wifi – How to Prevent a DHCP Starvation Attack on a Wireless Network

Is there a way to prevent a DHCP starvation attack when using a wireless network with anonymous users?

  • Port security can not be used because a maximum number of clients that can connect to a port would also block legitimate users. This is essentially what the attacker wants to accomplish in the first place.
  • Without port security, DHCP snooping is useless because an attacker can spoof his MAC address in both the Ethernet packet and the DHCP payload.

I found a source claiming that MAC address spoofing was impossible due to the 802.11 standards that would solve the problem, but after some search I could not find another source to confirm it.