Exploiting DHCP server-side IP address conflict detection: A DHCP starvation attack

Dynamic Host Configuration Protocol (DHCP) starvation is an insider attack which prevents legitimate DHCP clients from acquiring network configuration parameters from DHCP server. The classical methods of creating starvation attack has a practical difficulty in wireless networks where an Access Point (AP) mandates a client to associate with unique MAC address before it can transmit such requests. This limits the effectiveness of starvation in wireless networks. In this paper, we describe a new method of creating starvation which is effective in both wired and wireless networks. This new method exploits a precautionary probing done by a DHCP server as described in RFC 2131. This probing verifies the to be offered IP address for accidental usage by other clients in the network. We show that a malicious insider can just send spoofed replies to these probes to create the effect of starvation in both wired and wireless networks.