RE: [inbox] Arpd and DHCP

["Curt Purdy" <purdy () tecman com>]

Graeme Connell wrote:
>   If an attacker is connecting to 192.168.0.1, and another
> computer comes online,
>   a) will dhcp still serve out the address 192.168.0.1?

yes, unless it is already leased

>   b) will honeyd and arpd disrupt services for this newly
> connected user until arpd releases the address?

Actually it depends on the OS.  If the attacker is *NIX and the dhcp user is
Windows, the Windows box will thow up it's hands and cry mama.

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke