Écoutez la diffusion
More advanced device profiling techniques deploy various techniques such as nmap scan , DNS inspection, DHCP inspection, SNMP checks, and OSI layer two protocols such as Cisco Discovery Protocol or Link Layer Discovery Protocol to identify the connecting device’s features. The mechanism explained in this paper is a manipulation or spoofing of DHCP packets to trick the advanced device profiling into thinking the attacking device is a legitimate one. Essentially, we are masquerading an attacking device with crafted DHCP packets so that the device appears to the inspection engine as a legitimate device. The proof of concept has been developed that allows an attacker to define the DHCP payload to mimic the fingerprint of an arbitrary device. To the best of the author’s knowledge, no such or similar tool is publicly available. Also, this is the first paper to describe in-depth a client-based DHCP attack which is neither denial of service (server starvation) nor a rogue server.