DHCP Starvation
When a PC or any sort of device boots up on a network, it is a DHCP client. It’s gonna issue a DHCP Discover packet that means it is looking for a DHCP server which can issue it an IP address.
The server which hears the request would send over an offer — the IP address the client is allowed to use.
DHCP server has the pool of addresses on a /24 network, maximum number of addresses in the pool could be 254, out of which 1 or 2 are saved for static router addresses.
After this the client sends the message back saying I’d like to request the IP address you just offered. And finally the server sends the ACK packet.
4 basic Packets involved —
- Discover
- Offer
- Request
- ACK
Attack
when an attacker sends 100s of DHCP discover malicious packets using a bogus made up mac addresses as the source mac address for each of the request, and when the server offers IP addresses to all of them. And once this server has no more IP address to offer, then the attacker will bring his own DHCP server known as rogue DHCP server. The clients who are offered the IP addresses would use the attacker’s default gateway and thus the client’s information would be routed through the attacker’s machine so as Man In The Middle Attack.
We can use yersinia tool to launch DHCP Starvation Attack
Steps
- Start yersinia gui
yersinia -G2. Launch attack
3. Select DHCP and then sending DISCOVERY packet
4. Press okay and the attack would start
Prevention
Port Security
