packet and broadcast the DHCP-REQUEST packet which includes the assigned IP address of the DHCP-OFFER packet.

4DHCP-ACK Stage: Since the DHCP-REQUEST packet is broadcasted, all DHCP servers on the network segment can receive it. However, only the requested server processes the request. If the DHCP server acknowledges assigning this IP address to the client, it will send the DHCP-ACK packet back to the client. Otherwise, the Server will send the DHCP-NAK packet to refuse assigning this IP address to the client.

¾DHCP Cheating Attack

During the working process of DHCP, generally there is no authentication mechanism between Server and Client. If there are several DHCP servers in the network, network confusion and security problem will happen. The common cases incurring the illegal DHCP servers are the following two:

1It’s common that the illegal DHCP server is manually configured by the user by mistake.

2Hacker exhausted the IP addresses of the normal DHCP server and then pretended to be a legal DHCP server to assign the IP addresses and the other parameters to Clients. For example, hacker used the pretended DHCP server to assign a modified DNS server address to users so as to induce the users to the evil financial website or electronic trading website and cheat the users of their accounts and passwords. The following figure illustrates the DHCP Cheating Attack implementation procedure.

Figure 5-19 DHCP Cheating Attack Implementation Procedure

DHCP Filtering feature allows only the trusted ports to forward DHCP packets and thereby ensures that users get proper IP addresses. DHCP Filtering is to monitor the process of hosts obtaining the IP addresses from DHCP servers, and record the IP address, MAC address, VLAN and the connected Port number of the Host for automatic binding. DHCP Filtering feature prevents the network from the DHCP Server Cheating Attack by discarding the DHCP packets on the distrusted port, so as to enhance the network security.

Choose the menu Switching → DHCP Filtering to load the following page.

49

Page 56
Image 56
TP-Link TL-SG2008 manual ¾ Dhcp Cheating Attack, Dhcp Cheating Attack Implementation Procedure