Nmap Development mailing list archives
Re: DHCP payload probe?
From: David Fifield <david () bamsoftware com>
Date: Thu, 10 Sep 2009 08:29:39 -0600
On Thu, Sep 10, 2009 at 07:41:06AM -0500, Ron wrote:
On 09/09/2009 11:09 PM, David Fifield wrote:On Tue, Sep 08, 2009 at 07:40:42AM -0500, Ron wrote:I put together a script to probe DHCP servers this weekend. Unfortunately, I only have my Linksys WRT54g with stock firmware to test against, so I'd appreciate others giving it a shot! Basically, do a UDP scan against port 67 on your gateway device, as root, and see what the response is. nmap -d -sU -p67 --script=dhcp-inform<target> I've attached it as a .patch because it requires an extra function added to ipOps.lua.With your knowledge of DHCP, can you recommend a safe response-provoking payload that could be sent with all UDP probes to port 67 during port scanning?Yes and no. There are three options: a) Sending DHCPINFORM, which not everybody responds to b) Sending DHCPDISCOVER, which has the side effect of reserving an ip address for a short period c) Sending an invalid request, which results in a DHCPNAK error (c) is probably the best one, I'm thinking. I'll have to investigate how to evoke an error reliably, though.
(c) sounds the best to me, too, if it's invalid in a way that won't mess up a DHCP server. The response doesn't have to contain much information, because for this purpose we only care if the port is open or the host is up. We don't want side effects here. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: dhcp script!, (continued)
- Re: dhcp script! Walt Scrivens (Sep 12)
- Re: dhcp script! David Fifield (Sep 22)
- Re: dhcp script! Walt Scrivens (Sep 23)
- Re: dhcp script (version 2) Fyodor (Sep 09)
- Re: dhcp script (version 2) Ron (Sep 09)
- Re: dhcp script (version 2) Fyodor (Sep 10)
- Re: DHCP payload probe? Ron (Sep 10)
- Re: DHCP payload probe? David Fifield (Sep 10)