DHCP安全威胁 - 博客

[{"createTime":1735734952000,"id":1,"img":"hwy_ms_500_252.jpeg","link":"https://activity.huaweicloud.com/cps.html?fromacct=261f35b6-af54-4511-a2ca-910fa15905d1&utm_source=V1g3MDY4NTY=&utm_medium=cps&utm_campaign=201905","name":"华为云秒杀","status":9,"txt":"华为云38元秒杀","type":1,"updateTime":1735747411000,"userId":3},{"createTime":1736173885000,"id":2,"img":"txy_480_300.png","link":"https://cloud.tencent.com/act/cps/redirect?redirect=1077&cps_key=edb15096bfff75effaaa8c8bb66138bd&from=console","name":"腾讯云秒杀","status":9,"txt":"腾讯云限量秒杀","type":1,"updateTime":1736173885000,"userId":3},{"createTime":1736177492000,"id":3,"img":"aly_251_140.png","link":"https://www.aliyun.com/minisite/goods?userCode=pwp8kmv3","memo":"","name":"阿里云","status":9,"txt":"阿里云2折起","type":1,"updateTime":1736177492000,"userId":3},{"createTime":1735660800000,"id":4,"img":"vultr_560_300.png","link":"https://www.vultr.com/?ref=9603742-8H","name":"Vultr","status":9,"txt":"Vultr送$100","type":1,"updateTime":1735660800000,"userId":3},{"createTime":1735660800000,"id":5,"img":"jdy_663_320.jpg","link":"https://3.cn/2ay1-e5t","name":"京东云","status":9,"txt":"京东云特惠专区","type":1,"updateTime":1735660800000,"userId":3},{"createTime":1735660800000,"id":6,"img":"new_ads.png","link":"https://www.iodraw.com/ads","name":"发布广告","status":9,"txt":"发布广告","type":1,"updateTime":1735660800000,"userId":3},{"createTime":1735660800000,"id":7,"img":"yun_910_50.png","link":"https://activity.huaweicloud.com/discount_area_v5/index.html?fromacct=261f35b6-af54-4511-a2ca-910fa15905d1&utm_source=aXhpYW95YW5nOA===&utm_medium=cps&utm_campaign=201905","name":"底部","status":9,"txt":"高性能云服务器2折起","type":2,"updateTime":1735660800000,"userId":3}]

三种针对DHCP的攻击：

        1.DHCP饿死攻击

        2.仿冒DHCP Server 攻击

        3.DHCP中间人攻击

DHCP 饿死攻击

      原理：攻击者持续改变DHCP报文中的chaddr字段，持续的向DHCP服务器申请大量的IP的地址，导致用户不能正常分配

      漏洞分析：DHCP服务器分配地址时无法分辨正常的申请者和恶意的申请者

仿冒DHCP攻击

        原理：攻击者仿冒dhcp服务器给客户端分配错误的网关地址和ip等参数，导致正常的用户无法上网

        漏洞分析：dhcp客户端接收dhcp分配的信息时，无法分配正确的dhcp服务器信息和仿冒的dhcp服务器信息

DHCP中间人攻击

        原理：攻击者例用arp机制，让客户端学习到中间人的mac地址和服务器IP的对应关系，又让dhcp服务器学习到客户端ip和中间人mac的对应关系

                如此一来，客户端与服务器的交互报文都会经过中间人中转

        漏洞分析：从本质上讲，中间人攻击是一种spoofing ip/mac攻击，中间人利用虚假的ip地址与mac地址之间的映射关系来同时欺骗dhcp服务器和客户端。

DHCP snooping

    饿死攻击：对DHCP request报文进行源mac地址和chaddr字段检查，发现不一致，丢弃此报文

        [sw1]dhcp snooping enable

        [sw1]interface GigabitEthernet 0/0/1

        [sw1-GigabitEthernet0/0/1]dhcp snooping check dhcp-chaddr enable

    仿冒dhcp攻击：添加信任端口，默认所有端口都是untrust ，设置trust端口连接服务器，认为通过的offer/ACK报文是合法的

        [SW]dhcp enable

        [SW]dhcp snooping enable

        [SW]int g0/0/2

        [SW-GigabitEthernet0/0/2]dhcp snooping trusted

    DHCP中间人攻击:用snooping形成交换机ip和mac地址绑定表，报文进入交换机和绑定表对比，不匹配discard

        [SW]dhcp enable

        [SW]dhcp snooping enable

        [SW-GigabitEthernet0/0/2]ip source check user-bind enable

配置环境：华为S5700交换机

技术

Java1212 篇
Python927 篇
开发语言608 篇
c语言463 篇
算法461 篇
MySQL438 篇
数据库394 篇
前端387 篇
更多...