Is there a way to prevent a DHCP starvation attack when using a wireless network with anonymous users?
- Port security can not be used because a maximum number of clients that can connect to a port would also block legitimate users. This is essentially what the attacker wants to accomplish in the first place.
- Without port security, DHCP snooping is useless because an attacker can spoof his MAC address in both the Ethernet packet and the DHCP payload.
I found a source claiming that MAC address spoofing was impossible due to the 802.11 standards that would solve the problem, but after some search I could not find another source to confirm it.