DHCP Starvation Attack
Dynamic Host Configuration Protocol (DHCP) is a protocol used to automatically allocate communication information, such as IP, subnet mask, gateway, DNS server IP, and so on. Let's say the DHCP server has 100 IPs from IP Pool, for example, 192.168.0.1/24 to 192.168.0.100/24, and then allocates them to the user. So how do we communicate before he allocates them? You have to communicate to get assigned or not
What is MAC
Media access control (MAC) is the address that is used for that communication. This address, which is commonly called a MAC address, is not just on desktop PCs, it's on your phone, it's on PlayStation, and it's attached to all devices that need to be communicated. (It's not used only for DHCP assignments.)
Then, what if we forge this MAC address and ask the DHCP server above for more than 100 IPs? The DHCP server's IP Pool will run out, right? As the name suggests, the DHCP server is starved to death. In fact, it is not very dangerous in itself. It is not very difficult for the administrator to recover from it, and the real problem lies in the next attack technique.
DNS(Domain Name System)
First of all, we need to know what DNS (Domain Name System) is, but when we access Naver, we type www.naver.com , not the actual address of the Naver web server, but if we type www.naver.com , DNS automatically changes it to the IP address of the Naver web server, so we can access Naver just by typing www.naver.com . IP addresses in numeric form are too difficult to memorize
DNS Spooping Attack
Did you say above that the information that DHCP allocates includes DNS server IP? When a client receives DHCP information, the client accepts the information that came first. This is why the DHCP Starvation Attack described above is necessary. To starve to death a real DHCP server and then induce a randomly created DHCP server to allocate information to a client. As written on the DNS server randomly created by the hacker, you can connect to Google and then to next time. It's up to the hacker, but there's no way to end it with this joke, right? What if a hacker creates a fake Naver? (There is a program that makes it the same as a real site.) Can a user tell if it's a real Naver? If you think it's a real Naver and try to log in by typing an ID and password? Who should I go to? Yes, if a user called Gam Forwarding tries to log in, it can connect you to the real Naver web server. Somehow, I think I logged in slower than usual and I'm sure I typed it correctly, but you've experienced that, right? It's highly likely this.
Other than this, various attacks are possible using DHCP. But I think it will be too long.
As you can see, it's only possible to attempt this attack if you're luring the network and the server one after another, right? Of course, you need to program well in order to create a hacking program for this attack