1 00:00:00,650 --> 00:00:07,300 Now, similar to the other types of spoofing attacks, dynamic host configuration protocol, the UQP 2 00:00:07,460 --> 00:00:15,350 spoofing involves an attacker pretending to be someone else, in this case acting as a legitimate server. 3 00:00:16,290 --> 00:00:22,860 Since DHP is used on most networks to provide addressing and other common information and clients losing 4 00:00:22,860 --> 00:00:25,790 control of this part of the network can be dangerous. 5 00:00:28,380 --> 00:00:35,730 Dynamic host Configuration Protocol, DHP, now it's a protocol used to provide automatic and central 6 00:00:35,730 --> 00:00:39,040 management for the distribution of IP addresses within a network. 7 00:00:40,620 --> 00:00:47,640 It's also used to configure the proper subnet mask, default gateway and DNS server information on the 8 00:00:47,640 --> 00:00:48,180 device. 9 00:00:49,220 --> 00:00:57,770 And most homes and small businesses, the router acts as a DHP server in large networks, a single computer 10 00:00:57,800 --> 00:00:59,630 might act as a DHP server. 11 00:01:00,790 --> 00:01:07,990 In short, the process goes like this of device, the client requests an IP address from a router, 12 00:01:08,320 --> 00:01:08,860 the host. 13 00:01:09,710 --> 00:01:15,950 After which, the host assigns an available IP address to allow the client to communicate on the network. 14 00:01:17,240 --> 00:01:20,510 So let's look at some of the advantages of using DHP. 15 00:01:21,640 --> 00:01:28,630 A computer or any other device that connects to a network, local or Internet, must be properly configured 16 00:01:28,630 --> 00:01:30,120 to communicate on that network. 17 00:01:30,130 --> 00:01:34,960 Makes sense since DCPI allows that configuration to happen automatically. 18 00:01:35,390 --> 00:01:37,530 It's used in almost every device. 19 00:01:37,540 --> 00:01:41,500 It connects to a network, including computers, switches, smartphones, gaming consoles, you name 20 00:01:41,500 --> 00:01:41,590 it. 21 00:01:42,960 --> 00:01:45,600 Now, because of this dynamic IP address assignment. 22 00:01:46,600 --> 00:01:53,020 There's less of a chance that two devices will have the same IP address, which is very easy to run 23 00:01:53,020 --> 00:01:56,500 into when using manually assign static IP addresses. 24 00:01:58,400 --> 00:02:06,200 Using DHP also makes a network much easier to manage from an administrative point of view, every device 25 00:02:06,200 --> 00:02:11,600 on the network can get an IP address with nothing more than their default network settings, which is 26 00:02:11,600 --> 00:02:14,060 set up to obtain and address automatically. 27 00:02:14,060 --> 00:02:15,080 So that's easy. 28 00:02:15,080 --> 00:02:17,840 Gives them nothing to call the helpdesk about. 29 00:02:18,980 --> 00:02:24,800 The only other alternative is to manually assign addresses to each and every device on the network. 30 00:02:26,220 --> 00:02:27,810 You're not getting paid enough to do that. 31 00:02:29,600 --> 00:02:35,840 So because these devices can get an IP address automatically, they can move freely from one network 32 00:02:35,840 --> 00:02:43,010 to another, given that they're all set up with DCPI and receive an IP address automatically, which 33 00:02:43,010 --> 00:02:44,750 is super helpful with mobile devices. 34 00:02:45,990 --> 00:02:52,890 Now, as a cyber security expert, you should know one more thing about the DHP mechanism. 35 00:02:53,950 --> 00:03:00,490 The first device, which applies to a desktop discovery request, decides the configuration of the client. 36 00:03:01,910 --> 00:03:06,230 There is not any mechanism to authenticate the DHP server. 37 00:03:08,390 --> 00:03:18,290 Similarly, a server tries to reply to all the requests, and again, there is no authentication mechanism 38 00:03:18,290 --> 00:03:21,870 for the client who request an IP, you get it? 39 00:03:22,820 --> 00:03:23,590 I think you do. 40 00:03:24,050 --> 00:03:26,950 What if a hacker replies before the real DHP? 41 00:03:27,410 --> 00:03:34,100 Or what if a client sends a lot of DHP Discovery requests by changing the Mac address each time?