Bugtraq mailing list archives
@Home network subject to DHCP hijacking
From: Roadkill Randu <randy () viopac com>
Date: Sat, 25 Aug 2001 15:20:25 -0700 (PDT)
Greetings: Problem: The @Home network assigns IP addresses on a fairly permanent basis to its subscribers, but it does use DHCP for IP address assignment. It is trivial matter, however, to take over another @Home account's IP address by simply providing another customer's ID for the hostname parameter in DHCP. It is also trivial to acquire this hostname parameter, since all it requires is 'host @HomeIPaddress' to determine what the customer ID is. Notification: I have notified @Home of this problem twice in the last two months. Not being an expert in DHCP, I do not know what could be done to fix this. I figure at least using something different than my actual hostname for my hostname parameter would at least raise the bar to sniffing for DHCP packets, instead of the trivial hack it currently is. Reason for this message: I have had my @Home connection hijacked from me repeatedly in the last six months. Given @Home's aparent lack of concern for this problem, and the current mood of ISPs shutting down users without warning whenever the MPAA rattles it saber, I felt that the larger community needed to be aware of this potential problem. It should not be this trivially easy for someone to break the law in your name. Randy
Current thread:
- @Home network subject to DHCP hijacking Roadkill Randu (Aug 25)
- Re: @Home network subject to DHCP hijacking Matthew Caron (Aug 26)