任务二 DHCP欺骗劫持与防御策略
一、任务目的
掌握DHCP的欺骗原理与DHCP监听配置
二、任务设施、设备
win10、华为ensp、VMware、win7
三、任务拓扑图
四、基本配置
R1:
[Huawei]int g0/0/0 [Huawei-GigabitEthernet0/0/0]ip add 192.168.1.1 24 [Huawei-GigabitEthernet0/0/0]int g0/0/1 [Huawei-GigabitEthernet0/0/1]ip add 192.168.2.1 24 [Huawei-GigabitEthernet0/0/1]q [Huawei]sy R1 [R1]rip 1 [R1-rip-1]version 2 [R1-rip-1]network 192.168.1.0 [R1-rip-1]network 192.168.2.0 [R1]ip route-static 0.0.0.0 0.0.0.0 182.168.2.2
R2: [R2]int g0/0/0 [R2-GigabitEthernet0/0/0]ip add 192.168.2.2 24 [R2-GigabitEthernet0/0/0]int s2/0/0 [R2-Serial2/0/0]ip add 202.116.64.1 24 [R2-Serial2/0/0]int g0/0/1 [R2-GigabitEthernet0/0/1]ip add 172.16.1.1 24 [R2]rip 1 [R2-rip-1]version 2 [R2-rip-1]network 192.168.2.0 [R2-rip-1]network 172.16.0.0 [R2-rip-1]q [R2]ip route-static 0.0.0.0 0.0.0.0 s2/0/0
R3: [Huawei]sy R3 [R3-GigabitEthernet0/0/0]ip add 203.203.100.1 24 [R3-Serial2/0/0]ip add 202.116.64.2 24 [R3-Serial2/0/0] [R3-Serial2/0/0]q
R2 easy-ip配置
[R2]acl 2000 [R2-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255 [R2-acl-basic-2000]rule permit source 192.168.2.0 0.0.0.255 [R2-acl-basic-2000]rule permit source 172.16.1.0 0.0.0.255 [R2]int s2/0/0 [R2-Serial2/0/0]nat outbound 2000 [R2-Serial2/0/0]q
R2配置DHCP服务,给技术部和工程部主机分配IP地址 [R2]dhcp enable [R2]ip pool jishu Info: It's successful to create an IP address pool. [R2-ip-pool-jishu]network 192.168.1.0 mask 24 [R2-ip-pool-jishu]gateway-list 192.168.1.1 [R2-ip-pool-jishu]dns-list 192.168.2.254 [R2-ip-pool-jishu]excluded-ip-address 192.168.1.2 192.168.1.9 [R2-ip-pool-jishu]q [R2]ip pool gongcheng Info: It's successful to create an IP address pool. [R2-ip-pool-gongcheng]network 172.16.1.0 mask 24 [R2-ip-pool-gongcheng]gateway-list 172.16.1.1 [R2-ip-pool-gongcheng]dns-list 192.168.2.254 [R2-ip-pool-gongcheng]excluded-ip-address 172.16.1.2 172.16.1.9 [R2-ip-pool-gongcheng]q [R2]ip pool jishu [R2-ip-pool-jishu]q [R2]int g0/0/0 [R2-GigabitEthernet0/0/0]dhcp select global [R2-GigabitEthernet0/0/0]int g0/0/1 [R2-GigabitEthernet0/0/1]dhcp select global
[R1]dhcp enable Info: The operation may take a few seconds. Please wait for a moment.done. [R1]int g0/0/0 [R1-GigabitEthernet0/0/0]dhcp relay server-ip 192.168.2.2
配置dns服务器:
五、入侵实战
1、网络拓扑图
2、伪造dhcp服务器R4配置
[R4]dhcp enable Info: The operation may take a few seconds. Please wait for a moment.done. [R4]ip pool forget Info: It's successful to create an IP address pool. [R4-ip-pool-forget]network 192.168.1.0 mask 24 [R4-ip-pool-forget]gateway-list 192.168.1.1 [R4-ip-pool-forget]dns-list 192.168.1.8 [R4]int g0/0/0 [R4-GigabitEthernet0/0/0]dhcp select global [R4-GigabitEthernet0/0/0]q
3、伪造dns服务器配置
4、验证入侵结果
六、防御策略
1、交换机SW1的配置 [SW1]dhcp enable Info: The operation may take a few seconds. Please wait for a moment.done. [SW1]dhcp snooping enable [SW1]dhcp snooping enable vlan 1 [SW1]int g0/0/3 [SW1-GigabitEthernet0/0/3]dhcp snooping trusted [SW1-GigabitEthernet0/0/3]q
2、任务验证(IP地址更新)
dns服务器更新
七、任务总结
此次实验让我学习到了如何通过伪造dns服务器来劫持所转发的企业数据包,也学会了如何防范这种攻击。攻击者在局域网中设置一台恶意主机,其IP地址与合法的DHCP服务器相同或者伪装成合法的DHCP服务器。攻击者的恶意主机会快速响应DHCP请求,并提供虚假的IP地址、网关和DNS服务器等信息。这样,受害者主机就会错误地配置网络,并将其数据发送到攻击者的主机上。