Vulnerability Development mailing list archives
Re: Possible DHCP DOS attack
From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Fri, 4 Feb 2000 22:11:52 -0800
Vladimir Dubrovin wrote:
DHCP requests cann't come from Internet. Suport of BootP relay agent (RFC 1532/1542) is required for routing requests between 2 networks. DHCP requests use 0.0.0.0 as both SRC and DST address.
Not sure if you're saying what I think or not. If you do DHCP forwarding between subnets (BootP relay) the packet will take on the destination of the listed DHCP servers, and a source IP of the router. Because of that, it's quite possible to send DHCP requests all the way across the Internet. NT RAS servers do similar, using their own IP. Both these situations work fine with the few DHCP servers I've worked with.
P.S. Someone said DHCP "pings" old leases. He's wrong. DHCP will never release lease before it's expired.
The only "pinging" I've seen various DHCP servers do is to ping an IP at some time before they give it out. You're correct, they won't take back a lease just because something becomes unpingable. It's perfectly legal for a host to retain a lease while it goes home with it's owner over the weekend. BB
Current thread:
- Re: Possible DHCP DOS attack Tal Hornstein (Feb 03)
- Re: Possible DHCP DOS attack Paul Keefer (Feb 03)
- Re: Possible DHCP DOS attack Sen_Ml Sen_Ml (Feb 04)
- Re: Possible DHCP DOS attack Vladimir Dubrovin (Feb 04)
- Re: Possible DHCP DOS attack Blue Boar (Feb 04)
- how to transfer files on napster Jason Copenhaver (Feb 05)
- Re: how to transfer files on napster Jordan Ritter (Feb 05)
- Re: how to transfer files on napster Blue Boar (Feb 05)
- Re: how to transfer files on napster Seth Georgion (Feb 05)
- Re: how to transfer files on napster whitvamp () MINDLESS COM (Feb 05)
- Re: how to transfer files on napster Jordan Ritter (Feb 05)
- Re: how to transfer files on napster Blue Boar (Feb 07)
- Re: how to transfer files on napster David U. (Feb 07)
- Re: Possible DHCP DOS attack Paul Keefer (Feb 03)
- Simple logging utility app Scorpus Kahn (Feb 06)
- Re: Simple logging utility app Erik Parker (Feb 07)