DHCP Starvation Attack

A DHCP starvation attack is an attack on a computer network in which the entire range of available IP addresses assigned by DHCP are registered on a single client . The automatic assignment of network addresses to other computers is made impossible.

Working method

The DHCP Starvation Attack ( attack by starvation ) is an attack on a computer network.

This attack takes advantage of the fact that the MAC address , which was previously unalterably linked to the hardware, is freely configurable on many network interfaces. In a DHCP starvation attack, an automatic or dynamic IP address is requested from the DHCP server using a large number of fake MAC addresses. This happens until the available address space of the DHCP server is used up and the server can no longer provide any addresses. It is then no longer possible to register additional network clients.

The disruptive effect of a DHCP starvation attack is limited to a broadcast domain , an attack can only take place from this broadcast domain and has no consequences for the continued operation of previously registered DHCP clients or clients with a permanently assigned IP address. If the attack is not continued, addresses dynamically assigned by DHCP are automatically released again after some time (usually several days) through the lease mechanism. In the case of automatically assigned addresses, clearing the server cache helps.

The possibility of such an attack is already outlined in RFC 2131 in Section 7 Security Considerations "Malicious DHCP clients could masquerade as legitimate clients and obtain information for those legitimate clients. If a dynamic allocation of resources is used, a malicious client can use all resources claim for themselves and thus deny resources for legitimate clients. "

Ligation

One possibility to prevent the DHCP Starvation Attack is to compare the MAC address in the chaddr DHCP packet field with the MAC address from the data frame . If these two addresses do not match, the DHCP server rejects the request.

Effects

Such an attack only affects the dynamically assigned IP addresses, since the static addresses in the DHCP server have an assignment table that assigns a MAC address to each static IP address. A corresponding client would have to know all the MAC addresses registered there and pretend to be them. In addition, most DHCP servers have the option of recognizing clients that are no longer active in such a case and can then automatically remove them from the list of dynamically assigned IP addresses.

Since DHCP is normally only used in local networks that are sealed off from the Internet by a firewall, such an attack must be carried out by a corresponding malicious program , which is located on a client computer in the local network.

Individual evidence

↑ ^a ^b What is a DHCP Starvation Attack. Accessed October 4, 2018 .
↑ DHCP Starvation attacks and DHCP spoofing attacks. Accessed October 4, 2018 .
↑ ^a ^b A Closer Look into DHCP Starvation Attack in Wireless Networks. Retrieved October 4, 2018 .
↑ Dynamic Host Configuration Protocol. Accessed October 4, 2018 .
↑ Configuring DHCP starvation attack protection. Retrieved May 19, 2019 .

[skillset-1] What is a DHCP Starvation Attack. Accessed October 4, 2018 .

[2] DHCP Starvation attacks and DHCP spoofing attacks. Accessed October 4, 2018 .

[dhcp_atatck_in_wireless_networks_page_2-3] A Closer Look into DHCP Starvation Attack in Wireless Networks. Retrieved October 4, 2018 .

[4] Dynamic Host Configuration Protocol. Accessed October 4, 2018 .

[5] Configuring DHCP starvation attack protection. Retrieved May 19, 2019 .