Why would a rogue host that is running a DHCP server on a campus LAN network present a
security risk?
A.
It may allocate IP addresses from an unknown subnet to the users.
B.
All multicast traffic can be sniffed by using the DHCP multicast capabilities.
C.
The CPU utilization of the first hop router can be overloaded by exploiting DHCP relay open
ports.
D.
A potential man-in-the-middle attack can be used against the clients.
Explanation:
A rogue DHCP server is typically used in conjunction with a network attacker who launches manin-the-middle (MitM) attacks. MitM is an attack technique in which the attacker exploits normal
protocol processing behavior to reroute normal traffic flow between two endpoints. A hacker will
broadcast DHCP requests with spoofed MAC addresses, thereby exhausting the address space of
the legitimate DHCP server. Once the addresses are exhausted, the rogue DHCP server provides
DHCP responses to users’ DHCP requests. These responses would include DNS servers and a
default gateway, which would be used to launch a MitM attack.