KonohaHokage Posted February 22, 2021 Report Share Posted February 22, 2021 (edited) Explain what is the DHCP Rogue Server with example? I'm currently practicing Ethical Hacking from one site and can't figure out what is this. Guys help me in getting the CEH Certification. Thanks for helping me, in advance. Edited February 22, 2021 by KonohaHokage Quote Link to comment Share on other sites More sharing options...
Nytro Posted February 22, 2021 Report Share Posted February 22, 2021 DHCP is used for dynamic configuration. At your home, I assume you have a router (WiFi). When you connect your laptop/PC to the Wifi/cable network from your router, some things will happen on the background: 1. Your PC/laptop will send a DHCP broadcast message to get its network configuration 2. The DHCP server which your router runs will reply and will exchange important information such as IP address for your laptop/PC and DNS server etc. 3. You laptop/PC will use the information to allow you to browse the Internet This is the same scenario in Enterprises as well. Even if there is no WiFi router, the DHCP and DNS services might run standalone. Rogue DHCP server is a fake one, created by an attacker from the same network. When your PC/laptop (or an employee's workstation in an Enterprise) will send the DHCP broadcast message, it will reach attacker's Rogue DHCP server which will reply with false information, such as an IP address, a fake DNS Server (which is running on the attacker's computer) and gateway (again, on the attacker's computer). This way, the attacker can get it's victim network traffic and DNS requests. It can reply to all DNS requests or only specific targets with it's own computer IP (attacker one) and this way it can intercept traffic sent to arbitrary domains. Of course, if TLS is used it should be fine unless the victim "Proceeds" with the "Certificate invalid" error message. You should try OSCP instead of that CEH thing. 1 Quote Link to comment Share on other sites More sharing options...
