Hijacking Traffic Application DHCP Rogue Servers
Another DHCP accomplishment with adverse after-effects consists in installing a buried DHCP server
on a LAN segment, as Figure 5-4 shows.
Figure 5-4 DHCP Rogue Server
If a rogue DHCP server is installed on the LAN, by default, it receives DHCPDISCOVER
messages from audience gluttonous to access an IP address.
Note: all options with a * crave -Q
Note: MITM -M is in the aboriginal stages of coding
Note: When assuming a DoS advance the crammer crashes
WARNING apprehend README.1ST afore application the Gobbler
If you do not accept what you are doing, do NOT use this program!
[root@linux-p4#
Example 5-1 Gobbler’s Help Menu (Continued)
Client
Discover
Crafted
Rogue DHCP
Server
DHCP Server
IP Address: 10.10.10.101
Subnet Mask: 255.255.255.0
Default Routers: 10.10.10.1
DNS Servers: 192.168.10.4, 192.168.10.5
Lease Time: 10 Days
Offer
Switch
Countermeasures to DHCP Exhaustion Attacks 93
At this point, it is a chase action amid the rogue DHCP server and the legitimate
server. Because of its adjacency to the clients, the rogue server apparently has the high hand.
At this point, all bets are off: The rogue server can duke out options of its allotment to
clients.
Which DHCP Server Will the DHCP Applicant Use?
When the DHCP applicant receives several DHCPOFFERs from altered servers, which offer
should it use?
In general, a DHCP applicant remembers the IP abode it acclimated afore and, if there is an offer
for this abode (DHCP server actuality stateful offers the aforementioned IP abode to the aforementioned client,
if the IP abode is available), the DHCP applicant uses this offer.
When all offers are different to the client’s antecedent IP address, the applicant artlessly uses the
first action received.
Many times, hosts access their area name and area name server IP abode through
DHCP. Convincing a host to use a specific (compromised) DNS server is abutting to the holy
grail of LAN security—or insecurity, depending on your point of view!
An antagonist can now allure victims to artificial websites that are exact replicas of the original
ones. Here, they abduction credentials, annual information, and added acute information.