DHCP Fingerprinting: Identify Device type, vendor and OS

What is DHCP Fingerprinting?

A DHCP client interacts with the DHCP server in a network to obtain unique IP address (for the session). But it also acquires other info like default gateway, DNS server, etc. During the DHCP protocol exchange, there is an option for the DHCP server to query information on the type of device, manufacturer name, and OS of the client device. This is defined by RFC 2132, and is called as DHCP Fingerprinting.

Why is it required?

Due to the proliferation of BYOD (Bring Your Own Devices)/mobile devices connecting mostly over the Wireless Network, it becomes difficult to identify and control the types of devices that can connect to the network, and once connected, to determine what access privileges they might have.

With DHCP Fingerprinting, DHCP Servers or devices like IPAM Controllers or Wireless Controllers, can use DHCP Fingerprinting to identify the device type, manufacturer name and OS of the clients/devices connecting to the network, categorize them into ACLs, and control which device can connect to the network and what it can do.

For example, mobile devices, once identified, can be given Internet access only (without LAN access). Further, Android devices can be denied even Internet access, while iOS devices can be given access only to a specific portal, depending on the company policy. In fact, same user can be given different access privileges, depending on whether he is logging in from his laptop or iPhone, respectively.

Some devices that can be identified by DHCP Fingerprinting include:

  • Mobiles, Tablets.
  • Desktops.
  • Servers.
  • Routers, Switches, Access Points.
  • Gaming Consoles.
  • VOIP Systems.
  • Printers, etc.

DHCP Fingerprinting can be used to provide device visibility, access control, monitoring usage/application trends, prevent BYOD security risks, etc.

What else?

MDM (Mobile Device Management) application can be used to classify and control access to mobile devices on the network, but it is an invasive application that may need an agent to be installed in each mobile device.

There are other methods to classify devices into their respective ACL groups –  DHCP Fingerprinting is one of them, but the later might carry a higher precedence than others.

Since DHCP Fingerprinting operates on attributes after successful authentication, devices that fail authentication will not get IP address to connect to the network in the first place.

DHCP Fingerprinting is mostly a non-intrusive process without overhead of additional network discovery devices/processes.

References/Further Info:

  1. Aruba OS DHCP Fingerprinting.
  2. Infoblox DHCP Fingerprinting: Enabling end-point Discovery and Control.

You could stay up to date on Computer Networking/IT Technologies by subscribing to this blog with your email address in the sidebar box that says, ‘Get email updates when new articles are published’.