DHCP Classes of Attacks - Spoofing

DHCP Spoofing Attack – This occurs when a rogue DHCP server is connected to the network and provides false IP configuration parameters to legitimate clients

A rogue server can provide a variety of misleading information, including the following:

Wrong default gateway - The rogue server provides an invalid gateway or the IP address of its host to create a man-in-the-middle attack. This may go entirely undetected as the intruder intercepts the data flow through the network

Wrong DNS server - The rogue server provides an incorrect DNS server address pointing the user to a nefarious website

Wrong IP address - The rogue server provides an invalid IP address effectively creating a DoS attack on the DHCP client

DHCP Server

Attack System

Legitimate User