CAPEC-697: DHCP Spoofing

Description
<p>An adversary masquerades as a legitimate Dynamic Host Configuration Protocol (DHCP) server by spoofing DHCP traffic, with the goal of redirecting network traffic or denying service to DHCP.<p>
Extended Description

DHCP is broadcast to the entire Local Area Network (LAN) and does not have any form of authentication by default. Therefore, it is susceptible to spoofing.

An adversary with access to the target LAN can receive DHCP messages; obtaining the topology information required to potentially manipulate other hosts' network configurations.

To improve the likelihood of the DHCP request being serviced by the Rogue server, an adversary can first starve the DHCP pool.

Severity :

High

Possibility :

Low

Type :

Standard
Relationships with other CAPECs

This table shows the other attack patterns and high level categories that are related to this attack pattern.

Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • The adversary must have access to a machine within the target LAN which can send DHCP offers to the target.
Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • Medium The adversary must identify potential targets for DHCP Spoofing and craft network configurations to obtain the desired results.
Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

Resources required

The adversary requires access to a machine within the target LAN on a network which does not secure its DHCP traffic through MAC-Forced Forwarding, port security, etc.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

Visit http://capec.mitre.org/ for more details.

© cvefeed.io
Latest DB Update: Dec. 22, 2024 7:59