It's worse than that - an attacker on the same local network as the target machine can tie up the legitimate DHCP server by reserving all available addresses and then start advertising themselves as an alternate DHCP server (to inject the malicious routing to the target).
No comments yet.