Published on 4 Jun 2015
A default setting within the DHCP service is to enable “Enforce one lease per cable modem”. This stops a second device coming online with the same MAC from getting an IP, as cable modems can only have one active lease on a subnet. A possible scenario is when a cloned MAC receives service while the genuine cable modem is powered off. When the genuine customer attempts to come online, they will be denied service and contact customer service. The current lease can then be deleted to enable the genuine customer to receive the correct lease.
Importantly, this process enables you to identify where the illegal cloned MAC(s) come from and stop their service.
Incognito offers you the ability to detect duplicate MAC addresses and report them to the administrator by email, syslogs, popup GUI, or SNMP traps.
The denial of service (DoS) detection feature for the DHCP service is used to prevent a single device from saturating the DHCP service port 67 with packets and consuming resources so that the DHCP service is rendered unavailable for legitimate traffic.
When DoS detection is enabled, incoming packets are monitored. When the number of packets from a single device reaches the limit specified within the amount of time specified, any additional packets will be dropped. When the client no longer meets these conditions, it will again be processed by the DHCP service. Devices which have met the DoS criteria specified can be observed in the service logs.
Next week, learn how different operation roles play a part in fortifying security on a DOCSIS network.