DHCP Starvation With Yersinia

DHCP Starvation

What is DHCP – Dynamic host configuration protocol – It assigns IP addresses to devices when they connect to the network
– Keeps track of which computer has which IP
– Since it is a protocol, there is a communication established between the client and the access point (Unlike UDP)

How does it work?

– DHCP server and client
– The client gets on the network it sends a DHCP request asking for an IP address (DHCP Discover)
– The DHCP server responds with DHCPOffer
– The client then sends a DHCP request
– DHCP server then sends a DHCP ACK – Acknowledgement and the gateway is sent and other details

DHCP Starvation
– DHCP Server has a range of IP’s (192.168.1.1-254)
– The client makes a request & gets all the other config settings

Attacks
Flooding the network with DHCP requests with different mac’s and overwhelms the DHCP server
DHCP server cannot deploy any more IP’s in the scope

Attack
Yersinia -G
DHCP -> Launch Attack -> Discover Packet
– Force the DHCP server to assign all the IP’s

Going rogue
– The attacker starts their own DHCP server
– Takes down the DHCP server with starvation and forces it to go offline so that the attacker can get all the DHCP requests
– Issues the client with settings that compromise the network, like changing the DNS server to a malicious one
– All traffic can be sniffed, if the gateway is also changed

Share!

Leave a Reply