A Model to detect and prevent rogue DHCP attacks on wireless LAN communication

Wachira, Fiona Njeri
Journal Title
Journal ISSN
Volume Title
Strathmore University
WLAN technology is a crucial component of computer networks. The use of Wi-Fi communication has grown due to the increasing population of end devices, which includes smartphones, tablets, laptops etc. This has significantly increased the number of internet users. When mobile hosts move from one network to another, they require new system configurations in order to communicate hence the use of WLAN. Dynamic Host Configuration Protocol (DHCP) supports automatic configuration of hosts. With respect to DHCP processes, one of the internal attacks that majorly affects WLAN security is rogue DHCP server. Due to the nature of DHCP communication, it is easy for an attacker to introduce a rogue DHCP server. This is possible since a client can receive DHCPOFFER messages from more than one DHCP server. To address this issue, the study proposes a custom IDS that detects rogue DHCP server attacks by monitoring and analysing DHCP transaction messages. The study implements an experimental design that involves setting up a test network containing both rogue and genuine DHCP servers. Packet characteristics of rogue DHCP are collected and analyzed to identify the parameters to be used by the IDS. To validate the proposed solution, the offered IP addresses by the rogue DHCP server are checked against the report generated by the IDS. From the findings, it was confirmed that the IDS has 100% detection rate since all offered IP addresses by rogue DHCP server were detected by the IDS.
A Thesis Submitted in partial fulfilment of the requirements for the Degree of Masters of Science in Information Systems Security at Strathmore University
Wireless LAN, Dynamic Host Configuration Protocol (DHCP), Computer networks