1
00:00:02,200 --> 00:00:08,660
Let's take a look at the DHC protocol this is the protocol operating in almost any network.

2
00:00:10,230 --> 00:00:17,460
It's responsible for the automatic configuration of IP version 4 instead of configuring IP addresses

3
00:00:17,960 --> 00:00:23,070
Max and DNS servers and the full gateways on each workstation.

4
00:00:23,070 --> 00:00:29,850
You can run a single DHC server you will configure each computer in the network automatically.

5
00:00:31,220 --> 00:00:34,170
Please note that again trust is needed.

6
00:00:36,670 --> 00:00:41,470
When you allow a computer to be connected to a network you don't know whose it is and what software

7
00:00:41,470 --> 00:00:42,680
is installed on it.

8
00:00:45,840 --> 00:00:57,140
It sends the DHC rediscover packet to check if there are any DHC servers in the network.

9
00:00:57,260 --> 00:01:01,670
If there are then each of them will offer the computer the IP configuration parameters

10
00:01:05,970 --> 00:01:13,250
the client will choose one DHC server probably the closest one and inform all that it wants to get all

11
00:01:13,250 --> 00:01:16,080
of the configuration parameters from that server.

12
00:01:20,230 --> 00:01:26,970
You can see the exchange of these four packets below.

13
00:01:26,970 --> 00:01:31,980
This means that the easiest way to perform a DOS attack on a computer network is to connect it to your

14
00:01:31,980 --> 00:01:38,590
own DHC server in the earlier versions of the Windows server systems.

15
00:01:38,590 --> 00:01:46,330
If the DHP server service detected another DHC server on another host it just stopped.

16
00:01:46,370 --> 00:01:52,200
This happened if the DHP server granted the addresses from the same address pool.

17
00:01:52,290 --> 00:01:58,140
At this point the legal DHC server would quietly turn off and the attackers DHC the server would remain

18
00:01:59,950 --> 00:02:08,310
this server would now configure among others the DNS servers addresses and the clients computers gateway.

19
00:02:08,520 --> 00:02:13,080
If you want to control their communication you can set them in such a way that they will point to your

20
00:02:13,080 --> 00:02:15,250
computer.

21
00:02:15,430 --> 00:02:21,810
You can route packets or run a proxy server the server will allow you to see what's happening on the

22
00:02:21,910 --> 00:02:26,940
websites viewed by their users and even to change something on those pages in order to extract as much

23
00:02:26,940 --> 00:02:29,290
information from users as possible.

24
00:02:31,630 --> 00:02:38,110
If you want to block network communications your server will incorrectly configure all the computers

25
00:02:40,140 --> 00:02:46,190
they will end up using a non-existent router or non-existent DNS server and the communication will be

26
00:02:46,190 --> 00:02:46,960
blocked.