Mitigation

DHCP Process:

It is the role of the Dynamic Host Configuration Protocol server is to assign IP addresses to networked devices. To do this, each DHCP client and DHCP server exchange packets.  The four packet types that make up the DHCP IP address assignment operation are DISCOVER, OFFER, REQUEST, and ACKNOWLEDGMENT. If the PC is a DHCP client, it will send a DHCP DISCOVER packet when it first connects to the network. This basically boils down to a PC saying, “I just got here, hi! A Dynamic Host Configuration Protocol server that can assign IP addresses is what I’m looking for.” If you imagine a client on your network connecting to a nearby server, you can imagine the server responding with an OFFER. Also, as part of this offer, you will be provided with a client-approved IP address. In fact, that server responded, “Welcome, I can give you a little spot on 10.123.0.1. Are you interested?” The maximum number of IP addresses that can be pooled on a /24-bit network is 254.Some of these addresses may be kept as static router addresses or for other purposes. Therefore, the DHCP server’s pool of available addresses can only contain about 252 IP addresses.  The DHCP server selects one of the available IP addresses from the pool and reserves it for new clients when it receives a DISCOVER packet. The client should return the REQUEST after receiving the OFFER packet. Basically, the client said, “That’s really ideal. Can you grant me exclusive access to 10.123.0.1 while I’m here?” The transaction is complete when the server sends an ACKNOWLEDGMENT packet to the client and all other listeners. This basically says “You are currently on 10.123.0.1. It will be held on 10.123.0.1 in case someone needs to contact this client.” The DHCP setup is a productive technique that allows customers to join and leave networks in a non-hostile configuration....

Working:

The DHCP starvation attack uses this system....

Functions of DHCP Starvation Attack:

When a DHCP server is overloaded with requests for IP addresses from legitimate clients, it suffers from a DHCP starvation attack, which results in a denial of service (DoS). After a DHCP exhaust attack, a man-in-the-middle (MITM) attack attempt is frequently launched. After the DHCP server has handed out all IP addresses, what happens when a new DHCP client needs or wants an IP address and joins the network? DoS or Denial of Service is the obvious answer. No IP addresses are available. For this reason, after a DHCP starvation attack, attackers often come back with their own DHCP server and start handing out IP addresses. And cause more disruption to user traffic. Specifically, if an attacker performs a man-in-the-middle attack, in this case, traffic from devices trying to leave the subnet will pass through the attacker’s device. The attacker is in the path of the intended target....

Mitigation:

Attacks using DHCP starvation are easy to implement. Port security is a way to mitigate the effects of this type of attack. Avoid DHCP starvation attacks with advanced cybersecurity training. Your network is instantly vulnerable to DHCP exhaustion attacks. The key to preventing such attacks and maintaining network security is finding ways to prevent hostile actors from flooding DHCP servers with forged DISCOVER packets, preventing them from offering IP addresses to legitimate clients....