DHCP Starvation DOS Attack Penetration Testing Example Demonstration with Kali

DHCP Starvation DOS Attack Penetration Testing Example Demonstration with Kali



DHCP Starvation is an attack that works by broadcasting vast numbers of DHCP requests with spoofed MAC addresses simultaneously.



I had showed my topology in the above snap, As you can see I have a router that acts as the DHCP server and a Kali linux 2.0 machine which is connected to the same network. The same steps can be followed to hack a Windows or a Linux DHCP server also. This is how my routers DHCP binding looks before the attempt,

Router (Before Attack)

R1#sh ip dhcp binding 
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
 Hardware address/
 User name
R1#

I used yersinia tool to perform the attack, this yersinia comes in built to your Kali operating system. Open terminal, type yersinia -G and press enter.



Click on Launch Attack. Select the tab DHCP and check the second box sending DISCOVER packet and press OK. Within seconds, hundreds of DHCP requests will be sent and the router will be busy handling all our requests and wont be able to handle IP addresses to genuine users. Below logs are taken after the attack,

Router (After Attack)

R1#sh ip dhcp binding 
% The DHCP database could not be locked. Please retry the command later.
R1#
Router couldnt respond, I had taken the below output after 10 mins.

R1#sh ip dhcp binding 
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
 Hardware address/
 User name
120.0.0.4 3669.9348.85d1 Mar 01 2002 12:20 AM Automatic
120.0.0.5 7add.b556.f179 Mar 01 2002 12:20 AM Automatic
120.0.0.6 347b.0c74.8013 Mar 01 2002 12:20 AM Automatic
120.0.0.7 f976.c10d.205f Mar 01 2002 12:20 AM Automatic
120.0.0.8 b2de.b66b.5b30 Mar 01 2002 12:20 AM Automatic
120.0.0.9 32cd.4b14.c1f7 Mar 01 2002 12:20 AM Automatic
120.0.0.10 d0fd.bd17.a548 Mar 01 2002 12:20 AM Automatic
120.0.0.11 e4be.180a.3fbd Mar 01 2002 12:20 AM Automatic
120.0.0.12 559b.e206.ffd0 Mar 01 2002 12:20 AM Automatic
120.0.0.13 4e64.0231.a81d Mar 01 2002 12:20 AM Automatic
120.0.0.14 ac61.c36b.8931 Mar 01 2002 12:21 AM Automatic
120.0.0.15 763d.5c2f.0d07 Mar 01 2002 12:21 AM Automatic
120.0.0.16 d738.1831.3ffa Mar 01 2002 12:21 AM Automatic
120.0.0.17 0f64.dc31.3bfd Mar 01 2002 12:21 AM Automatic
120.0.0.18 beae.bf51.f15b Mar 01 2002 12:21 AM Automatic
120.0.0.19 b511.3b23.4732 Mar 01 2002 12:21 AM Automatic
120.0.0.20 e682.902a.2069 Mar 01 2002 12:21 AM Automatic
120.0.0.21 d253.6658.b71c Mar 01 2002 12:21 AM Automatic
120.0.0.22 11ed.8f0f.f330 Mar 01 2002 12:21 AM Automatic
 --More--

As you can see, all the IPs are assigned to Kalis duplicate DHCP requests. To stop the attack, click on List attackts and Cancel all attacks.

Mitigation

To secure our network from this attack, we have two options.

1) DHCP Snooping
2) Port Security

Cisco IOS Mitigation

To enable DHCP Snooping on a Cisco IOS switch, follow these steps:

switch(config)# ip dhcp snooping
!Enables DHCP Snooping globally!
switch(config)# ip dhcp snooping vlan <vlan_id> {,<vlan_id>}
!Enables DHCP Snooping for Specific VLANs!
switch(config-if)# ip dhcp snooping trust
!Sets the interface to trusted state; can then pass DHCP replies!
switch(config-if)# ip dhcp snooping limit rate <rate>
!Sets rate limit for DHCP Snooping!

To know more about DHCP snooping, visit http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/snoodhcp.html

Cisco CatOS Mitigation

To mitigate DHCP Starvation attacks with port security on CatOS, use the following:

set port security 5/1 enable
set port security 5/1 port max 1
set port security 5/1 violation restrict
set port security 5/1 age 2
set port security 5/1 timer-type inactivity




go to link download

Popular posts from this blog

DroidJack RAT Androrat Android Sample

Image
DroidJack RAT Androrat Android Sample Research: Symantec: DroidJack RAT: A tale of how budding entrepreneurism can turn to cybercrime Sample credit: Paul Burbage and Fran File: SandroRat.apk Size: 215839 MD5:  3BCCA99E4D99B4CF733D8EBB79D35782 Download. Email me if you need the password https://www.virustotal.com/en/file/48d25786b7512761ed561bb50de4c0bd8a19df0e5de2bc40cd9d84dddf11c16d/analysis/ SHA256: 48d25786b7512761ed561bb50de4c0bd8a19df0e5de2bc40cd9d84dddf11c16d File name: 48d25786b7512761ed561bb50de4c0bd8a19df0e5de2bc40cd9d84dddf11c16d Detection ratio: 18 / 54 Analysis date: 2014-12-19 08:17:29 UTC ( 1 day, 20 hours ago )  Behavioural information Antivirus Result Update Qihoo-360 Win32/Trojan.Spy.fb5 20141219 Baidu-International Trojan.AndroidOS.Sandr.aglz 20141218 NANO-Antivirus Trojan.Android.Zerat.dekxmy 20141219 Ikarus Spyware.AndroidOS.Kasandra 20141219 Kaspersky HEUR:Trojan-Spy.AndroidOS.Sandr.a 20141219 McAfee Artemis!3BCCA99E4D99 2014121...
Read more

Modern Combat 2 Black Pegasus apk data Free Download

Image
Modern Combat 2 Black Pegasus apk data Free Download modern combat 2 fix apk,Modern Combat 2: Black Pegasus apk download,this is the best gun shoot game for android Mobile phone and all android device for tablet. Modern Combat 2: Black Pegasus APK + DATA Android Game Download For Free Modern Combat 2: Black Pegasus apk:Download Modern Combat 2: Black Pegasus APK is a Action Game for Smartphone or Tablet, Download it for free in our website. Beside this one we have hundreds of other full versions of the best android games. the most beautiful world of James Cameron�s Avatar by using James Cameron�s Avatar HD application. Enjoy an epic journey of redemption and discover both decades to know how the first avatar came into exist . It is an awesome game with most addicting gameplay to engage you for endless hours. Feel like you are fighting with enemies in real time thanks to it�s full HD graphics. Modern Combat 2: Black Pegasus apk full game download links Modern Combat 2 Android game Fix a...
Read more

Notepad 6 6 8

Image
Notepad 6 6 8 Notepad++ is an open source text editor which has wide selection of advanced tools that are to be used not only by seasoned professionals who are demanding more oversight and control over their projects, but also for novices with small amount of technical knowledge who are seeking better alternative to the standard Notepad app that comes preinstalled with every version of Windows OS.  By managing to expand capabilities of Notepad, N++ manages to provide comprehensive professional tool that can be truly used by anyone who is in need of any sort of advanced text editing tool that is more focused not on general office productivity (there are many standalone solutions for those projects) but more oriented on coding and creation of plain text articles that don�t feature any formatting. First version of the Notepad++ was released in November of 2003, and it very quickly became popular all around the world by allowing professional software development community access to dee...
Read more