Bad DNS output in nmcli command after rogue DHCP attack
Hello,
during a scripting test with scapy on the DHCP protocol, I've noticed that the DNS server IP was based on the DNS server IP set in the "DHCP offer" request.
Details :
- Listen the network trafic to wait "DHCP Discover" request
- Send a DHCP offer with 192.168.1.254 set has DNS server.
- Listen the network traffic to wait "DHCP Request" request
- Send a DHCP offer with 192.168.1.1 set has DNS server.
- On the client, I check DNS server with command "nmcli dev show", I will show:
...
IP4.DNS[1]: 192.168.1.254
...
But normaly this value must be the same that content in /etc/resolv.conf file, to know 192.168.1.1
Edited by Ixod3