@Home network subject to DHCP hijacking

[Roadkill Randu <randy () viopac com>]

Greetings:

Problem:

The @Home network assigns IP addresses on a fairly permanent basis to its
subscribers, but it does use DHCP for IP address assignment.  It is
trivial matter, however, to take over another @Home account's IP address
by simply providing another customer's ID for the hostname parameter in
DHCP.  It is also trivial to acquire this hostname parameter, since all it
requires is 'host @HomeIPaddress' to determine what the customer ID is.

Notification:

I have notified @Home of this problem twice in the last two months.  Not
being an expert in DHCP, I do not know what could be done to fix this.  I
figure at least using something different than my actual hostname for my
hostname parameter would at least raise the bar to sniffing for DHCP
packets, instead of the trivial hack it currently is.

Reason for this message:

I have had my @Home connection hijacked from me repeatedly in the last six
months. Given @Home's aparent lack of concern for this problem, and the
current mood of ISPs shutting down users without warning whenever the MPAA
rattles it saber, I felt that the larger community needed to be aware of
this potential problem.  It should not be this trivially easy for someone
to break the law in your name.

Randy