Rogue DHCP Server - when IP addresses are assigned by an illegitimate server

• No security built in to DHCP
• Devices can be assigned invalid or duplicate addresses to shut down services
• Many switches include DHCP Snooping - examines all DHCP requests and only allows responses sent by authorized DHCP server
• Active Directory has a feature to designate "authorized" DHCP servers that will be allowed to issue IP addresses

Responding to a rogue DHCP server

• Shut the server down and renew the IP addresses of all devices on the network to ensure they are all valid

Rogue Access Points

• Not inherently malicious, but can potentially be a significant backdoor to a network
• Easy to install - plugged into an ethernet point or "wireless sharing" used on a device
• To mitigate, schedule periodic surveys of your wireless network
• Also, 802.1X enforces mandatory authentication to access a network

Wireless Evil Twin - A similar or exact copy of a legitimate access point used for malicious purposes

• "The wireless version of phishing" - trick people into connecting to them
• Often configured to overpower existing access points' signals
• To mitigate, encrypt traffic that you send (VPN, HTTPS)
• Well-suited for on-path network attacks

On-path network attacks - "man-in-the-middle"

• A malicious device will intercept traffic from a device, examine it, and forward it to the intended device
• ARP Poisoning is a notable example - an attacker spoofs the IP address of a router and intercepts the traffic sent to and from that router by a device
• Other examples: session hijacking, HTTPS spoofing, Wi-Fi eavesdropping
• Encrypting the data you send mitigates the damage of on-path attacks