Packet Filtering Based on Differentiated Services Code Point for DHCP Starvation Attacks Prevention

nfn Sarip, Arief Setyanto


The use of the internet today has become a necessity, the most commonly used media to connect to the internet is a Wireless LAN network. For easy access to the network, DHCP service become a standard feature that must exist, because ordinary users no longer need to think about procedures for configuring IP addresses, all of which have been done automatically by the DHCP service. But it turns out that there is a security threat to DHCP service, namely DHCP Starvation attacks that can be exhausting the availability of IP addresses in DHCP service so that the configuration of IP address automatically can no longer be done on the client. Various methods such as authentication, cryptography, and machine learning are used by researchers in preventing DHCP Starvation attacks, but the issue of effectiveness and efficiency still opens up further research opportunities. In this research, packet filtering methods based on DSCP code applied to the Netfilter system are used to do prevention of DHCP Starvation attacks, this method has proven to be very effective in making prevention and more efficient when applied on small scale wireless networks such as at office networks and internet cafe.


DHCP, DHCP Starvation, DSCP, Netfilter, Wireless LAN


Abdulatteef, S. W. (2012). An Implementation Of Firewall System Using MikroTik Router OS. Journal of University of Anbar for Pure Science, vol.6 (2), pp.65-69.

Amaral, A. A., Mendes, L. de S., Zarpelão, B. B., & Junior, M. L. P. (2017). Deep IP Flow Inspection to Detect Beyond Network Anomalies. Computer Communications, vol.98, pp.80–96.

Barik, R., Welzl, M., Elmokashfi, A. M., Dreibholz, T., & Gjessing, S. (2018). Can WebRTC QoS Work? A DSCP Measurement Study. In 2018 30th International Teletraffic Congress (ITC 30), vol.1, pp.167-175.

Bhaiji, Y. (2007). Understanding, preventing, and defending against layer 2 attacks. Diakses dari http://www.nanog. org/meetings/nanog42/presentations/Bhaiji_Layer_2_Attacks.pdf tanggal 12 April 2019.

Breabăn, M. C., Graur, A., Potorac, A. D., & Bălan, D. G. (2017). New Approach of Traffic Limitation Management on Local Networks. In 2017 International Conference on Optimization of Electrical and Electronic Equipment (OPTIM) & 2017 Intl Aegean Conference on Electrical Machines and Power Electronics (ACEMP) (pp. 941-946).

Cheng, J., & Wu, H. (2010). The Application of the PPPoE for Network Security Management Using RouterOS. In 2010 International Conference on Computer Design and Applications, vol.5, pp.5-569.

Custura, A., Secchi, R., & Fairhurst, G. (2018). Exploring DSCP Modificatio Pathologies in the Internet. Computer Communications, vol.127, pp.86–94.

Droms, R. & Lemon, T. (2003). The DHCP Handbook. 2nd edition, SAMS Publishing.

Duangphasuk, S., Kungpisdan, S., & Hankla, S. (2011). Design and Implementation of Improved Security Protocols for DHCP Using Digital Certificates. 17th IEEE International Conference on Networks.

Hubballi, N., Tripathi, N. (2017). A Closer Look into DHCP Starvation Attack in Wireless Networks. Computers & Security, vol.65, pp.387-404.

Jílek, T., & Žalud, L. (2012). Security of Remote Management of Embedded Systems Running MikroTik RouterOS Operating System Using Proprietary Protocols. IFAC Proceedings Volumes, vol.45(7), pp.169-173.

Marczyk, G., DeMatteo, D., & Festinger, D. (2005). Essentials of Research Design and Methodology. John Wiley & Sons Inc.

MikroTik. (2019). MikroTik: Packet Flow Diagram. Diakses dari tanggal 12 April 2019.

Mukhtar, H., Salah, K. & Iraqi, Y. (2012). Mitigation of DHCP Starvation Attack. Computers and Electrical Engineering 38, p.1115–1128.

Murti, M. A., Tjokronegoro, H. A., Leksono, E., & Agung, W. (2016). Performance Analysis of HSPA Technology for Networked Control System Application. International Journal of Computer and Communication Engineering, 5(3), pp.165.

Naaz, S. & Badroo, F.A. (2016). Investigating DHCP and DNS Protocols Using Wireshark. IOSR Journal of Computer Engineering, vol.18 (3), p.1-8.

Salsabil, U., Ali, M. T., & Islam, M. M. (2014). A Practical Approach to Asses Fatal Attacks in Enterprise Network to Identify Effective Mitigation Techniques, International Journal of Computer Networks and Communications Security, 2(9), 298-307

Sharma, G. (2018). Evaluating the Performance of Netfilter Architecture in Private Realm Gateway. Communications Engineering, Alto University.

Shete, A., Lahade, A., Patil, T. & Pawar R. (2018). DHCP Protocol Using OTP Based Two-Factor Authentication. Proceedings of the 2nd International Conference on Trends in Electronics and Informatics (ICOEI).

Shuai, Y., Qianli, Z., & Xing, L. (2016). A Tunnel Broker Based IPv6 Access System for aA Small Scale Network with IPv4 upstream. 2016 IEEE Information Technology, Networking, Electronic and Automation Control Conference.

Stewart, J.M., Tittel, E. & Chapple, M. (2005). Certified Information Systems Security Professional Study Guide. 3rd edition, SYBEX Inc.

Sudarsono, A., Siswanto, A., Iswanto, H., & Setiawan, Q. (2016). Traffic Analysis of Quality of Service (QoS) for Video Conferencing between Main Campus and Sub Campus in Laboratory Scale. EMITTER International Journal of Engineering Technology, vol.3 (2), pp.1-17.

Tripathi, N., & Hubballi, N. (2015). Exploiting DHCP Server-Side IP Address Conflict Detection: A DHCP Starvation Attack. In 2015 IEEE International Conference on Advanced Networks and Telecommuncations Systems (ANTS), pp.1-3.

Tripathi, N., & Hubballi, N. (2016). A Probabilistic Anomaly Detection Scheme to Detect DHCP Starvation Attacks. In 2016 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS), pp.1-6.

Tripathi, N., & Hubballi, N. (2018). Detecting Stealth DHCP Starvation Attack Using Machine Learning Approach. Journal of Computer Virology and Hacking Techniques, vol.14(3), pp.233-244.

Umasuthan, V. (2016). Protecting the Communications Network at Layer 2. In 2016 IEEE/PES Transmission and Distribution Conference and Exposition.

Wang, B., Lu, K., & Chang, P. (2016). Design and Implementation of Linux Firewall Based on the Frame of Netfilter/Iptables. In 2016 11th International Conference on Computer Science & Education (ICCSE), pp. 949-953.

Yaibuates, M. & Chaisricharoen, R. (2014). ICMP Based Malicious Attack Identification Method for DHCP. Joint International Conference on Information and Communication Technology, Electronic and Electrical Engineering.

Yaibuates, M., Chaisricharoen, R. & Rai, C. (2018). Implementing of IP address Recovery for DHCP Service. International Journal of Applied Engineering Research.

Younes, O. S. (2017). Securing ARP and DHCP for Mitigating Link Layer Attacks. Sādhanā Journal.

Zhang, F., & Chen, L. (2016). OTP_SAM: DHCP Security Authentication Model Based on OTP. IEEE 20th International Conference on Computer Supported Cooperative Work in Design (CSCWD).

Zhang, L., Wang, Y., Jin, R., & Gao, K. (2017). Approaches for a Stand-alone Network Attack and Defense Platform Using Yersinia Toolkits. International Journal of All Research Education and Scientific Methods (IJARESM), Vol.5, Issue 3, pp.2455-6211.



  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License