DHCP attacking tools: an analysis

Nowadays, many new devices with network capabilities are constantly being connected to existing networks. Consequently, the need for an automatic and dynamic approach to supply critical network settings to these new nodes is indispensable in large networks, which is mainly provided by the dynamic host configuration protocol (DHCP). Unfortunately, the vulnerabilities of this protocol can be exploited to attack such large networks. This paper conducts the first detailed, systematic, and thorough study of the publicly known DHCP attacking tools that target the DHCP service. The study analyses DHCP packet traces to scrutinise the DHCP attacking tools, analyse their raw packets, and identify their characteristics. It also classifies DHCP attacking tools by their characteristics, impact on DHCP service, and signatures. Furthermore, a detection mechanism is proposed that is based on both fingerprint and behavioural signatures. The findings of this study will be very useful to enhance DHCP implementations and to develop efficient detection and mitigation methods.