DHCP host record fenceposting error

Theoretically, an attacker can cause the DHCP server to exit (and perform a Denial Of Service) by crafting a DHCP message that contains a specific CHADDR (hardware address) and DHCP Client Identifier option contents to match existing host records. However, using combinations of 'uid' and 'hardware' matching host records is not common configuration - generally either 'hardware' or 'uid' are used exclusively, rather than in mixtures. Furthermore, for the attack to be practical, the attacker would need to know the contents of the DHCP server's configuration file before the attack, something that DHCP Server Administrators do not frequently share. Although one could search through trial and error for the existence of such records in the DHCP server, the attacker would have to try every combination of perceived Client Identifiers and MAC Addresses, or to search those spaces through brute force. At this point it is both more practical and less server-implementation or configuration specific to simply use known DHCP protocol limitations to effect a DOS; such as forcibly allocating all addresses on the network.