Call Us : +91-771045-0011 | +91-771045-0022

MAN IN THE MIDDDLE ATTACK (ROGUE DHCP ATTACK)

2017-03-14

Category : Network security

One of the powerful Internet attack which is commonly used by an attacker is MITM attack.Suppose you are seating in your office and surfing and sharing some confidential data with someone, and in between, one of your company’s bad guy is seating in between your network i.e, between your router and your laptop and capturing every keyword or site which is being accessed by you.That is what called Man In The Middle Attack.

So Guys, Today we are going to learn about What is Man in the Middle Attack using DHCP spoofing.
Before starting, let me make you familiar with What is DHCP?


Dynamic Host Configuration Protocol (DHCP): We can say it is present in our router, It is used for assigning a dynamic IP address to our computer inside our home network or inside the same network.You may check your IP address which may be something relating to 192.168.0.101, 192.168.0.102,192.168.0.103 these IP addresses.DHCP provides Dynamic Ip address just because of clients unusual segment.In our home network, every second a new user connects and leaves making DHCP to either give or take back IP address.


Remember, DHCP works in a broadcast fashion which means, whenever a new client send an IP request(DHCPDISCOVER/DHCPREQUEST) to DHCP, then DHCP replies to that client with DHCPOFFER/DHCPACK, this reply is listened by every client connected on that home network.


What is DHCP SPOOFING?
When an attacker is able to control DHCP, then he can assign a fake IP address to the victim making clients believe that they are connected to their legitimate default gateway.

Note: Everytime a new client comes on the network, it will request to the first DHCP to assign it an IP address.So if you are thinking of attacking as a Rogue DHCP then remember you need to succeed default DHCP, so that you are able to connect with the client otherwise you will be out of the stack.


Execution of the attack:

Requirements: Kali Linux or BT5 as OS.

Note: You need to either install OS in your system or you need to boot it LIVE.So that you can get the Network Interface.In VMware , you will not be able to take out this attack.

Step 1:Open Kali Linux and then open Terminal.

Step 2: 
Type

#ettercap -G


Step 3:In this, you will find Ettercap graphical version.In the menu go to Sniff -- Unified Sniffing.When the pop -ups comes.

Step 4:
You will find the first option as IP Pool(Optional)If you want to be the Fake DHCP then you must assign the range of IP’s in this input.
Example - 192.168.0.101-150.
Now when you are able to proceed Default DHCP, then victim connecting to the network will get IP assigned by you within this IP range

.Netmask:After this, there is an option netmask.You may check your netmask by typing Ifconfig in terminal.Fill that netmask here.

DNS Server IP: Here attacker needs to define his private IP address given by DHCP or can be rogue DNS IP.

Step 5:After clicking OK it will start creating a Fake DHCP Server and output will be displayed in the status box.Now it's time for Ettercap to listen for IP request from new clients, The time when it receives a request from the client, it responds with DHCPOFFER and replaces default gateway with the attackers IP address defined in the DNS Server IP.Now all the traffic searched by victim will go from the attacker machine.

Note: The default gateway i.e, the Default DHCP will be in direct connection with the victim but the traffic when goes from victim machine to outside world or we can say the outbound traffic will be via attackers machine, disclosing the confidentiality of the victim.
All the data captured will be shown in the below dialog box of Ettercap.

##############################################################################
Thanks guys for reading.



Contact Us

+91-771045-0011

Request more information

suggested for you

Proudly Operated from India

© 2016 Copyrights. All Rights Reserved

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.

Sign Up Log In