This might be kind of very simple topic which is not really highlighted but very important to understand and remember. The reason is due to vast expansion of web we are now in more engaged in new technologies. Latest platform challenges to give more recent security support on software and hardware level. But does that complete security package is enough to deal with the threats. My guide is more based on a very vast network. Anyhow we are now in touch with network either your are sole broadband using surfing no WAN or either you are an enterprise. DHCP spoofing or Rogue DHCP is a method by which your traffic is hijacked and redirected to unknown websites. I cannot explain the same in more simple way. For getting more aware about this you will need to go through the below articles where I had tried to explain in more detail how this all works.
I had figured out many times an unknown kind of DHCP server addresses. It was difficult for me to talk with ISP customer care and tell them this to fix the same from there end. By they don’t looks much bothered. A way to protect my system and data is by using a pack of internet security suite which is plenty of available. Each of it guarantees a kind of security features and tons of updates which not a simple user’s cup of tea. So we blindly buy that and think we are secure. But do we really think that even after configuring a high end Internet Security package we are safe. How much of you are satisfied. I will surely find a high percentage. Because on software level it is possible to block some kind of virus infection but what on the hardware level or on the core level where a regular user never checks.
These types of attack usually affect a large network. For example you are on a WAN. The connect is provided you by the ISP. A direct LAN cable goes to your system and your surf. You visit social networking websites, shop online, buy stuff, banking transaction and all and all. And lots other things are carried out, but what I think and found that it is rare to find a security package which gives you a full security unless and until you are entirely on a highly secure independent network. But still there are certain flaws which are still influenced by anti social elements. This flaws are well knows by this attackers who work for various motive to capture data and redirect traffic. I am not talking about IP spoofing here but a low level layer where are not aware how this all work. I recommend reading this once a while to figure out how DHCP Spoofing works. My guide is to provide you proper techniques and information to protect yourself from such threats.
What is DHCP?
DHCP is widely used protocol. It is a process by which the host clients receive auto-ip on automatic settings. It is not secure. DHCP Stands for Dynamic Host Configuration Protocol. It is kind of network protocol which helps the host machine to get access on IP network. Computers around the world are connected via IP network. Each IP network has tons of inter connected computers which in all together become the biggest network called as Internet. Let’s take a smaller example. You have 4 to 7 systems in your office which are connected with each and a user can access by providing the user login / password which is authenticated by a local in-house server. Here IP address is the most important part. This is your systems direct address. For a small network it is allowed automatically by the server itself. So no need to learn rocket science here. What DHCP does here is, it removes the manual work of providing IP address to each system. DHCP does the job when the systems are set on automatic configuration.
The network admin does not need to go in each system and configure the addresses manually. Other than this a DHCP is a central hub for these systems on network. It has a list of all computers temporary IP connected and removes the issue of duplicate ip addresses which can cause network conflict.
How does DHCP Spoofing works:
This attack works by collection of IP addresses of innocent users via spoofed DHCP. I had small explanation on this first how DHCP access works. This is important to understand to figure out the process of gaining access to DHCP server. If you are able to understand this process then it will become easier to manage this. First let’s being with DHCP Spoofing. DHCP Spoofing is a process by which a system acquires IP address from the server. To get on the network you need an IP address. DHCP is responsible to give you that.
The connection follows is in this way:
Look above. The first layer in the system the host. Then comes the network mode or pipeline and then the WAN which is wide area network. The last is the DHCP server. The server for example lies on a remote location. You need IP address via to get on internet. So for that the Pipeline or the network devices, etc will receive a DHCP discover packet. This is preconfigured by the server and can only be understood by the devices. You can install some tools which can sniff this packet. This Discover packet comes from your system on which the pipeline or the network devices respond with DHCP offer packet. This packet has information related to spoofed ip address which is allotted to the system for some time. In this once the DHCP server you contacted is already spoofed your data goes to hijacker. He can redirect the users also to other websites which can carry infections.
Bookmarks