The idea of DHCP snooping is to prevent an attacker to present itself as a DHCP
server and or flood the ligitimate DHCP server with
fake requests in order to eat all of the available addresses so the client cannot lease an address. Well how all that work. When you configure DHCP snooping on a switch all of the switch ports asuume the role of a untrusted ports. Before definition of a untrusted port we should define what actually is trusted port. Trusted port is a port which will allow all of the DHCP messages sent between the client and server.(dhcpdiscover,dhcpoffer,dhcprequest, dhcp ack) Trusted ports are ussually defined between switch and router or switch and switch. They must be defined when you know what is the topoligy and how the DHCP community will flow. Usually untrusted ports are ports which connect the switch to the end user devices. Untrusted port will prevent DHCP server messages (dhcpoffer,dhcpreq) which are initiated from the client side. Also switch will keep state information regarding dhcp binding on an accesss port. For example if a client on host B request a lease for address 10.10.10.1 from dhcp server A the switch will create that binding table information. In that way if an attacker attempt to execute dhcp starvation attack. Switch will realize what is happening and will block all of the fake requests.