DHCP STARVATION ATTACK

Our scenario involves the provision of IP address from the router as the DHCP server.

Router: 192.168.100.1/24

DHCP client 1: Windows8

DHCP client 2: Windows8

DHCP client 3: Kali Linux

DHCP Pool: 192.168.100.0/24

Objective: Decommission the DHCP server by launching a DHCP starvation attack on the router using a Yersinia tool that will flood discovery message to the DHCP server.

During a network boot-up, the DHCP client will perform the following scenario:

DHCP Clients sends a DISCOVER message to the DHCP Server. DHCP Server checks on its IP pool if there is an available IP address for leasing. If there is, OFFER message will be sent to the DHCP Client coming from the DHCP Server. DHCP Client will make a request on that IP Address by sending a REQUEST message. Upon receive of the REQUEST message from the client, the DHCP server will send an Acknowledgement message (ACK) assigning the IP address to that client.

On this example, The DHCP server will only support 254 IP addresses from the pool created.

Also, let's verify that IP address has been binded to the connected device.

Checking the statistics will also show the DISCOVERY request.

Now, to do starvation attack, a discovery flood has to be launched in order to exhaust the IP address from the DHCP server. Starvation attack will source a unique MAC address for discover message until it reaches the pool limit. When it reaches the limit, the DHCP server can no longer provide IP address to the client.

On you Kali Linux, type in Yersinia -G to go to the GUI. Then go to DHCP tab and hit Launch attack.