You can trick a DHCP server into not providing IP addresses to devices, completely blocking new connections by performing a DoS attack called “DHCP starvation attack”. I will show you how to do it and how to protect your network.
Join the channel Telegram belong to AnonyViet 👉 Link 👈 |
DoS attack on DHCP server
DHCP is a protocol used to automatically configure devices. Usually, they are terminal devices such as computers, phones or printers that receive IP addresses, masks, default gateways, DNS, etc. thanks to DHCP.
But what happens when someone prevents this mechanism from working? There will be no network connection nor internet connection. We call this type of attack DoS attack (Denial of service attack).
The attack is called a “DHCP hunger attack” based on the fact that each DHCP server has a precisely defined number of IP addresses that can be allocated to devices. For example, the subnet might be 192.168.0.0/24, which represents a maximum range of 253 usable addresses for clients.
But when an attacker claims all available IP addresses by overwriting a large number of bogus MAC addresses, the server will not have any IP addresses to offer to new devices.
This attack even creates an opportunity for the attacker to capture traffic. After disabling the DHCP server, the attacker can switch to his own DHCP server. For example, a fake DNS server could be provided in the DHCP configuration to attack you. I see this as a dangerous attack.
Simulate the attack
I will show you how easy it is to perform this attack. I will use a Cisco router and laptop with the KALI Linux distribution for testing. I will use a tool called Yersinia.
Basic configuration of DHCP server on CISCO router
ip dhcp excluded-address 192.168.0.1 ! ip dhcp pool LAN network 192.168.0.0 255.255.255.0 default-router 192.168.0.1 dns-server 8.8.8.8
After connecting the first station, I saw an IP address assigned.
R1-NETVEL#show ip dhcp binding
I also saw a small amount of DHCP requests coming to the router.
R1-NETVEL#show ip dhcp server statistics
And only one IP address is assigned
R1-NETVEL#show ip dhcp pool
Launch the attack
I will use the Yersinia tool. You can also do this through the CLI, but in this case, I prefer the GUI. You can open it with the following command.
root@kali:~#yersinia -G
Or you can also launch the attack with a few mouse clicks through the graphical interface.
Start: Launch attack -> send DISCOVER packet
Stop: List attacks -> Cancel attack
After a while, the DHCP server will have more requests than it can handle. That is a DoS attack.
R1-NETVEL#show ip dhcp binding
R1-NETVEL#show ip dhcp server statistics
R1-NETVEL#show ip dhcp pool
As we can see, the attack is relatively simple, but very dangerous. It can be prevented in many ways, such as limiting the number of MAC addresses passing through the port (port security), or if we want to prevent the attacker from providing his own DHCP server, we can Implement DHCP snooping.