A series of techniques to protect against DHCP-based attacks. As part of DHCP snooping, trusted and untrusted ports are assigned on a switch. In the event that a DHCP packet arriving at an untrusted port does not match the legitimacy criteria, it is blocked. Potential markers of compromise of the incoming data are certain commands in the packet body or a mismatch between the sender’s MAC address and the value transmitted in the request.