Skip to main content
SpringerLink
Log in

DHCP attacking tools: an analysis

  • Original Paper
  • Published:
Journal of Computer Virology and Hacking Techniques Aims and scope Submit manuscript

Abstract

Nowadays, many new devices with network capabilities are constantly being connected to existing networks. Consequently, the need for an automatic and dynamic approach to supply critical network settings to these new nodes is indispensable in large networks, which is mainly provided by the dynamic host configuration protocol (DHCP). Unfortunately, the vulnerabilities of this protocol can be exploited to attack such large networks. This paper conducts the first detailed, systematic, and thorough study of the publicly known DHCP attacking tools that target the DHCP service. The study analyses DHCP packet traces to scrutinise the DHCP attacking tools, analyse their raw packets, and identify their characteristics. It also classifies DHCP attacking tools by their characteristics, impact on DHCP service, and signatures. Furthermore, a detection mechanism is proposed that is based on both fingerprint and behavioural signatures. The findings of this study will be very useful to enhance DHCP implementations and to develop efficient detection and mitigation methods.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Abri, D.A.: Detection of MITM attack in LAN environment using payload matching. In: 2015 IEEE International Conference on Industrial Technology (ICIT) (2015)

  2. Akashi, S., Tong, Y.: Classification of DHCP spoofing and effectiveness of DHCP Snooping, pp. 233–238. (2019)

  3. Alexander, S., Droms, R.: DHCP options and BOOTP vendor extensions. In: Network Working Group. RFC Editor: Internet Request for Comments (1997)

  4. Arun, R.K.P., Selvakumar, S.: Distributed denial-of-service (DDoS) threat in collaborative environment—a survey on DDoS attack tools and traceback mechanisms. In: 2009 IEEE International Advance Computing Conference (2009)

  5. Bargot, B., Kulkarni, U.: A survey of different tools and approaches for ALDDoS attack. In: 2019 6th International Conference on Computing for Sustainable Global Development (INDIACom) (2019)

  6. Bhaiji, Y.: Layer 2 attacks and mitigation techniques. In: SANOG8. Cisco Publisher, Karachi (2006)

  7. Bhuyan, M.H., et al.: Detecting distributed denial of service attacks: methods, tools and future directions. Comput. J. 57(4), 537–556 (2014)

    Article  Google Scholar 

  8. Cisco: Configuring DHCP snooping, IP source guard, and IPSG for static hosts. In: Catalyst 4500 Series Switch Software Configuration Guide, 12.2(53), SG, Cisco

  9. Cisco: Configuring port security. In: Catalyst 4500 Series Switch Cisco IOS Software Configuration Guide, 12.2(25)EW, Cisco

  10. Conti, G., Abdullah, K.: Passive Visual Fingerprinting of Network Attack Tools (2004)

  11. Demerjian, J., Serhrouchni, A.: DHCP authentication using certificates. In: Security and Protection in Information Processing Systems. Springer, Boston (2004)

  12. dhcpstarv. cited 16 Feb 2019. http://manpages.ubuntu.com/manpages/cosmic/man1/dhcpstarv.1.html

  13. dhcpwn. cited 16 Feb 2019. https://github.com/mschwager/dhcpwn

  14. Dinu, D.D., Togan, M.: DHCPAuth—a DHCP message authentication module. In: 2015 IEEE 10th Jubilee International Symposium on Applied Computational Intelligence and Informatics (2015)

  15. Download Ubuntu Desktop. cited 17 Feb 2019. https://www.ubuntu.com/download/desktop

  16. Droms, R.: Dynamic host configuration protocol. In: Network Working Group. Internet Requests for Comments, RFC Editor (1997)

  17. Droms, R., Arbaugh, W.: Authentication for DHCP messages. In: Network Working Group. Internet Requests for Comments, RFC Editor (2001)

  18. dstar. cited 16 Feb 2019. https://github.com/jacopodl/dstar

  19. Ettercap. Cited 20 Mar 2019. https://www.ettercap-project.org/

  20. Glazer, G., Hussey, C.,, Shea. R.: Certificate-Based Authentication for DHCP (2003). https://scholar.google.com/scholar_lookup?title=Certificate-Based%20Authentication%20for%20DHCP&author=G.%20Glazer&publication_year=2003. Cited 25 Mar 2019

  21. Hoque, N., et al.: Network attacks: taxonomy, tools and systems. J. Netw. Comput. Appl. 40, 307–324 (2014)

    Article  Google Scholar 

  22. Hornstein, K., et al.: DHCP authentication via kerberos V. In: DHC working group. Internet Requests for Comments, R. Editor, RFC Editor (2000)

  23. Hyenae. cited 16 Feb 2019. https://sourceforge.net/projects/hyenae/

  24. Kamene, Download and Installation. cited 16 Feb 2019. https://github.com/phaethon/kamene/blob/master/doc/kamene/installation.rst

  25. Kaur, H., Behal, S., Kumar, K.: Characterization and comparison of distributed denial of service attack tools. In: 2015 International Conference on Green Computing and Internet of Things (ICGCIoT) (2015)

  26. Mahadev, V., Kumar, Kumar, K.: Classification of DDoS attack tools and its handling techniques and strategy at application layer. In: 2016 2nd International Conference on Advances in Computing, Communication, and Automation (ICACCA) (Fall) (2016)

  27. Microsoft. Dynamic host configuration protocol (DHCP). Cited 17 Feb 2019. https://docs.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-top

  28. Patrick, M.: DHCP relay agent information option. In: Network Working Group. Internet Requests for Comments, RFC Editor (2001)

  29. Pilli, E.S., Joshi, R.C., Niyogi, R.: Network forensic frameworks: survey and research challenges. Digital Invest 7(1), 14–27 (2010)

    Article  Google Scholar 

  30. Scapy, Download and Installation. cited 16 Feb 2019. https://github.com/secdev/scapy/blob/master/doc/scapy/installation.rst

  31. Specht, S., Lee, R.: Distributed denial of service: taxonomies of attacks, tools, and countermeasures, pp. 543–550 (2004)

  32. Team, D.D.: DHCPig. Cited 16 Feb 2019. https://github.com/kamorin/DHCPig

  33. Tripathi, N., Hubballi, N.: Detecting stealth DHCP starvation attack using machine learning approach. J. Comput. Virol. Hack. Tech. 14, 233–244 (2017)

    Article  Google Scholar 

  34. Vyncke, E., Paggen, C.: LAN Switch Security: What Hackers Know About Your Switches. Cisco Press, Indianapolis (2007)

    Google Scholar 

  35. WIRESHARK. cited 5 Feb 2019. https://www.wireshark.org/index.html#aboutWS

  36. Yaibuates, M., Chaisricharoen, R.: A combination of ICMP and ARP for DHCP malicious attack identification. In: 2020 Joint International Conference on Digital Arts, Media and Technology with ECTI Northern Section Conference on Electrical, Electronics, Computer and Telecommunications Engineering (ECTI DAMT and NCON) (2020)

  37. Yersinia multiattack network tool. https://sourceforge.net/projects/yersinia/

  38. Younes, O.S.: Securing ARP and DHCP for mitigating link layer attacks. Sādhanā 42(12), 2041–2053 (2017)

    Article  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Electrical and Computer Engineering, Sultan Qaboos University, PO Box: 33, 123, Al-Khoudh, Oman

    Manar Aldaoud, Dawood Al-Abri, Ahmed Al Maashri & Firdous Kausar

Authors
  1. Manar Aldaoud
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dawood Al-Abri
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ahmed Al Maashri
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Firdous Kausar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Manar Aldaoud.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Aldaoud, M., Al-Abri, D., Al Maashri, A. et al. DHCP attacking tools: an analysis. J Comput Virol Hack Tech 17, 119–129 (2021). https://doi.org/10.1007/s11416-020-00374-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-020-00374-8

Keywords

Search

Navigation