Back again with another blog
Today we are going to learn an interesting topic DHCP Starvation Attack
Before getting into attack phase, lets learn a little about what is DHCP and DHCP server and all.
What is DHCP?
DHCP – Dynamic Host Configuration Protocol is the responsible protocol to assign IP addresses also known as Logical Addresses of the machines we use and other information like Subnet mask, Default gateway in a network.
What is DHCP Server?
DHCP Server takes the role of assigning the IP addresses of every network.
How it is Working?
Normally DHCP Server provides unique IP address to the machine that connects to the router. In commercial routers like home routers DHCP Server is in Router itself. In Enterprise Scenario, Organizations use individual computer as DHCP Server.
When a new device is getting connected to the router(DHCP Client requests IP address ) DHCP server assigns IP to communicate on the network. This happens when DHCP Client sends DHCPDISCOVER request.
DHCP Starvation Attack:
A Modest attack vector DHCP Starvation attack happens when attacker sends large number of DHCP request packets with spoofed MAC Addresses. Multiple broadcast of Discover request allots the available IP addresses and exhausts the full range of IP addresses. So when a real user want to connect with the router, automatically the request will be denied because all the available IP addresses were exhausted by the attack. Simply we can say it leads to a DOS attack in router.
Live Attack Phase:
Kali Linux Operating System
Yersinia tool is an inbuilt tool in kali linux, infact it is an hidden tool, we need to install it with apt install yersinia command
we Have to launch yersinia graphical launcher with the command yersinia -G
Click on Ok in the alpha version notice pop up
Click on the launch attack option in the tool bar
we have to choose DHCP tab in choose protocol attack dialogue box.
Next we need to choose sending DISCOVER packet option in DHCP tab then click ok
You can notice increase in packets in the left tab along the side of DHCP Protocol. I tried disconnecting mobile from the network and reconnecting again but I can’t.
At this situation an attacker can start his Rogue DHCP Server so every client will be connected to the network through his DHCP Server so he can use it for malicious activities.
In yersinia itself we can configure our Rogue DHCP Server.
We can list the running attacks by choosing the button List Attacks in tool bar. we can stop the sending of packets in there.
We can defend this DHCP Starvation attack by several methods such as
- The 802.11 association process prevents MAC address spoofing.
- Verify DHCP Proxy is enabled on WLCs to prevent DHCP chaddr spoofing
- Enabling of DHCP Snooping can avoid DHCP Starvation attacks.
We can also perform DHCP starvation attack by using another tools also using DHCPig also.
We will be planning to do with that tool in upcoming blog post, stay with us learn a lot.
See you in another blog.