Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Physical security and network access control measures typically prevent attackers from plugging a rogue device into a network, reducing the risk of a random or opportunistic attack. But an attacker often only needs physical network access to introduce a rogue DHCP device. Rogue DHCP servers facilitate machine-in-the-middle (MITM) attacks, which enable an attacker to collect sensitive data.
The system might change the risk score for this detection.
Kill Chain
Risk Score
56
DHCP servers dynamically assign an IP address and network parameters to network devices, helping IT administrators manage their network infrastructure. An attacker can install a device on a network to act as a rogue DHCP server. When a client sends a broadcast DHCP request for a new IP address, the rogue DHCP server responds with a malicious IP address, gateway, or DNS server that points to an attacker-controlled MITM server. As a result, devices on the network that want to communicate with the client send their traffic to the MITM server instead, enabling the attacker to intercept and collect sensitive data from that traffic.
Quarantine the device while checking for indicators of compromise
