Dark Deceptions in DHCP: Dismantling Network Defenses

TL;DR

The paper analyzes DHCP vulnerabilities with a focus on TunnelVision (CVE-2024-3661) and its impact on VPN security. It provides a taxonomic classification of DHCP attacks and maps their effects to the CIA Triad, offering corrective, detective, and mitigative controls. It emphasizes that VPNs alone are insufficient protection and advocates layered defenses, including DHCP-snooping and robust route controls. It also proposes a PU/NU learning framework to detect TunnelVision within DHCP lease logs, outlining concrete steps and metrics for practical deployment.

Abstract

This paper explores vulnerabilities in the Dynamic Host Configuration Protocol (DHCP) and their implications on the Confidentiality, Integrity, and Availability (CIA) Triad. Through an analysis of various attacks, including DHCP Starvation, Rogue DHCP Servers, Replay Attacks, and TunnelVision exploits, the paper provides a taxonomic classification of threats, assesses risks, and proposes appropriate controls. The discussion also highlights the dangers of VPN decloaking through DHCP exploits and underscores the importance of safeguarding network infrastructures. By bringing awareness to the TunnelVision exploit, this paper aims to mitigate risks associated with these prevalent vulnerabilities.