Lab 14

Lab 14

This lab was quite cool, it involved using a rogue DHCP server to get devices to have bad configurations. It also showed ways to deal with this sort of attack with 

Exercise 1

In this exercise I set up a fake website that affected clients would see instead of the legitimate site. I then got the legitimate site open.

 

Exercise 2

In this exercise I set up bad DNS service and configured the rogue DHCP server to prepare for the next step. I did not run the DHCP server yet.

Exercise 3

In this exercise I ran the attack. First off I ran a script that starved all DHCP servers on the network. This is why I haven't started the rogue DHCP server because the script would starve it as well. Once the script finishes, the legitimate DHCP server will have all its entries filled so the only server able to hand out addresses is the rogue one. To have that happen, we start the rogue DHCP server and renew the address of the client. Once the client has the new address and DNS settings, if I access the classroom.local site, it will give me a malicious site with a dangerous download.

I then turned off the attack for the next exercise.

Exercise 4

In this exercise I implemented DNSSEC. This means that devices on my domain have signed DNS records so even if rogue DHCP server gives bad DNS configurations, it will only use the signed DNS records. As can be seen, the fake website can't be accessed because the DNSSEC is stopping the client from using the bad DNS service.

Exercise 5

In this exercise I changed the switch I was using to one that did not allow MAC address spoofing, this meant that the attack doesn't work because I can't starve the DHCP server. I then got a legitimate address on the client and was able to access the legitimate website.

Showing that I have removed all bad leases caused by the DHCP starvation attack. The client then got an address from this pool.