Mitigating Spoof Attacks
Describing a DHCP spoof attack

One of the ways for an attacker to can gain access to network traffic is to spoof responses that would be sent by a valid DHCP server. The DHCP spoofing device replies to client DHCP requests. The legitimate server may reply as well but if the Spoofing device is on the same segment as the client, its reply to the client may arrive first. The intruder’s DHCP reply offers an IP address and supporting information that designates the intruder as the default gateway or DNS server. In the case of a gateway, the clients will then forward all packets to the attacking device, which will in turn send them to the desired destination. This is referred to as a "man-in-the-middle" attack and it may go entirely undetected as the intruder intercepts the data flow through the network.

DHCP spoofing attack sequence, is shown in Figure . The table in Figure describes what is happening in Figure .