Sniffing Technique : DHCP Attacks

-

This section discusses the DHCP attacks. A DHCP attack is an active sniffing technique used by the attackers to steal and manipulate sensitive data. This section describes how DHCP works, DHCP starvation attacks, tools used for starvation attacks, rogue server attacks, and the ways to defend against DHCP attacks.

How DHCP Works
Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that gives an IP address to an IP host. additionally to the IP address, the DHCP server also provides configuration-related information like the default gateway and subnet mask. When a DHCP client device boots up, it participates in traffic broadcasting.
DHCP can assign IP configuration to hosts connecting to a network. The distribution of IP configuration to hosts simplifies the administrator's work to take care of IP networks.
DHCP servers maintain TCP/IP configuration information during a database like valid TCP/IP configuration parameters, valid IP addresses, and duration of the lease offered by the server. It provides address configurations to DHCP-enabled clients within the sort of a lease offer.

Working of DHCP:
  1. The client broadcasts DHCPDISCOVER/SOLICIT request asking for DHCP Configuration information.
  2.  DHCP-relay agent captures the client request and unicasts it to the DHCP servers available within the network.
  3. Relay agent broadcasts DHCPOFFER/ADVERTISE within the client's subnet.
  4. The client broadcasts DHCPREQUEST/REQUEST asking DHCP server to supply the DHCP configuration information.
  5.  DHCP server sends unicast DHCPACK/REPLY message to the client with the IP config and information.
“We're changing the world with technology”
DHCP Request/Reply Messages
A device that already has an IP address can use the simple request/reply exchange to get other configuration parameters from a DHCP server. When the DHCP client receives a DHCP offer, the client immediately responds by sending back a DHCP request packet. Devices that aren't using DHCP to accumulate IP addresses can still utilize DHCP's other configuration capabilities. A client can broadcast a DHCPINFORM message to request that any available server send its parameters on the usage of the network. DHCP servers respond with the requested parameters and/or default parameters carried in DHCP options of a DHCPACK message. If a DHCP request comes from a hardware address that's within the DHCP server's reserved pool and therefore the request isn't for the IP address that this DHCP server offered, the DHCP server's offer is invalid. The DHCP server can put that IP address back to the pool and offer it to a different client.
No alt text provided for this image
IPv4 DHCP Packet Format
DHCP enables communication on an IP network by configuring network devices. It assigns IP addresses and other information to computers in order that they will communicate on the network during a client-server mode. DHCP has two functionalities: one is delivering host-specific configuration parameters and therefore the other is allocating network addresses to hosts.
A series of DHCP messages are utilized in the communication between DHCP servers and DHCP clients, The DHCP message has an equivalent format as that of the BOOTP message. this is often because it maintains compatibility of DHCP with BOOTP relay agents, thus eliminating the necessity for changing the BOOTP client's initialization software in order to interoperate with DHCP servers.

DHCP Starvation Attack
In a DHCP starvation attack, an attacker floods the DHCP server by sending a large number of DHCP requests and uses all of the available IP addresses that the DHCP server can issue. As a result, the server cannot issue any longer IP addresses, resulting in Denial-of-Service (DoS) attacks, due to this issue, valid users cannot obtain or renew their IP addresses, and thus fail to access their network. An attacker broadcasts DHCP requests with spoofed MAC addresses with the help of tools like Gobbler.
DHCP Starvation Attack Tools
DHCP starvation attack tools send a large number of requests to a DHCP server leading to exhaustion of server's address pool. After which DHCP server isn't able to allocate configurations to new clients.
                 Yersinia
Yersinia is a network tool designed to take advantage of some weakness in different network protocols like DHCP, It pretends to be a solid framework for analyzing and testing the deployed networks and systems,
Some of the DHCP starvation attack tools are listed below:
•         Hyenae (https://sourceforge.net)
•         dhcpstarv (https://github.com)
•         Gobbler (https://sourceforge.net)
•         DHC Pig (https://github.com)

To mitigate a rogue DHCP server attack, set the connection between the interface and the rogue server as untrusted. That action will block all ingress DHCP server messages from that interface.

Rogue DHCP Server Attack
In addition to DHCP starvation attacks, an attacker can perform MITM attacks such as sniffing, An attacker who succeeds in exhausting the DHCP Server's IP address space can found out a Rogue DHCP Server on the network which isn't under the control of the network administrator. The Rogue DHCP server impersonates a legitimate server and offers IP addresses and other network information to other clients within the network, acting itself as a default gateway. Clients connected to the network with the addresses assigned by the Rogue Server will now become victims of MITM and other attacks, where packets forwarded from a client's machine will reach the rogue server first.
In a rogue DHCP server attack, an attacker will introduce a rogue server into the network. This rogue server has the ability to reply to clients' DHCP discovery requests. Although both the rogue and actual DHCP servers respond to the request, the client accepts the response that comes first. in a case where the rogue server gives the response before the actual DHCP server, the client takes the response of the rogue server. the knowledge provided to the clients by this rogue server can disrupt their network access, causing DoS.
The DHCP response from the attacker's rogue DHCP server may assign the IP address that is a client's default gateway. As a result, the attacker's IP address receives all the traffic from the client. The attacker then captures all the traffic and forwards this traffic to the appropriate default gateway. The client thinks that everything is functioning correctly. this sort of attack is difficult to detect by the client for long periods, Sometimes, the client uses a rogue DHCP server instead of the quality DHCP server. The rogue server directs the client to visit fake websites in an attempt to gain their credentials.

To mitigate a rogue DHCP server attack, set the connection between the interface and the rogue server as untrusted. That action will block all ingress DHCP server messages from that interface.

Click here for continue Reading:- https://www.info-savvy.com/category/knowledge-base/


--------------------------------------------------------------------------------------------------
This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

https://g.co/kgs/ttqPpZ


Comments

  1. Anonymous20 April 2022 at 05:46

    Sniffing Technique : Dhcp Attacks >>>>> Download Now

    >>>>> Download Full

    Sniffing Technique : Dhcp Attacks >>>>> Download LINK

    >>>>> Download Now

    Sniffing Technique : Dhcp Attacks >>>>> Download Full

    >>>>> Download LINK Qq

    ReplyDelete

Post a Comment

Popular posts from this blog

ISO 27001 Annex : A.5 Information Security Policies

-
Image
5. 1  Management direction for information security ISO 27001 Annex : A.5 Information Security Policies, Its objective is to provide management guidance and  information security  assistance in accordance with business requirements and relevant laws and regulations. 5.1.1 Policies for Information Security Control-   A set of information security policies should be established, managed accepted, published and communicated to the employees and related external parties. Implementation Guidance-  At the very least companies need to identify a management-approved “information security strategy,” which outlines the organization’s approach to managing its information security goals. Information security policies should meet criteria that have been created by: Business strategy; Regulations, legislation and contracts; The present and projected  information security threat  environment Related Product :   ISO 27001 Lead Auditor Training And Certification ISMS The informa
Read more

Top 5 Key Elements of an Information Security

-
Image
Top 5 Key Elements of an Information Security and its critical elements, including systems and hardware that use, store, and transmit that information. Necessary tools: policy, awareness, training, education, technology etc. IS is the application of measures to ensure the safety and privacy of data by managing its storage and distribution. Information security has both technical and also social implications. Information security system is the process of protecting and securing the data from unauthorized access, disclosure, destruction or disruption. An organization that attempt to compose a operating ISP must have well-defined objectives regarding  security  And strategy. On that management have reached an agreement. Any existing dissonances during this context could render the data security policy project dysfunctional. The foremost necessary factor that a security skilled should bear in mind is that his knowing. The protection management practices would allow him to include t
Read more

Types of Vulnerability Assessment

-
Image
Given below are the different types of vulnerability assessments:   Active Assessment Active assessments are a type of vulnerability assessment that uses network scanners to scan the network to identify the hosts, services, and vulnerabilities present in that network. Active network scanners have the capability to reduce the intrusiveness of the checks they perform.   Passive Assessment Passive assessments sniff the traffic present on the network to identify the active systems, network services, applications, and vulnerabilities. Passive assessments also provide a list of the users who are a recently using the network. External Assessment External assessment assesses the network from a hacker's point of view to find out what exploits and vulnerabilities are accessible to the outside world. These types of assessments use external devices such as firewalls, routers, and servers. An external assessment estimates the threat of network security attacks
Read more