A closer look into DHCP starvation attack in wireless networks

Abstract

Dynamic Host Configuration Protocol (DHCP) is used by clients in a network to configure their interface with IP address and other network configuration parameters such as Default Gateway and DNS server IP addresses. This protocol is vulnerable to a Denial of Service (DoS) attack popularly known as classic DHCP starvation attack. In this paper, we make threefold contribution. First, we highlight the practical difficulty in generating classic DHCP starvation attack in wireless networks. Secondly, we propose a stealth starvation attack which is effective in wireless networks, easier to launch, requires fewer number of messages to be transmitted and difficult to detect by known detection methods. We also show a structurally similar attack in IPv6 networks which can affect address configuration protocols such as DHCPv6 and StateLess Address Autoconfiguration (SLAAC). Subsequently, we also describe an anomaly detection method to detect the proposed attack. We design and generate the attacks in a real network setup and report the results. The proposed detection method uses the Hellinger distance between two probability distributions generated from training and testing data to detect starvation.