Vulnerability Development mailing list archives

Re: IP Spoofing with DHCP ?

From: Alon Oz <alon () LINUXQA COM>
Date: Mon, 18 Sep 2000 10:16:11 +0300

Skreel wrote:

Hi I have a question concerning the DHCP protocol. I've heard that
this protocol could allow a user to choose he's own IP address if it
isn't already assigned to another user. I was wondering if a network
using DHCP to assign IP addresses and authenticating users upon
their IP address could lead to a breach (i know authentication upon
IP address has never been a good security) but in theory would it be
possible for an attacant to DoS a user's box and then spoof his IP
before the ping timeout in order to be authentified as the user ?

Thanks for the help


Security on the local network can never be tight, the idea is to secure
your network from the outside world,
usually if an intruder gained access to one computer on your local
network he can (sooner or later) gain access to every computer on it.
so as an answer to your question, Yes, DHCP could be used in order to
gain unauthorized access, but most of
the other services people use on the local network can too.


--
Alon Oz,
Aduva Research Team,
Mailto: alon () linuxqa com

Trust in Allah, but tie your camel.
                -- Arabian proverb

Current thread:

IP Spoofing with DHCP ? Skreel (Sep 17)
- Re: IP Spoofing with DHCP ? Matthew S. Hallacy (Sep 18)
- Re: IP Spoofing with DHCP ? Alon Oz (Sep 18)
- Re: IP Spoofing with DHCP ? Nathan Einwechter (Sep 19)
  - CGI scripts in sh Crypteria (Sep 20)
    - Re: CGI scripts in sh Mark Rafn (Sep 21)
    - Serv-U FTP deals makes connections with www.cat-soft.com [ KoSaK ] (Sep 22)
    - Re: Serv-U FTP deals makes connections with www.cat-soft.com Dimitry Andric (Sep 22)
    - Re: CGI scripts in sh Crispin Cowan (Sep 21)
    - Re: CGI scripts in sh Gordon Messmer (Sep 21)
    - Re: CGI scripts in sh Lincoln Yeoh (Sep 22)
    - Re: CGI scripts in sh Crispin Cowan (Sep 23)
    - Re: CGI scripts in sh -jf- (Sep 22)

(Thread continues...)