Score:0

Server

How to prevent DHCP IP starvation attack on a wireless interface?

Igor Adamenko

12/14/22, 9:12 PM

It's probably possible to go to any restaurant/cafe/bus with public Wi-Fi Hotspot and flood it with DHCP DISCOVER / REQUEST packets. If this network is created by a router that works as a DHCP server, than such attack should lead to IP starvation, right?

Is there a way to prevent such attacks?

I'm talking about the wireless networks only. The place where every client use the same shared medium and it's impossible to, let's say, “ban a port that generates too many DCHP requests” or something.

(I've found a similar question that was asked 11 years ago. Maybe there's something new in this area.)

402

1 + 4

security

dhcp

wifi

Michael Hampton

12/14/22, 10:10 PM

The last time I saw something like this happen, a few weeks ago, the DHCP server just kept offering the same IP address over and over, even though the client declined it. I wonder if this is still a problem worth worrying about.

Tero Kilkanen

12/15/22, 9:56 AM

If the attacker changes his MAC address and DHCP client ID, the DHCP server doesn't have a way to identify the attacker.

Igor Adamenko

12/15/22, 3:18 PM

@NiKiZe, actually, no. I think the attack is not worth to do it, because if the goal is to shut the network down, it's probably easier to generate a lot of noise in the medium or something. My question is more theoretical, rather than practical.

Greg Askew

12/16/22, 12:25 AM

Don't go to Denny's and expect reliable wifi.

Score:2

Server

NiKiZe

12/15/22, 9:12 PM

To try and answer the "how to" question. (taken from my comment)

Random MAC addresses can in theory exhaust the address space. As mentioned in the question, there is no way to uniquely identify such a attacker, If there is multiple APs on different ports that could be used to narrow it down. But not without causing issues for other clients, and the attacker could just switch AP.

Make sure the public subnet is only used for public clients
Use a large address space, this way an attacker would need longer time to exhaust the range
- or even better, use multiple smaller ranges to make it harder for any attacker to guestimate how much resources is needed to achieve blocking.
Use short times for the leases, this way any attack would be limited in time, and together with large range, make it impractical to achieve

Is there actually a scenario where this kind of attack attack would be worth doing? (Bad will for a coffeeshop?)

0 + 1

anx

1/5/23, 5:58 AM

*Worth doing?* Certainly, if what one does is industrial espionage. Difficult-to-diagnose network issues apply just the right pressure for both IT and individuals to start working around best practices & established secure procedures.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to prevent DHCP IP starvation attack on a wireless interface?

TH: จะป้องกันการโจมตี DHCP IP starvation บนอินเตอร์เฟสไร้สายได้อย่างไร?

RO: Cum să preveniți atacul de foame DHCP IP pe o interfață fără fir?

RU: Как предотвратить атаку IP голодания DHCP на беспроводном интерфейсе?

VI: Làm cách nào để ngăn chặn cuộc tấn công bỏ đói DHCP IP trên giao diện không dây?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.