4.2 Summarize various types of attacks and their impact
Network Attacks
📘CompTIA Network+ (N10-009)
Rogue Devices (DHCP, AP)
In networking, rogue devices are unauthorized devices that appear on your network. They are not controlled by your IT department and can cause security risks. The most common types are rogue DHCP servers and rogue access points (APs).
1. Rogue DHCP Servers
What is DHCP?
- DHCP stands for Dynamic Host Configuration Protocol.
- It automatically gives devices (computers, phones, printers) IP addresses, subnet masks, default gateways, and DNS server info.
- Without DHCP, devices would need to be manually configured with IP addresses, which is inefficient.
What is a Rogue DHCP Server?
- A rogue DHCP server is an unauthorized device that gives out IP addresses to devices on the network.
- This is dangerous because it can give incorrect network info, redirect traffic, or even block access to the legitimate network.
How it works in an IT environment:
- A new device (like a small router or a PC with DHCP software) is plugged into the network.
- This rogue device starts assigning IP addresses.
- Devices may receive incorrect IP addresses, default gateways, or DNS servers.
- As a result, network traffic can be:
- Blocked from reaching the internet
- Redirected to malicious servers for attacks
- Intercepted to steal data
Signs of a Rogue DHCP Server:
- Devices are getting IP addresses outside the expected range.
- Users report connectivity issues.
- Logs show multiple DHCP servers responding to requests.
Mitigation:
- DHCP Snooping: Switches can be configured to only allow DHCP messages from authorized ports.
- Network monitoring: Look for unexpected DHCP servers.
- Access control: Limit physical access to the network to prevent unauthorized devices.
2. Rogue Access Points (APs)
What is an Access Point?
- An AP allows wireless devices to connect to a wired network.
- It provides Wi-Fi connectivity for laptops, phones, and other devices.
What is a Rogue Access Point?
- A rogue AP is an unauthorized wireless access point connected to the network.
- Attackers or careless employees can set them up.
- It allows outsiders or internal users to bypass network security controls.
How it works in an IT environment:
- Someone plugs a Wi-Fi AP into the network without IT permission.
- The rogue AP broadcasts a wireless signal.
- Devices may automatically connect to it if the SSID matches the network.
- Data transmitted over this AP can be captured by attackers, bypassing firewalls and monitoring.
Risks of Rogue APs:
- Sensitive data can be intercepted.
- Attackers can launch man-in-the-middle (MITM) attacks.
- Malware can spread to the network through connected devices.
- IT administrators lose visibility and control over network traffic.
Mitigation:
- Wireless intrusion detection systems (WIDS/WIPS): Detect unauthorized wireless devices.
- Network access control (NAC): Only allow authorized devices to connect.
- Regular network scans: Identify unknown APs or devices.
Key Differences Between Rogue DHCP and Rogue AP
| Feature | Rogue DHCP | Rogue AP |
|---|---|---|
| Function | Gives out IP addresses | Provides unauthorized Wi-Fi access |
| Risk | Misconfigures devices, redirects traffic | Eavesdropping, bypassing security controls |
| Detection | Network logs, DHCP snooping | Wireless scans, intrusion detection |
| Mitigation | DHCP snooping, access control | WIDS/WIPS, NAC, scans |
Exam Tips for CompTIA Network+
- Understand that rogue devices are unauthorized devices on your network.
- Know the difference between:
- Rogue DHCP server → messes with IP addresses and network configuration.
- Rogue AP → provides unauthorized wireless access.
- Learn common detection and mitigation techniques, especially:
- DHCP snooping
- Wireless intrusion detection
- Network monitoring and access controls
- Remember: Rogue devices can be both intentional (attacks) or accidental (employee misconfiguration).
✅ Summary in Simple Words:
Both can cause security risks, and network admins use monitoring and control tools to stop them.
Rogue devices are bad devices that sneak into your network.
Rogue DHCP messes with IP addresses.
Rogue AP messes with Wi-Fi connections.
