Which three statements describe DHCP spoofing attacks? (Choose three.)
A.
They can modify traffic in transit.
B.
They are used to perform man-in-the-middle attacks.
C.
They use ARP poisoning.
D.
They can access most network devices.
E.
They protect the identity of the attacker by masking the DHCP address.
F.
They are can physically modify the network gateway.
Explanation:
DHCP spoofing occurs when an attacker attempts to respond to DHCP requests and trying to
list themselves (spoofs) as the default gateway or DNS server, hence, initiating a man in the
middle attack. With that, it is possible that they can intercept traffic from users before
forwarding to the real gateway or perform DoS by flooding the real DHCP server with request
to choke ip address resources.
https://learningnetwork.cisco.com/thread/67229
https://learningnetwork.cisco.com/docs/DOC-24355
A, B and F.
DHCP snooping attacks differ from ARP poisoning. It’s also very possible to inject a malicious default gateway IP in the DHCP offer, making F a valid option.
But you cannot *Physically* modify the gateway. Making F invalid
This question is listed 3 times with 3 different answers. “physically modify the network gateway” is some tricky wording.
ARP poisoning is a manner of DHCP spoofing
https://learningnetwork.cisco.com/docs/DOC-24355
This is special kind of attack where attacker can gain access to network traffic by spoofing responses that would be sent by a valid DHCP server. This attack is using a technique ARP spoofing, also called ARP cache poisoning or ARP poison routing (APR) that is a simple LAN attack technique. ARP spoofing will allow an attacker to intercept frames on a LAN, modify the traffic, stop the traffic or simply sniff all the traffic. This is possible because all the communication in LAN is now crossing attackers interface and this communication is vulnerable to packet sniffing.