[flufluflufluffy]

Not my area of expertise — can somebody clarify if the DHCP server runs on your router, or your local machine? The article keeps mentioning it needs to be on the “same network” but the graphic seems like it’s all on one device.

edit: ahh I’m dumb, it’s the router (correct me if I’m wrong!). So as others have said, you have to already be on a compromised network, yes?

[numpad0]

DHCP is bit like hotel front and key slip. When a laptop connects to a Wi-Fi, it broadcasts DHCPDISCOVER message using the Wi-Fi card's MAC address, to which local DHCP server responds with IP address + option strings, such as subnet mask, gateway IP, local timezone(but not time), local X Window Manager address, network FQDN, and so on. Every consumer Wi-Fi router has DHCP server program included and set to auto configure, and that is how it's normally operated, but technically multiple servers can coexist within the same subnet, and the server computer doesn't have to be itself the default gateway.

Among the options strings that DHCP server may provide is DHCP option 121 Classless Static Routes, added in 2002, that can "push" routing information to clients for convenience. Apparently this option 121 can be abused to trick your laptop into set and prioritize `route add [google.com] via [malicious_host] dev wlan0` over `route add [google.com] via [vpn_right] dev vpn0` which routes traffic to [google.com], or 0.0.0.0/0 for that matter, through [malicious_host].

DHCP is more of a convenience feature for private IP address LANs, not strictly necessary for operating IP LAN. I've heard generations prior to ours sometimes leased clothespins labeled with IPs off the wall to guests, along instruction papers. DHCP completely automates that.

[tithe]

DHCP is a client-server protocol, so it "runs" both on the router (as a server program vending available IP addresses) and the local machine (as a client program initiating the request for an IP address, and ultimately accepting the given IP address from the DHCP server on the router).