Nmap Development mailing list archives

Re: dhcp script (version 2)

From: Fyodor <fyodor () insecure org>
Date: Wed, 9 Sep 2009 16:33:42 -0700

On Tue, Sep 08, 2009 at 09:19:25PM -0500, Ron wrote:

I made a couple changes to address issues I saw here:
a) Changed DHCPINFORM to DHCPDISCOVER, and updated the name/comments 
appropriately (now it's dhcp-discover.nse)
b) Changed the timeout on the socket from 3000ms to 5000ms to fix a 
timeout issue

I've attached the new patch that I'm hoping to check in. Let me know if 
there are any further issues!

Hi Ron. This script is great. It works well for me, and I support
checking it in. Here are some notes and suggestions:

o Against the DHCP server on my home network (ISC DHCP server 4.1.0),
I get no response to DHCPINFORM, but both DHCPDISCOVER and
DHCPREQUEST give me (basically the same) detailed responses.

o I don't know much about DHCP, but if DHCPINFORM is significantly
less intrusive than DISCOVER or REQUEST, it might be worth trying
that first and falling back to DHCPDISCOVER otherwise (and maybe
even REQUEST if that fails, though we don't want the script to take
too long). I like the ideas people have suggested about making this
less intrusive by reducing the lease time requested or any other
techniques you can think of.

o This is very valuable information and making this script run by
default is worth consideration, IMHO.

o I'd suggest making the script less verbose by printing only the most
important fields by default. With verbose mode (which should kick
in automatically now if the script is specified directly), it could
continue printing all the fields. From the example output below,
I've put a star by the fields which look most important to me:
67/udp open dhcps script-set
| dhcp-discover:
| DHCP Message Type: DHCPOFFER
|* Server Identifier: 192.168.0.100
| IP Address Lease Time (client): 3232235520
|* Subnet Mask: 255.255.0.0
|* Router: 192.168.0.6
|* Domain Name Server: 192.168.0.100
|* Broadcast Address: 192.168.255.255
| Renewal Time Value: 1616117760
|_ Rebinding Time Value: 2828206080

If the Server Identifier is almost always just the target IP (I have
no idea), then we can probably omit that by default too. There may
be other important fields which I just don't see in my responses.
Perhaps a list of fields to ignore by default would be better than a
list of interesting fields.

o Perhaps the script could have an option for using raw packets to
send a broadcast request on the network?

o It is a trivial thing, but this part of the docs still needs to be
updated for your recent changes:
--@args dhcptype The type of DHCP request to make. By default, DHCPDISCOVER is sent, but this argument
--can change it to DHCPDISCOVER, DHCPOFFER, DHCPREQUEST, DHCPDECLINE, DHCPACK, DHCPNAK,
--or DHCPRELEASE. Not all types will evoke a response from all servers.

Cheers,
Fyodor

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Re: dhcp script!, (continued)
- - - Re: dhcp script! David Fifield (Sep 09)
    - Re: dhcp script! Brandon Enright (Sep 09)
    - Re: dhcp script! Walt Scrivens (Sep 09)
    - Re: dhcp script! Walt Scrivens (Sep 09)
    - Re: dhcp script! Brandon Enright (Sep 09)
    - Re: dhcp script! David Fifield (Sep 09)
    - Re: dhcp script! Walt Scrivens (Sep 12)
    - Re: dhcp script! David Fifield (Sep 22)
    - Re: dhcp script! Walt Scrivens (Sep 23)
- Re: dhcp script (version 2) Ron (Sep 08)
  - Re: dhcp script (version 2) Fyodor (Sep 09)
    - Re: dhcp script (version 2) Ron (Sep 09)
    - Re: dhcp script (version 2) Fyodor (Sep 10)
- Re: dhcp script (version 3) Ron (Sep 09)
- DHCP payload probe? David Fifield (Sep 09)
  - Re: DHCP payload probe? Ron (Sep 10)
    - Re: DHCP payload probe? David Fifield (Sep 10)