If attackers are able to compromise a DHCP server on the network, they might disrupt network services, preventing DHCP clients from connecting to network resources. By gaining control of a DHCP server, attackers can configure DHCP clients with fraudulent TCP/IP configuration information, including an invalid default gateway or Domain Name System (DNS) server configuration.
The following threats exist when you implement DHCP on your network:
Unauthorized DHCP servers can issue incorrect TCP/IP configuration information to DHCP clients.
DHCP servers can overwrite valid DNS resource records with incorrect information.
DHCP can create DNS resource records without ownership defined.
Unauthorized DHCP clients can obtain IP addresses ...