Honeypots mailing list archives
RE: [inbox] Arpd and DHCP
From: "Curt Purdy" <purdy () tecman com>
Date: Thu, 15 Apr 2004 12:26:10 -0500
Graeme Connell wrote:
If an attacker is connecting to 192.168.0.1, and another computer comes online, a) will dhcp still serve out the address 192.168.0.1?
yes, unless it is already leased
b) will honeyd and arpd disrupt services for this newly connected user until arpd releases the address?
Actually it depends on the OS. If the attacker is *NIX and the dhcp user is Windows, the Windows box will thow up it's hands and cry mama. Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA Information Security Engineer DP Solutions ---------------------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- White House cybersecurity adviser Richard Clarke
Current thread:
- Arpd and DHCP Graeme Connell (Apr 14)
- RE: [inbox] Arpd and DHCP Curt Purdy (Apr 15)