Bugtraq mailing list archives

Re: BOOTP/DHCP security

From: Valdis.Kletnieks () vt edu (Valdis.Kletnieks () vt edu)
Date: Thu, 28 Nov 1996 04:09:57 -0500


On Wed, 27 Nov 1996 21:37:58 +0100, you said:

(1) Make this machine check for bogus MACs in its ARP cache mapped to
the servers IP address.  This forces the attacker to use a network
card with a configurable MAC and usually stops attacks from machines
belonging to the network (unless you've got this kind of card
installed).


Umm.. are there cards that DONT support changing the MAC address?
I know that any card that did older Decnet releases *had* to be
able to do this.

For another good giggle, find a manager who's just learned about
the fact that packet sniffers exist, and point out to him that
the Ethernet spec *requires* support for promiscuous mode.
Watch him shriek "AAAARRGGGGHH!!!!" and call for the return
of IBM3270s hanging off coax.  Ever tried to install a sniffer
on an IBM bus/tag pair?  Kind of hard to do without the operator
noticing... ;)

                                Valdis Kletnieks
                                Computer Systems Engineer
                                Virginia Tech

Current thread:

Re: BOOTP/DHCP security itudps (Nov 27)
- <Possible follow-ups>
- Re: BOOTP/DHCP security itudps (Nov 27)
- Re: BOOTP/DHCP security Benedikt Stockebrand (Nov 27)
  - Re: BOOTP/DHCP security itudps (Nov 27)
  - CIAC Bulletin H-08: lpr Buffer Overrun Vulnerability David Crawford (Nov 27)
  - Re: BOOTP/DHCP security Valdis.Kletnieks () vt edu (Nov 28)
  - Irix: more suid fun/exploits Yuri Volobuev (Nov 28)
  - Re: BOOTP/DHCP security Alan Cox (Nov 28)