Security Basics mailing list archives

Re: DHCP scanning

From: Ghaith Nasrawi <libero () aucegypt edu>
Date: Thu, 11 Nov 2004 02:28:27 -0500

Look for relevant ports .... (Obviously, the server ports)

546 
546/tcp 
dhcpv6-client 
DHCPv6 Client  
546 
546/udp 
dhcpv6-client 
DHCPv6 Client  
547 
547/udp 
dhcpv6-server 
DHCPv6 Server  
547 
547/tcp 
dhcpv6-server 
DHCPv6 Server  
647 
647/udp 
dhcp-failover 
DHCP Failover  
647 
647/tcp 
dhcp-failover 
DHCP Failover  
847 
847/tcp 
dhcp-failover2 
dhcp-failover 2  
847 
847/udp 
dhcp-failover2 
dhcp-failover 2  
2490 
2490/udp 
qip-qdhcp 
qip_qdhcp  
2490 
2490/tcp 
qip-qdhcp 
qip_qdhcp  

taken from http://www.snort.org/ports.html?port=dhcp



On Wed, 2004-11-10 at 20:44 +0100, Bénoni MARTIN wrote:

Hi list !

I was wondering if there was way to scan a network (a class C) to look for DHCP machines (I know I can ask the DHCP 
server, but I want to know what machines are under DHCP independly, and check after with what the DHCP server claims).

I was thinking about creating such a plugin to report the results in Big Brother or Nagios. Developping it is not 
really a trouble, but I don't know exactly what checks do I have to perform, what queries send to the machines, ... 

Any clue would be helpful !

-- 


 (o_
 //\   Ghaith Nasrawi
 V_/_  


"Evil thrives when good men do nothing"

Current thread:

DHCP scanning Bénoni MARTIN (Nov 10)
- Re: DHCP scanning Ghaith Nasrawi (Nov 12)
- Re: DHCP scanning Alex V. Lukyanenko (Nov 12)