Sniffing Technique : DHCP Attacks


This section discusses the DHCP attacks. A DHCP attack is an active sniffing technique used by the attackers to steal and manipulate sensitive data. This section describes how DHCP works, DHCP starvation attacks, tools used for starvation attacks, rogue server attacks, and the ways to defend against DHCP attacks.

How DHCP Works
Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that gives an IP address to an IP host. additionally to the IP address, the DHCP server also provides configuration-related information like the default gateway and subnet mask. When a DHCP client device boots up, it participates in traffic broadcasting.
DHCP can assign IP configuration to hosts connecting to a network. The distribution of IP configuration to hosts simplifies the administrator's work to take care of IP networks.
DHCP servers maintain TCP/IP configuration information during a database like valid TCP/IP configuration parameters, valid IP addresses, and duration of the lease offered by the server. It provides address configurations to DHCP-enabled clients within the sort of a lease offer.

Working of DHCP:
  1. The client broadcasts DHCPDISCOVER/SOLICIT request asking for DHCP Configuration information.
  2.  DHCP-relay agent captures the client request and unicasts it to the DHCP servers available within the network.
  3. Relay agent broadcasts DHCPOFFER/ADVERTISE within the client's subnet.
  4. The client broadcasts DHCPREQUEST/REQUEST asking DHCP server to supply the DHCP configuration information.
  5.  DHCP server sends unicast DHCPACK/REPLY message to the client with the IP config and information.
“We're changing the world with technology”
DHCP Request/Reply Messages
A device that already has an IP address can use the simple request/reply exchange to get other configuration parameters from a DHCP server. When the DHCP client receives a DHCP offer, the client immediately responds by sending back a DHCP request packet. Devices that aren't using DHCP to accumulate IP addresses can still utilize DHCP's other configuration capabilities. A client can broadcast a DHCPINFORM message to request that any available server send its parameters on the usage of the network. DHCP servers respond with the requested parameters and/or default parameters carried in DHCP options of a DHCPACK message. If a DHCP request comes from a hardware address that's within the DHCP server's reserved pool and therefore the request isn't for the IP address that this DHCP server offered, the DHCP server's offer is invalid. The DHCP server can put that IP address back to the pool and offer it to a different client.
No alt text provided for this image
IPv4 DHCP Packet Format
DHCP enables communication on an IP network by configuring network devices. It assigns IP addresses and other information to computers in order that they will communicate on the network during a client-server mode. DHCP has two functionalities: one is delivering host-specific configuration parameters and therefore the other is allocating network addresses to hosts.
A series of DHCP messages are utilized in the communication between DHCP servers and DHCP clients, The DHCP message has an equivalent format as that of the BOOTP message. this is often because it maintains compatibility of DHCP with BOOTP relay agents, thus eliminating the necessity for changing the BOOTP client's initialization software in order to interoperate with DHCP servers.

DHCP Starvation Attack
In a DHCP starvation attack, an attacker floods the DHCP server by sending a large number of DHCP requests and uses all of the available IP addresses that the DHCP server can issue. As a result, the server cannot issue any longer IP addresses, resulting in Denial-of-Service (DoS) attacks, due to this issue, valid users cannot obtain or renew their IP addresses, and thus fail to access their network. An attacker broadcasts DHCP requests with spoofed MAC addresses with the help of tools like Gobbler.
DHCP Starvation Attack Tools
DHCP starvation attack tools send a large number of requests to a DHCP server leading to exhaustion of server's address pool. After which DHCP server isn't able to allocate configurations to new clients.
                 Yersinia
Yersinia is a network tool designed to take advantage of some weakness in different network protocols like DHCP, It pretends to be a solid framework for analyzing and testing the deployed networks and systems,
Some of the DHCP starvation attack tools are listed below:
•         Hyenae (https://sourceforge.net)
•         dhcpstarv (https://github.com)
•         Gobbler (https://sourceforge.net)
•         DHC Pig (https://github.com)

To mitigate a rogue DHCP server attack, set the connection between the interface and the rogue server as untrusted. That action will block all ingress DHCP server messages from that interface.

Rogue DHCP Server Attack
In addition to DHCP starvation attacks, an attacker can perform MITM attacks such as sniffing, An attacker who succeeds in exhausting the DHCP Server's IP address space can found out a Rogue DHCP Server on the network which isn't under the control of the network administrator. The Rogue DHCP server impersonates a legitimate server and offers IP addresses and other network information to other clients within the network, acting itself as a default gateway. Clients connected to the network with the addresses assigned by the Rogue Server will now become victims of MITM and other attacks, where packets forwarded from a client's machine will reach the rogue server first.
In a rogue DHCP server attack, an attacker will introduce a rogue server into the network. This rogue server has the ability to reply to clients' DHCP discovery requests. Although both the rogue and actual DHCP servers respond to the request, the client accepts the response that comes first. in a case where the rogue server gives the response before the actual DHCP server, the client takes the response of the rogue server. the knowledge provided to the clients by this rogue server can disrupt their network access, causing DoS.
The DHCP response from the attacker's rogue DHCP server may assign the IP address that is a client's default gateway. As a result, the attacker's IP address receives all the traffic from the client. The attacker then captures all the traffic and forwards this traffic to the appropriate default gateway. The client thinks that everything is functioning correctly. this sort of attack is difficult to detect by the client for long periods, Sometimes, the client uses a rogue DHCP server instead of the quality DHCP server. The rogue server directs the client to visit fake websites in an attempt to gain their credentials.

To mitigate a rogue DHCP server attack, set the connection between the interface and the rogue server as untrusted. That action will block all ingress DHCP server messages from that interface.

Click here for continue Reading:- https://www.info-savvy.com/category/knowledge-base/


--------------------------------------------------------------------------------------------------
This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

https://g.co/kgs/ttqPpZ


Comments

  1. Sniffing Technique : Dhcp Attacks >>>>> Download Now

    >>>>> Download Full

    Sniffing Technique : Dhcp Attacks >>>>> Download LINK

    >>>>> Download Now

    Sniffing Technique : Dhcp Attacks >>>>> Download Full

    >>>>> Download LINK Qq

    ReplyDelete

Post a Comment

Popular posts from this blog

10 Secrets You Will Never Know About Cyber Security And Its Important

ISO 27001 Annex : A.5 Information Security Policies

Impact Of ISO 27001 Lead Auditor