Detecting rogue DHCP and man-in-the-middle controllers in local area networks
Dr Ozianyi, Vitalis
MetadataShow full item record
Computer Local Area Networks (LAN) provide the point of attachment for end users of network services. Users connect various devices, like desktop computers, laptops, smartphones and TVs to fixed Ethernet or Wireless LAN (WLAN) networks. The dependence on LAN for connecting to the Internet creates a potential avenue for attackers to exploit vulnerabilities in the protocols used by these networks and their support systems, like Dynamic Host Configuration Protocol (DHCP), to target the users. Because these networks are designed to be used by communities of trusted users, there are few options for identifying and blocking dangerous and rogue users. Hence, legitimate users are exposed to social engineering and other attacks when using these networks. Rogue DHCP servers and Man-in-the-Middle (MITM) controllers can be installed in both LAN and WLAN environments and be used to direct users to rogue Domain Naming System (DNS) servers. Victims of these attacks may be sent to falsified websites when they request services that require name resolution by DNS. In this paper, we propose mechanisms for detecting rogue DHCP servers and MITM controllers in LAN and WLAN environments. The proposed solution exploits the use of broadcast messages by attackers, who ironically exploit the broadcast nature of target protocols used by DHCP and Address Resolution Protocol (ARP). We propose a solution that limits the effectiveness of these attacks.