DHCP starvation is an attack that works by broadcasting vast numbers of DHCP requests with spoofed MAC addresses simultaneously, exhausting the DHCP server IP pool. This test checks that a customer can only obtain a limited number of IPv4 addresses, so that DHCP starvation is prevented. Malicious takes the allowed number of addresses, then verifies that it cannot get one more.
The test will not detect if an old address is released.
A DHCP server is required for the DHCP starvation test.
- Malicious takes the allowed number of IPv4 addresses.
- Malicious then sends another DHCP request.
- Malicious cannot obtain the allowed number of IPv4 addresses.
- Malicious can obtain more than the allowed number of IPv4 addresses.
This test conforms to SEC Access Certification ID "SEC-V4-DHCPSTARV-1" and to SAVI RFC 6959 section 3.1.2.
- Malicious Customer: A customer interface performing malicious actions.
- ISP: A central node on a trusted port.
- Max addresses: The maximum number of IPv4 addresses a customer is allowed to hold. Default: 3.