DHCP Starvation Attack

Dhcp Starvation Attack

It is aimed to make the DHCP server unable to respond by sending too many DHCP requests to the network. Thus, a fake DHCP server can be set up on the network to distribute IP.

How to do Dhcp Starvation Attack?

Attacker sends a large number of DHCP Discover to the DHCP server. The DHCP server replies back and allocates all addresses in the dhcp pool for the duration of the lease.

The DHCP server can no longer distribute IP.

When there are no more addresses to be assigned on the DHCP Server, the attacker creates a fake DHCP server and the clients are assigned addresses by the fake server.

Our new DHCP server is now ready to distribute IP. When the client sends a DCHP request, our fake DHCP server will respond and use itself as a gateway to listen to all the client's traffic.

How to prevent DHCP Starvation Attack?

Mac flooding attack is prevented in a simple way by applying the following security actions to the ports on the switch.

ip dhcp snooping : DHCP snooping is activated in global mode on the Switch.
ip dhcp snooping vlan : Select in which VLAN it will be activated.
ip dhcp snooping trust : The trust ports that will send/receive DHCP requests are determined

**Since DHCP requests can be made from untrusted ports, dhcp packets can be limited. The "IP DHCP snooping limit rate" command limits how many DHCP requests can be made per second.

On the DHCP Starvation Attack page, select VLAN and as follows; we specify the vlan where DHCP snooping will work. After Sechard activates DHCP snooping in global mode, it also sets which VLAN’S it will work on.

Now DHCP requests from all ports assigned to the specified VLANs will be blocked. If we trust a port and want it to be able to make a DHCP request, we need to select that port on Sechard and apply the ip DHCP snooping trust option as follows.