0

It's probably possible to go to any restaurant/cafe/bus with public Wi-Fi Hotspot and flood it with DHCP DISCOVER / REQUEST packets. If this network is created by a router that works as a DHCP server, than such attack should lead to IP starvation, right?

Is there a way to prevent such attacks?

I'm talking about the wireless networks only. The place where every client use the same shared medium and it's impossible to, let's say, “ban a port that generates too many DCHP requests” or something.

(I've found a similar question that was asked 11 years ago. Maybe there's something new in this area.)

Igor Adamenko
  • 103
  • 3
  • 2
    The last time I saw something like this happen, a few weeks ago, the DHCP server just kept offering the same IP address over and over, even though the client declined it. I wonder if this is still a problem worth worrying about. – Michael Hampton Aug 14 '21 at 22:10
  • 2
    If the attacker changes his MAC address and DHCP client ID, the DHCP server doesn't have a way to identify the attacker. – Tero Kilkanen Aug 15 '21 at 09:56
  • @NiKiZe, actually, no. I think the attack is not worth to do it, because if the goal is to shut the network down, it's probably easier to generate a lot of noise in the medium or something. My question is more theoretical, rather than practical. – Igor Adamenko Aug 15 '21 at 15:18
  • 1
    Don't go to Denny's and expect reliable wifi. – Greg Askew Aug 16 '21 at 00:25

1 Answers1

2

To try and answer the "how to" question. (taken from my comment)

Random MAC addresses can in theory exhaust the address space. As mentioned in the question, there is no way to uniquely identify such a attacker, If there is multiple APs on different ports that could be used to narrow it down. But not without causing issues for other clients, and the attacker could just switch AP.

  • Make sure the public subnet is only used for public clients
  • Use a large address space, this way an attacker would need longer time to exhaust the range
    • or even better, use multiple smaller ranges to make it harder for any attacker to guestimate how much resources is needed to achieve blocking.
  • Use short times for the leases, this way any attack would be limited in time, and together with large range, make it impractical to achieve

Is there actually a scenario where this kind of attack attack would be worth doing? (Bad will for a coffeeshop?)

NiKiZe
  • 1,246
  • 8
  • 20
  • 1
    *Worth doing?* Certainly, if what one does is industrial espionage. Difficult-to-diagnose network issues apply just the right pressure for both IT and individuals to start working around best practices & established secure procedures. – anx Sep 05 '21 at 05:58