TY - JOUR
T1 - DHCP attacking tools
T2 - an analysis
AU - Aldaoud, Manar
AU - Al-Abri, Dawood
AU - Al Maashri, Ahmed
AU - Kausar, Firdous
N1 - Publisher Copyright:
© 2021, The Author(s), under exclusive licence to Springer-Verlag France SAS part of Springer Nature.
PY - 2021/6
Y1 - 2021/6
N2 - Nowadays, many new devices with network capabilities are constantly being connected to existing networks. Consequently, the need for an automatic and dynamic approach to supply critical network settings to these new nodes is indispensable in large networks, which is mainly provided by the dynamic host configuration protocol (DHCP). Unfortunately, the vulnerabilities of this protocol can be exploited to attack such large networks. This paper conducts the first detailed, systematic, and thorough study of the publicly known DHCP attacking tools that target the DHCP service. The study analyses DHCP packet traces to scrutinise the DHCP attacking tools, analyse their raw packets, and identify their characteristics. It also classifies DHCP attacking tools by their characteristics, impact on DHCP service, and signatures. Furthermore, a detection mechanism is proposed that is based on both fingerprint and behavioural signatures. The findings of this study will be very useful to enhance DHCP implementations and to develop efficient detection and mitigation methods.
AB - Nowadays, many new devices with network capabilities are constantly being connected to existing networks. Consequently, the need for an automatic and dynamic approach to supply critical network settings to these new nodes is indispensable in large networks, which is mainly provided by the dynamic host configuration protocol (DHCP). Unfortunately, the vulnerabilities of this protocol can be exploited to attack such large networks. This paper conducts the first detailed, systematic, and thorough study of the publicly known DHCP attacking tools that target the DHCP service. The study analyses DHCP packet traces to scrutinise the DHCP attacking tools, analyse their raw packets, and identify their characteristics. It also classifies DHCP attacking tools by their characteristics, impact on DHCP service, and signatures. Furthermore, a detection mechanism is proposed that is based on both fingerprint and behavioural signatures. The findings of this study will be very useful to enhance DHCP implementations and to develop efficient detection and mitigation methods.
KW - Attack analysis
KW - Attack classification
KW - Attack signature
KW - DHCP
KW - DHCP attacking tools
UR - http://www.scopus.com/inward/record.url?scp=85098693430&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85098693430&partnerID=8YFLogxK
U2 - 10.1007/s11416-020-00374-8
DO - 10.1007/s11416-020-00374-8
M3 - Article
AN - SCOPUS:85098693430
SN - 2274-2042
VL - 17
SP - 119
EP - 129
JO - Journal of Computer Virology and Hacking Techniques
JF - Journal of Computer Virology and Hacking Techniques
IS - 2
ER -