1. (3 points) DHCP Attack 1 Another type of attack that was not included in the workshop is DHCP (dynamic host configuration protocol) based attacks. Do a bit of research into how DHCP works and about...

Another type of attack that was not included in the workshop is DHCP (dynamic host configuration protocol) based attacks. Do a bit of research into how DHCP works and about some DHCP attacks and answer the following questions.

1. What are the 4 packets (messages) that are communicated between the client seeking and IP address and the DHCP server?


2. Are the 4 messages Layer 2 unicast or broadcast (be careful not to confuse between Layer 3 broadcast, which is sending to an IP broadcast address like 10.0.2.255, as opposed to Layer 2 broadcast which is sent to MAC address FF:FF:FF:FF:FF:FF).


3. Therefore, in a switched network, which of the 4 messages in the DHCP negotiation would the attacker be able to observe?


4. Briefly explain what DHCP spoofing and DHCP starvation attacks are executed, and how the two can be used in combination.


5. For an adversary looking to perform MITM, which DHCP configuration option(s) would you try to manipulate?


6. Briefly explain how "DHCPsnooping" configuration in a switch work to prevent DHCPspoofing?

2. (2 points) DHCP Attack 2

1. In your VirtualBox, change the Network setting toPromiscuous Mode = Allow Anyon both Kali and DSL.


2. Run Wireshark on Kali (on eth0) and restart DSL


3. Capture the 4x DHCP messages between DSL and DHCP server (10.0.2.3) on Wireshark and take a screenshot.


4. Repeat while simulating a switched network (set Promiscuous Mode = Deny) and capture the 2x DHCP messages. You should not need to reboot Kali after changing the network settings, but you do need to reboot DSL to refresh DHCP.

3. (3 points) DHCP Attack 3

1. Keep Wireshark running on Kali.


2. Use Ettercap's DHCP spoofing function to demonstrate how you can supply the victim (DSL) with a rogue DNS server, to make it easy for the attacker to spoof DNS replies. Try to perform DHCP spoofing toinject DNS server of 1.2.3.4.


3. Reboot DSL and confirm that DNS has been poisoned by looking at/etc/resolv.conf. Take a screenshot (docat /etc/resolv.conf).


4. Go to Wireshark, and identify theREAL DHCP ACK(coming from the 10.0.2.3 MAC address) andFAKE DHCP ACK(from the Kali MAC address) being sent to DSL. Take a screenshot.
   
   

4. (2 point) MITM Prevention

1. Briefly explain (1 or 2 sentences max) how HTTPS can defeat MITM via ARP cache poisoning.


2. In the same context, why did Chrome developers decided to display "Not Secure" on HTTP websites?
   
   
   


3. In the same context, what's the danger of ignoring a browser error message like this one and clicking on "Continue to this website"?
   
   
   


4. Briefly write an explanation that you might provide to your grandparent (or anyone who may not be IT savvy) why they should be careful when connecting to open WiFi hotspots like the ones at airports.