I have a printer at work, for some reason the router refuses to assign a specific IP for that printer via DHCP reservation and I had to configure it with a static IP. Sometimes the printer is off. I was wondering how would the network behave when I switch the printer on while its IP has already been taken by another device via the DHCP protocol?

Would that cause a conflict?

Would not this be used as a DoS attack?

Let's say I hate someone at work, all I need is to assign his IP to my machine and interrupt his work and keep doing that repeatedly.

  • 29,894
  • 16
  • 72
  • 122
  • 107
  • 1
  • 12

4 Answers4


There is no "prioritization" per se. What will happen is that the two will intend to answer for the same ARP lookups and will behave unpredictably.

Sometimes one will work for a while and then stop. Some times the other may work for a while. Or neither will work.

Things might appear to work for a while and then mysteriously stop.

Some other devices on the same segment may be able to reach one or the other. Or not.

As others have said, if DHCP server is sophisticated enough it may check for address usage before handing out an address in the scope. Really it depends on the specific implementation of the IP stack on each device involved.

  • 39
  • 2
  • What a good solution would be? Force the DHCP server to check all the IP addresses on the network periodically ? I am referring to an environment with a mixture of DHCP and static IPs assuming that I can't configure the DHCP reservations – Matka Aug 09 '14 at 20:13

If your DHCP server hasn't assigned an IP address, it has no knowledge that the IP address is in use. This is mitigated by setting up a DHCP "Reservation" - and that's what you need to do.

Go into the DHCP server and assign a reservation for that IP address, so that the server doesn't try to assign that IP address to another device.

You didn't tell us what software your DHCP server is running, so we can't include specific instructions on how to do that.

David W
  • 3,405
  • 5
  • 34
  • 61
  • 1
    FYI, many DHCP servers either come configured out of the box, or can be configured to ping the IP it is about to lease before actually assigning it. If the server gets a ping reply, it will log an error and assign a different address. – EEAA Aug 09 '14 at 18:22
  • @EEAA Using only an ARP request would be more reliable. Lots of people block ICMP packets without considering what negative consequences it may have. And using an ARP request is how a DHCP client would do it, I'd expect most DHCP servers to do it the same way. – kasperd Aug 09 '14 at 18:37
  • 1
    That's not the case in my experience. Additionally, in larger networks, DHCP servers are frequently not on the same L2 domain as it's clients. – EEAA Aug 09 '14 at 18:38
  • Ahh, good to know (some DHCP servers running a ping). That makes sense. – David W Aug 09 '14 at 20:58

I'll take a stab at this.

No matter what software you are running, the DHCP should be capable of two things:

  • Reserving Pool(s)
  • DHCP Scope/Range Creation

If you run Windows Server, this link will help in creation of a Scope:


If you are running a Linux Server, you need to modify the contents in your dhcp configuration file for the scope:

Red Hat/CentOS/Fedora: */etc/dhcpd.conf*
Ubuntu/Debian: */etc/default/dhcp3-server*

This is a sample DHCP configuration file on Linux (both):


When you properly setup your DHCP server, you will have no conflicts, in which case you are receiving. You also have to set the maximum amount of clients you wish to distribute addresses to. In addition to the previous comment, you must also have a feasible subnet mask. i.e. Enabling a full 254 host address but assigning it a /27 ( will only permit it to assign 30 hosts (excluding the broadcast and network address).

However, if you are using a home router, this should be simple by stating the IP Range you wish to use, by default, out-of-box-solutions will have this as standard:

IP Range: 192.168.x.0 (x being a number, usually 0 or 1) Subnet Mask: (the .0 indicates it is /24 and allows for 254 hosts (excluding the broadcast and network address))

What I suggest you do is revise your scope and reservation list, expand it to allow more clients to avoid conflicts (my experience shows that conflicts or DHCP authentication rejections are due to a lack of available addresses or the MAC addresses is wrongly inserted) and double check the MAC addresses assigned. You can also use Wireshark and filter with "dhcp" to see if the server and associating client are sending DHCP Discover, DHCP Offer, DHCP Request, DHCP Accept (DORA) packets. Another thing is to check the ARP requests being sent as DHCP is a layer 3 service (IP) and relies on layer 2 services (ARP) to do its job.

If it fails at Discover, it doesn't see the DHCP. If it fails at Offer, the DHCP doesn't have enough addresses to allocate.

Also make sure to have a look at the mistake of putting an address into a DHCP Restriction Pool. If it resides in a restriction pool (or on Home routers, MAC Filtering) then the DHCP Server will auto-decline/reject the DHCP Offer packet from being given to the association requesting client.

Key points: Check Range/Scope, Check Restrictions and add items only to Reservation if you want them on the network, restart your server (or if you can't, restart the service(don't reload)), re-associate the printer.

There are also several methods you can research online to avoid Rogue DHCP and MiTM attacks using a DHCP server.

  • 574
  • 1
  • 4
  • 14

If both devices check whether the IP is in use before assigning it, then whoever takes it first will keep it.

If neither device performs such check, then the network connection will become unstable for both devices, while they are both online. It is possible for a DHCP server to perform the check on behalf of the DHCP client, but don't count on it.

Just don't assign a static IP, which is also in a DHCP pool. The only way it could work out well is if the DHCP server knows which MAC address the IP is reserved for.

If the device supports IPv6 you can use that. With IPv6 addresses can be generated based on the MAC address, then your problem would simply go away.

As far as a potential DoS attack goes, it is possible to perform such an attack. Don't put attacker and victim on the same network segment. Separate them by putting a router or a switch with filtering capabilities between them.

  • 29,894
  • 16
  • 72
  • 122
  • 1
    That's terrible , this means my network is so vulnerable to such easy implemented attack ! – Matka Aug 09 '14 at 19:43
  • @Matka If the only thing between the attacker and the victim as an unmanaged switch, there is not much you can do to protect the victim. You can choose to declare it an untrusted network and require all traffic to go over a VPN connection. That will protect against most attacks, but not against DoS attacks. And don't even think about enabling PXE boot on any of the computers connecting to the segment if it may contain untrusted machines. – kasperd Sep 09 '14 at 19:56
  • 1
    this problem is LAN specific. within a LAN, the trust level is commonly consider as high (acces to the LAN is considered to be hard for someone outside the required circle of trust) – Manu H Sep 11 '14 at 11:47