Vulnerability Development mailing list archives

Re: IP Spoofing with DHCP ?

From: "Matthew S. Hallacy" <mhallacy () MERCURY XTRATYME COM>
Date: Mon, 18 Sep 2000 02:02:38 -0500

You could just as easily (as the attacker) set your IP staticly.


                        -poptix

On Mon, 18 Sep 2000, Skreel wrote:

Hi I have a question concerning the DHCP protocol. I've heard that
this protocol could allow a user to choose he's own IP address if it
isn't already assigned to another user. I was wondering if a network
using DHCP to assign IP addresses and authenticating users upon
their IP address could lead to a breach (i know authentication upon
IP address has never been a good security) but in theory would it be
possible for an attacant to DoS a user's box and then spoof his IP
before the ping timeout in order to be authentified as the user ?

Thanks for the help

Current thread:

IP Spoofing with DHCP ? Skreel (Sep 17)
- Re: IP Spoofing with DHCP ? Matthew S. Hallacy (Sep 18)
- Re: IP Spoofing with DHCP ? Alon Oz (Sep 18)
- Re: IP Spoofing with DHCP ? Nathan Einwechter (Sep 19)
  - CGI scripts in sh Crypteria (Sep 20)
    - Re: CGI scripts in sh Mark Rafn (Sep 21)
    - Serv-U FTP deals makes connections with www.cat-soft.com [ KoSaK ] (Sep 22)
    - Re: Serv-U FTP deals makes connections with www.cat-soft.com Dimitry Andric (Sep 22)
    - Re: CGI scripts in sh Crispin Cowan (Sep 21)
    - Re: CGI scripts in sh Gordon Messmer (Sep 21)
    - Re: CGI scripts in sh Lincoln Yeoh (Sep 22)
    - Re: CGI scripts in sh Crispin Cowan (Sep 23)

(Thread continues...)