Another type of network attack which is targeted to DHCP servers is known as DHCP starvation attack. In a DHCP starvation attack, an attacker broadcasts large number of DHCP REQUEST messages with spoofed source MAC addresses. If the legitimate DHCP Server in the network start responding to all these bogus DHCP REQUEST messages, available IP Addresses in the DHCP server scope will be depleted within a very short span of time.
Once the available number of IP Addresses in the DHCP server is depleted, network attackers can then set up a rogue DHCP server and respond to new DHCP requests from network DHCP clients. By setting up a rogue DHCP server, the attacker can now launch DHCP spoofing attack.
What is DHCP spoofing attack
After a DHCP starvation attack and setting up a rogue DHCP server, the attacker can start distributing IP addresses and other TCP/IP configuration settings to the network DHCP clients. TCP/IP configuration settings include Default Gateway and DNS Server IP addresses. Network attackers can now replace the original legitimate Default Gateway IP Address and DNS Server IP Address with their own IP Address.
Once the Default Gateway IP Address of the network devices are is changed, the network clients start sending the traffic destined to outside networks to the attacker's computer. The attacker can now capture sensitive user data and launch a man-in-the-middle attack. This is called as DHCP spoofing attack. Attacker can also set up a rogue DNS server and deviate the end user traffic to fake web sites and launch phishing attacks.