From charlesreid1

(Redirected from Man in the Middle/DHCP)

DHCP Attacks

So what is DHCP anyway? DHCP is domain host control protocol - it's how IP addresses get handed out to different devices.

ACK Injection

ACK injection consists of an attacker monitoring a DHCP conversation between the DHCP server and a potential network node, and at some point during the conversation, sending a packet to interfere with the conversation. By controlling the DHCP process, the attacker controls the association between the IP address and MAC address of the sheep device - an alternative attack to ARP Poisoning with the same end.

EvilFOCA converts the attacker machine into a fake DHCP server on the network.

See #EvilFOCA tool below.

DNS Hijacking

DNS Hijacking consists in modifying the way the sheep's DNS system works. This can be achieved at multiple levels (e.g., at the system level, by breaking into and modifying the client's system to permanently point to a pirate DNS server; or at the network level, by conducting a MITM attack on DNS requests.) By poisoning routes, the attacker receives the sheep's DNS requests and can respond to specific DNS requests from the sheep to a destination of the attacker's choosing.

Tools

EvilFOCA

Link: https://github.com/ElevenPaths/EvilFOCA

Tool for conducting various DNS attacks (and other types of attacks)

  • Capable of conducting DHCP ACK Injection - attacker monitors DHCP exchanges, interferes by sending packets, attacker acts as fake DHCP server
  • DNS Hijacking - hijacking the shee's DNS channel to control where the sheep's requests point them

Flags