Which security feature defends against bogus DHCP server attacks?

DHCP snooping is a security feature that plays a crucial role in defending against bogus DHCP server attacks. This feature helps to ensure that only legitimate DHCP servers can provide IP addresses to the clients on a network. By monitoring DHCP messages, DHCP snooping filters out any responses from untrusted sources, effectively preventing rogue DHCP servers from distributing incorrect IP configurations, which could lead to various network attacks, including man-in-the-middle attacks and denial-of-service conditions.

Implementing DHCP snooping also helps to create a trusted DHCP binding database, which keeps track of which IP addresses have been assigned to which MAC addresses. This adds an additional layer of security, ensuring that devices receive only the expected configurations.

The other options, while they are important security measures in their own right, do not specifically target the issue of rogue DHCP servers. Access control lists can restrict which devices can access network resources but are not designed specifically to filter DHCP messages. IPsec provides secure communication over IP networks through encryption and authentication but does not address DHCP-specific vulnerabilities. Encryption protocols serve to secure data communications but do not directly interact with DHCP processes. Thus, DHCP snooping is the dedicated feature specifically tailored to mitigate risks associated with unauthorized or malicious DHCP servers.