Rogue DHCP Server Attack

Rogue DHCP Server Attack in an addition to DHCP starvation attacks, when attacker can perform MITM attacks such as sniffing, An attacker who succeeds in exhausting the DHCP Server’s IP address space can found out a Rogue DHCP Server on the network which isn’t under the control of the network administrator. The Rogue DHCP server impersonates a legitimate server and offers IP addresses and other network information to other clients within the network, acting itself as a default gateway. Clients connected to the network with the addresses assigned by the Rogue Server will now become victims of MITM and other attacks, where packets forwarded from a client’s machine will reach the rogue server first.

Rogue DHCP Server Attack

In a rogue DHCP server attack, an attacker will introduce a rogue server into the network. This rogue server has the ability to reply to clients’ DHCP discovery requests. Although both the rogue and actual DHCP servers respond to the request, the client accepts the response that comes first. in a case where the rogue server gives the response before the actual server, the client takes the responsibility of the rogue server. the knowledge provided to the clients by this rogue server can disrupt their network access, causing DoS.

“We’re changing the world with technology”

The DHCP response from the attacker’s rogue DHCP server may assign the IP address that is a client’s default gateway. As a result, the attacker’s IP address receives all the traffic from the client. The attacker then captures all the traffic and forwards this traffic to the appropriate default gateway. The client thinks that everything is functioning correctly. this sort of attack is difficult to detect by the client for long periods, Sometimes, the client uses a rogue DHCP server instead of the quality DHCP server. The rogue server directs the client to visit fake websites in an attempt to gain their credentials.

To mitigate a rogue DHCP server attack, set the connection between the interface and the rogue server as untrusted. That action will block all ingress DHCP server messages from that interface.

Related Product : Certified Ethical Hacker | CEH Certification

A DHCP server is a machine that runs a service that can lease out IP addresses and other TCP/IP information to any client that requests it. They are usually managed and controlled by network administrators. Infosavvy gives training on CEHv10 course in which you will learn different types of attack on server or system Accreditation by EC-Council in Mumbai Location.

Also Read : DHCP Starvation Attack

Questions related to this topic

  1. Why is a rogue DHCP harmful to a network?
  2. What is rogue DHCP server attack?
  3. How can a rogue DHCP server be detected mitigated?
  4. Which type of DHCP attack is described as the process of getting a DHCP server to hand out all available IP addresses?

Learn CEH & Think like hacker

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us –

Leave a Comment