Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: dhcp script!

From: Ron <ron () skullsecurity net>
Date: Tue, 08 Sep 2009 09:43:19 -0500
On 09/08/2009 08:26 AM, jah wrote:

Hi Ron,

I tried your script with the command above against a DrayTek Vigor 2800G
and was surprised to find that it doesn't respond to DHCP Information.
I then used --script-args dhcptype=DHCPREQUEST and got the following:

Interesting ports on vigor (192.168.1.1):
PORT   STATE SERVICE REASON
67/udp open  dhcps   script-set
|  dhcp-inform:
|   DHCP Message Type: DHCPACK
|   Server Identifier: 192.168.1.1
|   Renewal Time Value: 1090126080
|   Rebinding Time Value: 4034200320
|   IP Address Lease Time (client): 2163475200
|   Subnet Mask: 255.255.255.0
|   Router: 192.168.1.1
|_  Domain Name Server: 212.159.6.9, 212.159.6.10
MAC Address: 00:50:7F:D5:5E:30 (DrayTek)

So it didn't respond with all the items of info requested of it, but
there is at least some useful info.  Maybe the DHCPREQUEST should be the
default request?
Nice script.

jah
Interesting. My Linksys router didn't have an issue with DHCPINFORM, but I think that's part of a newer standard. Maybe a lot of residential routers don't like it?
My concern about DHCPREQUEST is side effects -- does it reserve that IP address? 

Can you try using DHCPDISCOVER instead of DHCPREQUEST and see if that works?
Another option is, I can send out DHCPINFORM by default, then try DHCPDISCOVER/DHCPREQUEST if that fails. 

Ron

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: