The past few class periods, as I have been teaching my MIS445 Networks & Security class about TCP, IP, DHCP, DNS, and routing, I have been digging into some of the threats at these different levels of the network.
Of course, I have mentioned things like DNS cache attacks, but the attack that really generated a lot of discussion was rogue DHCP servers. This attack requires insider access to a network (not hard on an unsecured wireless network or an open university network), but it really makes life difficult for the network administrator when these things pop up.
More often than not, rogue DHCP servers are not maliciously placed in a network. But what about a DHCP server that is maliciously added to a network to pwn all the outbound traffic? Devices like Pwn Plug with the addition of a DHCP server and a passive traffic capture capability would be a heck of a way to listen in on interesting conversations in a network.
When talking to my class, I mentioned tools that can help find rogue DHCP servers. I have heard of dhcpfind and dhcpexplorer, but I haven't used those tools before. It would be nice to find a tool that runs under Linux or MacOS.
No comments:
Post a Comment