DHCP Starvation and Spoofing Attacks

This topic describes the DHCP spoofing and starvation attacks.

DHCP Attacks

DHCP Server

Attacker attempting to set up rogue DHCP server

DHCP Server

DHCP requests with spoofed MAC addresses

Attacker attempting to set up rogue DHCP server

Attacker attempting to starve DHCP server

DHCP requests with spoofed MAC addresses

Attacker attempting to starve DHCP server

© 2007 Cisco Systems, Inc. All rights re

A DHCP starvation attack works by broadcasting DHCP requests with spoofed MAC addresses. This is easily achieved with attack tools such as "the gobbler." If enough requests are sent, the network attacker can exhaust the address space available to the DHCP servers for a period of time. This is a simple resource starvation attack just like a synchronization (SYN) flood is a starvation attack. Network attackers can then set up a rogue DHCP server on their system and respond to new DHCP requests from clients on the network. Exhausting all of the DHCP addresses is not required to introduce a rogue DHCP server, though, as stated in RFC 2131:

"The client collects DHCPOFFER messages over a period of time, selects one DHCPOFFER message from the (possibly many) incoming DHCPOFFER messages (for example, the first DHCPOFFER message or the DHCPOFFER message from the previously used server) and extracts the server address from the 'server identifier' option in the DHCPOFFER message. The time over which the client collects messages and the mechanism used to select one DHCPOFFER are implementation dependent."

By placing a rogue DHCP server on the network, a network attacker can provide clients with addresses and other network information. Because DHCP responses typically include default gateway and Domain Name System (DNS) server information, network attackers can supply their own system as the default gateway and DNS server resulting in a man-in-the-middle attack.

1-38 Securing Networks with Cisco Routers and Switches (SNRS) v2.0 © 2007 Cisco Systems, Inc.

+2 0

Responses

  • linda
    What is dhcp starvation attack?
    5 months ago

Post a comment