Starvation attacks that don't change the MAC are relying on the DHCP server to respond with different addresses for different DHCP client identifiers. Unless you have a use case for multiple
leases per MAC, you should look for ways to shut this down at the DHCP server.
Assuming you are running ISC dhcpd, unfortunately the best way to shut it down ("ignore client-id")
is too new to be available as supported packages in many distros yet. If you have the leeway
to use a newer version of dhcpd that has this option, it also fixes some issues where androids
can unintentionally exhaust several addresses.
Otherwise you can configure the DHCP server to cancel existing leases when the same MAC requests a new lease ("deny duplicates"). This isn't a perfect solution because of the abovementioned problem with Androids.
Both options are standards violations, but necessary ones when you harden a network.
Windows DNS admins may be able to point towards similar options if you do that instead of ISC.