Cloud DHCP and Integrity

Hmmmmmm which cloud? Whilst DHCP is used in the clouds you don’t have the same level of visibility 
In Azure for example you would have to infer which addresses are dynamic

GET https://management.azure.com/subscriptions/{subId}/resourceGroups/{rg}/providers/Microsoft.Network/networkInterfaces?api-version=2023-04-01
 

This would give you:

• Assigned private IPs (static or dynamic)

• MAC addresses

• VM associations

• Subnet and VNet

This reflects the outcome of DHCP in the cloud, e,g what private IPs are dynamic, even if it’s not technically a lease table. But there is no direct cloud based access to leases or real-time DHCP events.

Like Azure, AWS does not expose DHCP lease data directly. Instead, AWS VPC uses managed DHCP to assign private IPs to EC2 instances and ENIs (Elastic Network Interfaces). You could query the DHCP options set but that would only get you DNS servers, NTP servers,domains etc (e,g options) not least data.

Again ditto for GCP …..

All 3 providers abstract away DHCP leases, instead giving you snapshots of assigned IPs, which you can poll and already present, best we could do is infer if the address was static or dynamically assign

We can’t even sniff the traffic as the DHCP implmentations in the cloud are within the virtualisation layer (SDN overlay) so not a broadcast nor would we see other clients traffic from a host. You’d only see the DHCP discover from the client hosting the sniffer and the OFFER./ACK from the virtual DHCP used in each cloud

I’ll asked the CDV team if they have an bright ideas on how this might be possible, but I don’t think it feasible