One weakness of the Dynamic Host Configuration Protocol is that it’s fairly easy to manipulate: Since the client contacts all potential DHCP servers, it is possible, for example, for attackers to bring their own provider into play if you have access to that network. One such “rogue” DHCP server tries to be faster than the actual server with its response to the connection request of the client. If successful, it can then transmit manipulated or unusable parameters. To do this, it can start a denial-of-service attack on the network, for example, by not transmitting a gateway, assigning a subnet to each client, or responding to all requests with the same IP address.
A more dramatic scenario would be the attempt to use a false gateway and false DNS information to inject a foreign router that cuts off or even redirects the data traffic of the client. One such man-in-the-middle attack aims — as opposed to the first type of attack — not to crash the network, but to access sensitive data like bank data, passwords, or address information.
Regardless of the type of attack, strangers need direct access to your network to abuse the DHCP protocol for their purposes. If you take the necessary safety precautions, you can take advantage of the benefits of the communication protocol with having to fear such attacks. To be responsible for a larger local network, the complete protection from external and internal attack attempts as well as the constant monitoring of all network process with tools like Nagios should already be part of your routine. In IONOS’s guide on the topic of Wi-Fi security, you can read more about which possibilities there are for protecting your wireless networks.