Which of the following is the man-in-the-middle attack that is most likely to be used to cause a workstation to
send traffic to a false gateway IP address? (Select the best answer.)
A.
ARP spoofing
B.
DHCP spoofing
C.
MAC spoofing
D.
switch spoofing
Explanation:
Dynamic Host Configuration Protocol (DHCP) spoofing is the maninthemiddle attack that is most likely to beused to cause a workstation to send traffic to a false gateway IP address. In a DHCP spoofing attack, a rogue
DHCP server is attached to the network in an attempt to intercept DHCP requests. The rogue DHCP server can
then respond to the DHCP requests with its own IP address as the default gateway address so that all traffic is
routed through the rogue DHCP server. DHCP snooping is a security technique that can be used to mitigate
DHCP spoofing.
In an Address Resolution Protocol (ARP) poisoning attack, which is also known as an ARP spoofing attack, the
attacker sends a gratuitous ARP (GARP) message to a host. The GARP message associates the attacker’s
Media Access Control (MAC) address with the IP address of a valid host on the network. Subsequently, traffic
sent to the valid host address will go to the attacker’s computer rather than to the intended recipient.
MAC spoofing makes network traffic from a device look as if it is coming from a different device. MAC spoofing
is often implemented to bypass port security by making a device appear as if it were an authorized device.
Malicious users can also use MAC spoofing to intercept network traffic that should be destined for a different
device. ARP cache poisoning, content addressable memory (CAM) table flooding, and Denial of Service (DoS)
attacks can all be performed by MAC spoofing.
Switch spoofing is a virtual LAN (VLAN) hopping attack that is characterized by using Dynamic Trunking
Protocol (DTP) to negotiate a trunk link with a switch port in order to capture all traffic that is allowed on the
trunk. In a switch spoofing attack, the attacking system is configured to act like a switch with a trunk port. This
enables the attacking system to become a member of all VLANs, which enables the attacker to send and
receive traffic among the other VLANs.Cisco: DHCP Snooping: Overview of DHCP Snooping
Juniper Networks: Preventing DHCP Spoofing