Dynamic Host Configuration Protocol (DHCP):

Definition: A Network Protocol responsible for the allocation of IP addresses contained in a specified schema. It uses the seventh Layer of the OSI model and uses ports 68 and 67 respectively.

Usage: Typically used for larger networks where new device IP’s would need to be allocated on the fly to ensure each device has connectivity to the net. Some small networks will use it as well; however, in larger corporations it's a necessity.

---

** Given DHCP’s usage in the field of networking it is important to understand the vulnerabilities associated with it and how individuals may take advantage of the vulnerabilities present to attack a network **

---

Attack Vector 1: DHCP Spoofing [AITM]

Attackers may set up their own devices to be a spoofed version of the DHCP server on a secondary network. An example would be someone goes to StarBucks and forces traffic to redirect to their DHCP server thus stealing passed Credentials. This works by sending DORA packets so they go through a provided adversary owned DNS server. (MITRE)
The Answer to DHCP Spoofing is known as DHCP Snooping. DHCP Snooping ios a security feature which allows switches to check whether or not a DORA packet is being sent from the appropriate device to the appropriate device. It does this by confirming the IP and Mac address of the sender and comparing it against the actual message. Another way to prevent this would be to use DHCP reservations. (CodeSpindle)

Attack Vector 2: DHCP Starvation

Another Form of DHCP spoofing would be a DHCP exhaustion / Starvation attack which essentially is done by forcing a large quantity of Discover messages, with spoofed Mac Addresses, in order to exhaust all possibly allocated IP’s on a network. As long as the threat actor knows the CIDR notation and or subnet masks, they then know how many allocatable IP’s are on the network (geeksforgeeks).
Some ways to protect against DHCP Starving is as follows: Increase DHCP pool to accommodate more requests thus making a DOS attack more difficult. Implement DHCP spoofing. Limit the number of DHCP traffic that can be sent [ACL]. Add an intrusion detection system, and confirm the server is up to date (CodeSpindle).

Attack Vector 3: Lack of Authentication

Pretty much all issues with DHCP result from the lack of authentication and the ease of spoofing one's device information. The major way to get around this issue would be to have segmented networks that are isolated and require specific VPN usage. This would add a secondary level of authentication for the server.