The document discusses DHCP spoofing and starvation attacks. It provides an overview of DHCP, including how DHCP clients obtain IP addresses and other network parameters from DHCP servers. It then describes how DHCP starvation and spoofing attacks work. A DHCP starvation attack involves spoofing DHCP requests to deplete the available IP addresses on a server. This allows an attacker to introduce a rogue DHCP server and conduct spoofing by distributing fake IP addresses and network configurations to clients. The document concludes by mentioning how to simulate these attacks in a lab using the tool Yersinia and observing the results through Wireshark.
The document discusses DHCP spoofing and starvation attacks. It provides an overview of DHCP, including how DHCP clients obtain IP addresses and other network parameters from DHCP servers. It then describes how DHCP starvation and spoofing attacks work. A DHCP starvation attack involves spoofing DHCP requests to deplete the available IP addresses on a server. This allows an attacker to introduce a rogue DHCP server and conduct spoofing by distributing fake IP addresses and network configurations to clients. The document concludes by mentioning how to simulate these attacks in a lab using the tool Yersinia and observing the results through Wireshark.
The document discusses DHCP spoofing and starvation attacks. It provides an overview of DHCP, including how DHCP clients obtain IP addresses and other network parameters from DHCP servers. It then describes how DHCP starvation and spoofing attacks work. A DHCP starvation attack involves spoofing DHCP requests to deplete the available IP addresses on a server. This allows an attacker to introduce a rogue DHCP server and conduct spoofing by distributing fake IP addresses and network configurations to clients. The document concludes by mentioning how to simulate these attacks in a lab using the tool Yersinia and observing the results through Wireshark.
Network Monitoring and documentation Dr. Mohammad Alshinwan 20212 Overview of DHCP • Dynamic Host Configuration Protocol (DHCP) is an application layer protocol used to distribute network configuration parameters, such as IP addresses, subnet masks, default gateways, etc. to hosts on a TCP/IP network. Assigning network parameters using DHCP reduces the amount of work of a network administrator, since there is no need to statically configure parameters on each device. • DHCP employs a client-server architecture; a DHCP client is configured to request network parameters from a DHCP server. A DHCP server is configured with a pool of available IP addresses and assigns one of them to the DHCP client. Besides IP addresses, a DHCP server can provide some additional network parameters, such as: • Subnet mask • Default gateway • Domain name • DNS server Process of DHCP • As you can see from the picture above, a DHCP client goes through the four-step process: 1. 1. A DHCP client sends a broadcast packet (DHCPDiscover) to discover DHCP servers on the network. 2. 2. The DHCP server receives the DHCPDiscover packet and respond with a DHCPOffer packet, offering IP addressing information to the DHCP client. 3. 3. The DHCP client responds by broadcasting a DHCPRequest packet, requesting network parameters from the DHCP server (If there is more than one DHCP server on the network segment and the DHCP client receives more than one DHCPOffer packets, the client will accept the first DHCPOffer packet.) 4. 4. The DHCP server approves the lease with a DHCPACK (Acknowledgement) packet. The packet includes the lease duration and other configuration information. DHCP starvation attack • In a DHCP starvation attack, an attacker broadcasts large number of DHCP REQUEST messages with spoofed source MAC addresses. If the legitimate DHCP Server in the network start responding to all these bogus DHCP REQUEST messages, available IP Addresses in the DHCP server scope will be depleted within a very short span of time. • Once the available number of IP Addresses in the DHCP server is depleted, network attackers can then set up a rogue DHCP server and respond to new DHCP requests from network DHCP clients. By setting up a rogue DHCP server, the attacker can now launch DHCP spoofing attack. DHCP spoofing attack • After a DHCP starvation attack and setting up a rogue DHCP server, the attacker can start distributing IP addresses and other TCP/IP configuration settings to the network DHCP clients. • TCP/IP configuration settings include Default Gateway and DNS Server IP addresses. • Network attackers can now replace the original legitimate Default Gateway IP Address and DNS Server IP Address with their own IP Address. • Once the Default Gateway IP Address of the network devices are is changed, the network clients start sending the traffic destined to outside networks to the attacker's computer. • The attacker can now capture sensitive user data and launch a man-in-the-middle attack. This is called as DHCP spoofing attack. Attacker can also set up a rogue DNS server and deviate the end user traffic to fake web sites and launch phishing attacks. LAB • Yersinia Now ping from the PC to the router. (should not be working!)
Use this command to forward the packet to the router:
Sudo sysctl –w net.ipv4.ip_forward=1
No ping aging to the router, it’s will be work.
If the ping slow to the router, close the Yersinia • Open up the Wireshark.