DHCP Starvation Attack with DHCP Rogue Server | Lucideus Research

DHCP is the reason for which we all get the logical addresses of our Machines aka IP Addresses. So, in a DHCP Starvation Attack, an Attacker Broadcasts large Number of DHCP Requests Packets with some sort of spoofed MAC Address (Physical Address of the Machine provided by the Network Interface Card) with the help of tools like Yersinia and DHCP Rogue Server. If enough requests are sent, the DHCP Server will start to respond to all those Requests Packets and the Attacker will be able to Exhaust or Consume all the available IP Addresses available to the DHCP Server for a particular period of time. This is a sort of DHCP Flooding Attack or DHCP Denial of Service Attack in which all the IP Addresses of the IP Pool will be consumed by the attacker and no new client will be able to connect to the DHCP Server, so the Attacker will make its own DHCP Server which will be a Rogue DHCP Server and the Client will be automatically connected to it.

What is DHCP and DHCP Server? DHCP states for Dynamic Host Configuration Protocol is a protocol that maintains a DHCP Server which Dynamically assigns the IP Address to every alive host and other related configuration information such as the subnet mask and default gateway within a network. DHCP Server is the responsible key system for assigning the IP Addresses of every Network. How DHCP Works? A DHCP server is used to issue unique IP addresses and automatically configure other network information. Basically, mostly in homes and small networks, the DHCP Server is situated in the Router and in large organizational sectors, DHCP Server can be an individual computer also. A DHCP server provides this information to a DHCP client through the exchange of a series of messages, known as the DHCP conversation or the DHCP transaction. The DHCP Process goes like this : A device which is a DHCP Client requests an IP address from a router, after which the host assigns an available IP address to allow the client to communicate on the network. Once a device is turned on and connected to a network that has a DHCP server, it will send a request to the server, called a DHCPDISCOVER request. After the DISCOVER packet reaches the DHCP server, the server attempts to hold on to an IP address that the device can use, and then offers the client the address with a DHCPOFFER packet.


Once the offer has been made for the chosen IP address, the device responds to the DHCP server with a DHCPREQUEST packet to accept it, after which the server sends an ACK (Acknowledgement Packet) that's used to confirm that the device has that specific IP address and to define the amount of time that the device can use the address before getting a new one.


What is DHCP Starvation Attack?

DHCP Starvation Attack is a Attack Vector in which a Attacker Broadcasts large Number of DHCP Requests Packets with some spoofed MAC Address. DHCP Starvation Attack is called an attack on a computer network, in which the entire range of available and DHCP award IP addresses to a single client be registered. The automatic assignment of network addresses to other computers is thus made impossible. This is a sort of DHCP Flooding Attack or DHCP Denial of Service Attack in which all the IP Addresses of the IP Pool will be consumed by the attacker and no new client will be able to connect to the DHCP Server.

Rogue DHCP Server

A rogue DHCP server is a DHCP server which is on a network but is not authorized and permissible by Network Administrator. This DHCP Server is created by the Attacker by which when all the IP Addresses will be starved it will make the victim to connects to its own Malicious DHCP into that same Network.







Lab Environment  1.Attacker’s Machine : Kali 17.2
2.Software Used : Metasploit Framework, DHCPig
3.Victim’s Machine : Window 7 SP 1

DHCPig
DHCPig is a Networking tool that initiates an advanced DHCP exhaustion/starvation attack which will consume all the IPs on the LAN, stop new users from obtaining IPs, release any IPs in use, then for good measure send gratuitous ARP and knock all windows hosts offline. By default it is Pre-installed in Kali Linux 17, you can access it by typing “pig.py” in your Gnome-Terminal.
It requires scapy >=2.1 library and admin privileges to execute. No configuration necessary, just pass the interface as a parameter. It has been tested on multiple Linux distributions and multiple DHCP servers (ISC,Windows 2k3/2k8).

POC VIDEO





Refrences
https://www.lifewire.com/what-is-dhcp-2625848
https://n0where.net/dhcp-exhaustion-attack-dhcpig
https://de.wikipedia.org/wiki/DHCP_Starvation_Attack

https://blog.webernetz.net/ipv6-security-an-overview/








Post a Comment

0 Comments