Direction with DHCP starvation
Hello,
I'm new to backtrack and am investigating how DHCP attacks can affect my network and stop them from happening. I have a small Windows XP network and added one machine running backtrack 4 for the investigation. All machines connect to a Cisco switch and then to a Cisco router.
Earlier I was able to sucessfully completed a DHCP man in the middle attack using ettercap on the backtrack machine. (So that the default gateway gets assigned as the backtrack machine, rather than the cisco router).
I would also like to see a DHCP starvation attack in action (where backtrack constantly floods DHCP REQ until all IPs have been allocated) but am not sure how to go about doing this. Can I use ettercap to do this as well or do I need to look at using a different tool? I have googled this and found some tools that claim to do this however the instructions on how to use them are not the clearest. I couldn't find any guides for how to do this in ettercap, but I would be surprised if it were not possible to do this in ettercap? YouTube was actually helpful when I was doing the DHCP Man in the Middle as there was a video guide but they are none for DHCP starvation.
I searched the HOWTO and Video forum here as well and also came up blank. So now I'm left in a position where I dont really know where to go. Does anyone know of a guide anywhere on how to do this? (Either in ettercap or another tool). I've already found some cisco config guidance online about how to protect from DHCP starvation but would like to perform the attack again afterwards to make sure it works correctly.
Thanks in advance for any help you can offer.
Edit: Ok, after spending the past few days doing A LOT of reading, it looks like I might be able to do this using Yersinia. However, I cannot find a guide anywhere on how to do this using it. Is anyone able to help?
Last edited by sickness; 03-14-2011 at 01:48 PM. Reason: Merged posts.
Re: Direction with DHCP starvation
I'm sure you can throw together a shell script to do this in a loop. Dump a single request then use TCPreplay to do it over and over in a loop while replacing the MAC with a fake value. Google is your friend, I'm sure others have tried this. Actually now that I think about it there may even be a Metasploit module for this.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Re: Direction with DHCP starvation
Check out this site, he has been working on this for a while and I've had a chance to mess with it. It works pretty well.
http://www.digininja.org/metasploit/dns_dhcp.php
Posting Permissions
