Which configuration on a switch would be unsuccessful in preventing a DHCP starvation attack?
A. DHCP snooping
B. Port security
C. Source Guard
D. Rate Limiting
Which configuration on a switch would be unsuccessful in preventing a DHCP starvation attack?
A. DHCP snooping
B. Port security
C. Source Guard
D. Rate Limiting
ANSWER: C
Example DHCP Starvation Attack Mitigation CatIOS(config)# ip dhcp snooping
CatlOS (config)# ip dhcp snooping vlan number [number]
CatlOS (config)# ip verify source vlan dhcp-snooping port-security
CatlOS (config)# switchport port-security limit rate invalid-source-MAC rate
CatlOS (config)# ip source binding ip-address MAC-address vlan vlan-id interface interface !Finally trust the interfaces with the following command CatlOS (config-if)# ip dhcp snooping trust
Example enables DHCP snooping and ensures that any other IP traffic with a source address other than the addresses in the binding will be filtered and dropped immediately.
IP source guard can provide additional defense against IP spoofing, but it is not conclusive for DHCP starvation attack.