DHCP attacking tools: an analysis

Manar Aldaoud*, Dawood Al-Abri, Ahmed Al Maashri, Firdous Kausar

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

12 Citations (Scopus)


Nowadays, many new devices with network capabilities are constantly being connected to existing networks. Consequently, the need for an automatic and dynamic approach to supply critical network settings to these new nodes is indispensable in large networks, which is mainly provided by the dynamic host configuration protocol (DHCP). Unfortunately, the vulnerabilities of this protocol can be exploited to attack such large networks. This paper conducts the first detailed, systematic, and thorough study of the publicly known DHCP attacking tools that target the DHCP service. The study analyses DHCP packet traces to scrutinise the DHCP attacking tools, analyse their raw packets, and identify their characteristics. It also classifies DHCP attacking tools by their characteristics, impact on DHCP service, and signatures. Furthermore, a detection mechanism is proposed that is based on both fingerprint and behavioural signatures. The findings of this study will be very useful to enhance DHCP implementations and to develop efficient detection and mitigation methods.

Original languageEnglish
Pages (from-to)119-129
Number of pages11
JournalJournal of Computer Virology and Hacking Techniques
Issue number2
Publication statusPublished - Jun 2021


  • Attack analysis
  • Attack classification
  • Attack signature
  • DHCP
  • DHCP attacking tools

ASJC Scopus subject areas

  • Computer Science (miscellaneous)
  • Software
  • Hardware and Architecture
  • Computational Theory and Mathematics


Dive into the research topics of 'DHCP attacking tools: an analysis'. Together they form a unique fingerprint.

Cite this