Rogue DHCP Servers tend to appear out of nowhere thanks to users who connect consumer-grade network devices to the network infrastructure unaware that they have connected an unauthorized device with a rogue DHCP server enabled. Rogue DHCP servers are a common problem within enterprise organizations and are not always directly related with an attack. Rogue DHCP Servers – A Major Security Threat & Source of Network Disruptions The above attacks are examples on how easy hackers can infiltrate the network and get access to valuable information by simply connecting an unauthorized/untrusted device to an available network port effectively bypassing firewalls and other levels of security. It should be by now evident how a simple attack can become a major security threat for any organization. In other cases the Man-in-the-Middle attack can be used as a reconnaissance attack with the objective to obtain information about the network infrastructure, services but also identify hosts of high interest such as financial or database servers. In fact the process so simple it only requires a basic level of understanding of these type of network tools.
Using packet capture and protocol analysis tools the attacker is able to fully reconstruct any data stream captured and export files from it. Client data streams flow through the attacker DHCP Starvation is often accompanied by a Man-in-the-Middle attack as the rogue DHCP server distributes fake IP address parameters, including Gateway & DNS IP address, so that all client traffic passes through the attacker for inspection. The DHCP server will respond to all requests, not knowing this is a DHCP Starvation attack, and assign available IP addresses until its DHCP pool is depleted.Īt this point the attacker has rendered the organization’s DHCP server useless and can now enable his own rogue DHCP server to serve network clients.
Its primary objective is to flood the organization’s DHCP server with DHCP REQUEST messages using spoofed source MAC addresses. The IP DHCP Snooping Binding Database – Dynamic ARP InspectionĭHCP Starvation Attack, Man-in-the-Middle Attack, DHCP Hijacking & Reconnaissance AttacksĭHCP Starvation attack is a common network attack that targets network DHCP servers.Traffic Dropped by DHCP Snooping, DHCP Snooping Violations – Syslog Messages.
This article covers popular Layer 2 & Layer 3 network attacks with a focus on DHCP Starvation Attacks, Man-in-the-Middle attacks, unintentional rogue DHCP servers and explains how security features like DHCP Snooping help protect networks from these attacks.