logo

Port 68 – BOOTP (Bootstrap Protocol)

Service:

bootp

Protocol:

UDP

Port:

68

Used for:

Dynamic host configuration and bootstrapping

Why It’s Open

Port 68 is used by BOOTP (Bootstrap Protocol) and DHCP (Dynamic Host Configuration Protocol) clients. This UDP port receives network configuration information including IP addresses, subnet masks, gateways, and DNS servers. Systems with this port open are typically DHCP clients requesting or maintaining network configuration.

Common Risks

  • DHCP spoofing attacks
    Malicious DHCP servers can provide incorrect network configuration
  • Man-in-the-middle setup
    Rogue DHCP can redirect traffic through attacker systems
  • DNS poisoning
    Malicious DNS servers distributed via DHCP responses
  • Network reconnaissance
    DHCP responses reveal network topology and services
  • DHCP starvation
    Exhausting DHCP pool to cause denial of service
  • Rogue gateway attacks
    Directing traffic through malicious routing systems
  • Information disclosure
    DHCP options may leak sensitive network information

Want to save time on reporting?

Let PentestPad generate, track, and export your reports - automatically.

logo-cta

Enumeration & Testing

DHCP Client Detection:

Terminal window
nmap -sU -p 68

DHCP Discovery Test:

Terminal window
nmap --script dhcp-discover -e eth0

Manual DHCP Request:

Terminal window
dhclient -v eth0

DHCP Packet Analysis:

Terminal window
tcpdump -i eth0 -n port 67 or port 68

Rogue DHCP Detection:

Terminal window
nmap --script broadcast-dhcp-discover

What to Look For

CheckpointWhat it means
DHCP server responsesMultiple DHCP servers may indicate rogue services
Network configuration offeredIP ranges, gateways, and DNS servers provided
DHCP optionsAdditional configuration parameters and vendor info
Lease durationHow long IP addresses are assigned
Suspicious responsesUnusual gateways or DNS servers that may be malicious

Mitigation

  • Keep software updated
    Apply latest security patches
  • Strong authentication
    Use complex passwords and 2FA
  • Access restrictions
    Limit service to trusted networks
  • Monitor activity
    Log and review service usage
  • Disable if unused
    Remove unnecessary services

TL;DR

  • Port 68 = DHCP/BOOTP client port
  • Network configuration protocol critical for system connectivity
  • Vulnerable to spoofing and man-in-the-middle attacks
  • Monitor for rogue DHCP servers on network segments

Known CVEs and Exploits

  • CVE-2018-1111 – DHCP client command injection vulnerability (DHCPwn)
  • CVE-2011-0997 – DHCP client buffer overflow vulnerability
  • CVE-2020-27748 – ISC DHCP buffer overflow vulnerability
  • DHCP starvation attacks – Exhaustion of DHCP address pools to cause denial of service