Which of the following is the man-in-the-middle attack that is most likely to be used to cause a workstation to send traffic to a false gateway IP address? (Select the best answer.)
- ARP spoofing
- DHCP spoofing
- MAC spoofing
- switch spoofing
Dynamic Host Configuration Protocol (DHCP) spoofing is the maninthemiddle attack that is most likely to be used to cause a workstation to send traffic to a false gateway IP address. In a DHCP spoofing attack, a rogue DHCP server is attached to the network in an attempt to intercept DHCP requests. The rogue DHCP server can then respond to the DHCP requests with its own IP address as the default gateway address so that all traffic is routed through the rogue DHCP server. DHCP snooping is a security technique that can be used to mitigate DHCP spoofing.
In an Address Resolution Protocol (ARP) poisoning attack, which is also known as an ARP spoofing attack, the attacker sends a gratuitous ARP (GARP) message to a host. The GARP message associates the attacker’s Media Access Control (MAC) address with the IP address of a valid host on the network. Subsequently, traffic sent to the valid host address will go to the attacker’s computer rather than to the intended recipient.
MAC spoofing makes network traffic from a device look as if it is coming from a different device. MAC spoofing is often implemented to bypass port security by making a device appear as if it were an authorized device. Malicious users can also use MAC spoofing to intercept network traffic that should be destined for a different device. ARP cache poisoning, content addressable memory (CAM) table flooding, and Denial of Service (DoS) attacks can all be performed by MAC spoofing.
Switch spoofing is a virtual LAN (VLAN) hopping attack that is characterized by using Dynamic Trunking Protocol (DTP) to negotiate a trunk link with a switch port in order to capture all traffic that is allowed on the trunk. In a switch spoofing attack, the attacking system is configured to act like a switch with a trunk port. This enables the attacking system to become a member of all VLANs, which enables the attacker to send and receive traffic among the other VLANs.