Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

FINAL YEAR MAJOR PROJECT REPORT

DHCP SERVER IMPLEMENTATION

INDUSTRY
Submitted in Partial Fulfillment for the Award of Degree of Bachelor of Technology in
Information Technology from Rajasthan Technical University, Kota

COORDINATOR: SUBMITTED BY:

Dr. Neha Janu Sunil Sharma (15ESKIT089)
(Associate Professor) Shashank Purohit (15ESKIT080)
Shrey Agrawal (15ESKIT083)
Vipendra Pal Rajput (15ESKIT094)
MENTOR:
Dr. Basant Agrawal
(Associate Professor)
Department of Information Technology
SWAMI KESHVANAND INSTITUTE OF TECHNOLOGY, MANAGEMENT &
GRAMOTHAN
Ramnagaria (Jagatpura), Jaipur – 302017
SESSION 2018-19

1
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

SWAMI KESHVANAND INSTITUTE OF TECHNOLOGY,

MANAGEMENT & GRAMOTHAN
Ramnagaria (Jagatpura), Jaipur – 302017

CERTIFICATE

This is to certify that Final Year Major Project Report (Project Stage – II) entitled
“DHCP Server Implementation” has been duly submitted by for partial fulfillment of the Degree
of Bachelor of Technology of Rajasthan Technical University. It has been found satisfactory and
hence approved for submission as Major Project during academic session 2018-2019.

● Sunil Sharma (15ESKIT089)

● Shashank Purohit (15ESKIT080)

● Shrey Agrawal (15ESKIT083)

● Vipendra Pal Rajput (15ESKIT094)

Date: 15 March-2019

COORDINATOR: MENTOR: HEAD OF DEPARTMENT:

Dr. Neha Janu Dr. Basant Agarwal Prof. Anil Choudhary
(Associate Professor) (Associate Professor) (Information Technology)

2
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

ABSTRACT

The purpose of the dynamic host configuration protocol (DHCP) is to assign network settings centrally
from a server rather than configuring them locally on each and every workstation. A host configured to
use DHCP does not have control over its own static address. It is enabled to configure itself
completely and automatically according to directions from the server.

One way to use DHCP is to identify each client using the hardware address of its network card (which
is fixed in most cases) then supply that client with identical settings each time it connects to the server.
DHCP can also be configured so the server assigns addresses to each interested client dynamically
from an address pool set up for that purpose. In the latter case, the DHCP server tries to assign the
same address to the client each time it receives a request from it, even over longer periods. This, of
course, only works as long as the network does not have more clients than addresses.

DHCP Server are an exciting new technology with enormous potential for the security community. A
DHCP is an information system resource whose value lies in unauthorized or illicit use of that
resource. Unlike firewalls or Intrusion Detection Systems, DHCP do not solve a specific problem.
Instead, they are a highly flexible tool that comes in many shapes and sizes. They can do everything
from detecting encrypted attacks in IPv6 networks to capturing the latest in online credit card fraud. Its
is this flexibility that gives DHCP their true power. It is also this flexibility that can make them
challenging to define and understand. There are several problems and challenges associated with the
DHCP. Few of them are identifying DHCP, exploiting honey pots and attacker clientele. In this
research paper I am going work on different ways of identifying and exploiting DHCP.
Network Security is one the challenge that every organization is facing today. Though there are
different security methods, DHCP have its own importance. I found DHCP very interesting because it
is an incredibly simple concept that offers very powerful security. They are designed to capture
anything that interacts with them, including tools or tactics never seen before. Unlike most security
technologies, DHCP also work in IPv6 environments. Because of their architecture, DHCP are
conceptually simple.

3
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

SWAMI KESHVANAND INSTITUTE OF

TECHNOLOGY, MANAGEMENT & GRAMOTHAN
Ramnagaria (Jagatpura), Jaipur – 302017

DECLARATION

We hereby declare that the report of the project entitled DHCP SERVER IMPLEMENTATION is a
record of an original work done by us at Swami Keshvanand Institute of Technology, Management
& Gramothan, Jaipur under the mentorship of Dr. Basant Agarwal (Associate Professor) and
coordination of Dr. Neha Janu (Associate Professor). This project report has been submitted as the
proof of original work for the partial fulfillment of the requirement for the award of the degree of
Bachelor of Technology (B.Tech) in the Department of Information Technology. It has not been
submitted anywhere else, under any other program to the best of our knowledge and belief.

Team Members: Signatures:

(15ESKIT089) Sunil Sharma
(15ESKIT080) Shashank Purohit
(15ESKIT083) Shrey Agrawal
(15ESKIT094) Vipendra Pal Rajput

4
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

ACKNOWLEDGMENT

A project of such a vast coverage cannot be realized without help from numerous sources and people
in the organization. We take this opportunity to express our gratitude to all those who have been
helping us in making this project successful.
We are highly indebted to our faculty mentor Dr. Basant Agarwal (Associate Professor). She has
been a guide, motivator & source of inspiration for us to carry out the necessary proceedings for the
project to be completed successfully. We also thank our project coordinator Dr. Neha Janu
(Associate Professor) for her co-operation, encouragement, valuable suggestions and critical remarks
that galvanized our efforts in the right direction.
We would also like to convey our sincere thanks to Prof. Anil Chaudhary, HOD, Department of
Information Technology, for facilitating, motivating and supporting us during each phase of
development of the project. Also, we pay our sincere gratitude to all the Faculty Members of Swami
Keshvanand Institute of Technology, Management & Gramothan, Jaipur and all our Colleagues for
their co-operation and support.
Last but not least we would like to thank all those who have directly or indirectly helped and
cooperated in accomplishing this project.

Team Members:
(15ESKIT089) Sunil Sharma
(15ESKIT080) Shashank Purohit
(15ESKIT083) Shrey Agrawal
(15ESKIT094) Vipendra Pal Rajput

5
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

INDEX
UNIT Page No.
I. TITLE PAGE 1
II. CERTIFICATE 2
III. ABSTRACT 3
IV. DECLARATION 4
V. ACKNOWLEDGEMENT 5
1. PROJECT CHARTER 10
Problem Statement & Objective 10
Investigation & Analysis 11
Introduction to Project 11
Proposed Logic 12
Scope of the Project 12
2. SYSTEM REQUIREMENT SPECIFICATION 13
Overall Description 13
Product Perspective 13
System Interfaces 14
User Interfaces 14
Hardware Interfaces 14
Software Interfaces 14
Communications Interfaces 15
Project Functions 15
User Characteristics 15
Constraints 16
Assumptions & Dependencies 16
Specific Requirements 16
User Interface Requirements 17
System Product Features 17
Security 17
Maintainability 17
Portability 17
3 SYSTEM DESIGN SPECIFICATION 18
IP Addressing and Subnetting 18

6
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

Module Decomposition Description 26

High Level Design Diagrams 27
Use Case Diagram 27
Usecase Diagram 24
Activity Diagram 26
Sequence Diagram 28
Data-Flow Diagram 30
Class Diagram 32
Object Diagram 33
4. METHODOLOGY & TEAM 34
Introduction to Waterfall Framework 34
Team Members, Roles & Responsibilities 38
5. SYSTEM TESTING 44
Functionality Testing 44
Performance Testing 44
Usability Testing 45
Server Side Interfacing 45
Client Side Compatibility 45
6. TEST EXECUTION SUMMARY 46
7. PROJECT SCREENSHOTS 47
8. PROJECT SUMMARY AND CONCLUSIONS 60
9. FUTURE SCOPE 61
10. REFERENCES 62
11. PROJECT PAPER 63

7
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

INDEX OF FIGURES
Figure No. DESCRIPTION Page No.
1.1 LAN Connection 12
2.1 Block Diagram 15
3.1 Use Case Diagram 25
3.2 Activity Diagram 27
3.3 Sequence Diagram 29
3.4 Data-Flow Diagram 31
3.5 Class Diagram 33
3.6 Object Diagram 33
4.1 Waterfall Model with feedback 34
4.2 Design of the study 36
7.1 Network Topology 47
7.2 Network Topology Switch 48
7.3 Switch Configuration View 49
7.4 PC Configuration View 50
7.5 PC IPConfiguration View 51
7.6 PC Configuration MODES 52
7.7 PC CLI and Router Physical View 53
7.8 Router CLI 54
7.9 Router CLI Running Configurations 57
7.10 Router CLI On Privilege Mode 58
7.11 Switch View 59
7.12 Router Modes 60
7.13 Router CLI Modes 61

8
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

INDEX OF TABLES
Table No. DESCRIPTION Page No.

2.1 Minimum Client Side Hardware Interfaces 14

2.2 Minimum Server Side Hardware Interfaces 14

2.4 Minimum Software Interfaces 14

2.5 Recommended Software Interfaces 15

4.1 Roles and responsibilities 37

6.1 Test Case Summary 46

9
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

UNIT – 1 PROJECT CHARTER

1.1 Problem Statement and Objective :-

A Group of a Computer which is able to sharable and Recourse thing known as a computer
network. A network is a system that transmits any combination of voice, video and/or data
between users. A network can be defined by its geographical dimensions and by which the
user’s PC access it.
Reasons: There are several reasons for the problem: Websites or systems exposed to high
levels of traffic can cause stability problems and result in a network becoming vulnerable
to attack. A high quality Network Security system can reduce the risk of attack and
improve user experience.
Malicious node collects the information about the node and about the route by computing
and monitoring the traffic. So malicious node may perform more attack on the network.
Black hole attack is one of the advance attacking which attacker uses the routing protocol to
advertise itself as having the best path to the node whose packets it want to intercept. An
hacker use the flooding based protocol for listing the request for a route from the initiator, then
hacker create a reply message he has the shortest path to the receiver . As this message from
the hacker reached to the initiator before the reply from the actual node, then initiator wills
consider that, it is the shortest path to the receiver. So that a malicious fake route is create.

1.2 Investigation Analysis:-

The motivation for this research is taken from recent studies which have demonstrated
increased retrieval effectiveness by accounting for word sense. The methodology is derived
from previous studies which model the impact that ambiguity and its subsequent resolution
have on IR.
Dynamic Host Configuration Protocol (DHCP) is a standardized network protocol used on
Internet Protocol (IP) networks.The DHCP is controlled by a DHCP server that dynamically
distributes network configuration parameters for interfaces and services. Networks ranging in
size from small home networks to campus networks frequently use DHCP.

1.2.1 Server client :-

Server is a master computer which is service provider basically server manage all over the

10
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

network and provide centralize administor over the network.al left machine are called client or
workstation.

1.2.2 Peer to peer :-

A network contains independent there is no service requester corresponding according to their
condition.

1.3 Introduction to Project:-

Public and private organizations transfer more of their information through the Internet. Today,
attacker or intruder to the system is the biggest problem for the safety of the network. Criminals have
more opportunity to gain access to sensitive information through the Web application. The first step in
protection against online attacks is to understand the nature and tools of the attacks. To provide
security to server data, it is efficient to implement fake services using DHCP. DHCP is nothing but a
fake server that provides emulated services similar to the real services running on the actual server. So
whenever attacker tries to attack actual server, attacker is redirected towards the fake server that is
DHCP and eventually gets trapped in the DHCP. DHCP then gives the valuable information regarding
the intruders. This information can be used to block the attacker and it can be used to take the legal
actions against them
1.4 Solution / Device:-

 Data sharing
 Fast speed
 Time sharing
 Resource sharing

1.5 Scope of Project:-

1. LAN (LOCAL AREA NETWORK):-

These are privately owned networks within a single building or campus of up to a few a kilometers
in size.

LAN’s are distinguished from other networks by three characteristics:

1) Their size.
2) Their transmission technology.

11
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

3) Their topology.

LAN’s are restricted in size, which means that the worst-case transmission time is bounded and
known in advance. LAN’s often use a transmission technology consisting of a single cable to which all
the machines are attached.

Figure 1.1 - LAN Connection

2. MAN (MAJOR AREA NETWORK):-

a. Graphical area is 5 to 50km.

b. It is causes end radio type network.
c. A city type of network use in main.

3. CAN (CAMPUS AREA NETWORK)

Combination of two LAN (local area network) is the campus network.

12
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

UNIT-2 SYSTEM REQUIREMENT SPECIFICATION

2.1 Overall Description
This section and its subsections contain the description of the project components such as interfaces,
performance requirements, design constraints, assumptions and dependencies etc.

2.1.1 Project perspective

Production DHCP are used to protect the company from attacks, they are implemented inside the
production network to improve the overall security. They are capturing a limited amount of information,
mostly low interaction DHCP are used. Thus, security administrator watches the hacker’s movements
carefully and tries to lower the risks that may come from it towards the company. At this point, we will
try to discuss and find out the risks of using production DHCP. Because while testing the security of the
systems existing in an organization, unexpected actions may happen such as misusing other systems
using DHCP features. If the network administrator is not aware of this problem, they put organization in
a big trouble.

2.1.1.1 System Interfaces

List each system interface and identify the functionality of the system (hardware and software both) to
accomplish the system requirement and interface description to match the system.

2.1.1.2 User Interfaces

The application will have a user friendly and menu based interface. Following screens will be provided:

a. Client: They can use the service of DHCP and able to enable on any port of system.
b. Administrator: ​ They are the core users and are able to make fool to attacker while attacking on
system. They can also get the overall report of the user sessions.
Job seeker: ​ They will be in a position to permit access to the users in the Internet and acknowledge
their account status.

2.1.1.2 Hardware Interfaces

●Screen resolution of at least 800 x 600 pixels is required for proper and complete viewing of screens.
Higher resolutions in wide-screen mode will be better for a better view.

●Support for printer (dot-matrix / deskjet / inkjet / laser) is required. This implies that appropriate

●drivers should be installed and printer device should be connected for printing of reports and

13
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

●marksheets.

●A network connection (internet / intranet) is required to make the web service accessible on other
systems connected over the network.

●Other hardware interface specifications are as follows

HARDWARE INTERFACES - CLIENT SIDE (Minimum)

HARDWARE SPECIFICATIONS

Intel Pentium 4 and Higher Processor Processing

QWERTY Keyboard (U.S. Design) For Input

Mouse For Handle

Table 2.1 – Minimum Client Side Hardware Interfaces

HARDWARE INTERFACES - SERVER SIDE (Minimum)

HARDWARE RAM DISK SPACE

Intel Core i3 / i5 / i7 2.27 GHz and higher 2048 MB 20 GB

Table 2.2 – Minimum Server Side Hardware Interfaces

2.1.1.3 Software Interfaces

SOFTWARE INTERFACES (Minimum)

Software Tool Version Purpose of Use
Windows with Kernel 3.x and Installation and operational platform
Operating system higher
Cisco Packet tracer Beta2 Network Design
Table 2.3 – Minimum Software Interfaces

14
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

SOFTWARE INTERFACES (Recommended)

Software Tool Version Purpose of Use

Operating system Windows with Kernel 4.x Installation and operational

& higher platform
Cisco Packet tracer Beta2 Network Design
Table 2.4 – Recommended Software Interfaces

2.1.1.4 Communication Interface

 Client (customer) on Network
 Client (system user) For Network configuration

Block Diagram:-

Figure 2.1 - Block Diagram

15
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

2.1.2 User Characteristics

● Client: They can use the service of DHCP and able to enable on any port of system.

● Administrator: ​ They are the core users and are able to make fool to attacker while attacking on
system. They can also get the overall report of the user sessions.

● Job seeker: ​ They will be in a position to permit access to the users in the Internet and
acknowledge their account status.
2.1.3 Constraints
Network Forensics is scientifically confirmed techniques to collect, detect, identify, examine, correlate,
analyze, and document digital evidence from multiple systems for the purpose of finding the fact of
attacks and other problem incident as well as perform the action to recover from the attack. Network
Forensic measures the success of unauthorized activities meant to disrupt, corrupt, and or compromise
system components as well as providing information to assist in response to or recovery from these
activities. In this paper we designed a Linux based Network Forensic system in which contented virtual
honeynet system to solve the information gathering in the past. This system is totally based on
traditional server DHCP. It helps organizations in investigating outside and inside network attacks. It is
also important for law enforcement investigations.

2.1.4 Assumptions & Dependencies

● The number of domains being selected by the user does not change.
● The subject types (i.e. elective, core, lab, term paper and dissertation) do not change.

2.2 Specific Requirements

This section presents the software requirements to a level of detail sufficiency to enable designers to
design and testers to test the system.

2.2.1 User Interface Requirements

Following screens will be provided by the system:

In information technology, the user interface (UI) is everything designed into an information device with
which a person may interact. This can include display screens, keyboards, a mouse and the appearance
of a desktop. It is also the way through which a user interacts with an application or a website. The
growing dependence of many companies on web applications and mobile applications has led many

16
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

companies to place increased priority on UI in an effort to improve the user's overall experience
Front-end software: Cisco Packet Tracer

Back-end:Command Line Interface

2.2.2 System Product Features

2.2.2.1 Security
The application will be password protected. Users will have to enter correct username, password and
role in order to access the application modules allowed to their privilege.

2.2.2.2 Maintainability
The application will be designed in a manner to make it easy to incorporate new requirements in
individual modules such as subject info, student info, subject choices, marks info, report generation and
user accounts activation / deactivation.

2.2.2.3 Portability
The application will be easily portable among any windows or linux based systems that have Apaches
web server and Mysql database installed.

17
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

UNIT– 3 SYSTEM DESIGN SPECIFICATION

3.1 IP ADDRESSING :-
System architecture presents the schematic view of the complete system along with its major
components and their connectivities. The overall architecture of the proposed system will be
as follows.

3.1.1 Introduction :-

IPv4 addresses are 32 bits in length. However, to make the addresses readable, they are
broken into four bytes (called octets), with a period (decimal) between each byte. Let’s look
at a simple example: 11111111111111111111111111111111, which is 32 1’s. This is broken
up into four octets, like this: 11111111.11111111.11111111.1111111. Then each of these
octets is converted into decimal, resulting in 255.255.255.255. The format of this address is
commonly called dotted decimal.

3.1.2 Classes of Addresses

Logical, or layer-3, addresses have two components: a network and host number. The
network number uniquely identifies a segment in the network and a host number uniquely
identifies a device on a segment. The combination of these two numbers must be unique
throughout the entire network. Network numbers is divided into five classes: Class A, B, C,
D, and E. Each of these classes has a predefined network and host boundary:

■ With a Class A address, the first byte is a network number (8 bits) and the last 3 bytes are
for host numbers (24 bits)
■ With a Class B address, the first two bytes are a network number (16 bits) and the last 2
bytes are for host numbers (16 bits)
■ With a Class C address, the first three bytes are a network number (24 bits) and the last 1
byte is for host numbers (8 bits)
■ Class D addresses are used for multicasting and Class E addresses are reserved
■ Class A addresses range from 1-126: 0 is reserved and represents all IP addresses; 127 is a
reserved address and are used for testing, like a loop back on an interface: 00000001-
01111111.

■ Class B addresses range from 128-191: 10000000-10111111.

■ Class C addresses range from 192-223: 11000000-11011111.

18
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

■ Class D addresses range from 224-239: 11100000-11101111.

■ Class E addresses range from 240-254: 255 is a reserved address and are used for
broadcasting purposes.

When you are dealing with IP addresses, there are always two numbers reserved for a
given network number: the first address in the network represents the network’s address, and
the last address in the network represents the broadcast address for this network, commonly
called a directed broadcast. There are two IP addresses reserved: 0.0.0.0 (the very first
address), which represents all IP addresses, and 255.255.255.255 (the very last address),
which is the local broadcast address (all devices should process this datagram). Within this
range of addresses for Class A, B, and C addresses, there are some reserved addresses,
commonly called PrivateAddresses. All the other addresses in these classes are called public
addresses.

3.1.3 IP Address Components

There are two components to addressing: network and host. The host portion is actually
broken into three subcomponents: network address, host addresses, and directed broadcast
address. The very first address in a network number is called the network address. This
address is used to uniquely identify one segment from all of the other segments in the
network. The last address in the network number is called the directed broadcast address, and
is used to represent all hosts on this network segment. Middle addresses can be assigned to
host devices on the segment, like PCs, servers, routers, and switches.

3.2 SUBNETTING

3.2.1 Introduction

Every system connected to the network has a unique internet protocol address (IP address).
An IP address has two parts- network address and host address. Depending on the number of
bits allotted for the network ID and host ID, the IP address is divided into different classes,
namely A,B,C,D and E. The most important feature of IP is to assign an address to packets
destined fora computer. All computers connected to the internet or intranet. Later the network
designers realized that the class structure for IP addresses. In order to overcome this, the
concept of subnetting was introduced. With the introduction of subnetting the IP addresses
were divided into three parts; network ID, host ID and subnet ID.

3.2.2 Subnet-Mask
Subnets are usually defined as all those devices whose IP addresses have the same prefix. For
instance, the devices with IP addresses that start with 100.100.100 will be considered as the

19
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

part of same subnet. A network is divided into small networks or subnets in order to
strengthen the security as well as to improve the performance. It has to be noted the IP
network are divided using a subnet mask.

A mask used to determine what subnet an IP address belongs to. Every IP address has two
components and they are the network address and host address.

3.2.3 Classless Inter-Domain Routing (CIDR)

CIDR is a new addressing scheme for the internet which allows more efficient allocation of
IP addresses then the old class A, B, and C address scheme. With many networks being
connected to the internet, the internet was facing few issues like running out of IP addresses
and routing out of capacity in the global routing tables.

1. Subnet Mask CIDR

2. 255.0.0.0 /08
3. 255.128.0.0 /09
4. 255.192.0.0 /10
5. 255.224.0.0 /11
6. 255.240.0.0 /12
7. 255.248.0.0 /13
8. 255.252.0.0 /14
9. 255.254.0.0 /15
10. 255.255.0.0 /16
11. 255.255.128. /17
12. 255.255.192.0 /18
13. 255.255.224.0 /19
14. 255.255.240.0 /20
15. 255.255.248.0 /21
16. 255.255.252.0 /22
17. 255.255.254.0 /23
18. 255.255.255.0 /24
19. 255.255.255.128 /25
20. 255.255.255.192 /26
21. 255.255.255.224 /27

20
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

22. 255.255.255.240 /28

23. 255.255.255.248 /29
24. 255.255.255.252 /30

3.2.4 Types of Subneting

CIDR BOCK SIZE HOST BIT NETWORK BIT

25 128 7 25
26 64 6 26
27 32 5 27
28 16 4 28

29 8 3 29
30 4 2 30
31 2 1 31
CLASS B

18
172.168.0.0/18
1111111.1.11111111.11111111.111111111
No of network = 28
No of host = 14
No of net/sub = 2N=22=4
No of host/sub = 2N-2=214-2=16382
Block size = 64
Subnet mask = 255.255.192.0

First net

First valid net = 172.168.0.0

First valid IP = 172.168.0.1
Last valid IP = 176.168.63.254

21
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

Broadcast address = 172.168.63.255

Last net

First valid net = 172.168.192.0

First valid IP = 172.168.192.1

Last valid IP = 172.168.255.254
Broadcast address = 172.168.255.255

172.168.0.0/17

1111111.1.11111111.11111111.111111111
No of network = 17
No of host = 15
No of net/sub = 2N=21=2
No of host/sub = 2N-2=215-2=32766
Block size = 128
Subnet mask = 255.255.128.0

First net

First valid net = 172.168.0.0

First valid IP = 172.168.0.1
Last valid IP = 176.168.127.254
Broadcast address = 172.168.127.255

Last net

First valid net = 172.168.128.0

First valid IP = 172.168.128.1
Last valid IP = 172.168.255.254
Broadcast address = 172.168.255.255

CLASS A

(1) 9
10.0.0.0/9
1111111.1.11111111.11111111.111111111

22
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

No of network = 9
No of host = 23
No of net/sub = 2N=21=2
No of host/sub = 2N-2=223-2=8388606
Block size = 128
Subnet mask = 255.128.0.0

First net
First valid net = 10.0.0.0
First valid IP = 10.0.0.1
Last valid IP = 10.127.255.254
Broadcast address = 10.127.255.255

Last net
First valid net = 10.128.0.0
First valid IP = 10.128.0.1
Last valid IP = 10.128.255.254
Broadcast address = 10.128.255.255

(2) 10

10.0.0.0/10
1111111.1.11111111.11111111.111111111
No of network = 10
No of host = 22
No of net/sub = 2N=22=4
No of host/sub = 2N-2=222-2=4194302
Block size = 64
Subnet mask = 255.192.0.0

First net
First valid net = 10.0.0.0
First valid IP = 10.0.0.1
Last valid IP = 10.63.255.254
Broadcast address = 10.63.255.255

23
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

Last net
First valid net = 10.192.0.0
First valid IP = 10.192.0.1
Last valid IP = 10.255.255.254
Broadcast address = 10.255.255.255

24
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

3.3 High Level Design Diagrams

3.3.1 Use Case Diagrams

The purpose of use case diagram is to capture the dynamic aspect of a system. However, this definition
is too generic to describe the purpose, as other four diagrams (activity, sequence, collaboration, and
Statechart) also have the same purpose. We will look into some specific purpose, which will distinguish
it from other four diagrams.
Use case diagrams are used to gather the requirements of a system including internal and external
influences. These requirements are mostly design requirements. Hence, when a system is analyzed to
gather its functionalities, use cases are prepared and actors are identified.

UML Use Case Diagrams. Use case diagrams are usually referred to as behavior diagrams used to
describe a set of actions (use cases) that some system or systems (subject) should or can perform in
collaboration with one or more external users of the system (actors).

A use case diagram at its simplest is a representation of a user's interaction with the system that shows
the relationship between the user and the different use cases in which the user is involved. A use case
diagram can identify the different types of users of a system and the different use cases and will often
be accompanied by other types of diagrams as well.

25
Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

Figure 3.1

26
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

3.3.2 Activity Diagram

Activity diagrams are graphical representations of workflows of stepwise activities and actions with
support for choice, iteration and concurrency. In the Unified Modeling Language, activity diagrams
are intended to model both computational and organizational processes (i.e., workflows), as well as
the data flows intersecting with the related activities.Although activity diagrams primarily show the
overall flow of control, they can also include elements showing the flow of data between activities
through one or more data stores.
Activity diagrams are constructed from a limited number of shapes, connected with arrows.[4] The
most important shape types:
 ellipses represent actions;
 diamonds represent decisions;
 bars represent the start (split) or end (join) of concurrent activities;
 a black circle represents the start (initial node) of the workflow;
 an encircled black circle represents the end (final node).
UML activity diagrams in version 2.x can be used in various domains, e.g. in design of embedded
systems. It is possible to verify such a specification using model checking technique.

27
Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

Figure 3.2

28
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

3.3.3 Sequence Diagram

A sequence diagram shows object interactions arranged in time sequence. It depicts the objects and
classes involved in the scenario and the sequence of messages exchanged between the objects needed
to carry out the functionality of the scenario. Sequence diagrams are typically associated with use case
realizations in the Logical View of the system under development. Sequence diagrams are sometimes
called event diagrams or event scenarios.
A sequence diagram shows, as parallel vertical lines (lifelines), different processes or objects that live
simultaneously, and, as horizontal arrows, the messages exchanged between them, in the order in
which they occur. This allows the specification of simple runtime scenarios in a graphical manner

29
Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

Figure 3.3

30
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur
3.3.4 Data-Flow Diagram
A data flow diagram shows the way information flows through a process or system. It includes data
inputs and outputs, data stores, and the various subprocesses the data moves through. DFDs are built
using standardized symbols and notation to describe various entities and their relationships.
Data flow diagrams visually represent systems and processes that would be hard to describe in a chunk
of text. You can use these diagrams to map out an existing system and make it better or to plan out a
new system for implementation. Visualizing each element makes it easy to identify inefficiencies and
produce the best possible system.

Figure 3.4

31
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur
3.3.5 Class Diagram

The purpose of class diagram is to model the static view of an application. Class diagrams are the only
diagrams which can be directly mapped with object-oriented languages and thus widely used at the
time of construction.UML diagrams like activity diagram, sequence diagram can only give the
sequence flow of the application, however class diagram is a bit different. It is the most popular UML
diagram in the coder community.
The purpose of the class diagram can be summarized as −
● Analysis and design of the static view of an application.
● Describe responsibilities of a system.
● Base for component and deployment diagrams.
● Forward and reverse engineering.

32
Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

Figure 3.5

33
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur
3.3.6 Object Diagram
The purpose of a diagram should be understood clearly to implement it practically. The purposes of
object diagrams are similar to class diagrams.
The difference is that a class diagram represents an abstract model consisting of classes and their
relationships. However, an object diagram represents an instance at a particular moment, which is
concrete in nature.

It means the object diagram is closer to the actual system behavior. The purpose is to capture the static
view of a system at a particular moment.

The purpose of the object diagram can be summarized as −

● Forward and reverse engineering.

● Object relationships of a system
● Static view of an interaction.
● Understand object behaviour and their relationship from practical perspective

Figure 3.6

34
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

UNIT - 4 METHODOLOGY
4.1 Introduction to Waterfall Model
The Waterfall Model was first Process Model to be introduced. It is also referred to as a linear-
sequential life cycle model. It is very simple to understand and use. In a waterfall model, each phase
must be completed before the next phase can begin and there is no overlapping in the phases.

The waterfall Model illustrates the software development process in a linear sequential flow; hence
it is also referred to as a linear-sequential life cycle model. This means that any phase in the
development process begins only if the previous phase is complete. In waterfall model phases do not
overlap. In "The Waterfall" approach, the whole process of software development is divided into
separate phases. In Waterfall model, typically, the outcome of one phase acts as the input for the
next phase sequentially.

Following is a diagrammatic representation of different phases of waterfall model.

Figure 4.1 – Waterfall Model with Feedback

The sequential phases in Waterfall model are:

● Requirement Gathering and analysis: All possible requirements of the system to be

developed are captured in this phase and documented in a requirement specification doc.

35
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

● System Design: The requirement specifications from first phase are studied in this phase and
system design is prepared. System Design helps in specifying hardware and system
requirements and also helps in defining overall system architecture.

● Implementation: With inputs from system design, the system is first developed in small
programs called units, which are integrated in the next phase. Each unit is developed and
tested for its functionality which is referred to as Unit Testing.

● Integration and Testing: All the units developed in the implementation phase are integrated
into a system after testing of each unit. Post integration the entire system is tested for any
faults and failures.

● Deployment of system: Once the functional and non functional testing is done, the product
is deployed in the customer environment or released into the market.

● Maintenance: There are some issues which come up in the client environment. To fix those
issues patches are released. Also to enhance the product some better versions are released.
Maintenance is done to deliver these changes in the customer environment.

All these phases are cascaded to each other in which progress is seen as flowing steadily downwards
(like a waterfall) through the phases. The next phase is started only after the defined set of goals are
achieved for previous phase and it is signed off, so the name "Waterfall Model". In this model
phases do not overlap.

Every software developed is different and requires a suitable SDLC approach to be followed based
on the internal and external factors. Some situations where the use of Waterfall model is most
appropriate are:

● Requirements are very well documented, clear and fixed.

● Product definition is stable.
● Technology is understood and is not dynamic.
● There are no ambiguous requirements.
● Ample resources with required expertise are available to support the product.
● The project is short.

36
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

Waterfall Model Pros & Cons

Advantage
The advantage of waterfall development is that it allows for departmentalization and control. A
schedule can be set with deadlines for each stage of development and a product can proceed through
the development process model phases one by one.

Development moves from concept, through design, implementation, testing, installation,

troubleshooting, and ends up at operation and maintenance. Each phase of development proceeds in
strict order.

Disadvantage
The disadvantage of waterfall development is that it does not allow for much reflection or revision.
Once an application is in the testing stage, it is very difficult to go back and change something that
was not well-documented or thought upon in the concept stage.

Methodology Introduction -- This chapter discusses the details of the network design used to
investigate attacks on our DHCP and to detect and prevent this events in real time. The approach
used for this network was a mixed one, using both literature studied and laboratory experiments.

Figure 4.2 - Design of the Study

37
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

Figure shows the system configuration used to examine,detects, and prevent attacks on our DHCP .It
consists of a firewall, router, Bifrozt Linux Server , HonSSH , Filebeat Elasticsearch , Logstash,
Kibana, Puppet and four virtual machine DHCP.

4.2 Team Members, Roles & Responsibilities

Team Member Project Role Responsibilities

Sunil Sharma Back-end CLI

Shashank Purohit Front-end Network Design

Shrey Agrawal Addressing IP Addressings

Vipendra Pal Rajput Report Analysis Report Analyses

Table 4.1 – Roles and responsibilities

Pure DHCP are full-fledged production systems. The activities of the attacker are monitored by using
a bug tap that has been installed on the DHCP's link to the network. No other software needs to be
installed. Even though a pure DHCP is useful, stealthiness of the defense mechanisms can be ensured
by a more controlled mechanism.
High-interaction DHCP imitate the activities of the production systems that host a variety of services
and, therefore, an attacker may be allowed a lot of services to waste their time. By employing virtual
machines, multiple DHCP can be hosted on a single physical machine. Therefore, even if the DHCP
is compromised, it can be restored more quickly. In general, high-interaction DHCP provide more
security by being difficult to detect, but they are expensive to maintain. If virtual machines are not
available, one physical computer must be maintained for each DHCP, which can be exorbitantly
expensive. Example: Honeynet.
Low-interaction DHCP simulate only the services frequently requested by attackers. Since they
consume relatively few resources, multiple virtual machines can easily be hosted on one physical
system, the virtual systems have a short response time, and less code is required, reducing the
complexity of the virtual system's security. Example: Honeyd.

38
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

4.3 Static IP and DHCP or Dynamic IP :-

A Static IP address is a dedicated IP address that has been assigned to you. This is an IP address that is
used by you every time you log in to network and need an IP address.
DHCP or Dynamic is an IP address that will automatically be chosen for you from a pool of IP addresses
that are assigned in the DHCP scope available on your network. Think Static as permanent and DHCP as
temporary. Traditional DHCP technology is server based and not able to detect client-side attacks.
A low interaction DHCP like Honeyd, or a high interaction honeynet system with the Roo Honeywall,
acts as a server.

The main differences between a client-side DHCP and traditional DHCP are:-

* client-side: it simulates/drives client-side software and does not expose server based services to be
attacked.
* active: it cannot lure attacks to itself, but rather it must actively interact with remote servers to be
attacked.
* identify: whereas all accesses to the traditional DHCP are malicious, the client-side DHCP must
discern which server is malicious and which is benign.

4.4 SERVER

4.4.1 IPv4 Server : -

The Dynamic Host Configuration Protocol version 4 (DHCPv4) allows for the automatic
configuration of client systems on an Internet Protocol version 4 (IPv4) network. Windows
Server 2008 and above also provides the ability to provide IPv6 addresses through DHCP.
A Dynamic Host Configuration Protocol (DHCP) server provides the dynamic distribution of IP
addressing and configuration information to clients. Normally the DHCP server provides the
client with at least this basic information of IP Address, Subnet Mask and Default Gateway.Other
information can be provided including Domain Name Service (DNS) server addresses, DNS
search suffixes and Windows Internet Name Service (WINS) server addresses.
39
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

4.4.2 IPv4 Scopes : -

A DHCP scope is the consecutive range of IP addresses that the DHCP server can provide
(lease) to clients on a subnet. Scopes typically define a single physical subnet on your network to
which DHCP services are offered.

DHCP scope options are options configured at the scope level and are automatically inherited by
reservations. When these options are specifically configured at the reservation level they override
the setting configured at the scope and server level. Options configured here override options
configured at the server level.

4.4.3 IPv6 Server : -

The Dynamic Host Configuration Protocol version 6 (DHCPv6) provides IPv6 hosts with IP
addresses, IP prefixes and/or other configuration required to operate on an IPv6
network.Windows Server 2008 and above provides DHCPv6 support.

DHCP server options are options configured at the server level and are automatically inherited by
scopes and reservations. When these options are specifically configured at the scope or
reservation level they override the setting configured at the server level.

4.5 DHCP scopes : -

A scope can be defined as a set of IP addresses which the DHCP server can allocate or assign to DHCP
clients. A scope contains specific configuration information for clients that have IP addresses which are
within the particular scope. Scope information for each DHCP server is specific to that particular DHCP
server only, and is not shared between DHCP servers. Scopes for DHCP servers are configured by
administrators. A DHCP has to have at least one scope, which includes the following properties. The
specified range of IP addresses which are going to be leased to DHCP clients.
The subnet mask. The DHCP scope options (DNS IP addresses, WINS IP addresses). The lease
duration. The default of 8 days is suitable for small networks. Any reservations. Reservations include

40
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

elements such as a client always receiving the same IP addresses and TCP/IP configuration
information when it starts. Therefore, when you start designing your DHCP strategy, and you are
defining the scopes for your DHCP servers, you should clarify the following. The start and end
addresses which would define the range of addresses you want to utilize. The subnet mask of the
particular subnet.

The amount of time that the lease should be for the IP addresses leased from your scopes. All other
TCP/IP configuration information which you want assigned to DHCP clients. Determine those IP
addresses that you want to reserve for clients. Determine whether any clients using statically assigned
IP addresses need to be excluded from the address pool.If you have multiple scopes, remember that
clients can only obtain IP addresses from the subnet to which they belong. Clients cannot obtain IP
addresses from scopes that are connected with different subnets.

However, if your clients should be able to obtain IP addresses from other scopes, you can configure a
super scope. A super scope is the grouping of scopes under one administrative entity that enables clients
to obtain IP addresses, and renew IP addresses from any scope that is part of the super scope. Super
scopes are typically created for under the following circumstances: The existing scope. s IP addresses
supply is being depleted. You want to use two DHCP servers on the same subnet. This is usually for
providing redundancy. You need to move clients from one range of IP addresses to a different range of
IP addresses.

4.5.1 Understanding DHCP and DNS Integration :-

Domain Name System (DNS) is the main name resolution method used to provide clients with name to
IP address resolution. This in turn enables clients to locate resources on the network. The Dynamic DNS
(DDNS)feature, initially introduced in Windows 2000, enables clients to automatically register their IP
addresses and host names with a DNSserver. When the DHCP service is running on a server, the DHCP
server register the IP address of clients in DNS when the clients receive IP addresses from the DHCP
server. The client no longer
contacts the DDNS server to register its IP addresses because the Windows Server 2003 DHCP service
dynamically updates the DNS records on behalf the client. With Windows Server 2003 DHCP, three
options are available for registering IP addresses in DNS. The options can be configured for the DHCP
server, or for each individual scope. The options which can be specified to enable/disable the DHCP
service to dynamically update DNS records on behalf of the client are: The DHCP server can be

41
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

configured to not register any IP address of the DHCP clients when it assigns IP addresses to these
clients. The DHCP server can be configured to at all times register all IP address of clients when they
receive IP addresses from the DHCP server. The default option results in the DHCP server registering
the IP addresses of clients with the authoritative DNS server, based on the client. s request for an IP
address.

4.5.2 The Advantages of using DHCP :-

The main advantages of using DHCP are summarized below: DHCP is included with popular server
packages: To implement DHCP requires no additional costs. Centralized, simpler management of IP
addressing: You can manage IP addressing from a central location. DHCP also provides for the simple
deployment of other configuration options, such as default gateway and DNS suffix. Because the
system assigns IP addresses, it leads to less incorrect configurations of IP addresses. This is mainly due
to IP configuration information being entered at one location, and the server distributing this information
to clients. Duplicated IP addresses are prevented. IP addresses are also preserved. DHCP servers only
allocate IP addresses to clients when they request them. The DHCP service can assign IP addresses to
both individual hosts, and multi cast groups. Multicast groups are used when communication occurs with
server clusters. DHCP service supports clustering. This enables you to set up high availability DHCP
servers. In Windows Server, DHCP integrates with Dynamic DNS (DDNS). This facilitates dynamic IP
address management because the DHCP server registers the client

computer. s Address (A) records and pointer (PTR) records in the DNS database when the client obtains
an IP address. This is made possible through DHCP integration with Dynamic DNS(DDNS). You can
monitor the pool of available IP addresses, and also be notified when the IP address pool reaches a
certain threshold. Through authorizing DHCP servers in Active Directory, you can restrict your DHCP
servers to only those that are authorized. Active Directory also allows you to specify those clients that
the DHCP server can allocate addresses to. Dynamic IP addressing through DHCP easily scales
from small to large networking environments.

4.5.3 DHCP Security Considerations : -

The aspects which you need to resolve to secure your DHCP environment are: Because the IP address
number in a scope is limited, an unauthorized user could initiate a denial-of-service (DoS) attack by
requesting/obtaining a large numbers of IP addresses. An unauthorized user could use a rogue DHCP

42
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

server to offer incorrect IP addresses to your DHCP clients. A denial-of-service (DoS) attack can by
launched through an unauthorized user that performs a large number of DNS dynamic updates via the
DHCP server. Assigning DNS IP addresses and WINS IP addresses through the DHCP server increases
the possibility of an unauthorized user using this information to attack your DNS and WINS servers. To
secure your DHCP environment, use the following strategies: Implement firewalls. Close all open
unused ports. If necessary, use VPN tunnels. You can use MAC address filters. Use 128-bit Wired
Equivalent Privacy (WEP) encryption in wireless networks. Disable broadcasting the Service Set
Identifier (SSID) in wireless networks.

A DHCP server can provide configuration settings using the following methods :-
Manual allocation (MAC address) :-

This method entails using DHCP to identify the unique hardware address of each network card
connected to the network and then continually supplying a constant configuration each time the
DHCP client makes a request to the DHCP server using that network device. This ensures that a
particular address is assigned automatically to that network card, based on it's MAC address.

Dynamic allocation (address pool) :-

In this method, the DHCP server will assign an IP address from a pool of addresses (sometimes
also called a range or scope) for a period of time or lease, that is configured on the server or until
the client informs the server that it doesn't need the address anymore. This way, the clients will be
receiving their configuration properties dynamically and on a "first come, first served" basis. When
a DHCP client is no longer on the network for a specified period, the configuration is expired and
released back to the address pool for use by other DHCP Clients. This way, an address can be
leased or used for a period of time. After this period, the client has to renegociate the lease with the
server to maintain use of the address.

Automatic allocation :-

Using this method, the DHCP automatically assigns an IP address permanently to a device,
selecting it from a pool of available addresses. Usually DHCP is used to assign a temporary address
to a client, but a DHCP server can allow an infinite lease time.

The last two methods can be considered "automatic" because in each case the DHCP server assigns an
address with no extra intervention needed. The only difference between them is in how long the IP
address is leased, in other words whether a client's address varies over time. The DHCP server Ubuntu

43
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

makes available is dhcpd (dynamic host configuration protocol daemon), which is easy to install and
configure and will be automatically started at system boot.

DHCP states & procedure With DHCP, transition of client occurs using 6 states : initialization,
selection, request, bound, renew and rebind DHCP uses the first 4 states to initialize IP
address And 4 states are used to rebind, renew or release an IP address. The six states are used to
perform essentially 3 processes : discovery, renewal, and release which are described below.. DHCP
Address Discovery Process : When client boots ,it executes a standard address discovery process
Once IP address acquired, it tests the address by sending ARP broadcast. DHCP uses 4-step processes
to allocate IP addresses : Discovery, Offer, Request, Acknowledgment processes.
 DHCP states & procedure
 DHCP Address Discovery Process :-

The state transitions that performs standard discovery procedure to acquire IP address is :

i) Initialization State to Selection State : When the client is booting up, it is the first stage. Here it sends
DHCP Discover message that places the client in Selection state.
ii) Selection State to Request State : One or more servers respond to broadcast message with a DHCP
Offer message. Client chooses the best offer and negotiate by sending DHCP REQUEST message
iii) Request State to Bound State : The server responds to the request message with a positive
acknowledgement (DHCP ACK) which begins the lease time and puts the client in the bound state
DHCP states & procedure Client enters Client boots up the initialization Client state broadcasts DHCP
discover message For more Client enters servers the selection broadcast state DHCP offers Client sends
DHCP request to selected Client enters server the request state Selected server sends DHCP Ack Client
enters the bound state.

 DHCP Address Renewal Process : -

When client’s lease nears its expiration time the client must initiate the address renewal process
to maintain the acquired IP address. Here, four states are used to renew or release an IP
address which are discussed below :

i) Bound State to Renew State : After the client’s first timer reaches 50% of its initial value, it
broadcasts a DHCP Request message for a lease renewal and moves to the renew state.

44
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

ii) Renew State to Bound State : If the server approves the lease renewal, the client moves from
renew state back to the bound state and continue using its original IP address.

iii) Renew State to Initialization state : If the server disapproves the lease renewal, the client
moves from renew state to initialization state and begin the process of acquiring new IP
address.

iv) Renew State to Rebind State : If the client doesnt receive a response from the server within
the first 87.5% of the lease time, it moves to the rebind state and broadcast a DHCP request
msg

v) Rebind State to Initialization State : If the client receives a negative response from a server while in
the rebind state, the client moves to the initialization state and begins the process of acquiring new IP
address Initialization state DHCP NAK DHCP NAK or Lease Expires DHCP Request or Lease reaches
87.5% of expiration Rebind state Renew state DHCP Ack DHCP Ack DHCP Request or Lease Bound
state reaches 50% of DHCP expiration Release.
 DHCP Address Release Process : When client is in the bound state and determines it no longer
needs an IP address, DHCP allows the client to release its IP address without waiting for lease
time to expire This is known as early termination It is useful when there are limited no. of IP
addresses available When the client sends a DHCP release message, it leaves the bound state
and returns to the initialization state So, now the client can request another IP address when it
needs one.
 Initialization state DHCP Release Message Bound state
DHCP Security DHCP is an unauthenticated protocol When connecting to a network, the user is not
required to provide credentials in order to obtain a lease Also the server is also not the authenticated one
Malicious users with physical access to the DHCP - enabled network can start a denial-of-service attack
on DHCP servers by requesting many leases from the server, thereby reducing the number of leases that
are available to other DHCP clients.

45
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

UNIT– 5 SYSTEM TESTING

The designed system has been testing through following test parameters.
5.1 Functionality Testing
We have in the previous chapter finished the setup of our system. Ideally, testing should have been
performed during the development of this system or on the actual system created in [Nyr05]. But as this
system no longer is available to us, we have deployed the system according to the description in [Nyr05].
As documented in 3.7, we have been forced to use several solutions seemingly not used in [Nyr05] to
make the system work and therefore our system differs on several accounts. Even though the system
differs, we feel that we have preserved the functionality and essence of the system and therefore can
provide valuable test data to evaluate the system. In this chapter we will therefore conduct testing on the
system we have deployed. We wish to find and identify flaws in the system and to come up with possible
improvements.
5.2 Performance Testing
There are many different test strategies we could deploy in this project. How to test and on what level we
should test is a problem developers are faced with every day. A developer could use the test-driven
development method where you first write a unit test, then the actual code, and then verify that the test
runs to completion. On a higher level you can, according to to [VV02], test program functionality by the
use of test sets. Test sets can be classified into three disjoint sets:
• Coverage-based testing: In coverage-based testing, testing requirements are specified in terms of the
coverage of the product (program, requirements document, ect.) to be tested.
• Fault-based testing: Fault-based techniques focus on detecting faults. The fault detection ability of the
test set then determines its adequacy.
• Error-based testing: Error-based techniques focus on typical error-prone points, based on knowledge of
the typical errors that people make

5.3 Usability Testing

To problem with any test technique is to decide when to stop testing and what makes a test adequate.
Given time, we would have used the test strategy described in “The practice of System and network
administration” by Limoncelli and Hogan[LH05], where they recommend the use of unit tests and
automatic test scripts to verify that the basic services and functionality is provided. Even though we feel
that such tests would be of great value due to the fact that they can be easily reproduced and rerun, the

46
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

time constraints in this project do not allow us to use such a strategy. On a higher level, both structural
and functional testing is required to make sure that the system acts according to the specification.
Structural analysis-based test sets tend to uncover errors that occur during the implementation of the
system. Functional analysis based test sets tend to uncover errors that occur in the requirements and
design specifications. For additional information on testing we refer to [Per95]. Even though this book is
ten years old we feel that it explains the principles behind testing very well. It is also the only book we
have found that deals with security testing techniques, which we feel can be valuable to our project. As
there is no specification available to us, only a loose list of requirements used by [Nyr05].We will
therefore limit ourselves to testing the functionality described in [Nyr05]. We will also address the
security functionality of the system.
5.4 Server Side Interfacing
In this we tested the server side interface. This was done by verifying that communication is
done properly. Also the compatibility of server with software, hardware, network and
database was tested.
5.5 Client Side Compatibility
The client side compatibility is also tested using various browsers like Google Chrome,
Mozilla Firefox and Internet Explorer.

47
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

UNIT– 6 TEST EXECUTION SUMMARY

Execution Test Summary Report is an overall view of Testing Process from start to end. Test Plan comes
at the starting of project while Test Summary Report comes at the end of testing process. This report is
given to the client for his understanding purpose.

The Test Summary Report contents are :

1. Passed Test Cases = 3

2. Failed Test Cases = 1
3. Status of Test Cases =PASS

S.No Test Test Case Description Expected Test Case No. of

Case ID Outcome Status Resources
Consumed

1. PR01 “DHCP Route” for Accepts 0-9 PASS Monitor, Router

localhost/website/index.php only

2. PR02 “Server Route” for accepts Accept PASS Monitor, Server

localhost/website/robots.txt format

3. PR03 “PING Status” for accepts Accept PASS Monitor,

localhost/website/ backdoor.php format Router,Switch

4. PR04 “Disallow by Facebook.com” Reject Fail Monitor,

Router,Switch

Table 6.1 – Test Case Summary

48
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

UNIT-7 PROJECT SCREENSHOTS

7.1 Network Topology

49
Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

7. 2 Network Topology Switch

50
Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

7.3 Switch Configuration View

51
Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

7.4 PC Configuration View

52
Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

7.5 PC IPConfiguration View

53
Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

7.6 PC Configuration MODES

54
Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

7.7 PC CLI and Router Physical View

55
Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

7.8 Router CLI

56
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

7.9 Router CLI Running Configurations

57
Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

7.10 Router on Privilege

MODE

58
Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

7.11 Server View

59
Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

7.12 Router MODES

60
Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

7.13 Router CLI MODES

61
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

UNIT– 8 FUTURE SCOPE

We have identified a major weakness in the system described in [Nyr05]. There is no system
functionality for limiting communication in and out of the system, nor within. Nyre does not discuss
the concept of data control, as we described in section 2.2.3, at all. Data control deals both with
external connection attempts as well as defining legal internal communication between the system
entities. Without data control it is possible that one application server may be compromised and be
used as a launchpad for attacks on the other application servers. If an attacker manages to compromise
two application servers and manipulate the httpd server page, the MPITS system will believe that the
remaining application server is compromised and accept a false response from the two corrupted
application servers as a valid answer. In order to stop such a scenario we must not allow any traffic
between the application servers. IPTables can be used to filter out unwanted and possible malicious
traffic from the other application servers. In the same manner, we do not wish any communication
between an application file server pair, other that legal DHCP, TFTP and NFS traffic. If one attacker
compromises an application server we must try to protect the integrity of the control data network by
not allowing a file server to be compromised. We recommend that each host runs IPTables as
illustrated in figure 5.2.2. The Linux operating system supports stateful packet filtering using IPTables.
This software allows the kernel to inspect IP packets as they are received, sent or forwarded and make
choices about what to do with them. We wish to implement IPTables on the interfaces that connect the
file servers to the application servers.

62
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

UNIT– 9 PROJECT SUMMARY AND CONCLUSIONS

Production DHCP are placed inside a production network with other production servers in the role of a
decoy as part of a network intrusion detection system (IDS). They are designed to appear real and
contain information or a resource of value with which to attract and occupy hackers.
Traditionally, IDS's have been used by network administrators to actively monitor network traffic for
unauthorized activity. However, in today's world of increasingly encrypted connections, which intrusion
detection systems are unable to monitor, DHCP have become an increasingly attractive alternative to
locate sources of malicious traffic.
DHCP, first created in 1998, function by recording all connections and connection attempts. A DHCP
system should be placed on an unused IP address, such that no legitimate connection attempt would ever
be directed to the DHCP. Two main types of DHCP are available today: high-interaction and low-
interaction. Low-interaction DHCP are simple and provide partial implementations of common
protocols, with the goal of recording only the source of malicious traffic. High-interaction DHCP are
more complex and often are regular servers with advanced monitoring software and have the goal of
helping researchers understand hacker's internal thought processes.
DHCP are still an advancing field of computer science, with recent developments creating world-wide
networks of DHCP, commonly referred to as DHCP and distributed DHCP.

63
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

UNIT– 10 REFERENCES

1. Cole Eric; Northcutt, Stephen.

2. G. Eason, B. Noble, and I.N. Sneddon, “On certain integrals of Lipschitz-Hankel type involving
products of Bessel functions,” Phil. Trans. Roy. Soc. London, vol. A247, pp. 529-551, April 1955.
3. https://docs.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-top

4. https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol

5. https://www.networkworld.com/article/3299438/dhcp-defined-and-how-it-works.html

6. https://study-ccna.com/configure-cisco-router-as-dhcp-server/
7. CCNA 640-802 study guide
8. Sybex CCNA 640-802 cracked

64
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

UNIT– 11 PROJECT PAPER

DHCP Server Implementation

Dr. Neha janu, Associate professor in Department of Information Technology,

Swami Keshvanand Institute of Technology, Management and Gramothan

Sunil Sharma
Department of Information
Technology
Swami Keshvanand Institute of
Technology, Management and Gramothan
Jaipur, 302017

Shrey Agrawal
Department of Information
Technology
Swami Keshvanand Institute of
Technology, Management and Gramothan
Jaipur, 302017

Shashank Purohit
Department of Information
Technology
Swami Keshvanand Institute of
Technology, Management and Gramothan
Jaipur, 302017

65
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

Vipendra Pal Rajput

Department of Information
Technology
Swami Keshvanand Institute of
Technology, Management and Gramothan
Jaipur, 302017

Abstract—DHCP are an exciting new technology with enormous potential for the security community. A
DHCP is an information system resource whose value lies in unauthorized or illicit use of that resource.
Unlike firewalls or Intrusion Detection Systems, DHCP do not solve a specific problem. Instead, they are
a highly flexible tool that comes in many shapes and sizes. They can do everything from detecting
encrypted attacks in IPv6 networks to capturing the latest in online credit card fraud. Its is this flexibility
that gives DHCP their true power. It is also this flexibility that can make them challenging to define and
understand. There are several problems and challenges associated with the DHCP. Few of them are
identifying DHCP, exploiting honey pots and attacker clientele. In this research paper I am going work on
different ways of identifying and exploiting DHCP.
Keywords—Cisco Packet tracer, DHCP server and client, Network topology

I. INTRODUCTION
DHCP are closely monitored decoys that are employed in a network to study the trail of hackers and to
alert network administrators of a possible intrusion. Using DHCP provides a cost-effective solution to
increase the security posture of an organization. Even though it is not a panacea for security breaches, it is
useful as a tool for network forensics and intrusion detection. Nowadays, they are also being extensively
used by the research community to study issues in network security, such as Internet worms, spam
control, DoS attacks, etc. In this paper, we advocate the use of DHCP as an effective educational tool to
study issues in network security. We support this claim by demonstrating a set of projects that we have
carried out in a network, which we have deployed specifically for running distributed computer security
projects. The design of our projects tackles the challenges in installing a DHCP in academic institution,
by not intruding on the campus network while providing secure access to the Internet. In addition to a
classification of DHCP, we present a framework for designing assignments/projects for network security
courses. The three sample DHCP projects discussed in this paper are presented as examples of the
framework.

66
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

II. REASONS
There are several reasons for the problem:-
Websites or systems exposed to high levels of traffic can cause stability problems and result in a
network becoming vulnerable to attack. A high quality Network Security system can reduce the risk of
attack and improve user experience.
Malicious node collects the information about the node and about the route by computing and
monitoring the traffic. So malicious node may perform more attack on the network.
Black hole attack is one of the advance attacking which attacker uses the routing protocol to advertise
itself as having the best path to the node whose packets it want to intercept. An hacker use the
flooding based protocol for listing the request for a route from the initiator, then hacker create a reply
message he has the shortest path to the receiver . As this message from the hacker reached to the
initiator before the reply from the actual node, then initiator wills consider that, it is the shortest path
to the receiver. So that a malicious fake route is create.

III. PRODUCT PERSPECTIVE

● Production DHCP are used to protect the company from attacks, they are implemented inside the
production network to improve the overall security. They are capturing a limited amount of
information, mostly low interaction DHCP are used. Thus, security administrator watches the
hacker’s movements carefully and tries to lower the risks that may come from it towards the
company. At this point, we will try to discuss and find out the risks of using production DHCP.
Because while testing the security of the systems existing in an organization, unexpected actions
may happen such as misusing other systems using DHCP features. If the network administrator is
not aware of this problem, they put organization in a big trouble.

We have identified a major weakness in the system described in [Nyr05]. There is no system
functionality for limiting communication in and out of the system, nor within. Nyre does not discuss the
concept of data control, as we described in section 2.2.3, at all. Data control deals both with external
connection attempts as well as defining legal internal communication between the system entities.
Without data control it is possible that one application server may be compromised and be used as a
launchpad for attacks on the other application servers. If an attacker manages to compromise two
application servers and manipulate the httpd server page, the MPITS system will believe that the
remaining application server is compromised and accept a false response from the two corrupted
application servers as a valid answer. In order to stop such a scenario we must not allow any traffic
between the application servers. IPTables can be used to filter out unwanted and possible malicious traffic

67
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

from the other application servers. In the same manner, we do not wish any communication between an
application file server pair, other that legal DHCP, TFTP and NFS traffic. If one attacker compromises an
application server we must try to protect the integrity of the control data network by not allowing a file
server to be compromised

IV. PROJECT FUNCTIONS

Production DHCP are placed inside a production network with other production servers in the role of a
decoy as part of a network intrusion detection system (IDS). They are designed to appear real and contain
information or a resource of value with which to attract and occupy hackers.

Figure shows the system configuration used to examine,detects, and prevent attacks on our DHCP .It
consists of a firewall, router, Bifrozt Linux Server , HonSSH , Filebeat Elasticsearch , Logstash, Kibana,
Puppet and four virtual machine DHCP.

The architectural design of MHN is shown in Figure. MHN consists of a central management server and a
number of DHCP. This server allows rapid deployment and configuration of DHCP. The software utilizes
the HPfeeds logging protocol to centralize the data collection into a MongoDB database instance for
analytical purpose. MHN incorporates other applications, such as Mnemosyne and HoneyMap utilities.
Mnemosyne is a data normalization software that provides support mainly for DHCP, while

1) HoneyMap is a web application that aims to help the visualization of data live stream obtained
from the HPfeeds logs containing Global Positioning System (GPS) locations of attack origins and targets
on a Scalable Vector Graphics (SVG) world map.

V. CONCLUSION

Production DHCP are placed inside a production network with other production servers in the role of a

68
 Final Year Major Project Report(Project stage- II) , Academic Session2018-2019, SKIT,M&G, Jaipur

decoy as part of a network intrusion detection system (IDS). They are designed to appear real and contain
information or a resource of value with which to attract and occupy hackers.
Traditionally, IDS's have been used by network administrators to actively monitor network traffic for
unauthorized activity. However, in today's world of increasingly encrypted connections, which intrusion
detection systems are unable to monitor, DHCP have become an increasingly attractive alternative to
locate sources of malicious traffic.
DHCP, first created in 1998, function by recording all connections and connection attempts. A DHCP
system should be placed on an unused IP address, such that no legitimate connection attempt would ever
be directed to the DHCP. Two main types of DHCP are available today: high-interaction and low-
interaction. Low-interaction DHCP are simple and provide partial implementations of common protocols,
with the goal of recording only the source of malicious traffic. High-interaction DHCP are more complex
and often are regular servers with advanced monitoring software and have the goal of helping researchers
understand hacker's internal thought processes.
DHCP are still an advancing field of computer science, with recent developments creating world-wide
networks of DHCP, commonly referred to as honeynets and distributed DHCP.

REFERENCES

1. Alata E. & Nicomette V. & Kaâniche M. & Dacier M. & Herrb M.,2006.Lessons learned from the
deployment of a high-interaction DHCP, EDCC 06.
2. Cole Eric; Northcutt, Stephen.
3. G. Eason, B. Noble, and I.N. Sneddon, “On certain integrals of Lipschitz-Hankel type involving
products of Bessel functions,” Phil. Trans. Roy. Soc. London, vol. A247, pp. 529-551, April 1955.
4. https://docs.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-top

5. https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol

6. https://www.networkworld.com/article/3299438/dhcp-defined-and-how-it-works.html

7. https://www.ieee.org/conferences/publishing/templates.html
8. https://ucalgary.ca/ssc/files/ssc/ieee-format-handout-jan-21.pdf

69