indicative of an attack or threat to your network.

This signature detects DHCP (Dynamic Host Configuration Protocol) Ack packets originating from a DHCP server.


Default risk level

Low risk vulnerability  Low

Sensors that have this signature

Proventia Network MFS: 1.0, RealSecure Server Sensor: 6.5, RealSecure Server Sensor: 7.0, IBM Security Host Protection for Servers (Windows): 1.0.914.0, IBM Security Host Protection for Servers (Windows): 2.1.14.2400, Proventia Network IPS: 2.0, IBM Security Host Protection for Desktops: 8.0.614.1, Proventia Network IDS: A Series, Proventia-G 1.1 and earlier: G Series, IBM Security Host Protection for Servers (Unix): 2.2.2, IBM Security Network Protection: 5.1, Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 1.0

Systems affected

Unix Unix, Microsoft Windows

Type

Protocol Signature

Vulnerability description

Dynamic Host Configuration Protocol (DHCP) aids in the administration of IP networks by providing individual client computers their respective configurations. Clients send DHCP Requests to the DHCP server. In turn, the DHCP server replies with an acknowledgement (Ack) message that contains configuration parameters, including the committed network address.

How to remove this vulnerability

This issue does not directly indicate any type of vulnerability. Monitor DHCP server log files for suspicious activity.

References

Request for Comment document RFC 2131
Dynamic Host Configuration Protocol
http://sunsite.dk/RFC/

ISS X-Force
DHCP Ack from server to client
http://www.iss.net/security_center/static/7131.php