Full Disclosure mailing list archives

Re: [SPAM] Stealing DHCP Leases

From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Wed, 13 Oct 2004 07:52:44 +0200 (CEST)

On Tue, 12 Oct 2004, Ian Holm wrote:

I was noticing that the number of DHCP address in the DHCP cache was running
low so I decided to check which computers were assigned to each address. To
my horror I saw that there were 81 addresses assigned at exactly the same
time and all expired at exactly the same time. I'm assuming that these were
all assigned to the same machine. How is this possible? Where could I learn
about this and how to prevent it?


Any decent log will show you the MAC level address. So go out and
investigate the machine.

There are plenty of known and documented ways of depleting a DHCP pool in
microseconds. A simple google search will do the trick.

Hugo.

-- 
        I hate duplicates. Just reply to the relevant mailinglist.
        hvdkooij () vanderkooij org             http://hvdkooij.xs4all.nl/
                Don't meddle in the affairs of magicians,
                for they are subtle and quick to anger.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Stealing DHCP Leases Ian Holm (Oct 12)
- Re: Stealing DHCP Leases TheGesus (Oct 12)
- Re: Stealing DHCP Leases Garth Stone (Oct 12)
- Re: [SPAM] Stealing DHCP Leases Hugo van der Kooij (Oct 12)
  - Re: [SPAM] Stealing DHCP Leases VeNoMouS (Oct 13)
- Re: Stealing DHCP Leases Stef (Oct 13)