Vulnerability Development mailing list archives
Re: IP Spoofing with DHCP ?
From: Alon Oz <alon () LINUXQA COM>
Date: Mon, 18 Sep 2000 10:16:11 +0300
Skreel wrote:
Hi I have a question concerning the DHCP protocol. I've heard that this protocol could allow a user to choose he's own IP address if it isn't already assigned to another user. I was wondering if a network using DHCP to assign IP addresses and authenticating users upon their IP address could lead to a breach (i know authentication upon IP address has never been a good security) but in theory would it be possible for an attacant to DoS a user's box and then spoof his IP before the ping timeout in order to be authentified as the user ? Thanks for the help
Security on the local network can never be tight, the idea is to secure your network from the outside world, usually if an intruder gained access to one computer on your local network he can (sooner or later) gain access to every computer on it. so as an answer to your question, Yes, DHCP could be used in order to gain unauthorized access, but most of the other services people use on the local network can too. -- Alon Oz, Aduva Research Team, Mailto: alon () linuxqa com Trust in Allah, but tie your camel. -- Arabian proverb
Current thread:
- IP Spoofing with DHCP ? Skreel (Sep 17)
- Re: IP Spoofing with DHCP ? Matthew S. Hallacy (Sep 18)
- Re: IP Spoofing with DHCP ? Alon Oz (Sep 18)
- Re: IP Spoofing with DHCP ? Nathan Einwechter (Sep 19)
- CGI scripts in sh Crypteria (Sep 20)
- Re: CGI scripts in sh Mark Rafn (Sep 21)
- Serv-U FTP deals makes connections with www.cat-soft.com [ KoSaK ] (Sep 22)
- Re: Serv-U FTP deals makes connections with www.cat-soft.com Dimitry Andric (Sep 22)
- CGI scripts in sh Crypteria (Sep 20)
- Re: CGI scripts in sh Crispin Cowan (Sep 21)
- Re: CGI scripts in sh Gordon Messmer (Sep 21)
- Re: CGI scripts in sh Lincoln Yeoh (Sep 22)
- Re: CGI scripts in sh Crispin Cowan (Sep 23)
- Re: CGI scripts in sh -jf- (Sep 22)