MikroTik DHCP Rogue Attack

We are still talking about the different types of OSI Layer attacks, and now we have to discuss another type of attack which is the DHCP Rogue attack.

This attack is so hard to detect. Any attacker, who is connected to our Layer 2 network which a Kali Linux machine (or other tools) or a simple router, is able to be a DHCP Server and can run this attack.

You can see, the attacker can make his Kali Linux machine become a DHCP server while R1 is the legitimate DHCP server, then once the PC got connected to the network, it will have to ask for an IP address from the DHCP server. As we do have 2 DHCP servers on the network (R1 and Kali Linux), it may happen that the PC will get a lease from the Kali Linux DHCP server faster before the R1 does. This way, the PC will end up using the IP, subnet, gateway and DNS from the Kali Linux.

The attacker is smart enough, he will run some type of capturing because now all traffic from the PC will go via the Kali Linux (because he is the gateway now of the PC) and this will end up that the Kali Linux will be able to capture and analyze all type of data that the PC is doing. Imagine guessing the passwords, credit cards, login to network devices, and the list can go on.

For this reason, we should deploy something on our network to secure it from such type of DHCP rogue attacks.

Let’s see on a LAB how this can be done.

LAB: DHCP Rogue Attack Prevention

I do have this scenario now. R1 has an IP on its interface Ether1 of and I have DHCP server enabled on this interface.

I do have a switch (SW1) where I put in bridged ports Ether1 and Ether2 so they become in the same broadcast domain. This way, the PC should receive an IP address from R1. Let’s check if everything is working as it should work:

Indeed, everything looks very normal for now.

I know that R1 will always be connected to the interface Ether1 of the switch. So, I have to make a configuration on the switch saying that the DHCP server connected to its interface Ether1 is a trusted one and can accept the DHCP messages (DORA), and in case a DHCP server is found on another interface (but Ether1) then do not allow it to pass the DHCP messages. Got me?

Let me show you how you can do that on the switch.

Apologies, the Full Lesson Access is Only for Members....


Get Access to all Lessons from different Vendors


Affordable Price to Enhance your IT Skills!


Always Accessing all Lessons including the New Added Ones

100% Satisfaction Guaranteed!

You can cancel your membership at anytime.
No Questions Asked Whatsover!


Submit a Comment

Your email address will not be published. Required fields are marked *

Please Login to Reply or add a comment!