What can be don about this?
This attack simply is about "DNS steering" and, from what this article says, cam even affect dedicated-function devices like IPTV set-top boxes that connect to the network. What needs to happen is the ability to provide security measures for DHCP and DNS handling so end-users can verify they are associating with the right network under the right conditions. It will become more important with public networks being used to exchange highly-valuable highly-confidential information and / or having access to online media that can be at risk of being compromised.
One way would be to provide "DHCP / DNS lockdown" as part of desktop firewalls and desktop / embedded operating systems. This would only permit the client device to use approved DNS servers when in a particular network. Another step that is currently being practised in every small network is that the Default Gateway and DHCP Server functionality are handled by one device being the router. Desktop firewalls and desktop / embedded-device operating systems can declare a network as being secure if the DHCP "meal ticket" is originating from the Default Gateway.
Another technique that can be used especially for public-access networks could be to use SSL authentication on the data supplied as part of the DHCP "meal ticket". This may involve the re-engineering of the DHCP protocol to support this authentication measure but may be used for showing the trustworthiness of a network environment.
With regards,
Simon Mackay
http://homenetworking01.wordpress.com/