Full Disclosure mailing list archives
Re: [SPAM] Stealing DHCP Leases
From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Wed, 13 Oct 2004 07:52:44 +0200 (CEST)
On Tue, 12 Oct 2004, Ian Holm wrote:
I was noticing that the number of DHCP address in the DHCP cache was running low so I decided to check which computers were assigned to each address. To my horror I saw that there were 81 addresses assigned at exactly the same time and all expired at exactly the same time. I'm assuming that these were all assigned to the same machine. How is this possible? Where could I learn about this and how to prevent it?
Any decent log will show you the MAC level address. So go out and investigate the machine. There are plenty of known and documented ways of depleting a DHCP pool in microseconds. A simple google search will do the trick. Hugo. -- I hate duplicates. Just reply to the relevant mailinglist. hvdkooij () vanderkooij org http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of magicians, for they are subtle and quick to anger. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Stealing DHCP Leases Ian Holm (Oct 12)
- Re: Stealing DHCP Leases TheGesus (Oct 12)
- Re: Stealing DHCP Leases Garth Stone (Oct 12)
- Re: [SPAM] Stealing DHCP Leases Hugo van der Kooij (Oct 12)
- Re: [SPAM] Stealing DHCP Leases VeNoMouS (Oct 13)
- Re: Stealing DHCP Leases Stef (Oct 13)