How to prevent DHCP IP starvation attack on a wireless interface?

It's probably possible to go to any restaurant/cafe/bus with public Wi-Fi Hotspot and flood it with DHCP DISCOVER / REQUEST packets. If this network is created by a router that works as a DHCP server, than such attack should lead to IP starvation, right?

Is there a way to prevent such attacks?

I'm talking about the wireless networks only. The place where every client use the same shared medium and it's impossible to, let's say, “ban a port that generates too many DCHP requests” or something.

(I've found a similar question that was asked 11 years ago. Maybe there's something new in this area.)


To try and answer the "how to" question. (taken from my comment)

Random MAC addresses can in theory exhaust the address space. As mentioned in the question, there is no way to uniquely identify such a attacker, If there is multiple APs on different ports that could be used to narrow it down. But not without causing issues for other clients, and the attacker could just switch AP.

  • Make sure the public subnet is only used for public clients
  • Use a large address space, this way an attacker would need longer time to exhaust the range
    • or even better, use multiple smaller ranges to make it harder for any attacker to guestimate how much resources is needed to achieve blocking.
  • Use short times for the leases, this way any attack would be limited in time, and together with large range, make it impractical to achieve

Is there actually a scenario where this kind of attack attack would be worth doing? (Bad will for a coffeeshop?)